Bug report: _gcry_fast_random_poll() sets local variable to NULL (maybe we shouldn't)

Lew Palm l.palm at m-privacy.de
Wed Apr 8 16:31:52 CEST 2015


Hi gcrypt folks,

I observed our libgcrypt-based 64-bit application crashing on Windows 7
with segfaults. We use a current libgcrypt version from the git repo
(40a7bdf50e19faaf106470897fed72af623adc50).

I hunted down the problem to md_open() in md.c, line 369:
*h = hd;

h is a NULL pointer in that situation. But why?

_gcry_fast_random_poll() (md.c, line 358) is the evildoer! Before the
_gcry_fast_random_poll() call, h points to something reasonable, but
after this call it points to NULL.

_gcry_fast_random_poll() seems to do something nasty with the stack.

Regards,
  Lew

-- 
Dipl.-Inf. Lew Palm
Softwareentwicklung

m-privacy GmbH
Werner-Voß-Damm 62
12101 Berlin
Fon: +49 30 24632203
Fax: +49 30 99296856
http://www.m-privacy.de
GnuPG-Key-ID: 0xD51C760C

Amtsgericht Charlottenburg, HRB 84946
Geschäftsführer:
Dipl.-Kfm. Holger Maczkowsky,
Roman Maczkowsky

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150408/cf9facd0/attachment.sig>


More information about the Gcrypt-devel mailing list