[qca] [Bug 482819] kwalletd6 sometimes crashed in QCA::PrivateKey::deriveKey when starting Proton VPN GUI

Matt Fagnani bugzilla_noreply at kde.org
Tue Mar 26 01:02:02 GMT 2024 

https://bugs.kde.org/show_bug.cgi?id=482819

--- Comment #10 from Matt Fagnani <matt.fagnani at bell.net> ---
My kwallet is opened automatically when I log in to Plasma with the same
password. You could try installing GNOME 46.0 in your Fedora 40 installation as
I have in case there's something from GNOME that's involved and running
seahorse, evince, and GNOME disks in Plasma as I described. I tried running
kwalletd6 under valgrind a week ago, but I only stopped kwalletd6 once before
running it under valgrind so kwalletd6 kept restarting automatically and I
didn't get it to crash under valgrind then. I followed your instructions. The
valgrind report showed an invalid read and a crash due to a null pointer
dereference in QCA::PrivateKey::deriveKey at the same line as in the gdb trace
I reported originally, which I guess was the null d pointer in the variable
this from privateKey in KWalletFreedesktopService::createSessionAlgorithmDhAes.

==121563== Memcheck, a memory error detector
==121563== Copyright (C) 2002-2022, and GNU GPL'd, by Julian Seward et al.
==121563== Using Valgrind-3.22.0 and LibVEX; rerun with -h for copyright info
==121563== Command: /usr/bin/kwalletd6
==121563== Parent PID: 119206
==121563== 
==121563== Conditional jump or move depends on uninitialised value(s)
==121563==    at 0x2BDA8B18: ???
==121563==    by 0x2C05E13F: ???
==121563== 
==121563== Conditional jump or move depends on uninitialised value(s)
==121563==    at 0x82E63F1:
QtWaylandClient::QWaylandInputDevice::Keyboard::keyboard_key(unsigned int,
unsigned int, unsigned int, unsigned int) (qwaylandinputdevice.cpp:1356)
==121563==    by 0xA488055: ffi_call_unix64 (unix64.S:104)
==121563==    by 0xA48469F: ffi_call_int.lto_priv.0 (ffi64.c:673)
==121563==    by 0xA4874ED: ffi_call (ffi64.c:710)
==121563==    by 0x8354F2D: wl_closure_invoke.constprop.0 (connection.c:1025)
==121563==    by 0x83557A2: dispatch_event.isra.0 (wayland-client.c:1631)
==121563==    by 0x8355A4B: UnknownInlinedFun (wayland-client.c:1777)
==121563==    by 0x8355A4B: wl_display_dispatch_queue_pending
(wayland-client.c:2019)
==121563==    by 0x82CCCD1: QtWaylandClient::QWaylandDisplay::flushRequests()
(qwaylanddisplay.cpp:229)
==121563==    by 0x62E45A4: QObject::event(QEvent*) (qobject.cpp:1437)
==121563==    by 0x5001F67: QApplicationPrivate::notify_helper(QObject*,
QEvent*) (qapplication.cpp:3296)
==121563==    by 0x6291217: QCoreApplication::notifyInternal2(QObject*,
QEvent*) (qcoreapplication.cpp:1121)
==121563==    by 0x6295146: QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (qcoreapplication.cpp:1901)
==121563== 
==121563== Invalid read of size 8
==121563==    at 0x4D981DC: QCA::PrivateKey::deriveKey(QCA::PublicKey const&)
(qca_publickey.cpp:1030)
==121563==    by 0x141991: UnknownInlinedFun
(kwalletfreedesktopservice.cpp:424)
==121563==    by 0x141991: KWalletFreedesktopService::OpenSession(QString
const&, QDBusVariant const&, QDBusObjectPath&)
(kwalletfreedesktopservice.cpp:266)
==121563==    by 0x166F42: UnknownInlinedFun
(kwalletfreedesktopserviceadaptor.cpp:63)
==121563==    by 0x166F42:
KWalletFreedesktopServiceAdaptor::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**) (moc_kwalletfreedesktopserviceadaptor.cpp:410)
==121563==    by 0x167253:
KWalletFreedesktopServiceAdaptor::qt_metacall(QMetaObject::Call, int, void**)
(moc_kwalletfreedesktopserviceadaptor.cpp:489)
==121563==    by 0x5744B10: QDBusConnectionPrivate::deliverCall(QObject*, int,
QDBusMessage const&, QList<QMetaType> const&, int) (qdbusintegrator.cpp:977)
==121563==    by 0x5748674: QDBusConnectionPrivate::activateCall(QObject*, int,
QDBusMessage const&) [clone .part.0] (qdbusintegrator.cpp:879)
==121563==    by 0x57492C5: activateCall (qdbusintegrator.cpp:825)
==121563==    by 0x57492C5:
QDBusConnectionPrivate::activateObject(QDBusConnectionPrivate::ObjectTreeNode&,
