#22751 closed defect (fixed)

LZMA coder causes crash when the sandbox is enabled

Reported by: ahf Owned by: ahf
Priority: High Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor Version: Tor: 0.3.1.1-alpha
Severity: Normal Keywords:
Cc: Actual Points: 0.1
Parent ID: Points: 0.1
Reviewer: Sponsor: Sponsor4

Description

While doing the measurements for Sponsor 4 I noticed that Tor instances running as relays or authorities would sometimes crash when the sandbox is enabled.

This is due to the MALLOC_MP_LIM value in sandbox.c, which is currently set to 16 MB, being too low. We limit our LZMA coder to only use 16 MB, but the coder allocates some additional data other than its internal buffer, which leads to the crash.

Child Tickets

Change History (4)

comment:1 Changed 12 months ago by ahf

Owner: set to ahf
Status: newassigned

comment:2 Changed 12 months ago by ahf

Status: assignedneeds_review

Patch (based on the maint-0.3.1 branch) is available in: https://gitlab.com/ahf/tor/merge_requests/18

comment:3 Changed 12 months ago by ahf

Actual Points: 0.1

comment:4 Changed 12 months ago by nickm

Resolution: fixed
Status: needs_reviewclosed

merged!

Note: See TracTickets for help on using tickets.