guardianproject
[BUG] Memory corruption when being run with ARM memory tagging
Describe the Bug
When running Orbot with ARMv8.5 memory tagging enabled, it will crash when the user hits the Connect button, with the below error. You will only be able to reproduce this currently on a Google Pixel 8 or Google Pixel 8 Pro device, running GrapheneOS with memory tagging enabled for Orbot.
NOTICE: This is not a bug with GrapheneOS, it is a memory corruption bug which is exposed by GrapheneOS, which is in Orbot. Android will be eventually deploying memory tagging by default, so this needs to be resolved, it cannot be ignored.
To Reproduce Steps to reproduce the behavior:
- Install Orbot
- Open Orbot and tap on Connect...
- Observe that Orbot remains connected for a few seconds and then crashes
What Custom Configuration Do You Use? None, no settings changed.
Smartphone (please complete the following information):
- Device: Pixel 8
- OS: GrapheneOS 2024020500 based on Android 14
- Version: v17.2.1 RC 2
Crash Logs (Advanced)
type: crash
osVersion: google/shiba/shiba:14/UQ1A.240205.004/2024020500:user/release-keys
uid: 1010199 (u:r:untrusted_app_32:s0:c199,c256,c522,c768)
cmdline: org.torproject.android
processUptime: 13s
signal: 11 (SIGSEGV), code 9 (SEGV_MTESERR), faultAddr f00cf40c3498e20
threadName: Thread-4
MTE: enabled
backtrace:
/data/app/~~VJ9ejUBpnXKOEuPjlCuZ5w==/org.torproject.android-jpKSsr6f1PNU4rg6ga3eCg==/base.apk (_cgo_9b39563feb7e_Cfunc_get_conn_key_val+32, pc a1dbf0)
/data/app/~~VJ9ejUBpnXKOEuPjlCuZ5w==/org.torproject.android-jpKSsr6f1PNU4rg6ga3eCg==/base.apk (pc 36ea38)
