Stop invoking undefined behaviour by using tor_free() on an unaligned pointer

... in get_interface_addresses_ioctl(). This pointer alignment issue exists on x86_64 macOS, but is unlikely to exist elsewhere. (i386 macOS only requires 4-byte alignment, and other OSs have 8-byte ints.) Fixes bug 24733; not in any released version of tor.
2025-02-24 22:58:50 +01:00 · 2017-12-24 22:36:52 +11:00 · 2017-12-24 22:36:52 +11:00 · 54899b404c
commit 54899b404c
parent f5d89fab25
2 changed files with 11 additions and 1 deletions
--- a/changes/bug24733
+++ b/changes/bug24733
@ -0,0 +1,6 @@
+  o Minor bugfixes (code correctness):
+    - Stop invoking undefined behaviour by using tor_free() on an unaligned
+      pointer in get_interface_addresses_ioctl(). This pointer alignment issue
+      exists on x86_64 macOS, but is unlikely to exist elsewhere.
+      Fixes bug 24733; bugfix on 0.3.0.0-alpha-dev;
+      not in any released version of tor.
--- a/src/common/address.c
+++ b/src/common/address.c
@ -1601,7 +1601,11 @@ get_interface_addresses_ioctl(int severity, sa_family_t family)
 done:
  if (fd >= 0)
    close(fd);
-  tor_free(ifc.ifc_buf);
+  /* On macOS, tor_free() loads ifc.ifc_buf, which leads to undefined
+   * behaviour, because it is always aligned at 8-bytes (ifc) plus 4 bytes
+   * (ifc_len and pragma pack(4)). So we use raw_free() instead. */
+  raw_free(ifc.ifc_buf);
+  ifc.ifc_buf = NULL;
  return result;
 }
 #endif /* defined(HAVE_IFCONF_TO_SMARTLIST) */