[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#16004: pgp-i: coredumps when adding debian keyring



[ Note that I don't follow debian-devel. Please Cc responses to
  16004@bugs.debian.org (but preferably not to me). ]

"J.H.M. Dassen":
> This version of pgp dumps core when I try to add the debian-keyring (Dec 15
> 04:15, md5sum 26247b2c188e31cd9706294ce9679a31) to my public keyring.

This seems to be a problem with dynamic memory allocation in PGP. PGP
has a front-end to malloc (which allows freeing everything with one
call). The code that does the alloction is:

    p = xmalloc(size + sizeof(struct bufpool *));

(where xmalloc is another front-end to malloc that aborts the program
if malloc fails). If I add a constant to the call to xmalloc, like this
(in src/keymaint.c, line 1610 or so):

    p = xmalloc(size + sizeof(struct bufpool *) + N);

I can get the problem to vanish. The smallest N that does this is 5
(on a Pentium). I can't find the place where the actual bug happens,
and I can't spend more time on it right now.

Question: should I release a new version of PGP, giving N a value like
128, as a workaround (and hopefully a good-enough workaround to warrant
lowering the severity of the bug so that it isn't release-critical)?
(The bug should remain open, since N isn't a fix, just a workaround.
Depending on the nature of the bug, no value of N might be big enough.)


Attachment: pgpe30Mov0uLI.pgp
Description: PGP signature


Reply to: