Opened 3 years ago

Closed 3 years ago

#22751 closed defect (fixed)

LZMA coder causes crash when the sandbox is enabled

Reported by: ahf Owned by: ahf
Priority: High Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor Version: Tor:
Severity: Normal Keywords:
Cc: Actual Points: 0.1
Parent ID: Points: 0.1
Reviewer: Sponsor: Sponsor4


While doing the measurements for Sponsor 4 I noticed that Tor instances running as relays or authorities would sometimes crash when the sandbox is enabled.

This is due to the MALLOC_MP_LIM value in sandbox.c, which is currently set to 16 MB, being too low. We limit our LZMA coder to only use 16 MB, but the coder allocates some additional data other than its internal buffer, which leads to the crash.

Child Tickets

Change History (4)

comment:1 Changed 3 years ago by ahf

Owner: set to ahf
Status: newassigned

comment:2 Changed 3 years ago by ahf

Status: assignedneeds_review

Patch (based on the maint-0.3.1 branch) is available in:

comment:3 Changed 3 years ago by ahf

Actual Points: 0.1

comment:4 Changed 3 years ago by nickm

Resolution: fixed
Status: needs_reviewclosed


Note: See TracTickets for help on using tickets.