Page MenuHome GnuPG
Create Task
Maniphest T121

bus error from --search on sparc
Closed, ResolvedPublic
Actions

Description

Environment

Debian Release: 3.0
Architecture: sparc
Kernel: Linux albion.dl.ac.uk 2.4.19 #1 Sat Oct 5 15:26:43 EDT 2002 sparc64
Locale: LANG=C, LC_CTYPE=en_GB

Versions of packages gnupg depends on:
ii libc6 2.2.5-14.3 GNU C Library: Shared libraries an
ii libldap2 2.0.23-6 OpenLDAP libraries.
ii makedev 2.3.1-58 Creates device files in /dev.
ii zlib1g 1:1.1.4-1 compression library - runtime

Description

I see the following (originally in 1.2.0-1, and I then upgraded to
check):

$ gpg --search annihilator-1@erlenstar.demon.co.uk
gpg: searching for "annihilator-1@erlenstar.demon.co.uk" from HKP server wwwkeys.uk.pgp.net
Keys 1-1 of 1 for "annihilator-1@erlenstar.demon.co.uk"
(1) Annihilator <annihilator-1@erlenstar.demon.co.uk>

512 bit RSA key 02216DD9, created 1998-03-01

Enter number(s), N)ext, or Q)uit > 1
gpg: key 02216DD9: public key "Annihilator <annihilator-1@erlenstar.demon.co.uk>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
Bus error

It seems actually to have succeeded, but also crashes when the key is
in the ring:
$ gpg --search annihilator-1@erlenstar.demon.co.uk
gpg: searching for "annihilator-1@erlenstar.demon.co.uk" from HKP server wwwkeys.uk.pgp.net
Keys 1-1 of 1 for "annihilator-1@erlenstar.demon.co.uk"
(1) Annihilator <annihilator-1@erlenstar.demon.co.uk>

512 bit RSA key 02216DD9, created 1998-03-01

Enter number(s), N)ext, or Q)uit > 1
gpg: key 02216DD9: "Annihilator <annihilator-1@erlenstar.demon.co.uk>" not changed
gpg: Total number processed: 1
gpg: unchanged: 1
Bus error

How To Repeat

From James Troup:

(gdb) run --keyserver wwwkeys.uk.pgp.net --search annihilator-1@erlenstar.demon.co.uk
Starting program: /home/troup/gnupg-1.2.1/g10/gpg --keyserver wwwkeys.uk.pgp.net --search annihilator-1@erlenstar.demon.co.uk
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: searching for "annihilator-1@erlenstar.demon.co.uk" from HKP server wwwkeys.uk.pgp.net
Keys 1-1 of 1 for "annihilator-1@erlenstar.demon.co.uk"
(1) Annihilator <annihilator-1@erlenstar.demon.co.uk>

512 bit RSA key 02216DD9, created 1998-03-01

Enter number(s), N)ext, or Q)uit > 1
gpg: key 02216DD9: public key "Annihilator <annihilator-1@erlenstar.demon.co.uk>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

Program received signal SIGBUS, Bus error.
0x700f32e4 in _int_free (av=0x701bb8b4, mem=0x653e0d0a) at malloc.c:4167
4167 malloc.c: No such file or directory.

in malloc.c

(gdb) bt
#0 0x700f32e4 in _int_free (av=0x701bb8b4, mem=0x653e0d0a) at malloc.c:4167
#1 0x700f1ecc in libc_free (mem=0x12c170) at malloc.c:3344
#2 0x000e0fd0 in m_free (a=0x12c170) at memory.c:553
#3 0x000e4520 in iobuf_close (a=0x12c0f0) at iobuf.c:940
#4 0x00077884 in hkp_search (tokens=0x0) at hkp.c:606
#5 0x0008c314 in keyserver_work (action=2, list=0x128b18, desc=0x0, count=0) at keyserver.c:696
#6 0x0008d010 in keyserver_search (tokens=0x128b18) at keyserver.c:996
#7 0x00018fa8 in main (argc=0, argv=0xeffffd88) at g10.c:2261
#8 0x7008c8f0 in libc_start_main (main=0x14a14 <main>, argc=5, ubp_av=0xeffffd74, init=0x12544 <_init>, fini=0x70028398 <_rtld_local>,

rtld_fini=0x7000cb78 <_dl_fini>, stack_end=0x5) at ../sysdeps/generic/libc-start.c:144

(gdb) bt full
#0 0x700f32e4 in _int_free (av=0x701bb8b4, mem=0x653e0d0a) at malloc.c:4167

p = (struct malloc_chunk *) 0x12c168
size = 8456
nextchunk = (struct malloc_chunk *) 0x12e170
nextsize = 256
prevsize = 256
bck = (struct malloc_chunk *) 0x653e0d0a
fwd = (struct malloc_chunk *) 0x72

