Bug 1141883 - pinentry-qt crashes with QtCurve
pinentry-qt crashes with QtCurve
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: X11 Applications
Current
x86-64 openSUSE Factory
: P5 - None : Normal (vote)
: ---
Assigned To: Tomáš Chvátal
E-mail List
ibs:running:12148:low maint:released:...
:
Depends on:
Blocks: 1133084
  Show dependency treegraph
 
Reported: 2019-07-17 15:14 UTC by Maximilian Trummer
Modified: 2020-07-08 13:12 UTC (History)
6 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
pinentry backtrace (3.51 KB, text/plain)
2019-07-17 15:14 UTC, Maximilian Trummer
Details
pinentry backtrace 2 (9.78 KB, text/plain)
2019-07-22 16:05 UTC, Maximilian Trummer
Details
0001-qt-Fix-use-of-dangling-pointer.patch (836 bytes, patch)
2019-07-25 09:39 UTC, Fabian Vogt
Details | Diff
0001-qt-Fix-use-of-dangling-pointer.patch (1.56 KB, patch)
2019-07-25 12:29 UTC, Andre Heinecke
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Maximilian Trummer 2019-07-17 15:14:33 UTC
Created attachment 810756 [details]
pinentry backtrace

I upgraded from Tumbleweed 20190708 to 20190713 and now pinentry-qt (displayed right after login to unlock KWallet) crashes.

The crash happens right after hitting Enter.

The crash does not happen after switching away from QtCurve to the Breeze application style.

Backtrace attached.
Comment 1 Wolfgang Bauer 2019-07-17 20:40:39 UTC
Judging from the backtrace, this upstream commit might help here:
https://cgit.kde.org/qtcurve.git/commit/?id=b7da5ec7e2965332e3922dfb03a3d100aa203b94

Please try the packages from here (once it is published):
https://download.opensuse.org/repositories/home:/wolfi323:/boo1141883/openSUSE_Tumbleweed

(I think qtcurve-qt5 should be enough, but better update the other packages as well if you have them installed)
Comment 2 Maximilian Trummer 2019-07-22 16:05:53 UTC
Created attachment 811197 [details]
pinentry backtrace 2
Comment 3 Maximilian Trummer 2019-07-22 16:06:36 UTC
I installed the packages from your repo, logged out and back in, entered the password in pinentry-qt but it crashed again.
I attached the new backtrace.
Comment 4 Wolfgang Bauer 2019-07-23 07:55:30 UTC
Well, it doesn't crash here on Leap 15.1 with the latest KDE packages from additional repos.
I was able to reproduce the crash on a Tumbleweed LiveCD though, by just running pinentry-qt and entering "BYE".

Installing Leap 15.1's pinentry-qt(5) makes the crash disappear, so the problem actually seems to be there.
But there has been absolutely no change to it... :-/

So maybe it's caused by the switch to LTO.
I'll try to build it without, but that's just a guess.
Comment 5 Wolfgang Bauer 2019-07-23 08:38:12 UTC
(In reply to Wolfgang Bauer from comment #4)
> So maybe it's caused by the switch to LTO.
> I'll try to build it without, but that's just a guess.
Indeed, that does fix the crash here.

Can you please try the new pinentry-qt5 package as well?
https://download.opensuse.org/repositories/home:/wolfi323:/boo1141883/openSUSE_Tumbleweed
(same repo as before)

You can switch back qtcurve-qt5 to the standard Tumbleweed version.
Comment 6 Maximilian Trummer 2019-07-23 14:44:58 UTC
pinentry-qt5 without LTO from your repo works fine here as well.
Comment 7 Wolfgang Bauer 2019-07-24 09:43:33 UTC
Ok, great!

I'll submit it to the devel project (pinentry is not part of KDE), let's see what the maintainers say.

https://build.opensuse.org/request/show/718158
Comment 8 Martin Liška 2019-07-24 11:13:38 UTC
Can you please provide me more information how to reproduce it. Note that we should not disable LTO without knowing what's root cause of the segfault.
Comment 9 Wolfgang Bauer 2019-07-24 11:23:32 UTC
(In reply to Martin Liška from comment #8)
> Can you please provide me more information how to reproduce it.
Install qtcurve-qt5, and configure it as application style in Plasma's settings.
Then run pinentry-qt, and enter "BYE".
It should crash.

If you are not using Plasma, I suppose you could use qt5ct to configure the style, but I haven't tried that.
Comment 10 Martin Liška 2019-07-24 11:31:14 UTC
(In reply to Wolfgang Bauer from comment #9)
> (In reply to Martin Liška from comment #8)
> > Can you please provide me more information how to reproduce it.
> Install qtcurve-qt5, and configure it as application style in Plasma's
> settings.
> Then run pinentry-qt, and enter "BYE".
> It should crash.
> 
> If you are not using Plasma, I suppose you could use qt5ct to configure the
> style, but I haven't tried that.

