<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en" style='--code-editor-font: var(--default-mono-font, "GitLab Mono"), JetBrains Mono, Menlo, DejaVu Sans Mono, Liberation Mono, Consolas, Ubuntu Mono, Courier New, andale mono, lucida console, monospace;'>

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style data-premailer="ignore" type="text/css">

a { color: #1068bf; }

</style>

<style>img {

max-width: 100%; height: auto;

}

body {

font-size: .875rem;

}

body {

-webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px;

}

body {

font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;

}

</style>

</head>

<body style='font-size: inherit; -webkit-text-shadow: rgba(255,255,255,.01) 0 0 1px; font-family: "GitLab Sans",-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";'>

<div class="content">

<p class="details" style="font-style: italic; color: #737278;">

<a href="https://gitlab.com/CountSudoku">Moritz Schneider</a> created an issue: <a href="https://gitlab.com/gnutls/gnutls/-/issues/1567">#1567</a>

</p>

<div class="md" style="position: relative; z-index: 1; color: #28272d; word-wrap: break-word;">

<h2 dir="auto" style="font-size: 1.5em; font-weight: 600; padding-bottom: .3em; border-bottom-width: 1px; border-bottom-color: #bfbfc3; border-bottom-style: solid; color: #28272d; margin: 0 0 16px;" align="initial">

<a href="#description-of-problem" aria-hidden="true" class="anchor" id="user-content-description-of-problem" style="margin-top: 0; float: left; margin-left: -20px; text-decoration: none; outline: none;"></a>Description of problem:</h2>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">As described in the documentation we use the libgnutls in a multi-threaded environment: one thread for reading and one thread for sending, both on the same socket. This has worked in the past well (at least for Debian Buster) but starting with Debian Bookworm (or maybe also Debian Bullseye) we experience sometimes a segfault. From the core file I can tell the place which is causing the segfault:</p>

<div class="gl-relative markdown-code-block js-markdown-code">

<pre class="code highlight js-syntax-highlight language-plaintext" v-pre="true" style='display: block; font-size: 14px; color: #28272d; line-height: 1.6em; overflow-x: auto; border-radius: .25rem; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; margin: 0 0 16px; padding: 12px; border: 1px solid #dcdcde;'><code style='font-size: inherit; color: inherit; word-wrap: normal; word-break: keep-all; background-color: inherit; border-radius: .25rem; white-space: pre; margin-top: 0; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; overflow-wrap: normal; padding: unset;'><span id="LC1" class="line" lang="plaintext" style="margin-top: 0;">#0  0x00007f38af43baea in _gnutls_send_tlen_int (session=session@entry=0x7f387fea3000, type=type@entry=GNUTLS_APPLICATION_DATA,</span>

<span id="LC2" class="line" lang="plaintext">    htype=htype@entry=4294967295, epoch_rel=epoch_rel@entry=70001, _data=<optimized out>, data_size=<optimized out>, min_pad=0, mflags=1)</span>

<span id="LC3" class="line" lang="plaintext">    at ../../lib/record.c:611</span>

<span id="LC4" class="line" lang="plaintext">#1  0x00007f38af43ef66 in _gnutls_send_int (mflags=1, data_size=<optimized out>, _data=<optimized out>, epoch_rel=70001, htype=4294967295,</span>

<span id="LC5" class="line" lang="plaintext">    type=GNUTLS_APPLICATION_DATA, session=0x7f387fea3000) at ../../lib/record.h:43</span>

<span id="LC6" class="line" lang="plaintext">#2  gnutls_record_send2 (session=0x7f387fea3000, data=0x7f386f420c40, data_size=<optimized out>, pad=0, flags=<optimized out>)</span>

<span id="LC7" class="line" lang="plaintext">    at ../../lib/record.c:2068</span></code></pre>

<copy-code></copy-code>

</div>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">The source code for the top frame is the following condition:</p>