#1 0x700f1ecc in __libc_free (mem=0x12c170) at malloc.c:3344

ar_ptr = (struct malloc_state *) 0x701bb8b4
p = (struct malloc_chunk *) 0x701bb8b4
hook = (void (*)(void *, const void *)) 0

#2 0x000e0fd0 in m_free (a=0x12c170) at memory.c:553

p = (byte *) 0x12c170 ""

#3 0x000e4520 in iobuf_close (a=0x12c0f0) at iobuf.c:940

a2 = 0x0
dummy_len = 0
rc = 0

#4 0x00077884 in hkp_search (tokens=0x0) at hkp.c:606

      buffer = 0x12c0f0
      count = 1
      ret = 0
      buflen = 256
      line = (byte *) 0x12e178 ""
      rc = 0
      len = 43
      max = 100
      first = 0
      searchstr = (unsigned char *) 0x128b90 "annihilator-1@erlenstar.demon.co.uk"
      searchurl = (unsigned char *) 0x128bc0 "annihilator-1%40erlenstar%2Edemon%2Eco%2Euk"
      request = (unsigned char *) 0x128c30 "x-hkp://wwwkeys.uk.pgp.net/pks/lookup?op=index&search=annihilator-1%40erlenstar%2Edemon%2Eco%2Euk"
      hd = {initialized = 0, status_code = 200, sock = 7, in_data = 0, fp_read = 0x129f60, fp_write = 0x0, is_http_0_9 = 0, uri = 0x128cd8,
req_type = HTTP_REQ_GET, buffer = 0x12bfe8 "", buffer_size = 256, flags = 0}
      hflags = 0

#5 0x0008c314 in keyserver_work (action=2, list=0x128b18, desc=0x0, count=0) at keyserver.c:696

stats_handle = (void *) 0x128b50
rc = 0
ret = 0

#6 0x0008d010 in keyserver_search (tokens=0x128b18) at keyserver.c:996
No locals.
#7 0x00018fa8 in main (argc=0, argv=0xeffffd88) at g10.c:2261

      pargs = {argc = 0xeffffcf4, argv = 0xeffffcf8, flags = 32769, err = 0, r_opt = 0, r_type = 0, r = {ret_int = 0, ret_long = 0, ret_ulong = 0,
  ret_str = 0x0}, internal = {idx = 4, inarg = 0, stopped = 1, last = 0xeffffe8e "annihilator-1@erlenstar.demon.co.uk", aliases = 0x0, cur_alias = 0x0}}
      a = 0x5
      rc = 0
      orig_argc = 5
      orig_argv = (char **) 0xeffffd74
      fname = 0xeffffe8e "annihilator-1@erlenstar.demon.co.uk"
      username = 0x0
      may_coredump = 0
      sl = 0x128b18
      remusr = 0x0
      locusr = 0x0
      nrings = 0x0
      sec_nrings = 0x0
      afx = {what = 0, only_keyblocks = 1, hdrlines = 0x701b87d4 "", no_openpgp_data = 0, inp_checked = 0, inp_bypass = 768, in_cleartext = 772,
not_dash_escaped = 192, hashes = 0, faked = 1880857688, truncated = 5, qp_detected = -268436108, pgp2mode = -268436084, 
buffer = 0x70050000 "\177ELF\001\002\001", buffer_size = 6568, buffer_len = 1879217896, buffer_pos = 4026530888, radbuf = "p\0&#65533;\224", idx = 0, idx2 = 0, 
crc = 0, status = 0, cancel = 1879551480, any_data = 1879218512, pending_lf = 0}
      detached_sig = 0
      configfp = (FILE *) 0x0
      configname = 0x0
      configlineno = 200
      parse_debug = 0
      default_config = 0
      default_keyring = 1
      greeting = 0
      nogreeting = 0
      use_random_seed = 1
      cmd = aSearchKeys
      trustdb_name = 0x0
      def_cipher_string = 0x0
      def_digest_string = 0x0
      cert_digest_string = 0x0
      s2k_cipher_string = 0x0
      s2k_digest_string = 0x0
      pers_cipher_list = 0x0
      pers_digest_list = 0xf53e0 "h2"
      pers_compress_list = 0x0
      eyes_only = 0
      pwfd = -1
      with_fpr = 0
      any_explicit_recipient = 0
      requested_shm_size = 0

#8 0x7008c8f0 in __libc_start_main (main=0x14a14 <main>, argc=5, ubp_av=0xeffffd74, init=0x12544 <_init>, fini=0x70028398 <_rtld_local>,

rtld_fini=0x7000cb78 <_dl_fini>, stack_end=0x5) at ../sysdeps/generic/libc-start.c:144
    ubp_ev = (char **) 0xeffffd74

(gdb)

Fix

Memory corruption