[okular] [Bug 424056] Okular crashed in cryptotech::cpp::utils::ILogOutput() while closing signed document and using proprietary driver for CryptoTech smart cards

Jaime Torres bugzilla_noreply at kde.org
Tue Oct 11 17:07:33 BST 2022 

https://bugs.kde.org/show_bug.cgi?id=424056

Jaime Torres <jtamate at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jtamate at gmail.com

--- Comment #7 from Jaime Torres <jtamate at gmail.com> ---
I'm able to reproduce it with one of the dni readers and the pkcs#11 dnie
library installed:

Just connect any dnie reader to any usb, with or without any dni, and open any
pdf with signatures, for example:
/usr/bin/okular 
"https://www.tecxoft.com/samples/pdf_digital_signature_timestamp.pdf"

In Valgrind:

==30095== Invalid read of size 4
==30095==    at 0x662CCC7: pthread_mutex_trylock@@GLIBC_2.34
(pthread_mutex_trylock.c:33)
==30095==    by 0x21834709: NativeLockMutex(void*) (in
/usr/lib64/libpkcs11-dnie.so)
==30095==    by 0x21828C21: C_CloseAllSessions (in
/usr/lib64/libpkcs11-dnie.so)
==30095==    by 0x1569303E: UnknownInlinedFun (pk11slot.c:452)
==30095==    by 0x1569303E: PK11_FreeSlot (pk11slot.c:489)
==30095==    by 0x15695F0B: UnknownInlinedFun (pk11util.c:923)
==30095==    by 0x15695F0B: SECMOD_DestroyModule (pk11util.c:885)
==30095==    by 0x1565E1CC: UnknownInlinedFun (pk11util.c:969)
==30095==    by 0x1565E1CC: UnknownInlinedFun (pk11util.c:984)
==30095==    by 0x1565E1CC: UnknownInlinedFun (pk11util.c:68)
==30095==    by 0x1565E1CC: nss_Shutdown (nssinit.c:1163)
==30095==    by 0x1565EEAF: UnknownInlinedFun (nssinit.c:1221)
==30095==    by 0x1565EEAF: NSS_Shutdown (nssinit.c:1200)
==30095==    by 0x20F933F8: ??? (in /usr/lib64/libpoppler.so.124.0.0)
==30095==    by 0x65DA0C4: __run_exit_handlers (exit.c:113)
==30095==    by 0x65DA24F: exit (exit.c:143)
==30095==    by 0x65C15B6: (below main) (libc_start_call_main.h:74)
==30095==  Address 0x10 is not stack'd, malloc'd or (recently) free'd

==30095== Invalid read of size 4
==30095==    at 0x662D2B0: __pthread_mutex_unlock_full
(pthread_mutex_unlock.c:114)
==30095==    by 0x81B1349: QtWaylandClient::QWaylandDisplay::~QWaylandDisplay()
(qwaylanddisplay.cpp:384)
==30095==    by 0x81B1948: QtWaylandClient::QWaylandDisplay::~QWaylandDisplay()
(qwaylanddisplay.cpp:385)
==30095==    by 0x819FF68:
QtWaylandClient::QWaylandIntegration::~QWaylandIntegration()
(qwaylandintegration.cpp:132)
==30095==    by 0x5764FC6: QGuiApplicationPrivate::~QGuiApplicationPrivate()
(qguiapplication.cpp:1731)
==30095==    by 0x50A9F58: QApplicationPrivate::~QApplicationPrivate()
(qapplication.cpp:163)
==30095==    by 0x11C255: main (main.cpp:103)


