I've done a bit more debugging (thanks for your off-list help). This is a summary for others and new info for you.
The problem is on the originator, in receiving the revealsig message. It happens in otrl_auth_handle_revealsig, near where authlen is read. With -O2 and not putting --disable-gcc-hardening, I get the error. Either of -O1 --disable-gcc-hardening is sufficient to make it work. Reading the (dis)assembly, the generated code seems just plain bizarrely wrong, but I know optimized assembly code is hard to follow. So at this point I have a workaround for netbsd-5/i386, and I think this shouldn't hold up the release, because it really looks like an SSP bug in our version of gcc (4.1.3, which I know is ancient). I'll keep looking; time to add -S to gcc and read the assembly w/ stabs hints. Is anyone else using otr4 on a system with gcc 4.1.3?
pgpVYQCaLi1eI.pgp
Description: PGP signature
_______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
