GPG decryption results in error "double free detected in tcache 2"
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	nijssels
	Nov 29 2019, 9:03 AM

Description

Since version 2.2.18, when I try to decrypt a file an error occurs. Downgrading to 2.2.17 resolves the issue.

Version info:
arch linux 5.3.13-arch1-1
gpg (GnuPG) 2.2.18
libgcrypt 1.8.5

Steps to reproduce:

~ encrypt file using RSA2048 key
gpg --hidden-recipient "Test User" -o test.txt.g --encrypt test.txt

gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2020-05-05

~ decrypt file
gpg --verbose -d test.txt.g

gpg: public key is 0000000000000000
gpg: selecting card failed: No such device
gpg: anonymous recipient; trying secret key XXXXXXXXXXXXXXX ...
gpg: anonymous recipient; trying secret key YYYYYYYYYYYYYYYY ...
gpg: pinentry launched (9822 gtk2 1.1.0 /dev/pts/2 xterm-termite :0)
gpg: okay, we are the anonymous recipient.
free(): double free detected in tcache 2
Aborted (core dumped)

Details

External Link: https://bugs.archlinux.org/task/64663
Version: 2.2.18

Revisions and Commits

rG GnuPG
	rG9ac182f376ab gpg: Fix double free with anonymous recipients.

Related Objects

Mentioned In: T4768: Release GnuPG 2.2.19
T4684: Release GnuPG 2.2.18

Event Timeline

nijssels created this task.Nov 29 2019, 9:03 AM

• werner triaged this task as High priority.Nov 29 2019, 4:33 PM

Okay, I can replicate that on gnupg 2.2; it works correct on master.

• werner mentioned this in T4684: Release GnuPG 2.2.18.Nov 29 2019, 5:01 PM

• werner added a commit: rG9ac182f376ab: gpg: Fix double free with anonymous recipients..Nov 29 2019, 5:47 PM

Regression due to a faulty backport. Fixed in repo; patch is F1052802
Thanks for reporting.

• werner mentioned this in T4768: Release GnuPG 2.2.19.Dec 7 2019, 1:13 PM