Opened 3 months ago

Closed 3 months ago

#22751 closed defect (fixed)

LZMA coder causes crash when the sandbox is enabled

Reported by: ahf Owned by: ahf
Priority: High Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor Version: Tor: 0.3.1.1-alpha
Severity: Normal Keywords:
Cc: Actual Points: 0.1
Parent ID: Points: 0.1
Reviewer: Sponsor: Sponsor4

Description

While doing the measurements for Sponsor 4 I noticed that Tor instances running as relays or authorities would sometimes crash when the sandbox is enabled.

This is due to the MALLOC_MP_LIM value in sandbox.c, which is currently set to 16 MB, being too low. We limit our LZMA coder to only use 16 MB, but the coder allocates some additional data other than its internal buffer, which leads to the crash.

Child Tickets

Change History (4)

comment:1 Changed 3 months ago by ahf

Owner: set to ahf
Status: newassigned

comment:2 Changed 3 months ago by ahf

Status: assignedneeds_review

Patch (based on the maint-0.3.1 branch) is available in: https://gitlab.com/ahf/tor/merge_requests/18

comment:3 Changed 3 months ago by ahf

Actual Points: 0.1

comment:4 Changed 3 months ago by nickm

Resolution: fixed
Status: needs_reviewclosed

merged!

Note: See TracTickets for help on using tickets.