Page MenuHome GnuPG
Create Task
Maniphest T4658

Fix a dangling pointer in pinentry's qt/main.cpp
Closed, ResolvedPublic
Actions

Description

We have found a crash in pinentry-qt with QtCurve using pinentry-1.1.0 in openSUSE Tumbleweed. The steps to reproduce the crash are mentioned in [0]. The root cause is a dangling pointer in qt/main.cpp and the patch that fixes the issue can be found in [1]. I'll attach the patch here.

Not sure if additional checks should be added at this point for argc since it must be greater than zero.

[0] https://bugzilla.opensuse.org/show_bug.cgi?id=1141883#c12
[1] https://bugzilla.opensuse.org/show_bug.cgi?id=1141883#c18

Details

External Link
https://bugzilla.opensuse.org/show_bug.cgi?id=1141883
Version
1.1.0

Revisions and Commits

rP Pinentry
rP0e2e53c8987d qt: Fix use of dangling pointer in QApplication

Related Objects
Search...

Event Timeline

pmgdeb created this task.Jul 25 2019, 1:19 PM

Adding the patch here.

pinentry-qt-Fix-use-of-dangling-pointer.patch478 BDownload

aheinecke changed the task status from Open to Testing.Jul 25 2019, 2:31 PM
aheinecke claimed this task.
aheinecke triaged this task as Normal priority.
aheinecke added a subscriber: aheinecke.

Hi,

thanks for the report. I've commited a different fix 0e2e53c8987d6f236aaef515eb005e8e86397fbc which also should solve the problem.

It would be great if you could confirm that this works because I don't have a setup at hand with which I can reproduce the crash.

Best Regards,
Andre

aheinecke added a commit: rP0e2e53c8987d: qt: Fix use of dangling pointer in QApplication.Jul 25 2019, 3:27 PM
pmgdeb added a comment.Jul 25 2019, 3:37 PM

Hi, Andre!

I can confirm that the patch from the referenced commit fixes the issue. Thanks for the quick action!

Best regards,
Pedro.

aheinecke closed this task as Resolved.Jul 25 2019, 4:14 PM
aheinecke added a subtask: T4659: Release Pinentry-1.1.1.

Thanks!

aheinecke added a subscriber: dkg.EditedJul 25 2019, 4:19 PM

@dkg This patch ( rP0e2e53) might also be something for debian as it can cause crashes depending on the qt theme, which is not under our control.

dkg added a comment.EditedJul 27 2019, 1:16 AM

@aheinecke thanks for the heads-up. i'll pull this in.

(edited: woops, i see now that this is part of pinentry, not gpgme. i was confused about where it needed to be applied, but i'll put it in the right place)

dkg added a comment.Jul 27 2019, 6:07 AM

I've just uploaded pinentry 1.1.0-3 to debian unstable with this fix in it.

gouttegd closed subtask T4659: Release Pinentry-1.1.1 as Resolved.Jan 23 2021, 11:22 PM