<div class="gl-relative markdown-code-block js-markdown-code">

<pre class="code highlight js-syntax-highlight language-plaintext" v-pre="true" style='display: block; font-size: 14px; color: #28272d; line-height: 1.6em; overflow-x: auto; border-radius: .25rem; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; margin: 0 0 16px; padding: 12px; border: 1px solid #dcdcde;'><code style='font-size: inherit; color: inherit; word-wrap: normal; word-break: keep-all; background-color: inherit; border-radius: .25rem; white-space: pre; margin-top: 0; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; overflow-wrap: normal; padding: unset;'><span id="LC1" class="line" lang="plaintext" style="margin-top: 0;">611          if (vers->tls13_sem && !(session->internals.flags & GNUTLS_NO_AUTO_REKEY) &&                                                       </span>

<span id="LC2" class="line" lang="plaintext">612              !(record_params->cipher->flags & GNUTLS_CIPHER_FLAG_NO_REKEY)) {                                                               </span></code></pre>

<copy-code></copy-code>

</div>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">and from the disassemble I can tell that we have a nullpointer dereference at <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; margin-top: 0; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>record_params->cipher</code>:</p>

<div class="gl-relative markdown-code-block js-markdown-code">

<pre class="code highlight js-syntax-highlight language-plaintext" v-pre="true" style='display: block; font-size: 14px; color: #28272d; line-height: 1.6em; overflow-x: auto; border-radius: .25rem; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; margin: 0 0 16px; padding: 12px; border: 1px solid #dcdcde;'><code style='font-size: inherit; color: inherit; word-wrap: normal; word-break: keep-all; background-color: inherit; border-radius: .25rem; white-space: pre; margin-top: 0; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; overflow-wrap: normal; padding: unset;'><span id="LC1" class="line" lang="plaintext" style="margin-top: 0;">  0x7f38af43bae1 <_gnutls_send_tlen_int+993>      mov    0x20(%rsp),%rax                                                                            </span>

<span id="LC2" class="line" lang="plaintext">  0x7f38af43bae6 <_gnutls_send_tlen_int+998>      mov    0x8(%rax),%rax                                                                             </span>

<span id="LC3" class="line" lang="plaintext">> 0x7f38af43baea <_gnutls_send_tlen_int+1002>     testb  $0x4,0x1c(%rax)</span></code></pre>

<copy-code></copy-code>

</div>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">since the <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; margin-top: 0; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>GNUTLS_CIPHER_FLAG_NO_REKEY</code> is equal to <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>0x4</code>, and also from the syslog:</p>

<div class="gl-relative markdown-code-block js-markdown-code">

<pre class="code highlight js-syntax-highlight language-plaintext" v-pre="true" style='display: block; font-size: 14px; color: #28272d; line-height: 1.6em; overflow-x: auto; border-radius: .25rem; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; margin: 0 0 16px; padding: 12px; border: 1px solid #dcdcde;'><code style='font-size: inherit; color: inherit; word-wrap: normal; word-break: keep-all; background-color: inherit; border-radius: .25rem; white-space: pre; margin-top: 0; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; overflow-wrap: normal; padding: unset;'><span id="LC1" class="line" lang="plaintext" style="margin-top: 0;">segfault at 1c ip 00007f38af43baea sp 00007f38a209a0d0 error 4 in libgnutls.so.30.34.3[7f38af437000+133000] likely on CPU 29 (core 4, socket 1)</span></code></pre>

<copy-code></copy-code>

</div>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">From my analysis of the code, the only place in the libgnutls code, where the <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; margin-top: 0; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>cipher</code> field is set to <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>NULL</code> is in <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>_gnutls_epoch_setup_next</code> (<code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>constate.c:1015</code>):</p>

<div class="gl-relative markdown-code-block js-markdown-code">

<pre class="code highlight js-syntax-highlight language-plaintext" v-pre="true" style='display: block; font-size: 14px; color: #28272d; line-height: 1.6em; overflow-x: auto; border-radius: .25rem; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; margin: 0 0 16px; padding: 12px; border: 1px solid #dcdcde;'><code style='font-size: inherit; color: inherit; word-wrap: normal; word-break: keep-all; background-color: inherit; border-radius: .25rem; white-space: pre; margin-top: 0; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; overflow-wrap: normal; padding: unset;'><span id="LC1" class="line" lang="plaintext" style="margin-top: 0;">      if (null_epoch) {</span>

<span id="LC2" class="line" lang="plaintext">               (*slot)->cipher = cipher_to_entry(GNUTLS_CIPHER_NULL);</span>

