Page MenuHome GnuPG
Create Task
Maniphest T7158

Kleopatra: Crash when doing a lookup on server
Closed, ResolvedPublic
Actions

Description

Kleopatra crashes (segfaults) when doing a lookup on server and a certain number of results are found.

How to reproduce:

  • Use the default key server (hkps://keyserver.ubuntu.com)
  • Open Lookup on Server
  • Enter example
  • Press Return or click Search

-> boom

Backtrace:

GpgME::Key::primaryFingerprint (this=this@entry=0x1615dd0) at ../../../../../src/gpgme/lang/cpp/src/key.cpp:337
337         if (key->fpr) {

(gdb) bt
#0  GpgME::Key::primaryFingerprint() const (this=this@entry=0x1615dd0) at ../../../../../src/gpgme/lang/cpp/src/key.cpp:337
#1  0x0000000000535df6 in operator()<(anonymous namespace)::KeyWithOrigin, (anonymous namespace)::KeyWithOrigin>
    (__closure=<synthetic pointer>, rhs=..., lhs=...) at /home/ingo/dev/kde/kleopatra/src/commands/lookupcertificatescommand.cpp:528
#2  __gnu_cxx::__ops::_Iter_comp_iter<Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> >::operator()<__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> >, __gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> > > (__it2=..., __it1=Python Exception <class 'gdb.error'>: value has been optimized out
, this=<synthetic pointer>) at /usr/include/c++/13/bits/predefined_ops.h:158
#3  std::__unguarded_partition<__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> >, __gnu_cxx::__ops::_Iter_comp_iter<Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> > > (__comp=..., __pivot=Python Exception <class 'gdb.error'>: value has been optimized out
, __last=..., __first=...) at /usr/include/c++/13/bits/stl_algo.h:1877
#4  std::__unguarded_partition_pivot<__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> >, __gnu_cxx::__ops::_Iter_comp_iter<Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> > > (__comp=..., __last=..., __first=...) at /usr/include/c++/13/bits/stl_algo.h:1899
#5  std::__introsort_loop<__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> >, long int, __gnu_cxx::__ops::_Iter_comp_iter<Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> > >(__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin, std::allocator<(anonymous namespace)::KeyWithOrigin> > >, __gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin, std::allocator<(anonymous namespace)::KeyWithOrigin> > >, long, __gnu_cxx::__ops::_Iter_comp_iter<Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> >) (__first=__first@entry=..., __last=Python Exception <class 'gdb.error'>: value has been optimized out
, __last@entry=..., __depth_limit=<optimized out>, __comp=...)
    at /usr/include/c++/13/bits/stl_algo.h:1931
#6  0x000000000053840d in std::__sort<__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> >, __gnu_cxx::__ops::_Iter_comp_iter<Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> > > (__comp=..., __last=..., __first=...) at /usr/include/c++/13/bits/stl_algo.h:1947
#7  std::sort<__gnu_cxx::__normal_iterator<(anonymous namespace)::KeyWithOrigin*, std::vector<(anonymous namespace)::KeyWithOrigin> >, Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup()::<lambda(const auto:63&, const auto:64&)> >
    (__comp=..., __last=..., __first=...) at /usr/include/c++/13/bits/stl_algo.h:4894
#8  Kleo::Commands::LookupCertificatesCommand::Private::tryToFinishKeyLookup() (this=0xf786c0)
    at /home/ingo/dev/kde/kleopatra/src/commands/lookupcertificatescommand.cpp:528

(gdb) print key
$1 = <error reading variable: Cannot access memory at address 0x9>

The result of print key varies, e.g. I also got

$1 = std::shared_ptr<_gpgme_key> (use count -238808599, weak count 32766) = {get() = 0x4009}

ebo reproduced the crash on Windows.

The crash occurs in a call of std::sort() that was introduced for T7067: Kleopatra: Add origin information in search results. I suggest to revert the changes made for T7067 for VSD 3.3. For T7153: Kleopatra: Show all search results (from different origins) we will anyway have to rewrite the result view because the standard certificate list doesn't support multiple keys with the same fingerprint.

Details

External Link
https://invent.kde.org/pim/kleopatra/-/merge_requests/227

Revisions and Commits

rKLEOPATRA Kleopatra
rKLEOPATRAc9793cd5e76f Fix crash in key lookup
rKLEOPATRA9b3730193ad1 Fix crash in key lookup

Related Objects

Event Timeline

ikloecker created this task.Jun 14 2024, 4:48 PM
ebo added a subscriber: ebo.Jun 17 2024, 12:22 PM
ikloecker added a comment.Jun 17 2024, 1:46 PM

I'm wondering whether we are hit by undefined behavior. https://en.cppreference.com/w/cpp/algorithm/sort mentions some conditions that must be met for (un)defined behavior. Or it's a bug in gcc or gcc's STL. I added some debug logs to the comparison lambda. The first comparisons look fine but after a certain number of comparisons it crashes in the debug logging (when it tries to access the primary fingerprint).

Sorting Keys doesn't seem to be a problem. We do it in KeyCache since ages. I have no idea why the simple struct should cause problems unless std::sort uses incorrect default move-operations.

werner triaged this task as Unbreak Now! priority.Jun 17 2024, 2:01 PM
TobiasFella added a commit: rKLEOPATRA9b3730193ad1: Fix crash in key lookup.Jun 17 2024, 2:21 PM
TobiasFella moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jun 17 2024, 2:42 PM
TobiasFella set External Link to https://invent.kde.org/pim/kleopatra/-/merge_requests/227.
ikloecker added a commit: rKLEOPATRAc9793cd5e76f: Fix crash in key lookup.Jun 17 2024, 4:53 PM
ikloecker moved this task from Backlog to WiP on the vsd33 board.Jun 17 2024, 5:34 PM

Backported for VSD 3.3

ebo changed the task status from Open to Testing.Jun 18 2024, 4:15 PM
ebo lowered the priority of this task from Unbreak Now! to High.
TobiasFella claimed this task.Jun 25 2024, 10:44 AM
ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Sep 24 2024, 1:56 PM

search for "example" works now, Gpg4win-Beta-50

ebo closed this task as Resolved.Sep 24 2024, 2:06 PM