Optimization-dependent behavior with GnuPG 1.4.19 and GCC 5
kevin at kevinlocke.name
Thu Oct 1 07:41:27 CEST 2015
On Thu, 2015-10-01 at 14:21 +0900, NIIBE Yutaka wrote:
> Thank you for the bug report with reproducible scenario.
My pleasure, thank you for looking into it.
> On 09/30/2015 04:16 PM, Kevin Locke wrote:
>> Debugging the behavior in gdb shows that in parse_signature at
>> g10/parse-packet.c:1413, sig->unhashed is NULL. This results in
>> taking the branch at g10/parse-packet.c:1185 in enum_sig_subpkt which
>> returns the address of the pktbuf argument. Although the code expects
>> this to result in a non-NULL value, it appears that the compiler
>> optimizations at -O2 result in returning a NULL value. I'm unsure if
>> this is a compiler error, or if this is allowed as undefined behavior
>> when using the address of an argument after a function has returned.
> We have a fix for master branch. I'm going to backport this to 2.0
> and 1.4.
The patch looks great. That should solve the issue going forward.
Any idea if sig->unhashed being NULL is easily avoidable when creating
signed documents as a workaround for users with affected versions
already in the wild? I can investigate, but I'm not familiar with the
PGP format, which makes investigating a bit slow.
More information about the Gnupg-devel