<span id="LC3" class="line" lang="plaintext">               (*slot)->mac = mac_to_entry(GNUTLS_MAC_NULL);</span>

<span id="LC4" class="line" lang="plaintext">               (*slot)->initialized = 1;</span>

<span id="LC5" class="line" lang="plaintext">       } else {</span>

<span id="LC6" class="line" lang="plaintext">               (*slot)->cipher = NULL;</span>

<span id="LC7" class="line" lang="plaintext">               (*slot)->mac = NULL;</span>

<span id="LC8" class="line" lang="plaintext">       }</span></code></pre>

<copy-code></copy-code>

</div>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">But there are a lot of locations where this function can be called from.</p>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">The parallel reading thread (via <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; margin-top: 0; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>gnutls_record_recv</code>) has got 8 times <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>GNUTLS_E_AGAIN</code> and then one time <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>GNUTLS_E_TOO_MANY_HANDSHAKE_PACKET</code>. My guess is that the <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>GNUTLS_E_TOO_MANY_HANDSHAKE_PACKET</code> is set in function <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>_gnutls13_recv_key_update</code> (<code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>lib/tls13/key_update.c</code>). I've come to this claim with data from the core file, but of course the data might have changed in between calls.</p>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">For some reason I don't understand I  can access the <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; margin-top: 0; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>record_params->cipher</code> in GDB just fine. This has the follwoing content:</p>

<div class="gl-relative markdown-code-block js-markdown-code">

<pre class="code highlight js-syntax-highlight language-plaintext" v-pre="true" style='display: block; font-size: 14px; color: #28272d; line-height: 1.6em; overflow-x: auto; border-radius: .25rem; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; margin: 0 0 16px; padding: 12px; border: 1px solid #dcdcde;'><code style='font-size: inherit; color: inherit; word-wrap: normal; word-break: keep-all; background-color: inherit; border-radius: .25rem; white-space: pre; margin-top: 0; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; overflow-wrap: normal; padding: unset;'><span id="LC1" class="line" lang="plaintext" style="margin-top: 0;">(gdb) p *record_params->cipher</span>

<span id="LC2" class="line" lang="plaintext">$9 = {name = 0x7f38af599c4c "AES-256-GCM", id = GNUTLS_CIPHER_AES_256_GCM, blocksize = 16, keysize = 32, type = CIPHER_AEAD, implicit_iv = 4, </span>

<span id="LC3" class="line" lang="plaintext">  explicit_iv = 8, cipher_iv = 12, tagsize = 16, flags = 0}</span></code></pre>

<copy-code></copy-code>

</div>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">The <a href="https://gitlab.com/gnutls/gnutls/-/issues/2" data-reference-type="issue" data-original="#2" data-link="false" data-link-reference="false" data-issue="172979" data-project="179611" data-iid="2" data-namespace-path="gnutls/gnutls" data-project-path="gnutls/gnutls" data-issue-type="issue" data-container="body" data-placement="top" title="Gnutls 3.3.X + Wine = problem" class="gfm gfm-issue" style="margin-top: 0;">#2 (closed)</a> frame from the backtrace is <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>switch</code> <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>case</code> statement in the <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>RECORD_SEND_KEY_UPDATE_3</code> block (most probable falling through from <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>RECORD_SEND_KEY_UPDATE_1</code> and <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>RECORD_SEND_KEY_UPDATE_2</code>. And during the analysis where those <code style='font-size: 90%; color: #18171d; word-wrap: break-word; background-color: #ececef; border-radius: .25rem; font-weight: inherit; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; white-space: pre-wrap; overflow-wrap: break-word; word-break: keep-all; padding: 2px 4px;'>rsend_states</code> are set I've noticed is that</p>