Yes, I don't use. Can you please help me where to set it up in qt5ct?
Comment 11 Wolfgang Bauer 2019-07-24 11:42:03 UTC
(In reply to Martin Liška from comment #10)
> Yes, I don't use. Can you please help me where to set it up in qt5ct?
I never used it either, as I use Plasma.

AFAIK, it should be used as platform plugin by Qt5 applications automatically when you install it (after logging out/in).
Then you should be able to configure the appearance of Qt5 applications with the included tool "qt5ct".

The crash occurs with the QtCurve style at least.

I don't know whether it is actually reproducible with qt5ct though, or only with the Plasma platform plugin. (I may try that later, I actually don't even use Tumbleweed)
Comment 12 Wolfgang Bauer 2019-07-24 12:54:40 UTC
Ok, I was able to reproduce the crash in IceWM like this:
- install qtcurve-qt5 and qt5ct
- run qt5ct, set Style to "QtCurve" (on the Appearance tab that should be open on start) and click OK
- logout/login to "activate" qt5ct (or run "export QT_QPA_PLATFORMTHEME='qt5ct'" manually)
- run pinentry-qt and enter "BYE"

Should work like this on any other desktop as well, because the "export QT_QPA_PLATFORMTHEME='qt5ct'" should force Qt5 to use qt5ct regardless of the desktop session.
Comment 13 Martin Liška 2019-07-24 13:14:28 UTC
(In reply to Wolfgang Bauer from comment #12)
> Ok, I was able to reproduce the crash in IceWM like this:
> - install qtcurve-qt5 and qt5ct
> - run qt5ct, set Style to "QtCurve" (on the Appearance tab that should be
> open on start) and click OK
> - logout/login to "activate" qt5ct (or run "export
> QT_QPA_PLATFORMTHEME='qt5ct'" manually)
> - run pinentry-qt and enter "BYE"
> 
> Should work like this on any other desktop as well, because the "export
> QT_QPA_PLATFORMTHEME='qt5ct'" should force Qt5 to use qt5ct regardless of
> the desktop session.

Great, now I can reproduce it in a VM.
Comment 14 Martin Liška 2019-07-24 13:19:59 UTC
Fabian: Any guess what can be broken based on the back-trace?
Comment 15 Fabian Vogt 2019-07-24 15:22:35 UTC
(In reply to Martin Liška from comment #14)
> Fabian: Any guess what can be broken based on the back-trace?

I made a patch: https://phabricator.kde.org/D22719

I don't know why it only breaks with LTO though.
Comment 16 Wolfgang Bauer 2019-07-24 17:07:30 UTC
Ok, I revoked my SR for pinentry now.
Thanks.
Comment 17 Fabian Vogt 2019-07-24 17:46:49 UTC
(In reply to Fabian Vogt from comment #15)
> (In reply to Martin Liška from comment #14)
> > Fabian: Any guess what can be broken based on the back-trace?
> 
> I made a patch: https://phabricator.kde.org/D22719
> 
> I don't know why it only breaks with LTO though.

While the patch is correct (it's possible to have argc == 0), I think the root cause for pinentry-qt is something else though. As during QApplication construction, argc = 1 and stored inside QCoreApplicationPrivate, it shouldn't suddenly change to 0 during teardown. I'll have a closer look tomorrow.
Comment 18 Fabian Vogt 2019-07-25 09:39:16 UTC
Created attachment 811546 [details]
0001-qt-Fix-use-of-dangling-pointer.patch

Ok, root cause found. pinentry's qt/main.cpp has a dangling pointer.

Patch attached, please send to upstream and apply downstream.
Comment 19 Fabian Vogt 2019-07-25 09:40:16 UTC
Reassigning
Comment 20 Martin Liška 2019-07-25 09:50:04 UTC
(In reply to Fabian Vogt from comment #18)
> Created attachment 811546 [details]
> 0001-qt-Fix-use-of-dangling-pointer.patch
> 
> Ok, root cause found. pinentry's qt/main.cpp has a dangling pointer.
> 
> Patch attached, please send to upstream and apply downstream.

Nice catch Fabian!
Comment 21 Pedro Monreal Gonzalez 2019-07-25 11:21:40 UTC
Just reported upstream here:
   https://dev.gnupg.org/T4658
Comment 22 Andre Heinecke 2019-07-25 12:29:27 UTC
Created attachment 811595 [details]
0001-qt-Fix-use-of-dangling-pointer.patch

Hi,

Thank you very much for your work analyzing this and providing a patch. Good catch.

