Merge branch 'scanbuild_fixes'

author: Nick Mathewson <nickm@torproject.org> 2014-04-25 01:24:39 -0400
committer: Nick Mathewson <nickm@torproject.org> 2014-04-25 01:24:39 -0400
commit: d3c05a79f0b3e688e43edfffe9886664777517f7 (patch)
tree: caf18aa657f83c5bf224bd2750dc5e81d2000e3d /src/or
parent: 12b1d64b0378450fb8c69dfe81fde2d1cd1b36b1 (diff)
parent: 5470795b834a788ec482f22091d58b27a1999a2d (diff)
download: tor-d3c05a79f0b3e688e43edfffe9886664777517f7.tar.gz
tor-d3c05a79f0b3e688e43edfffe9886664777517f7.zip
10 files changed, 42 insertions, 17 deletions
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 012ced6d32..fb186081cf 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -322,7 +322,7 @@ buf_shrink_freelists(int free_all)
       chunk_t **chp = &freelists[i].head;
       chunk_t *chunk;
       while (n_to_skip) {
-        if (! (*chp)->next) {
+        if (!(*chp) || ! (*chp)->next) {
           log_warn(LD_BUG, "I wanted to skip %d chunks in the freelist for "
                    "%d-byte chunks, but only found %d. (Length %d)",
                    orig_n_to_skip, (int)freelists[i].alloc_size,
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 583ccff786..cd92326b3a 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -313,9 +313,9 @@ circuit_rep_hist_note_result(origin_circuit_t *circ)
 static int
 circuit_cpath_supports_ntor(const origin_circuit_t *circ)
 {
-  crypt_path_t *head = circ->cpath, *cpath = circ->cpath;
+  crypt_path_t *head, *cpath;
 
-  cpath = head;
+  cpath = head = circ->cpath;
   do {
     if (cpath->extend_info &&
         !tor_mem_is_zero(
diff --git a/src/or/circuitlist.c b/src/or/circuitlist.c
index 8a8fc8b4ed..c54a95419a 100644
--- a/src/or/circuitlist.c
+++ b/src/or/circuitlist.c
@@ -1269,8 +1269,16 @@ circuit_get_by_rend_token_and_purpose(uint8_t purpose, int is_rend_circ,
       circ->base_.marked_for_close)
     return NULL;
 
-  if (!circ->rendinfo ||
-      ! bool_eq(circ->rendinfo->is_rend_circ, is_rend_circ) ||
+  if (!circ->rendinfo) {
+    char *t = tor_strdup(hex_str(token, REND_TOKEN_LEN));
+    log_warn(LD_BUG, "Wanted a circuit with %s:%d, but lookup returned a "
+             "circuit with no rendinfo set.",
+             safe_str(t), is_rend_circ);
+    tor_free(t);
+    return NULL;
+  }
+
+  if (! bool_eq(circ->rendinfo->is_rend_circ, is_rend_circ) ||
       tor_memneq(circ->rendinfo->rend_token, token, REND_TOKEN_LEN)) {
     char *t = tor_strdup(hex_str(token, REND_TOKEN_LEN));
     log_warn(LD_BUG, "Wanted a circuit with %s:%d, but lookup returned %s:%d",
diff --git a/src/or/circuitmux.c b/src/or/circuitmux.c
index 2d05c748ec..52ebfef084 100644
--- a/src/or/circuitmux.c
+++ b/src/or/circuitmux.c
@@ -412,7 +412,11 @@ circuitmux_detach_all_circuits(circuitmux_t *cmux, smartlist_t *detached_out)
   i = HT_START(chanid_circid_muxinfo_map, cmux->chanid_circid_map);
   while (i) {
     to_remove = *i;
-    if (to_remove) {
+
+    if (! to_remove) {
+      log_warn(LD_BUG, "Somehow, an HT iterator gave us a NULL pointer.");
+      break;
+    } else {
       /* Find a channel and circuit */
       chan = channel_find_by_global_id(to_remove->chan_id);
       if (chan) {
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 75a10ba0c4..d10430668b 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -537,7 +537,9 @@ circuit_expire_building(void)
                  "%d guards are live.",
                  TO_ORIGIN_CIRCUIT(victim)->global_identifier,
                  circuit_purpose_to_string(victim->purpose),
-                 TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len,
+                 TO_ORIGIN_CIRCUIT(victim)->build_state ?
+                   TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
+                   -1,
                  circuit_state_to_string(victim->state),
                  channel_state_to_string(victim->n_chan->state),
                  num_live_entry_guards(0));
@@ -561,7 +563,9 @@ circuit_expire_building(void)
                  "anyway. %d guards are live.",
                  TO_ORIGIN_CIRCUIT(victim)->global_identifier,
                  circuit_purpose_to_string(victim->purpose),
-                 TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len,
+                 TO_ORIGIN_CIRCUIT(victim)->build_state ?
+                   TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
+                   -1,
                  circuit_state_to_string(victim->state),
                  channel_state_to_string(victim->n_chan->state),
                  (long)build_close_ms,
@@ -707,7 +711,8 @@ circuit_expire_building(void)
          * and we have tried to send an INTRODUCE1 cell specifying it.
          * Thus, if the pending_final_cpath field *is* NULL, then we
          * want to not spare it. */
-        if (TO_ORIGIN_CIRCUIT(victim)->build_state->pending_final_cpath ==
+        if (TO_ORIGIN_CIRCUIT(victim)->build_state &&
+            TO_ORIGIN_CIRCUIT(victim)->build_state->pending_final_cpath ==
             NULL)
           break;
         /* fallthrough! */
@@ -753,7 +758,9 @@ circuit_expire_building(void)
                TO_ORIGIN_CIRCUIT(victim)->has_opened,
                victim->state, circuit_state_to_string(victim->state),
                victim->purpose,
-               TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len);
+               TO_ORIGIN_CIRCUIT(victim)->build_state ?
+                 TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
+                 -1);
     else
       log_info(LD_CIRC,
                "Abandoning circ %u %u (state %d,%d:%s, purpose %d, len %d)",
@@ -762,7 +769,9 @@ circuit_expire_building(void)
                TO_ORIGIN_CIRCUIT(victim)->has_opened,
                victim->state,
                circuit_state_to_string(victim->state), victim->purpose,
-               TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len);
+               TO_ORIGIN_CIRCUIT(victim)->build_state ?
+                 TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
+                 -1);
 
