From e2a7d08aa7c51fa903d5294628612a13b4c0d6e0 Mon Sep 17 00:00:00 2001
From: teor <teor@torproject.org>
Date: Fri, 30 Aug 2019 21:12:52 +1000
Subject: backtrace: Always set a backtrace Tor version

We want to report the tor version, even on platforms that don't have
backtrace support (like Android).

This commit stores the backtrace Tor version, regardless of USE_BACKTRACE.

Preparation for 31571.
---
 src/lib/err/backtrace.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c
index 1d1b3bcfa3..8cca3c37e7 100644
--- a/src/lib/err/backtrace.c
+++ b/src/lib/err/backtrace.c
@@ -68,10 +68,10 @@
 // Redundant with util.h, but doing it here so we can avoid that dependency.
 #define raw_free free
 
-#ifdef USE_BACKTRACE
 /** Version of Tor to report in backtrace messages. */
 static char bt_version[128] = "";
 
+#ifdef USE_BACKTRACE
 /** Largest stack depth to try to dump. */
 #define MAX_DEPTH 256
 /** Static allocation of stack to dump. This is static so we avoid stack
@@ -193,15 +193,12 @@ dump_stack_symbols_to_error_fds(void)
 /** Install signal handlers as needed so that when we crash, we produce a
  * useful stack trace. Return 0 on success, -errno on failure. */
 static int
-install_bt_handler(const char *software)
+install_bt_handler(void)
 {
   int trap_signals[] = { SIGSEGV, SIGILL, SIGFPE, SIGBUS, SIGSYS,
                          SIGIO, -1 };
   int i, rv=0;
 
-  strncpy(bt_version, software, sizeof(bt_version) - 1);
-  bt_version[sizeof(bt_version) - 1] = 0;
-
   struct sigaction sa;
 
   memset(&sa, 0, sizeof(sa));
@@ -247,9 +244,8 @@ log_backtrace_impl(int severity, int domain, const char *msg,
 }
 
 static int
-install_bt_handler(const char *software)
+install_bt_handler(void)
 {
-  (void) software;
   return 0;
 }
 
@@ -274,7 +270,10 @@ configure_backtrace_handler(const char *tor_version)
     snprintf(version, sizeof(version), "Tor %s", tor_version);
   }
 
-  return install_bt_handler(version);
+  strncpy(bt_version, version, sizeof(bt_version) - 1);
+  bt_version[sizeof(bt_version) - 1] = 0;
+
+  return install_bt_handler();
 }
 
 /** Perform end-of-process cleanup for code that generates error messages on
-- 
cgit v1.2.3-54-g00ecf


From 743bc0028be46e92a46b3b5e38f1e50ee69ff284 Mon Sep 17 00:00:00 2001
From: teor <teor@torproject.org>
Date: Fri, 30 Aug 2019 21:15:54 +1000
Subject: backtrace: Log the Tor backtrace version whenever we log a backtrace

Previously, we just logged it in the crash handler.

Part of 31571.
---
 src/lib/err/backtrace.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c
index 8cca3c37e7..c34eb6dfa6 100644
--- a/src/lib/err/backtrace.c
+++ b/src/lib/err/backtrace.c
@@ -127,7 +127,7 @@ log_backtrace_impl(int severity, int domain, const char *msg,
   depth = backtrace(cb_buf, MAX_DEPTH);
   symbols = backtrace_symbols(cb_buf, (int)depth);
 
-  logger(severity, domain, "%s. Stack trace:", msg);
+  logger(severity, domain, "%s: %s. Stack trace:", bt_version, msg);
   if (!symbols) {
     /* LCOV_EXCL_START -- we can't provoke this. */
     logger(severity, domain, "    Unable to generate backtrace.");
@@ -240,7 +240,8 @@ void
 log_backtrace_impl(int severity, int domain, const char *msg,
                    tor_log_fn logger)
 {
-  logger(severity, domain, "%s. (Stack trace not available)", msg);
+  logger(severity, domain, "%s: %s. (Stack trace not available)",
+         bt_version, msg);
 }
 
 static int
-- 
cgit v1.2.3-54-g00ecf


From 65a1d86491d56c77048d01e0b4fc6b933a13795c Mon Sep 17 00:00:00 2001
From: teor <teor@torproject.org>
Date: Fri, 30 Aug 2019 21:17:07 +1000
Subject: torerr: Log the Tor backtrace version when a raw assertion fails

Part of 31571.
---
 src/lib/err/backtrace.c | 8 ++++++++
 src/lib/err/backtrace.h | 1 +
 src/lib/err/torerr.c    | 3 ++-
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c
index c34eb6dfa6..a4d8269c6a 100644
--- a/src/lib/err/backtrace.c
+++ b/src/lib/err/backtrace.c
@@ -261,6 +261,14 @@ dump_stack_symbols_to_error_fds(void)
 }
 #endif /* defined(NO_BACKTRACE_IMPL) */
 
+/** Return the tor version used for error messages on crashes.
+ * Signal-safe: returns a pointer to a static array. */
+const char *
+get_tor_backtrace_version(void)
+{
+  return bt_version;
+}
+
 /** Set up code to handle generating error messages on crashes. */
 int
 configure_backtrace_handler(const char *tor_version)
diff --git a/src/lib/err/backtrace.h b/src/lib/err/backtrace.h
index 9b313261e6..48b41fca02 100644
--- a/src/lib/err/backtrace.h
+++ b/src/lib/err/backtrace.h
@@ -21,6 +21,7 @@ void log_backtrace_impl(int severity, int domain, const char *msg,
 int configure_backtrace_handler(const char *tor_version);
 void clean_up_backtrace_handler(void);
 void dump_stack_symbols_to_error_fds(void);
+const char *get_tor_backtrace_version(void);
 
