The Tor compression code can call functions that are NULL
The new Tor compression code in 0.3.1 assumes that all the compression functions are bound at runtime.
For example, tor_lzma_method_supported() returns 1 when HAVE_LZMA is defined, but that doesn't mean that lzma_version_string() has actually been bound to a non-NULL address in the binary.
This is more likely to happens when tor is used as a shared library rather than linked as an executable (shadow, iOS), and when using weak, lazy symbol binding.
This might not be an issue we can solve unless we check for all the symbols being NULL at runtime. Maybe the responsibility for proper linking is on people who are compiling tor with weak, lazy symbol binding.
This bug was discovered by Rob Jansen when running shadow.