Due to:

Note: argc and argv might be changed as Qt removes command line arguments that it recognizes.

I've changed the patch a bit so that it still uses a copy of argc but that variable is now in the main scope, because we do not want Qt to remove options that it recognizes. E.g. Display. before we do our own option parsing in pinentry_parse_opts. That was the reason behind the "i = argc".

Patch applied as rev. 0e2e53c8987d6f236aaef515eb005e8e86397fbc
Comment 23 Fabian Vogt 2019-07-25 12:32:55 UTC
(In reply to Andre Heinecke from comment #22)
> Created attachment 811595 [details]
> 0001-qt-Fix-use-of-dangling-pointer.patch
> 
> Hi,
> 
> Thank you very much for your work analyzing this and providing a patch. Good
> catch.
> 
> Due to:
> 
> Note: argc and argv might be changed as Qt removes command line arguments
> that it recognizes.
> 
> I've changed the patch a bit so that it still uses a copy of argc but that
> variable is now in the main scope, because we do not want Qt to remove
> options that it recognizes. E.g. Display. before we do our own option
> parsing in pinentry_parse_opts. That was the reason behind the "i = argc".
> 
> Patch applied as rev. 0e2e53c8987d6f236aaef515eb005e8e86397fbc

LGTM, thanks!
Comment 24 Pedro Monreal Gonzalez 2019-07-25 13:05:32 UTC
(In reply to Andre Heinecke from comment #22)
> Created attachment 811595 [details]
> 0001-qt-Fix-use-of-dangling-pointer.patch
> 
> Patch applied as rev. 0e2e53c8987d6f236aaef515eb005e8e86397fbc

Thanks Andre! I have just built the package [0] and I'll test it now.

[0] https://download.opensuse.org/repositories/home:/pmonrealgonzalez:/branches:/Base:/System/openSUSE_Factory/
Comment 25 Wolfgang Bauer 2019-07-25 13:31:12 UTC
I just tried the upstream commit and can confirm that the crash is gone.
Comment 26 Pedro Monreal Gonzalez 2019-07-25 13:36:08 UTC
(In reply to Wolfgang Bauer from comment #25)
> I just tried the upstream commit and can confirm that the crash is gone.

Yes, tests fine here also. Just for reference, here is the upstream commit:

https://git.gnupg.org/cgi-bin/gitweb.cgi?p=pinentry.git;a=commit;h=0e2e53c8987d6f236aaef515eb005e8e86397fbc
Comment 27 Pedro Monreal Gonzalez 2019-07-25 14:15:25 UTC
Submitted to TW:
   https://build.opensuse.org/request/show/718565
Comment 30 Swamp Workflow Management 2019-08-26 13:12:29 UTC
SUSE-RU-2019:2218-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1141883
CVE References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP1 (src):    pinentry-1.1.0-4.3.1
SUSE Linux Enterprise Workstation Extension 15 (src):    pinentry-1.1.0-4.3.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15 (src):    pinentry-1.1.0-4.3.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src):    pinentry-1.1.0-4.3.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    pinentry-1.1.0-4.3.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP1 (src):    pinentry-1.1.0-4.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    pinentry-1.1.0-4.3.1
SUSE Linux Enterprise Module for Basesystem 15-SP1 (src):    pinentry-1.1.0-4.3.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    pinentry-1.1.0-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 31 Swamp Workflow Management 2019-09-03 13:59:44 UTC
An update workflow for this issue was started.
This issue was rated as low.
Please submit fixed packages until 2019-10-01.
https://swamp.suse.de/webswamp/wf/64342
Comment 32 Swamp Workflow Management 2019-09-10 22:14:56 UTC
openSUSE-RU-2019:2113-1: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1141883
CVE References: 
Sources used:
openSUSE Leap 15.1 (src):    pinentry-1.1.0-lp151.4.3.1
openSUSE Leap 15.0 (src):    pinentry-1.1.0-lp150.3.3.1
Comment 33 Andre Heinecke 2019-09-12 13:15:48 UTC
Wow your automated systems are spammy.
Comment 34 Tomáš Chvátal 2020-03-24 14:18:39 UTC
Forgot to close this bug; as per above messages it is fixed.
Comment 35 Swamp Workflow Management 2020-07-08 13:12:56 UTC
SUSE-RU-2019:2218-2: An update that has one recommended fix can now be installed.

Category: recommended (moderate)
Bug References: 1141883
CVE References: 
Sources used:
SUSE Linux Enterprise Workstation Extension 15-SP2 (src):    pinentry-1.1.0-4.3.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (src):    pinentry-1.1.0-4.3.1
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1 (src):    pinentry-1.1.0-4.3.1
SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (src):    pinentry-1.1.0-4.3.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    pinentry-1.1.0-4.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.