Page MenuHome GnuPG

Fix a dangling pointer in pinentry's qt/main.cpp
Closed, ResolvedPublic


We have found a crash in pinentry-qt with QtCurve using pinentry-1.1.0 in openSUSE Tumbleweed. The steps to reproduce the crash are mentioned in [0]. The root cause is a dangling pointer in qt/main.cpp and the patch that fixes the issue can be found in [1]. I'll attach the patch here.

Not sure if additional checks should be added at this point for argc since it must be greater than zero.



Event Timeline

Adding the patch here.

aheinecke changed the task status from Open to Testing.Jul 25 2019, 2:31 PM
aheinecke claimed this task.
aheinecke triaged this task as Normal priority.
aheinecke added a subscriber: aheinecke.


thanks for the report. I've commited a different fix 0e2e53c8987d6f236aaef515eb005e8e86397fbc which also should solve the problem.

It would be great if you could confirm that this works because I don't have a setup at hand with which I can reproduce the crash.

Best Regards,

Hi, Andre!

I can confirm that the patch from the referenced commit fixes the issue. Thanks for the quick action!

Best regards,

@dkg This patch ( rP0e2e53) might also be something for debian as it can cause crashes depending on the qt theme, which is not under our control.

@aheinecke thanks for the heads-up. i'll pull this in.

(edited: woops, i see now that this is part of pinentry, not gpgme. i was confused about where it needed to be applied, but i'll put it in the right place)

I've just uploaded pinentry 1.1.0-3 to debian unstable with this fix in it.