libcrypto.so segmentation fault in ERR_clear_error

[2xB]

On a Linux Mint 21 "Vanessa" system even after updating OpenSSL with self-compiled commit d4188f2 in debug mode, @richeldichel and I observe the following segmentation fault (gdb backtrace):

#0  0x00007ffff42c03fe in __GI___libc_free (mem=0x1) at ./malloc/malloc.c:3368
#1  0x00007ffff5bc3c2a in CRYPTO_free (str=0x1, file=0x7ffff5e2d770 "crypto/err/err_local.h", line=91)
    at crypto/mem.c:282
#2  0x00007ffff5b4e95f in err_clear (es=0x55555570e990, i=0, deall=0) at crypto/err/err_local.h:91
#3  0x00007ffff5b4ef42 in ERR_clear_error () at crypto/err/err.c:344

This happens for a project using gSOAP (stdsoap2.c[pp] 2.8.100, inside soap_ssl_error()).

From its documentation, I think ERR_clear_error() should not be able to throw segmentation faults?

[dmage]

@2xB do you have a reproducer? It looks like a buffer overrun that happened before ERR_clear_error.

[2xB]

After compiling our application against a different CERN ROOT version then what we used before, everything works. We assume that this originated from something along the lines of an unfortunate C++ ABI mismatch against this other library...