[pkg-gnupg-maint] Bug#944914: Bug#944914: libgpgme11: Buffer overflow while using claws-mail

[Werner Koch]

On Tue, 19 Nov 2019 14:50, Bernhard Übelacker said:

> Maybe it is of some help, following seem to be locations with the
> missing symbols:
>     ...
>     #8  0xb6441a7a in __fdelt_chk (d=194142480) at fdelt_chk.c:25
>     #9 0xb27e5281 in () at libgpgme.so.11, in _gpgme_io_select at

This is the code at that place (at least in my master but we have not
chnaged it for quite some time)

      else if (fds[i].for_read)
	{
====>     if (FD_ISSET (fds[i].fd, &readfds))
	    {

Right, the tested FD might be out of range for FD_ISSET but we have an
earlier check for this:

      if (fds[i].for_read)
	{
          if (fds[i].fd >= FD_SETSIZE)
            {
              TRACE_END (dbg_help, " -BAD- ]");
              gpg_err_set_errno (EMFILE);
              return TRACE_SYSRES (-1);
            }

So the code should not be the problem.  Hwoever if the fd table is
corrupt you might run into this but.  Nex step would be looking into
libc - I have no copy handy right now ...

> I found this upstream feature request, which could fit,
> but there is also a change mentioned that should avoid that crash,
> that is already included ...
> Are you maybe hitting this limit?

Nope, see the code above.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-gnupg-maint/attachments/20191119/674fbeed/attachment.sig>