QDBusMessage const&, int) (qdbusintegrator.cpp:1460)
==121563==    by 0x574B959: QDBusActivateObjectEvent::placeMetaCall(QObject*)
(qdbusintegrator.cpp:1580)
==121563==    by 0x62E45A4: QObject::event(QEvent*) (qobject.cpp:1437)
==121563==    by 0x5001F67: QApplicationPrivate::notify_helper(QObject*,
QEvent*) (qapplication.cpp:3296)
==121563==    by 0x6291217: QCoreApplication::notifyInternal2(QObject*,
QEvent*) (qcoreapplication.cpp:1121)
==121563==    by 0x6295146: QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (qcoreapplication.cpp:1901)
==121563==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==121563== 
==121563== 
==121563== Process terminating with default action of signal 11 (SIGSEGV):
dumping core
==121563==  Access not within mapped region at address 0x0
==121563==    at 0x4D981DC: QCA::PrivateKey::deriveKey(QCA::PublicKey const&)
(qca_publickey.cpp:1030)
==121563==    by 0x141991: UnknownInlinedFun
(kwalletfreedesktopservice.cpp:424)
==121563==    by 0x141991: KWalletFreedesktopService::OpenSession(QString
const&, QDBusVariant const&, QDBusObjectPath&)
(kwalletfreedesktopservice.cpp:266)
==121563==    by 0x166F42: UnknownInlinedFun
(kwalletfreedesktopserviceadaptor.cpp:63)
==121563==    by 0x166F42:
KWalletFreedesktopServiceAdaptor::qt_static_metacall(QObject*,
QMetaObject::Call, int, void**) (moc_kwalletfreedesktopserviceadaptor.cpp:410)
==121563==    by 0x167253:
KWalletFreedesktopServiceAdaptor::qt_metacall(QMetaObject::Call, int, void**)
(moc_kwalletfreedesktopserviceadaptor.cpp:489)
==121563==    by 0x5744B10: QDBusConnectionPrivate::deliverCall(QObject*, int,
QDBusMessage const&, QList<QMetaType> const&, int) (qdbusintegrator.cpp:977)
==121563==    by 0x5748674: QDBusConnectionPrivate::activateCall(QObject*, int,
QDBusMessage const&) [clone .part.0] (qdbusintegrator.cpp:879)
==121563==    by 0x57492C5: activateCall (qdbusintegrator.cpp:825)
==121563==    by 0x57492C5:
QDBusConnectionPrivate::activateObject(QDBusConnectionPrivate::ObjectTreeNode&,
QDBusMessage const&, int) (qdbusintegrator.cpp:1460)
==121563==    by 0x574B959: QDBusActivateObjectEvent::placeMetaCall(QObject*)
(qdbusintegrator.cpp:1580)
==121563==    by 0x62E45A4: QObject::event(QEvent*) (qobject.cpp:1437)
==121563==    by 0x5001F67: QApplicationPrivate::notify_helper(QObject*,
QEvent*) (qapplication.cpp:3296)
==121563==    by 0x6291217: QCoreApplication::notifyInternal2(QObject*,
QEvent*) (qcoreapplication.cpp:1121)
==121563==    by 0x6295146: QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) (qcoreapplication.cpp:1901)
==121563==  If you believe this happened as a result of a stack
==121563==  overflow in your program's main thread (unlikely but
==121563==  possible), you can try to increase the size of the
==121563==  main thread stack using the --main-stacksize= flag.
==121563==  The main thread stack size used in this run was 8388608.
==121563== 
==121563== HEAP SUMMARY:
==121563==     in use at exit: 6,227,189 bytes in 40,136 blocks
==121563==   total heap usage: 277,504 allocs, 237,368 frees, 37,114,729 bytes
allocated
==121563== 
==121563== LEAK SUMMARY:
==121563==    definitely lost: 512 bytes in 1 blocks
==121563==    indirectly lost: 1,357 bytes in 41 blocks
==121563==      possibly lost: 550,976 bytes in 65 blocks
==121563==    still reachable: 5,672,328 bytes in 40,008 blocks
==121563==                       of which reachable via heuristic:
==121563==                         newarray           : 10,000 bytes in 60
blocks
==121563==                         multipleinheritance: 2,080 bytes in 6 blocks
==121563==         suppressed: 0 bytes in 0 blocks
==121563== Rerun with --leak-check=full to see details of leaked memory
==121563== 
==121563== Use --track-origins=yes to see where uninitialised values come from
==121563== For lists of detected and suppressed errors, rerun with: -s
==121563== ERROR SUMMARY: 3 errors from 3 contexts (suppressed: 0 from 0)

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the Unassigned-bugs mailing list