Skip to content
Convenient & cross-platform sandboxing C library
C Assembly CMake Shell Meson C++ Other
Branch: master
Clone or download
Snaipe arena: fix out-of-bounds access from the arena chunk resize.
The arena code makes allocation entries resize themselves to fit the
allocated data as closely as possible. In some cases, the remaining size
would not be enough for the next entry metadata to be allocated, which
would of course cause a segmentation fault when trying to initialize it.

To address that, we initialize a sentinel at the end of the arena, which
takes the form of an allocation entry of size 0. As a bonus, this makes
iteration more straightforward as it becomes sufficient to compare the
current entry pointer to the address of the sentinel.
Latest commit 831428f Oct 12, 2019

README.md

BoxFort

Unix Build Status Windows Build Status License Version

A simple, cross-platform sandboxing C library powering Criterion.

Warning: This library is experimental. APIs may change without notice until Beta is hit. Use at your own risk.

BoxFort provides a simple API to run user code in isolated processes.

Although BoxFort provides some kind of security of the parent process from spawned sandboxes, a sandbox has by default the same system permissions and access than its parent, and is hence, without care, ill-fitted for security purposes.

The main goal of this project is not security, but portable code isolation -- if you want complete system isolation, consider using properly configured containers.

You can’t perform that action at this time.