From 8731a4e148e23d8edbb7f32bdfeee30c326f33cc Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Mon, 10 Sep 2012 10:35:18 -0400
Subject: Avoid segfault when reading state file from ancient tor

If s_values is null in rep_hist_load_bwhist_state_section, we would
call smartlist_len() on it, and die.

Fixes bug 6801.
---
 src/or/rephist.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/or/rephist.c b/src/or/rephist.c
index 720d14cf4..3b0d9dd35 100644
--- a/src/or/rephist.c
+++ b/src/or/rephist.c
@@ -1675,7 +1675,8 @@ rep_hist_load_bwhist_state_section(bw_array_t *b,
 
   uint64_t v, mv;
   int i,ok,ok_m;
-  int have_maxima = (smartlist_len(s_values) == smartlist_len(s_maxima));
+  int have_maxima = s_maxima && s_values &&
+    (smartlist_len(s_values) == smartlist_len(s_maxima));
 
   if (s_values && s_begins >= now - NUM_SECS_BW_SUM_INTERVAL*NUM_TOTALS) {
     start = s_begins - s_interval*(smartlist_len(s_values));
-- 
cgit v1.2.3