Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1780628 - free(): double free detected in tcache 2
Summary: free(): double free detected in tcache 2
Keywords:
Status: CLOSED DUPLICATE of bug 1780057
Alias: None
Product: Fedora
Classification: Fedora
Component: gnupg2
Version: 31
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Red Hat Crypto Team
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-12-06 14:57 UTC by David Cantrell
Modified: 2019-12-06 16:09 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-12-06 15:02:44 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description David Cantrell 2019-12-06 14:57:28 UTC 
I updated my F31 system yesterday and the pass(1) program stopped working.  I use pass for my password manager and it's basically just a huge bash script to make managing gpg-encrypted passwords in git easier.

After updating, I started getting this every time I would run pass (this is just an example):

[dcantrel@awvr ~]$ pass app-passwords/david.l.cantrell
free(): double free detected in tcache 2

Running valgrind pointed to bash, so that's where I have concentrated my debugging.  I first updated to the bash from rawhide (checked out from dist-git and built locally with mock for F31).  That produced the same error.  Likewise I saw bash on the f30 branch is the same version in rawhide and f31.

Next I downgraded to bash-4.4.23 from F29 and that still gave me the same error.  I'm beginning to think the error is elsewhere.

Digging in further, it looks like gpg2 is the source.  I tried this, which is sort of what pass(1) would do:

[dcantrel@awvr ~]$ gpg2 -d -o - .password-store/app-passwords/david.l.cantrell.gpg
gpg: using "62977BB9C841B965" as default secret key for signing
gpg: anonymous recipient; trying secret key 0x877D767041632AEA ...
gpg: okay, we are the anonymous recipient.
free(): double free detected in tcache 2
zsh: abort      gpg2 -d -o - .password-store/app-passwords/david.l.cantrell.gpg

OK, now I feel like I'm getting somewhere.  I see that package was updated on 03-Dec, so I tried the previous build to see if behavior restored.  And that's when I found commit d7747268e4afbcd9576101d8a13162caa4917304 in gnupg2 in dist-git and it looks like the problem was fixed yesterday via bug #1780057.

I'm going to give that a try.... [approx 10 minutes later] and it fixes it.  Hooray!

Can you do an F31 update for gnupg2 that includes the fix?
Comment 1 Tomas Mraz 2019-12-06 15:02:44 UTC 

*** This bug has been marked as a duplicate of bug 1780057 ***
Comment 2 Tomas Mraz 2019-12-06 15:04:46 UTC 
The update in testing is linked in the bug 1780057 already.
Comment 3 David Cantrell 2019-12-06 16:09:26 UTC 
My mistake.  Thanks!
Note You need to log in before you can comment on or make changes to this bug.