Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix crash in LZMA module when the Sandbox is enabled.

This patch fixes a crash in our LZMA module where liblzma will allocate
slightly more data than it is allowed to by its limit, which leads to a
crash.

See: https://bugs.torproject.org/22751
Alexander Færøy 6 years ago
parent
2cd49d9ea6
commit
c239b2fc9c
2 changed files with 13 additions and 2 deletions
Split View Show Diff Stats
  1. 5 0
      changes/bug22751
  2. 8 2
      src/common/sandbox.c

+ 5 - 0
changes/bug22751
View File 

@@ -0,0 +1,5 @@
 
+  o Major bugfixes (compression):
 
+    - Fix crash in LZMA module, when the Sandbox is enabled, where
 
+      liblzma would allocate more than 16 MB of memory.  We solve this
 
+      by bumping the mprotect() limit in the Sandbox module from 16 MB
 
+      to 20 MB.  Fixes bug 22751; bugfix on 0.3.1.1-alpha.

+ 8 - 2
src/common/sandbox.c
View File 

@@ -19,8 +19,14 @@
 
 #define _LARGEFILE64_SOURCE
 
 #endif
 
 
-/** Malloc mprotect limit in bytes. */
 
-#define MALLOC_MP_LIM (16*1024*1024)
 
+/** Malloc mprotect limit in bytes.
 
+ *
 
+ * 28/06/2017: This value was increased from 16 MB to 20 MB after we introduced
 
+ * LZMA support in Tor (0.3.1.1-alpha). We limit our LZMA coder to 16 MB, but
 
+ * liblzma have a small overhead that we need to compensate for to avoid being
 
+ * killed by the sandbox.
 
+ */
 
+#define MALLOC_MP_LIM (20*1024*1024)
 
 
 #include <stdio.h>
 
 #include <string.h>