search

guardianproject / orbot

The Github home of Orbot: Tor on Android (Also available on gitlab!)
https://gitlab.com/guardianproject/orbot
Other
2.05k stars 327 forks source link

MTE Fail #1026

Open southwestgit opened 7 months ago

southwestgit commented 7 months ago

Describe the Bug App fails androids memory safety test.

To Reproduce Steps to reproduce the behavior: Start the app with MTE (memory tagging) turned on.

Expected Behavior The app to function secure memory tagging turned on.

What Custom Configuration Do You Use? None

Smartphone (please complete the following information):

Crash Logs (Advanced)

type: crash
osVersion: google/husky/husky:14/UD1A.231105.004/2023112900:user/release-keys
package: org.torproject.android:1711200302
process: org.torproject.android
processUptime: 0 + 0 ms
installer: dev.imranr.obtainium

signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x0300bf525fcdd4b0

backtrace:
      #00 pc 0000000000985a40  /data/app/~~Frx_skhxnRDlJomj1rKDfw==/org.torproject.android-6DdPFQrXgK6HpFlaah7TYw==/base.apk (offset 0x46e000) (_cgo_9b39563feb7e_Cfunc_get_conn_key_val+32)
      #01 pc 000000000034e198  /data/app/~~Frx_skhxnRDlJomj1rKDfw==/org.torproject.android-6DdPFQrXgK6HpFlaah7TYw==/base.apk (offset 0x46e000)

Learn more about MTE reports: https://source.android.com/docs/security/test/memory-safety/mte-reports
LoHub commented 5 months ago

Describe the Bug

App is not runnable on Grapheneos with memory tag protection.

To Reproduce

Enable memory tag protection on GrapheneOS and run app.

Expected Behavior

The app to function secure memory tagging turned on.

What Custom Configuration Do You Use?

GrapheneOS with memory tag protection.

Smartphone (please complete the following information):

type: crash
osVersion: google/shiba/shiba:14/UQ1A.240105.004/2024010400:user/release-keys
uid: 10149 (u:r:untrusted_app_32:s0:c149,c256,c512,c768)
cmdline: org.torproject.android
processUptime: 2062s

signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr 100ca634ddf95d0
threadName: Thread-8
MTE: enabled

backtrace:
    /data/app/<redacted>/org.torproject.android-<redacted>/base.apk (_cgo_9b39563feb7e_Cfunc_get_conn_key_val+32, pc 982bb4)
    /data/app/<redacted>/org.torproject.android-<redacted>/base.apk (pc 34b168)
n8fr8 commented 5 months ago

" /data/app//org.torproject.android-/base.apk (_cgo_9b39563feb7e_Cfunc_get_conn_key_val+32, pc 982bb4)"

seems to be the source of the issue?

eighthave commented 5 months ago

Seems like something to run by core tor devs.