)]}'
{
  "commit": "2c58c2fda1c1da4131f35f58289f44d87cedbb8d",
  "tree": "321beb6fffff4fbc619aa3b7b90a111187973074",
  "parents": [
    "aaa1a84d63dbc74ea1c15fd7c421ee59902e910d"
  ],
  "author": {
    "name": "Adam Langley",
    "email": "agl@google.com",
    "time": "Fri Jan 03 14:53:04 2020 -0800"
  },
  "committer": {
    "name": "CQ bot account: commit-bot@chromium.org",
    "email": "commit-bot@chromium.org",
    "time": "Mon Jan 06 17:34:02 2020 +0000"
  },
  "message": "Fix double-free under load.\n\nThe BN_BLINDING cache, when 1024 threads are performing concurrent\nprivate operations on one RSA key, can race to append a BN_BLINDING to a\ncache which is just short of the maximum length. The cache ends up one\n(or more) elements longer than the maximum length. That causes the index\nof one of the cache elements to _be_ the supposed maximum length, but\nthat index is treated as a magic number that indicates that a\nBN_BLINDING isn\u0027t from the cache and thus needs to be freed after use.\nThat BN_BLINDING is then double-freed when the cache itself is freed.\n\nSee internal bug b/147126942.\n\nSince the fact that someone hit this means that 1024 threads working on\na single RSA key is a thing that\u0027s happening, take the opportunity to\ngrow the cache by doubling rather than by single elements at a time.\nOnce the number of extensions is so reduced, the trick of unlocking to\nkeep a few allocations outside of the lock (which caused the problem)\ncan be discarded.\n\nChange-Id: I32dd16d825b702b31ee9b776414c4e6afe883724\nReviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/39324\nReviewed-by: Adam Langley \u003cagl@google.com\u003e\nReviewed-by: David Benjamin \u003cdavidben@google.com\u003e\nCommit-Queue: Adam Langley \u003cagl@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "74bf098dcce0fa2ef6cce3f4b4a69358a079960c",
      "old_mode": 33188,
      "old_path": "crypto/fipsmodule/rsa/rsa_impl.c",
      "new_id": "6fb8ce72d3a9b3c92fd7870c6a61a947081e9a7b",
      "new_mode": 33188,
      "new_path": "crypto/fipsmodule/rsa/rsa_impl.c"
    },
    {
      "type": "modify",
      "old_id": "0fe0351ac5081efebe50c41b2d25a3e0ba158b20",
      "old_mode": 33188,
      "old_path": "crypto/rsa_extra/rsa_test.cc",
      "new_id": "4218cdbab3336c91bb977fdcc56128510d619b58",
      "new_mode": 33188,
      "new_path": "crypto/rsa_extra/rsa_test.cc"
    }
  ]
}