[qca] [Bug 482819] kwalletd6 sometimes crashed in QCA::PrivateKey::deriveKey when starting Proton VPN GUI

[Matt Fagnani]

https://bugs.kde.org/show_bug.cgi?id=482819

--- Comment #3 from Matt Fagnani <matt.fagnani at bell.net> ---
You can download the Fedora 40 KDE Plasma live beta
Fedora-KDE-Live-x86_64-40_Beta-1.10.iso from
https://koji.fedoraproject.org/koji/buildinfo?buildID=2423953 You can boot that
in a QEMU/KVM VM though I haven't tried to reproduce this in a VM or write it
to a USB flash drive with Fedora Media Writer.

I disabled Use KWallet from the Secret Service interface from the KDE Wallet
page in System Settings, and the problem didn't happen with that setting off. I
think because I also have GNOME 46.0 installed the GNOME Keyring was used which
doesn't have this problem.

In QCA::PrivateKey::deriveKey, for the pointer this, one of its three d
pointers was null, and the pointer theirs had d = 0x75 for one of the three
such pointers. If one of those d pointers were dereferenced, the crash might
have resulted.

(gdb) p this
$1 = (QCA::PrivateKey * const) 0x7ffdce589db0
(gdb) p *this
$2 = {<QCA::PKey> = {<QCA::Algorithm> = {_vptr.Algorithm = 0x7f7a2ffeb598
<vtable for QCA::PrivateKey+16>, d = {
        d = 0x0}}, d = 0x55c5ffc37e80}, d = 0x7ffdce589ef0}
(gdb) p theirs
$3 = (const QCA::PublicKey &) @0x7ffdce589df0: {<QCA::PKey> = {<QCA::Algorithm>
= {
      _vptr.Algorithm = 0x7f7a2ffea880 <vtable for QCA::DHPublicKey+16>, d = {d
= 0x55c5ffb593b0}}, 
    d = 0x55c5ffc85740}, d = 0x75}

-- 
You are receiving this mail because:
You are the assignee for the bug.