Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1780628

Summary: free(): double free detected in tcache 2
Product: [Fedora] Fedora Reporter: David Cantrell <dcantrell>
Component: gnupg2Assignee: Red Hat Crypto Team <crypto-team>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: unspecified    
Version: 31CC: bcl, crypto-team, tmraz
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-12-06 15:02:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Cantrell 2019-12-06 14:57:28 UTC 
I updated my F31 system yesterday and the pass(1) program stopped working.  I use pass for my password manager and it's basically just a huge bash script to make managing gpg-encrypted passwords in git easier.

After updating, I started getting this every time I would run pass (this is just an example):

[dcantrel@awvr ~]$ pass app-passwords/david.l.cantrell
free(): double free detected in tcache 2

Running valgrind pointed to bash, so that's where I have concentrated my debugging.  I first updated to the bash from rawhide (checked out from dist-git and built locally with mock for F31).  That produced the same error.  Likewise I saw bash on the f30 branch is the same version in rawhide and f31.

Next I downgraded to bash-4.4.23 from F29 and that still gave me the same error.  I'm beginning to think the error is elsewhere.

Digging in further, it looks like gpg2 is the source.  I tried this, which is sort of what pass(1) would do:

[dcantrel@awvr ~]$ gpg2 -d -o - .password-store/app-passwords/david.l.cantrell.gpg
gpg: using "62977BB9C841B965" as default secret key for signing
gpg: anonymous recipient; trying secret key 0x877D767041632AEA ...
gpg: okay, we are the anonymous recipient.
free(): double free detected in tcache 2
zsh: abort      gpg2 -d -o - .password-store/app-passwords/david.l.cantrell.gpg

OK, now I feel like I'm getting somewhere.  I see that package was updated on 03-Dec, so I tried the previous build to see if behavior restored.  And that's when I found commit d7747268e4afbcd9576101d8a13162caa4917304 in gnupg2 in dist-git and it looks like the problem was fixed yesterday via bug #1780057.

I'm going to give that a try.... [approx 10 minutes later] and it fixes it.  Hooray!

Can you do an F31 update for gnupg2 that includes the fix?
Comment 1 Tomas Mraz 2019-12-06 15:02:44 UTC 

*** This bug has been marked as a duplicate of bug 1780057 ***
Comment 2 Tomas Mraz 2019-12-06 15:04:46 UTC 
The update in testing is linked in the bug 1780057 already.
Comment 3 David Cantrell 2019-12-06 16:09:26 UTC 
My mistake.  Thanks!