Page MenuHome GnuPG

Kleopatra: Crash when doing a lookup on server
Testing, HighPublic

Description

Kleopatra crashes (segfaults) when doing a lookup on server and a certain number of results are found.

How to reproduce:

  • Use the default key server (hkps://keyserver.ubuntu.com)
  • Open Lookup on Server
  • Enter example
  • Press Return or click Search

-> boom

Backtrace:

GpgME::Key::primaryFingerprint (this=this@entry=0x1615dd0) at ../../../../../src/gpgme/lang/cpp/src/key.cpp:337
337         if (key->fpr) {

(gdb) bt
#0  GpgME::Key::primaryFingerprint() const (this=this@entry=0x1615dd0) at ../../../../../src/gpgme/lang/cpp/src/key.cpp:337
#1  0x0000000000535df6 in operator()<(anonymous namespace)::KeyWithOrigin, (anonymous namespace)::KeyWithOrigin>
    (__closure=<synthetic pointer>, rhs=..., lhs=...) at /home/ingo/dev/kde/kleopatra/src/commands/lookupcertificatescommand.cpp:528
#2  __gnu_cxx::__ops::_Iter_comp_iter<Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> >::operator()<__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> >, __gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> > > (__it2=..., __it1=Python Exception <class 'gdb.error'>: value has been optimized out
, this=<synthetic pointer>) at /usr/include/c++/13/bits/predefined_ops.h:158
#3  std::__unguarded_partition<__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> >, __gnu_cxx::__ops::_Iter_comp_iter<Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> > > (__comp=..., __pivot=Python Exception <class 'gdb.error'>: value has been optimized out
, __last=..., __first=...) at /usr/include/c++/13/bits/stl_algo.h:1877
#4  std::__unguarded_partition_pivot<__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> >, __gnu_cxx::__ops::_Iter_comp_iter<Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> > > (__comp=..., __last=..., __first=...) at /usr/include/c++/13/bits/stl_algo.h:1899
#5  std::__introsort_loop<__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> >, long int, __gnu_cxx::__ops::_Iter_comp_iter<Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> > >(__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin, std::allocator<(anonymous namespace)::KeyWithOrigin> > >, __gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin, std::allocator<(anonymous namespace)::KeyWithOrigin> > >, long, __gnu_cxx::__ops::_Iter_comp_iter<Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> >) (__first=__first@entry=..., __last=Python Exception <class 'gdb.error'>: value has been optimized out
, __last@entry=..., __depth_limit=<optimized out>, __comp=...)
    at /usr/include/c++/13/bits/stl_algo.h:1931
#6  0x000000000053840d in std::__sort<__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> >, __gnu_cxx::__ops::_Iter_comp_iter<Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> > > (__comp=..., __last=..., __first=...) at /usr/include/c++/13/bits/stl_algo.h:1947
#7  std::sort<__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> >, Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> >
    (__comp=..., __last=..., __first=...) at /usr/include/c++/13/bits/stl_algo.h:4894
#8  Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup() (this=0xf786c0)
    at /home/ingo/dev/kde/kleopatra/src/commands/lookupcertificatescommand.cpp:528

(gdb) print key
$1 = <error reading variable: Cannot access memory at address 0x9>

The result of print key varies, e.g. I also got

$1 = std::shared_ptr<_gpgme_key> (use count -238808599, weak count 32766) = {get() = 0x4009}

ebo reproduced the crash on Windows.

The crash occurs in a call of std::sort() that was introduced for T7067: Kleopatra: Add origin information in search results. I suggest to revert the changes made for T7067 for VSD 3.3. For T7153: Kleopatra: Show all search results (from different origins) we will anyway have to rewrite the result view because the standard certificate list doesn't support multiple keys with the same fingerprint.

Revisions and Commits

rKLEOPATRA Kleopatra

Event Timeline

I'm wondering whether we are hit by undefined behavior. https://en.cppreference.com/w/cpp/algorithm/sort mentions some conditions that must be met for (un)defined behavior. Or it's a bug in gcc or gcc's STL. I added some debug logs to the comparison lambda. The first comparisons look fine but after a certain number of comparisons it crashes in the debug logging (when it tries to access the primary fingerprint).

Sorting Keys doesn't seem to be a problem. We do it in KeyCache since ages. I have no idea why the simple struct should cause problems unless std::sort uses incorrect default move-operations.

werner triaged this task as Unbreak Now! priority.Jun 17 2024, 2:01 PM
TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jun 17 2024, 2:42 PM
TobiasFella set External Link to https://invent.kde.org/pim/kleopatra/-/merge_requests/227.

Backported for VSD 3.3

ebo changed the task status from Open to Testing.Tue, Jun 18, 4:15 PM
ebo lowered the priority of this task from Unbreak Now! to High.