<div class="gl-relative markdown-code-block js-markdown-code">

<pre class="code highlight js-syntax-highlight language-plaintext" v-pre="true" style='display: block; font-size: 14px; color: #28272d; line-height: 1.6em; overflow-x: auto; border-radius: .25rem; position: relative; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; word-break: break-all; word-wrap: break-word; background-color: #fbfafd; margin: 0 0 16px; padding: 12px; border: 1px solid #dcdcde;'><code style='font-size: inherit; color: inherit; word-wrap: normal; word-break: keep-all; background-color: inherit; border-radius: .25rem; white-space: pre; margin-top: 0; font-family: "GitLab Mono","JetBrains Mono","Menlo","DejaVu Sans Mono","Liberation Mono","Consolas","Ubuntu Mono","Courier New","andale mono","lucida console",monospace; vertical-align: bottom; overflow-wrap: normal; padding: unset;'><span id="LC1" class="line" lang="plaintext" style="margin-top: 0;">session->internals.rsend_state = RECORD_SEND_KEY_UPDATE_1</span></code></pre>

<copy-code></copy-code>

</div>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">is</p>

<ul dir="auto" style="text-align: initial; list-style-type: disc; margin: 0 0 16px; padding: 0;">

<li style="margin-top: 0; line-height: 1.6em; margin-left: 25px; padding-left: 3px;">written in function _gnutls13_recv_key_update inf lib/tls13/key_update.c:117 possible without any synchronization, and</li>

<li style="line-height: 1.6em; margin-left: 25px; padding-left: 3px;">read in gnutls_record_send2 in lib/record.c:2038 definitely without any synchronization.</li>

</ul>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">I would have expected that the read/write access to those fields must be synchronized.</p>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">If I can help in any way to resolve this segfault please ask for additional details (but I will be on vacation until 2024-08-26).</p>

<h2 dir="auto" style="font-size: 1.5em; font-weight: 600; padding-bottom: .3em; border-bottom-width: 1px; border-bottom-color: #bfbfc3; border-bottom-style: solid; color: #28272d; margin: 24px 0 16px;" align="initial">

<a href="#version-of-gnutls-used" aria-hidden="true" class="anchor" id="user-content-version-of-gnutls-used" style="margin-top: 0; float: left; margin-left: -20px; text-decoration: none; outline: none;"></a>Version of gnutls used:</h2>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">libgnutls30 3.7.9-2+deb12u3</p>

<h2 dir="auto" style="font-size: 1.5em; font-weight: 600; padding-bottom: .3em; border-bottom-width: 1px; border-bottom-color: #bfbfc3; border-bottom-style: solid; color: #28272d; margin: 24px 0 16px;" align="initial">

<a href="#distributor-of-gnutls-eg-ubuntu-fedora-rhel" aria-hidden="true" class="anchor" id="user-content-distributor-of-gnutls-eg-ubuntu-fedora-rhel" style="margin-top: 0; float: left; margin-left: -20px; text-decoration: none; outline: none;"></a>Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)</h2>

<p dir="auto" style="color: #28272d; margin: 0 0 16px;" align="initial">Debian Bookworm 12.3</p>

<h2 dir="auto" style="font-size: 1.5em; font-weight: 600; padding-bottom: .3em; border-bottom-width: 1px; border-bottom-color: #bfbfc3; border-bottom-style: solid; color: #28272d; margin: 24px 0 16px;" align="initial">

<a href="#how-reproducible" aria-hidden="true" class="anchor" id="user-content-how-reproducible" style="margin-top: 0; float: left; margin-left: -20px; text-decoration: none; outline: none;"></a>How reproducible:</h2>

<p dir="auto" style="color: #28272d; margin: 0;" align="initial">Unfortunately I am not able to reproduce it (yet?).</p>

</div>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #737278;">

—

<br>

Reply to this email directly or <a href="https://gitlab.com/gnutls/gnutls/-/issues/1567">view it on GitLab</a>.

<br>

You're receiving this email because of your account on <a target="_blank" rel="noopener noreferrer" href="https://gitlab.com">gitlab.com</a>. <a href="https://gitlab.com/-/sent_notifications/36652a81d5b0167464ad2ed69a17b46b/unsubscribe" target="_blank" rel="noopener noreferrer">Unsubscribe</a> from this thread · <a href="https://gitlab.com/-/profile/notifications" target="_blank" rel="noopener noreferrer" class="mng-notif-link">Manage all notifications</a> · <a href="https://gitlab.com/help" target="_blank" rel="noopener noreferrer" class="help-link">Help</a>

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Issue","url":"https://gitlab.com/gnutls/gnutls/-/issues/1567"}}</script>

</p>

</div>

</body>

</html>