 #define log_backtrace(sev, dom, msg) \
   log_backtrace_impl((sev), (dom), (msg), tor_log)
diff --git a/src/lib/err/torerr.c b/src/lib/err/torerr.c
index 54acf722aa..88b19b7327 100644
--- a/src/lib/err/torerr.c
+++ b/src/lib/err/torerr.c
@@ -144,7 +144,8 @@ tor_raw_assertion_failed_msg_(const char *file, int line, const char *expr,
 {
   char linebuf[16];
   format_dec_number_sigsafe(line, linebuf, sizeof(linebuf));
-  tor_log_err_sigsafe("INTERNAL ERROR: Raw assertion failed at ",
+  tor_log_err_sigsafe("INTERNAL ERROR: Raw assertion failed in ",
+                      get_tor_backtrace_version(), " at ",
                       file, ":", linebuf, ": ", expr, NULL);
   if (msg) {
     tor_log_err_sigsafe_write(msg);
-- 
cgit v1.2.3-54-g00ecf


From c55591825fedb0fe1db92fab7b654ccc15ad50d3 Mon Sep 17 00:00:00 2001
From: teor <teor@torproject.org>
Date: Fri, 30 Aug 2019 21:17:56 +1000
Subject: torerr: Try harder to flush raw assert messages before process
 termination

Some platforms (macOS, maybe others?) can swallow the last write before an
abort. This issue is probably caused by a race condition between write
buffer cache flushing, and process termination. So we write an extra
newline, to make sure that the message always gets through.

Fixes bug 31571; bugfix on 0.3.5.1-alpha.
---
 changes/bug31571     | 7 +++++++
 src/lib/err/torerr.c | 8 +++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 changes/bug31571

diff --git a/changes/bug31571 b/changes/bug31571
new file mode 100644
index 0000000000..86de3537ba
--- /dev/null
+++ b/changes/bug31571
@@ -0,0 +1,7 @@
+  o Minor bugfixes (error handling):
+    - Report the tor version whenever an assertion fails. Previously, we only
+      reported the Tor version on some crashes, and some non-fatal assertions.
+      Fixes bug 31571; bugfix on 0.3.5.1-alpha.
+    - On abort, try harder to flush the output buffers of log messages. On
+      some platforms (macOS), log messages can be discarded when the process
+      terminates. Fixes bug 31571; bugfix on 0.3.5.1-alpha.
diff --git a/src/lib/err/torerr.c b/src/lib/err/torerr.c
index 88b19b7327..6b5224273a 100644
--- a/src/lib/err/torerr.c
+++ b/src/lib/err/torerr.c
@@ -146,13 +146,19 @@ tor_raw_assertion_failed_msg_(const char *file, int line, const char *expr,
   format_dec_number_sigsafe(line, linebuf, sizeof(linebuf));
   tor_log_err_sigsafe("INTERNAL ERROR: Raw assertion failed in ",
                       get_tor_backtrace_version(), " at ",
-                      file, ":", linebuf, ": ", expr, NULL);
+                      file, ":", linebuf, ": ", expr, "\n", NULL);
   if (msg) {
     tor_log_err_sigsafe_write(msg);
     tor_log_err_sigsafe_write("\n");
   }
 
   dump_stack_symbols_to_error_fds();
+
+  /* Some platforms (macOS, maybe others?) can swallow the last write before an
+   * abort. This issue is probably caused by a race condition between write
+   * buffer cache flushing, and process termination. So we write an extra
+   * newline, to make sure that the message always gets through. */
+  tor_log_err_sigsafe_write("\n");
 }
 
 /* As format_{hex,dex}_number_sigsafe, but takes a <b>radix</b> argument
-- 
cgit v1.2.3-54-g00ecf


From f311d0676caad1c61a4dbf8fffbeb79003866903 Mon Sep 17 00:00:00 2001
From: teor <teor@torproject.org>
Date: Tue, 3 Sep 2019 15:50:37 +1000
Subject: backtrace: Check the return values of snprintf() and strncpy()

We can't use strlcat() or strlcpy() in torerr, because they are defined
in string/compat_string.h on some platforms, and string uses torerr.

Part of 31571.
---
 src/lib/err/backtrace.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/lib/err/backtrace.c b/src/lib/err/backtrace.c
index a4d8269c6a..8606f42177 100644
--- a/src/lib/err/backtrace.c
+++ b/src/lib/err/backtrace.c
@@ -276,11 +276,23 @@ configure_backtrace_handler(const char *tor_version)
   char version[128] = "Tor\0";
 
   if (tor_version) {
-    snprintf(version, sizeof(version), "Tor %s", tor_version);
+    int snp_rv = 0;
+    /* We can't use strlcat() here, because it is defined in
+     * string/compat_string.h on some platforms, and string uses torerr. */
+    snp_rv = snprintf(version, sizeof(version), "Tor %s", tor_version);
+    /* It's safe to call raw_assert() here, because raw_assert() does not
+     * call configure_backtrace_handler(). */
+    raw_assert(snp_rv < (int)sizeof(version));
+    raw_assert(snp_rv >= 0);
   }
 
-  strncpy(bt_version, version, sizeof(bt_version) - 1);
+  char *str_rv = NULL;
+  /* We can't use strlcpy() here, see the note about strlcat() above. */
+  str_rv = strncpy(bt_version, version, sizeof(bt_version) - 1);
+  /* We must terminate bt_version, then raw_assert(), because raw_assert()
+   * uses bt_version. */
   bt_version[sizeof(bt_version) - 1] = 0;
+  raw_assert(str_rv == bt_version);
 
   return install_bt_handler();
 }
-- 
cgit v1.2.3-54-g00ecf