Bug 1042667 - [abrt] MyPasswordSafe-0.6.7-18.20061216.fc20: GenRandhash: Process /usr/bin/MyPasswordSafe was killed by signal 6 (SIGABRT)
Summary: [abrt] MyPasswordSafe-0.6.7-18.20061216.fc20: GenRandhash: Process /usr/bin/M...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: MyPasswordSafe
Version: 20
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Ralf Ertzinger
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:86bcafe7c65ceb9f55a13b08079...
: 1037804 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-12-13 02:55 UTC by Bob Whitinger
Modified: 2013-12-30 05:05 UTC (History)
6 users (show)

Fixed In Version: MyPasswordSafe-0.6.7-19.20061216.fc19
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-12-30 04:58:15 UTC


Attachments (Terms of Use)
File: backtrace (39.46 KB, text/plain)
2013-12-13 02:55 UTC, Bob Whitinger
no flags Details
File: cgroup (172 bytes, text/plain)
2013-12-13 02:55 UTC, Bob Whitinger
no flags Details
File: core_backtrace (8.98 KB, text/plain)
2013-12-13 02:55 UTC, Bob Whitinger
no flags Details
File: dso_list (3.50 KB, text/plain)
2013-12-13 02:55 UTC, Bob Whitinger
no flags Details
File: environ (3.26 KB, text/plain)
2013-12-13 02:55 UTC, Bob Whitinger
no flags Details
File: limits (1.29 KB, text/plain)
2013-12-13 02:55 UTC, Bob Whitinger
no flags Details
File: maps (21.11 KB, text/plain)
2013-12-13 02:55 UTC, Bob Whitinger
no flags Details
File: open_fds (298 bytes, text/plain)
2013-12-13 02:55 UTC, Bob Whitinger
no flags Details
File: proc_pid_status (940 bytes, text/plain)
2013-12-13 02:55 UTC, Bob Whitinger
no flags Details
File: var_log_messages (1.24 KB, text/plain)
2013-12-13 02:55 UTC, Bob Whitinger
no flags Details

Description Bob Whitinger 2013-12-13 02:55:03 UTC
Description of problem:
1.  invoke MyPasswordSafe
2.  enter password

*** stack smashing detected ***: MyPasswordSafe terminated

Version-Release number of selected component:
MyPasswordSafe-0.6.7-18.20061216.fc20

Additional info:
reporter:       libreport-2.1.9
backtrace_rating: 4
cmdline:        MyPasswordSafe
crash_function: GenRandhash
executable:     /usr/bin/MyPasswordSafe
kernel:         3.11.10-301.fc20.x86_64
runlevel:       N 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (10 frames)
 #5 GenRandhash at src/pwsafe/Util.cpp:116
 #6 BlowfishLizer::checkPassword at src/serializers.cpp:212
 #7 Safe::checkPassword at src/safe.cpp:537
 #8 MyPasswordSafe::open at src/mypasswordsafe.ui.h:245
 #9 StartupDlgBase::okClicked at src/startupdlgbase.ui.h:55
 #10 StartupDlgBase::qt_invoke at .moc/moc_startupdlgbase.cpp:115
 #11 QObject::activate_signal at kernel/qobject.cpp:2359
 #13 QButton::clicked at .moc/release-shared-mt/moc_qbutton.cpp:152
 #14 QDialog::keyPressEvent at dialogs/qdialog.cpp:574
 #15 QWidget::event at kernel/qwidget.cpp:4751

Comment 1 Bob Whitinger 2013-12-13 02:55:07 UTC
Created attachment 836090 [details]
File: backtrace

Comment 2 Bob Whitinger 2013-12-13 02:55:09 UTC
Created attachment 836091 [details]
File: cgroup

Comment 3 Bob Whitinger 2013-12-13 02:55:11 UTC
Created attachment 836092 [details]
File: core_backtrace

Comment 4 Bob Whitinger 2013-12-13 02:55:12 UTC
Created attachment 836093 [details]
File: dso_list

Comment 5 Bob Whitinger 2013-12-13 02:55:14 UTC
Created attachment 836094 [details]
File: environ

Comment 6 Bob Whitinger 2013-12-13 02:55:15 UTC
Created attachment 836095 [details]
File: limits

