Crash on no input specified

Robert J. Hansen rjh at sixdemonbag.org
Fri Jul 12 23:12:58 CEST 2019


While doing some testing on Fedora 30, I came across an interesting
defect: I can concoct a list of recipients which, if used without a file
specified on the command line, results in both output written to the
screen and a hard crash.  GnuPG 2.2.16 using libgcrypt 1.8.4.

=====

[rjh at localhost ~]$ gpg --armor --encrypt --sign --trust-model always -r
0x43F54688E0C5670C -r 0xE045FE37AD62C09F -r 0xB1B51B00227E6279 -r
0x5A11CC0668C218E6 -r 0x5CE84B8A08DA0BBA -r 0xA52C55A2525A9864 -r
0xB6ABE088B62E904D -r 0x2925BBE582874330 -r 0xEECF453F78E1E99B
gpg: pubkey_encrypt failed: Provided object is too short
-----BEGIN PGP MESSAGE-----

[much output snipped]

KtNV31DFkcpeBy1iGfqKfu3acoTYufpjteR73Ogpg: pubkey_encrypt failed:
Provided object is too short
gpg: Ohhhh jeeee: Assertion "a->filter == block_filter" in
iobuf_set_partial_body_length_mode failed (iobuf.c:2528)
Aborted (core dumped)

=====

Running this within gdb gives:

=====

Program received signal SIGABRT, Aborted.
__GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
50	  return ret;
(gdb) backtrace
#0  __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1  0x00007ffff7b13895 in __GI_abort () at abort.c:79
#2  0x00005555555fe370 in do_logv (level=6,
    ignore_arg_ptr=ignore_arg_ptr at entry=0, extrastring=<optimized out>,
    extrastring at entry=0x0, prefmt=prefmt at entry=0x0, fmt=<optimized out>,
    fmt at entry=0x555555636288 "Assertion \"%s\" in %s failed (%s:%d)\n",
    arg_ptr=arg_ptr at entry=0x7fffffffbc60) at logging.c:859
#3  0x00005555555fedd1 in log_log (level=level at entry=6,
    fmt=fmt at entry=0x555555636288 "Assertion \"%s\" in %s failed (%s:%d)\n")
    at logging.c:872
#4  0x00005555555ff5a6 in _log_assert (
    expr=expr at entry=0x55555563891e "a->filter == block_filter",
    file=file at entry=0x5555556385e2 "iobuf.c", line=line at entry=2528,
    func=func at entry=0x5555556389a0 <__FUNCTION__.10483>
"iobuf_set_partial_body_length_mode") at logging.c:1091
#5  0x000055555560be32 in iobuf_set_partial_body_length_mode (
    a=a at entry=0x555555676820, len=len at entry=0) at iobuf.c:2539
#6  0x000055555557bcb3 in do_plaintext (pt=<optimized out>,
    ctb=<optimized out>, out=<optimized out>) at build-packet.c:758
#7  build_packet (out=out at entry=0x555555676820,
pkt=pkt at entry=0x7fffffffbdd0)
    at build-packet.c:153
#8  0x00005555555b49a6 in write_plaintext_packet (out=0x555555676820,
    inp=inp at entry=0x5555556769b0, fname=fname at entry=0x0, ptmode=98)
    at sign.c:678
#9  0x00005555555b653c in sign_file (ctrl=0x555555665090, filenames=0x0,
    detached=<optimized out>, locusr=<optimized out>, encryptflag=1,
    remusr=<optimized out>, outfile=0x0) at sign.c:1066
#10 0x000055555556a668 in main (argc=<optimized out>, argv=<optimized out>)
    at gpg.c:4240

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 821 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190712/84ea4803/attachment.sig>


More information about the Gnupg-devel mailing list