Crash in gcry_mpi_powm

Ian Goldberg linux at paip.net
Tue Jul 16 23:27:00 CEST 2013 

Am I doing something crazy wrong here?  I'm compiling the attached
testcase.c program with:

gcc -g -O0 testcase.c -o testcase -lgcrypt

It takes a number x as a command-line argument, and computes 3^x mod 100
(output in hex).

If I pass something non-zero, all is well:

$ ./testcase 5
exponent = 5
result = 2B

But if I pass zero, it segfaults in gcry_mpi_powm:

$ valgrind ./testcase 0
==19837== Memcheck, a memory error detector
==19837== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==19837== Using Valgrind-3.6.0.SVN-Debian and LibVEX; rerun with -h for copyright info
==19837== Command: ./testcase 0
==19837== 
exponent = 0
==19837== Invalid write of size 4
==19837==    at 0x4090FEB: ??? (in /lib/libgcrypt.so.11.5.2)
==19837==    by 0x4046001: gcry_mpi_powm (in /lib/libgcrypt.so.11.5.2)
==19837==    by 0x80488FE: main (testcase.c:34)
==19837==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==19837== 
==19837== 
==19837== Process terminating with default action of signal 11 (SIGSEGV)
==19837==  Access not within mapped region at address 0x0
==19837==    at 0x4090FEB: ??? (in /lib/libgcrypt.so.11.5.2)
==19837==    by 0x4046001: gcry_mpi_powm (in /lib/libgcrypt.so.11.5.2)
==19837==    by 0x80488FE: main (testcase.c:34)
==19837==  If you believe this happened as a result of a stack
==19837==  overflow in your program's main thread (unlikely but
==19837==  possible), you can try to increase the size of the
==19837==  main thread stack using the --main-stacksize= flag.
==19837==  The main thread stack size used in this run was 8388608.
==19837== 
==19837== HEAP SUMMARY:
==19837==     in use at exit: 1,100 bytes in 43 blocks
==19837==   total heap usage: 45 allocs, 2 frees, 1,477 bytes allocated
==19837== 
==19837== LEAK SUMMARY:
==19837==    definitely lost: 0 bytes in 0 blocks
==19837==    indirectly lost: 0 bytes in 0 blocks
==19837==      possibly lost: 0 bytes in 0 blocks
==19837==    still reachable: 1,100 bytes in 43 blocks
==19837==         suppressed: 0 bytes in 0 blocks
==19837== Rerun with --leak-check=full to see details of leaked memory
==19837== 
==19837== For counts of detected and suppressed errors, rerun with: -v
==19837== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 16 from 7)
Segmentation fault


I get the same results on Ubuntu 10.04 32-bit and Ubuntu 12.04 64-bit
except the latter reports a write of size 8 and a different minor
version number for libgcrypt.so:

==17872== Invalid write of size 8
==17872==    at 0x4E82EBC: ??? (in /lib/x86_64-linux-gnu/libgcrypt.so.11.7.0)
==17872==    by 0x400AB0: main (testcase.c:34)
==17872==  Address 0x0 is not stack'd, malloc'd or (recently) free'd


I'm sure I'm doing something wrong, but the program is extremely simple.
Any ideas?

Thanks,

   - Ian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: testcase.c
Type: text/x-csrc
Size: 1189 bytes
Desc: not available
URL: </pipermail/attachments/20130716/29718771/attachment.c>

More information about the Gcrypt-devel mailing list