GPG decryption results in error "double free detected in tcache 2"
Closed, ResolvedPublic


Since version 2.2.18, when I try to decrypt a file an error occurs. Downgrading to 2.2.17 resolves the issue.

Version info:
arch linux 5.3.13-arch1-1
gpg (GnuPG) 2.2.18
libgcrypt 1.8.5

Steps to reproduce:

~ encrypt file using RSA2048 key
gpg --hidden-recipient "Test User" -o test.txt.g --encrypt test.txt

gpg: checking the trustdb
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 2 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 2u
gpg: next trustdb check due at 2020-05-05

~ decrypt file
gpg --verbose -d test.txt.g

gpg: public key is 0000000000000000
gpg: selecting card failed: No such device
gpg: anonymous recipient; trying secret key XXXXXXXXXXXXXXX ...
gpg: anonymous recipient; trying secret key YYYYYYYYYYYYYYYY ...
gpg: pinentry launched (9822 gtk2 1.1.0 /dev/pts/2 xterm-termite :0)
gpg: okay, we are the anonymous recipient.
free(): double free detected in tcache 2
Aborted (core dumped)

nijssels created this task.Nov 29 2019, 9:03 AM
werner triaged this task as High priority.Nov 29 2019, 4:33 PM
werner added a subscriber: werner.EditedNov 29 2019, 4:43 PM

Okay, I can replicate that on gnupg 2.2; it works correct on master.

werner closed this task as Resolved.Nov 29 2019, 5:50 PM
werner claimed this task.

Regression due to a faulty backport. Fixed in repo; patch is F1052802
Thanks for reporting.