GnuPG is not using the PC/SC API correctly. With the function SCardListReaders() the last parameter (size of the readers buffer) is a in/out parameter. i.e. the value MUST be initialized before calling.
According to the API documentation https://pcsclite.apdu.fr/api/group__API.html#ga93b07815789b3cf2629d439ecf20f0d9
LONG SCardListReaders (
SCARDCONTEXT hContext,
LPCSTR mszGroups,
LPSTR mszReaders,
LPDWORD pcchReaders
)If *pcchReaders is equal to SCARD_AUTOALLOCATE then the function will allocate itself the needed memory. Use SCardFreeMemory() to release it.
In the GnuPG code the value of pcchReaders is not initialized and that generates a log reported by valgrind:
==35605== Thread 2: ==35605== Conditional jump or move depends on uninitialised value(s) ==35605== at 0x58BCFAE: SCardListReaders (in /usr/lib64/libpcsclite.so.1.0.0) ==35605== by 0x11D78A: apdu_dev_list_start (apdu.c:2031) ==35605== by 0x1245EF: select_application (app.c:817) ==35605== by 0x117AFF: open_card_with_request (command.c:281) ==35605== by 0x117AFF: cmd_serialno (command.c:358) ==35605== by 0x4A20839: ??? (in /usr/lib64/libassuan.so.0.8.5) ==35605== by 0x4A20C28: assuan_process (in /usr/lib64/libassuan.so.0.8.5) ==35605== by 0x11854C: scd_command_handler (command.c:2521) ==35605== by 0x114C03: start_connection_thread (scdaemon.c:1202) ==35605== by 0x4A2F49D: ??? (in /usr/lib64/libnpth.so.0.1.2) ==35605== by 0x4ABD3E9: start_thread (pthread_create.c:442) ==35605== by 0x4B3F0DF: clone (clone.S:100) ==35605==
The patch is very simple:
diff --git a/scd/apdu.c b/scd/apdu.c index 574697cc1..e83815ba5 100644 --- a/scd/apdu.c +++ b/scd/apdu.c @@ -2015,7 +2015,7 @@ apdu_dev_list_start (const char *portstr, struct dev_list **l_p) #endif { /* PC/SC readers. */ long r; - pcsc_dword_t nreader; + pcsc_dword_t nreader = 0; char *p = NULL; if (!pcsc.context)
I found the problem because of https://github.com/LudovicRousseau/PCSC/issues/125 and https://dev.gnupg.org/T5963
Thanks