[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #21439 [Core Tor/Tor]: Add a configure option to disable safety features that make fuzzing harder
#21439: Add a configure option to disable safety features that make fuzzing harder
------------------------------+--------------------------------
Reporter: nickm | Owner:
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.3.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------------------
We've got quite a few places in our code where we use redundant safety
features to prevent bugs from turning into really serious bugs. But many
of those safety features interfere with fuzzing, by covering up any
underlying bugs that fuzzing would otherwise detect.
For example, I'm thinking of:
* The 4-byte sentinel word at the end of each buffer chunk
* Various places in our code where we NUL-terminate stuff that doesn't
actually (we hope!) need to be NUL-terminated.
* The entire "memarea" fragmentation-resistant allocation strategy.
* Probably some other stuff too
But in addition to hardening our code a little, these features all make
some classes of memory bug less likely to get noticed by the sanitizers.
Now, you might argue that there's no need to have a way to fuzz without
those safety features, if they actually do provide safety. But on the
other hand, they're meant to provide ''redundant'' safety, and if they are
ever actually needed, that's a bug in our code that we ought to fix.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21439>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs