commit 03778a0f3489994e78de70c7c5cd69f570329fab
parent d02eb4502a7798780262e091affab7718a14f3d6
Author: Mike Perry <mikeperry-git@torproject.org>
Date: Wed, 6 Dec 2023 18:54:59 +0000
Bug 40897: Add more checks to free paths
Similar double-frees would be caught earlier by these, so long as the pointers
remain nulled out.
Diffstat:
2 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/src/core/or/conflux.c b/src/core/or/conflux.c
@@ -115,6 +115,8 @@ conflux_leg_t *
conflux_get_leg(conflux_t *cfx, const circuit_t *circ)
{
conflux_leg_t *leg_found = NULL;
+ tor_assert(cfx);
+ tor_assert(cfx->legs);
// Find the leg that the cell is written on
CONFLUX_FOR_EACH_LEG_BEGIN(cfx, leg) {
diff --git a/src/core/or/conflux_pool.c b/src/core/or/conflux_pool.c
@@ -187,6 +187,8 @@ conflux_free_(conflux_t *cfx)
if (!cfx) {
return;
}
+ tor_assert(cfx->legs);
+ tor_assert(cfx->ooo_q);
SMARTLIST_FOREACH_BEGIN(cfx->legs, conflux_leg_t *, leg) {
SMARTLIST_DEL_CURRENT(cfx->legs, leg);
@@ -260,6 +262,8 @@ unlinked_free(unlinked_circuits_t *unlinked)
if (!unlinked) {
return;
}
+ tor_assert(unlinked->legs);
+
/* This cfx is pointing to a linked set. */
if (!unlinked->is_for_linked_set) {
conflux_free(unlinked->cfx);
@@ -1611,6 +1615,9 @@ linked_circuit_free(circuit_t *circ, bool is_client)
{
tor_assert(circ);
tor_assert(circ->conflux);
+ tor_assert(circ->conflux->legs);
+ tor_assert(circ->conflux->ooo_q);
+
if (is_client) {
tor_assert(circ->purpose == CIRCUIT_PURPOSE_CONFLUX_LINKED);
}
