Optimization-dependent behavior with GnuPG 1.4.19 and GCC 5

Kevin Locke kevin at kevinlocke.name
Thu Oct 1 07:41:27 CEST 2015

On Thu, 2015-10-01 at 14:21 +0900, NIIBE Yutaka wrote:
> Thank you for the bug report with reproducible scenario.

My pleasure, thank you for looking into it.

> On 09/30/2015 04:16 PM, Kevin Locke wrote:
>> Debugging the behavior in gdb shows that in parse_signature at
>> g10/parse-packet.c:1413, sig->unhashed is NULL.  This results in
>> taking the branch at g10/parse-packet.c:1185 in enum_sig_subpkt which
>> returns the address of the pktbuf argument.  Although the code expects
>> this to result in a non-NULL value, it appears that the compiler
>> optimizations at -O2 result in returning a NULL value.  I'm unsure if
>> this is a compiler error, or if this is allowed as undefined behavior
>> when using the address of an argument after a function has returned.
> [...]
> We have a fix for master branch.  I'm going to backport this to 2.0
> and 1.4.

The patch looks great.  That should solve the issue going forward.

Any idea if sig->unhashed being NULL is easily avoidable when creating
signed documents as a workaround for users with affected versions
already in the wild?  I can investigate, but I'm not familiar with the
PGP format, which makes investigating a bit slow.

Thanks again,

More information about the Gnupg-devel mailing list