Enforce 16 MB upper bound of memory usage in LZMA decoder.

This patch changes two things in our LZMA compression backend:

- We lower the preset values for all `compression_level_t` values to
  ensure that we can run the LZMA decoder with less than 65 MB of memory
  available. This seems to have a small impact on the real world usage
  and fits well with our needs.

- We set the upper bound of memory usage for the LZMA decoder to 16 MB.

See: https://bugs.torproject.org/21665

1 files changed, 7 insertions, 6 deletions

diff --git a/src/common/compress_lzma.c b/src/common/compress_lzma.c
index b721bae8aa..b5393a6ba6 100644
--- a/src/common/compress_lzma.c
+++ b/src/common/compress_lzma.c
@@ -22,6 +22,9 @@
 #include <lzma.h>
 #endif
 
+/** The maximum amount of memory we allow the LZMA decoder to use, in bytes. */
+#define MEMORY_LIMIT (16 * 1024 * 1024)
+
 /** Total number of bytes allocated for LZMA state. */
 static atomic_counter_t total_lzma_allocation;
 
@@ -33,9 +36,9 @@ memory_level(compression_level_t level)
   switch (level) {
     default:
     case BEST_COMPRESSION:
-    case HIGH_COMPRESSION: return 9;
-    case MEDIUM_COMPRESSION: return 6;
-    case LOW_COMPRESSION: return 3;
+    case HIGH_COMPRESSION: return 6;
+    case MEDIUM_COMPRESSION: return 4;
+    case LOW_COMPRESSION: return 2;
   }
 }
 
@@ -191,9 +194,7 @@ tor_lzma_compress_new(int compress,
       goto err;
     }
   } else {
-    // FIXME(ahf): This should be something more sensible than
-    // UINT64_MAX: See #21665.
-    retval = lzma_alone_decoder(&result->stream, UINT64_MAX);
+    retval = lzma_alone_decoder(&result->stream, MEMORY_LIMIT);
 
     if (retval != LZMA_OK) {
       log_warn(LD_GENERAL, "Error from LZMA decoder: %s (%u).",