Page MenuHome GnuPG

GnuPG master segfault
Closed, ResolvedPublic


While testing for T6570 master segfaulted for me:

Probably some version mismatch but segfaults are never good when we can compile in this version combination. Even the older gpg-agent should not matter. Although I will restart that now first.

gpg (GnuPG) 2.5.0-beta179
libgcrypt 1.11.0

gdb /opt/gnupg/bin/gpg  
(gdb) run --yes --batch -esu ldata-test -o 10gb.gpg -r ldata-test 10gb-random.dat 
Starting program: /opt/gnupg/bin/gpg --yes --batch -esu ldata-test -o 10gb.gpg -r ldata-test 10gb-random.dat

gpg: enabled debug flags: memstat
gpg: enabled compatibility flags:
gpg: WARNING: server 'gpg-agent' is older than us (2.4.3 < 2.5.0-beta179)
gpg: Note: Outdated servers may lack important security fixes.
gpg: Note: Use the command "gpgconf --kill all" to restart them.
gpg: using subkey 5CB09E43DC49649F instead of primary key 1FDF723CF462B6B1
gpg: using subkey B783A823C750557F instead of primary key 6FAF8982C209FFA8
gpg: B783A823C750557F: There is no assurance this key belongs to the named user

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7ccd23c in md_close (a=0x1) at ../../../src/libgcrypt/cipher/md.c:730
warning: Source file is more recent than executable.
730       if (a->ctx->debug)
(gdb) bt
#0  0x00007ffff7ccd23c in md_close (a=0x1) at ../../../src/libgcrypt/cipher/md.c:730
#1  0x00007ffff7ccdd95 in _gcry_md_close (hd=<optimized out>) at ../../../src/libgcrypt/cipher/md.c:748
#2  0x00007ffff7cb41c5 in gcry_md_close (hd=<optimized out>) at ../../../src/libgcrypt/src/visibility.c:1207
#3  0x0000000000462b73 in sign_file (ctrl=ctrl@entry=0x5265a0, filenames=<optimized out>, detached=detached@entry=0, locusr=<optimized out>, encryptflag=encryptflag@entry=1, remusr=<optimized out>, outfile=<optimized out>)
    at /home/aheinecke/dev/main/src/gnupg/g10/sign.c:1403
#4  0x000000000040f910 in main (argc=<optimized out>, argv=<optimized out>) at /home/aheinecke/dev/main/src/gnupg/g10/gpg.c:4488

Event Timeline

Looking at sign_file I can see several places though where it does goto leave before gcry_md_open is called on md. So the fix seems obvious to initalize md to NULL so that the gcry_md_close in the leave part does not work on an uninitialized variable.

aheinecke claimed this task.