In gdb:
(thread 1)
#0  ___pthread_mutex_trylock (mutex=0x0) at pthread_mutex_trylock.c:33
#1  0x00007fffc683470a in NativeLockMutex(void*) () at
/usr/lib64/libpkcs11-dnie.so
#2  0x00007fffc6828c22 in C_CloseAllSessions () at /usr/lib64/libpkcs11-dnie.so
#3  0x00007fffc732903f in PK11_DestroySlot (slot=<optimized out>) at
../pk11wrap/pk11slot.c:452
#4  PK11_FreeSlot (slot=slot at entry=0x5555558c9970) at
../pk11wrap/pk11slot.c:489
#5  0x00007fffc732bf0c in SECMOD_DestroyModule (module=0x5555558f61c0) at
../pk11wrap/pk11util.c:923
#6  SECMOD_DestroyModule (module=0x5555558f61c0) at ../pk11wrap/pk11util.c:885
#7  0x00007fffc72f41cd in SECMOD_DestroyModuleListElement
(element=0x55555603c6a0) at ../pk11wrap/pk11util.c:969
#8  SECMOD_DestroyModuleList (list=<optimized out>) at
../pk11wrap/pk11util.c:984
#9  SECMOD_Shutdown () at ../pk11wrap/pk11util.c:68
#10 nss_Shutdown () at
/usr/src/debug/mozilla-nss-3.82-1.2.x86_64/nss/lib/nss/nssinit.c:1163
#11 0x00007fffc72f4eb0 in NSS_Shutdown () at
/usr/src/debug/mozilla-nss-3.82-1.2.x86_64/nss/lib/nss/nssinit.c:1221
#12 NSS_Shutdown () at
/usr/src/debug/mozilla-nss-3.82-1.2.x86_64/nss/lib/nss/nssinit.c:1200
#13 0x00007fffc76453f9 in shutdownNss() () at
/usr/src/debug/poppler-22.09.0-1.1.x86_64/poppler/SignatureHandler.cc:268
#14 0x00007ffff5e450c5 in __run_exit_handlers (status=0, listp=0x7ffff5fea820
<__exit_funcs>, run_list_atexit=run_list_atexit at entry=true,
run_dtors=run_dtors at entry=true) at exit.c:113
#15 0x00007ffff5e45250 in __GI_exit (status=<optimized out>) at exit.c:143
#16 0x00007ffff5e2c5b7 in __libc_start_call_main
(main=main at entry=0x555555566ae0 <main(int, char**)>, argc=argc at entry=2,
argv=argv at entry=0x7fffffffd1e8) at ../sysdeps/nptl/libc_start_call_main.h:74
#17 0x00007ffff5e2c679 in __libc_start_main_impl
     (main=0x555555566ae0 <main(int, char**)>, argc=2, argv=0x7fffffffd1e8,
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>,
stack_end=0x7fffffffd1d8) at ../csu/libc-start.c:381
#18 0x0000555555568d45 in _start () at ../sysdeps/x86_64/start.S:115
(thread 2)
#0  0x00007ffff5f0ba8f in __GI___poll (fds=0x7fffec0053c0, nfds=3, timeout=-1)
at ../sysdeps/unix/sysv/linux/poll.c:29
#1  0x00007ffff4d20d7e in g_main_context_poll (priority=<optimized out>,
n_fds=3, fds=0x7fffec0053c0, timeout=<optimized out>, context=0x7fffec001cf0)
at ../glib/gmain.c:4543
#2  g_main_context_iterate (context=context at entry=0x7fffec001cf0,
block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at
../glib/gmain.c:4233
#3  0x00007ffff4d20e9c in g_main_context_iteration (context=0x7fffec001cf0,
may_block=1) at ../glib/gmain.c:4303
#4  0x00007ffff6733806 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>)
(this=0x7fffec000b70, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#5  0x00007ffff66dabeb in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>)
(this=this at entry=0x7ffff1dfec10, flags=..., flags at entry=...) at
../../include/QtCore/../../src/corelib/global/qflags.h:69
#6  0x00007ffff64f4c47 in QThread::exec() (this=this at entry=0x7ffff71ff060
<(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at
../../include/QtCore/../../src/corelib/global/qflags.h:121
#7  0x00007ffff7186277 in QDBusConnectionManager::run() (this=0x7ffff71ff060
<(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at
qdbusconnection.cpp:179
#8  0x00007ffff64f5e4d in QThreadPrivate::start(void*) (arg=0x7ffff71ff060
<(anonymous namespace)::Q_QGS__q_manager::innerFunction()::holder>) at
thread/qthread_unix.cpp:330
#9  0x00007ffff5e939ad in start_thread (arg=<optimized out>) at
pthread_create.c:442
#10 0x00007ffff5f1a290 in clone3 () at
../sysdeps/unix/sysv/linux/x86_64/clone3.S:81

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Okular-devel mailing list