orbot
orbot copied to clipboard
MTE Fail
Describe the Bug App fails androids memory safety test.
To Reproduce Steps to reproduce the behavior: Start the app with MTE (memory tagging) turned on.
Expected Behavior The app to function secure memory tagging turned on.
What Custom Configuration Do You Use? None
Smartphone (please complete the following information):
- Device: [e.g. Pixel 8] Pixel 8 Pro
- OS: [e.g. Android 14] Android 14
- Version: [e.g. v17.1 RC 2] UD1A.231105.004
Crash Logs (Advanced)
type: crash
osVersion: google/husky/husky:14/UD1A.231105.004/2023112900:user/release-keys
package: org.torproject.android:1711200302
process: org.torproject.android
processUptime: 0 + 0 ms
installer: dev.imranr.obtainium
signal 11 (SIGSEGV), code 9 (SEGV_MTESERR), fault addr 0x0300bf525fcdd4b0
backtrace:
#00 pc 0000000000985a40 /data/app/~~Frx_skhxnRDlJomj1rKDfw==/org.torproject.android-6DdPFQrXgK6HpFlaah7TYw==/base.apk (offset 0x46e000) (_cgo_9b39563feb7e_Cfunc_get_conn_key_val+32)
#01 pc 000000000034e198 /data/app/~~Frx_skhxnRDlJomj1rKDfw==/org.torproject.android-6DdPFQrXgK6HpFlaah7TYw==/base.apk (offset 0x46e000)
Learn more about MTE reports: https://source.android.com/docs/security/test/memory-safety/mte-reports
Describe the Bug
App is not runnable on Grapheneos with memory tag protection.
To Reproduce
Enable memory tag protection on GrapheneOS and run app.
Expected Behavior
The app to function secure memory tagging turned on.
What Custom Configuration Do You Use?
GrapheneOS with memory tag protection.
Smartphone (please complete the following information):
- Device: [e.g. Pixel 8] Pixel 8
- OS: [e.g. Android 14] Android 14
- Version: [e.g. v17.1 RC 2] v17 RC 1 (tor 0.4.8.7)
type: crash
osVersion: google/shiba/shiba:14/UQ1A.240105.004/2024010400:user/release-keys
uid: 10149 (u:r:untrusted_app_32:s0:c149,c256,c512,c768)
cmdline: org.torproject.android
processUptime: 2062s
signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr 100ca634ddf95d0
threadName: Thread-8
MTE: enabled
backtrace:
/data/app/<redacted>/org.torproject.android-<redacted>/base.apk (_cgo_9b39563feb7e_Cfunc_get_conn_key_val+32, pc 982bb4)
/data/app/<redacted>/org.torproject.android-<redacted>/base.apk (pc 34b168)
" /data/app/
seems to be the source of the issue?
Seems like something to run by core tor devs.