     circuit_log_path(LOG_INFO,LD_CIRC,TO_ORIGIN_CIRCUIT(victim));
     if (victim->purpose == CIRCUIT_PURPOSE_C_MEASURE_TIMEOUT)
diff --git a/src/or/connection.c b/src/or/connection.c
index 9614fa52da..3cc4e09fb7 100644
--- a/src/or/connection.c
+++ b/src/or/connection.c
@@ -4812,6 +4812,8 @@ get_proxy_addrport(tor_addr_t *addr, uint16_t *port, int *proxy_type,
     }
   }
 
+  tor_addr_make_unspec(addr);
+  *port = 0;
   *proxy_type = PROXY_NONE;
   return 0;
 }
diff --git a/src/or/cpuworker.c b/src/or/cpuworker.c
index 209274da64..6b6a68afe5 100644
--- a/src/or/cpuworker.c
+++ b/src/or/cpuworker.c
@@ -436,7 +436,7 @@ cpuworker_main(void *data)
     if (req.task == CPUWORKER_TASK_ONION) {
       const create_cell_t *cc = &req.create_cell;
       created_cell_t *cell_out = &rpl.created_cell;
-      struct timeval tv_start, tv_end;
+      struct timeval tv_start = {0,0}, tv_end;
       int n;
       rpl.timed = req.timed;
       rpl.started_at = req.started_at;
diff --git a/src/or/ext_orport.c b/src/or/ext_orport.c
index d5a0fa1ee4..0d28a9199a 100644
--- a/src/or/ext_orport.c
+++ b/src/or/ext_orport.c
@@ -256,7 +256,7 @@ handle_client_auth_nonce(const char *client_nonce, size_t client_nonce_len,
     base16_encode(server_nonce_encoded, sizeof(server_nonce_encoded),
                   server_nonce, sizeof(server_nonce));
     base16_encode(client_nonce_encoded, sizeof(client_nonce_encoded),
-                  client_nonce, sizeof(client_nonce));
+                  client_nonce, EXT_OR_PORT_AUTH_NONCE_LEN);
 
     log_debug(LD_GENERAL,
               "server_hash: '%s'\nserver_nonce: '%s'\nclient_nonce: '%s'",
diff --git a/src/or/onion.c b/src/or/onion.c
index 30b983d91e..72571b7bd9 100644
--- a/src/or/onion.c
+++ b/src/or/onion.c
@@ -329,12 +329,14 @@ onion_queue_entry_remove(onion_queue_t *victim)
 void
 clear_pending_onions(void)
 {
-  onion_queue_t *victim;
+  onion_queue_t *victim, *next;
   int i;
   for (i=0; i<=MAX_ONION_HANDSHAKE_TYPE; i++) {
-    while ((victim = TOR_TAILQ_FIRST(&ol_list[i]))) {
+    for (victim = TOR_TAILQ_FIRST(&ol_list[i]); victim; victim = next) {
+      next = TOR_TAILQ_NEXT(victim,next);
       onion_queue_entry_remove(victim);
     }
+    tor_assert(TOR_TAILQ_EMPTY(&ol_list[i]));
   }
   memset(ol_entries, 0, sizeof(ol_entries));
 }
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index abd78da73a..5a81d07856 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -2041,7 +2041,7 @@ rend_service_decrypt_intro(
   if (err_msg_out && !err_msg) {
     tor_asprintf(&err_msg,
                  "unknown INTRODUCE%d error decrypting encrypted part",
-                 (int)(intro->type));
+                 intro ? (int)(intro->type) : -1);
   }
   if (status >= 0) status = -1;
 
@@ -2147,7 +2147,7 @@ rend_service_parse_intro_plaintext(
   if (err_msg_out && !err_msg) {
     tor_asprintf(&err_msg,
                  "unknown INTRODUCE%d error parsing encrypted part",
-                 (int)(intro->type));
+                 intro ? (int)(intro->type) : -1);
   }
   if (status >= 0) status = -1;
author	Nick Mathewson <nickm@torproject.org>	2014-04-25 01:24:39 -0400
committer	Nick Mathewson <nickm@torproject.org>	2014-04-25 01:24:39 -0400
commit	d3c05a79f0b3e688e43edfffe9886664777517f7 (patch)
tree	caf18aa657f83c5bf224bd2750dc5e81d2000e3d /src/or
parent	12b1d64b0378450fb8c69dfe81fde2d1cd1b36b1 (diff)
parent	5470795b834a788ec482f22091d58b27a1999a2d (diff)
download	tor-d3c05a79f0b3e688e43edfffe9886664777517f7.tar.gz tor-d3c05a79f0b3e688e43edfffe9886664777517f7.zip