Segfault with debug-all option on Solaris 5.10 64bits
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Doomsday
	Mar 20 2009, 3:10 PM

Description

Hello,

A segmentation fault occurs when I launch gpg with --debug-all option.
I'm on Solaris 5.10 64 bits and my gpg binary was compiled in 32bit (I don't
know if it's relevant).

The segfault occurs when logging the close of its pubring file descriptor.

Here the backtrace:
$ rm -rf ~/.gnupg
$ dbx gpg
(..)
(dbx) run
Running: gpg --list-keys --debug-all
(process id 1161)
gpg: NOTE: no default option file `/usr/users/soprac3g/.gnupg/gpg.conf'
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: DBG: fd_cache_open (/usr/users/soprac3g/.gnupg/pubring.gpg) not cached
gpg: DBG: iobuf-1.0: open `/usr/users/soprac3g/.gnupg/pubring.gpg' fd=4
gpg: DBG: iobuf-1.0: underflow: req=8192
gpg: DBG: iobuf-1.0: underflow: got=0 rc=-1
gpg: DBG: /usr/users/soprac3g/.gnupg/pubring.gpg: close fd 4
gpg: DBG: fd_cache_close (/usr/users/soprac3g/.gnupg/pubring.gpg) new slot created
gpg: DBG: iobuf-1.0: underflow: eof
gpg: DBG: iobuf-1.0: close `signal SEGV (no mapping at the fault address) in
strlen at 0xff0b1d50
0xff0b1d50: strlen+0x0050: ld [%o2], %o1
Current function is g10_log_debug

239       vfprintf(logfp,fmt,arg_ptr) ;

(dbx) where

[1] strlen(0x0, 0xfffffaf0, 0x0, 0xffbfec18, 0x0, 0x2), at 0xff0b1d50
[2] _ndoprnt(0x17b54a, 0xffbfed4c, 0xffbfe795, 0x0, 0x0, 0x0), at 0xff11a36c
[3] vfprintf(0x1938d0, 0x17b534, 0xffbfed40, 0x0, 0x51b94, 0x12e38c), at

0xff11c848

>[4] g10_log_debug(fmt = 0x17b534 "iobuf-%d.%d: close `%s'\n", ... = 0x1, ...),

line 239 in "logger.c"

[5] iobuf_close(a = 0x197470), line 941 in "iobuf.c"
[6] keyring_release(hd = 0x197428), line 275 in "keyring.c"
[7] keydb_release(hd = 0x197190), line 384 in "keydb.c"
[8] list_all(secret = 0), line 458 in "keylist.c"
[9] public_key_list(list = (nil)), line 105 in "keylist.c"
[10] main(argc = 0, argv = 0xffbff220), line 3584 in "gpg.c"

(dbx) up
Current function is iobuf_close
dbx: warning: File `/IGMCTDSO/soprac3g/jhuot/gnupg-1.4.9/util/iobuf.c' has been
modified more recently than `/IGMCTDSO/soprac3g/jhuot/bin/gpg'

941               log_debug("iobuf-%d.%d: close `%s'\n", a->no, a->subno,

a->desc );
(dbx) print *a
*a = {

use             = 1
nlimit          = 0
nbytes          = 0
ntotal          = 0
nofast          = 0
directfp        = (nil)
d               = {
    size  = 8192U
    start = 0
    len   = 0
    buf   = 0x1974f0 ""
}
filter_eof      = 1
error           = 0
filter          = (nil)
filter_ov       = (nil)
filter_ov_owner = 0
real_fname      = 0x199540 "/usr/users/soprac3g/.gnupg/pubring.gpg"
chain           = (nil)
no              = 1
subno           = 0
desc            = (nil)
opaque          = (nil)
unget           = {
    size  = 0
    start = 0
    len   = 0
    buf   = (nil)
}

}
(dbx) up
Current function is keyring_release
dbx: warning: File `/IGMCTDSO/soprac3g/jhuot/gnupg-1.4.9/g10/keyring.c' has been
modified more recently than `/IGMCTDSO/soprac3g/jhuot/bin/gpg'

275       iobuf_close (hd->current.iobuf);

(dbx) print hd->current
hd->current = {

kr    = 0x1950b0
iobuf = 0x197470
eof   = 1
error = 0

}

Details

Version: 1.4.9

Related Objects

Mentioned Here: D79: 225_fix.diff

Event Timeline

Doomsday set Version to 1.4.9.Mar 20 2009, 3:10 PM

Doomsday added projects: gnupg, Bug Report.

Doomsday added a subscriber: Doomsday.

D79: 225_fix.diff

This has been fixed in the SVN:

2008-08-19 Werner Koch <wk@g10code.com>

iobuf.c: Avoid passing a NULL (iobuf_t)->desc to the log

function. Should in general never be NULL, but well. Reported by
M. Heneka.

The attached patch might apply to 1.4.9 - I have not tested it though.