Comment 7 Bob Whitinger 2013-12-13 02:55:17 UTC
Created attachment 836096 [details]
File: maps

Comment 8 Bob Whitinger 2013-12-13 02:55:18 UTC
Created attachment 836097 [details]
File: open_fds

Comment 9 Bob Whitinger 2013-12-13 02:55:20 UTC
Created attachment 836098 [details]
File: proc_pid_status

Comment 10 Bob Whitinger 2013-12-13 02:55:21 UTC
Created attachment 836099 [details]
File: var_log_messages

Comment 11 Andre Robatino 2013-12-17 02:49:22 UTC
I hope this gets fixed soon, since it's been my password manager for a couple of years, and it was working in F19. Unfortunately, there seems to have been no updates for it the whole time.

Comment 12 Andre Robatino 2013-12-17 03:12:29 UTC
i tried to duplicate the crash on 32-bit. It came up properly, but it was already configured on that machine using the F19 config settings. On the 64-bit machine where it crashes, I have to configure it from scratch, and due to the crash, the settings don't stick. Where are the config files for MyPasswordSafe located? I could try copying the old F19 config files to see if that works around the crash.

Comment 13 Ralf Ertzinger 2013-12-17 09:22:24 UTC
I'm not on F20 yet, and I cannot reproduce this under F19.

I've had a look at the code, and I'm at a bit of a loss how it manages to trash it's stack there. Will try again after upgrade.

Comment 14 Andre Robatino 2013-12-17 12:31:38 UTC
Both of my F20 machines are clean installs, and contain identical copies of safe.dat. But the one where the bug doesn't happen apparently has a copy of whatever config file(s) suppress the Info/License/Credits screen and remember where my default safe is, since on that machine it immediately asks for the pass-phrase for /home/$USER/safe.dat. The machine where the bug happens doesn't have a copy of those config file(s), since it shows the intro screen, which I dismiss, then asks what I would like to do (Create new safe/Browse/Create new safe),  then I tell it to "Open default safe" and select safe.dat, then I enter my pass-phrase for /home/andre/safe.dat, and at that instant it crashes.

Currently, I'm running strace on MyPasswordSafe to try to figure out what config file(s) tell it to suppress the intro screen, and remember where my default safe is. It's well hidden. My guess is that if I can copy over my copy of my F19 config file, it may suppress the bug. If you want to try to reproduce this in F19, you would have to delete those files (but keep a copy in case the bug exists in F19 as well).

Comment 15 Andre Robatino 2013-12-17 12:45:51 UTC
I found that the config file is /home/$USER/.qt/mypasswordsaferc, and I was able to copy it over, so that MyPasswordSafe starts on both machines without the intro screen. Unfortunately, it still crashes on the 64-bit machine, but not on the 32-bit one, so that wasn't the problem.

Comment 16 Andre Robatino 2013-12-17 13:09:38 UTC
I tested on another 32-bit machine, also with a clean F20 install, and MyPasswordSafe doesn't crash on that, either. It even runs without crashing if I delete /home/$USER/.qt/mypasswordsaferc and allow it to be recreated. So this bug may be limited to 64-bit.

I was able to generate an strace file < 300K by running "strace -f -o MyPasswordSafe.txt MyPasswordSafe" after copying over the config file (to eliminate all the irrelevant activity caused by creating it). I'm not sure if there is any sensitive info in it (the crash only happens after entering my pass-phrase) but I could at least provide selected parts of it if it would help.

Comment 17 Bob Whitinger 2013-12-17 14:11:51 UTC
I have found this additional scenario which might be of help.

I have two identitical 64 bit systems, one running F19 with a working MyPassordSafe and the other running F20 (RC1.1) with a fresh F20 MyPasswordSafe installation using the configuration and data files from the F19 system.

The F20 MPS crashes as described above.

Also regenerating the MPS executable from source on the F20 system with rpmbuild --rebuild continues to result in the crash.

Now the interesting part, if you copy the /usr/bin/MyPasswordSafe executable from the working F19 system to the F20 system then we have normal operation on F20 with no further crash.

Does this suggest that there is an issue or interaction with the F20 build environment?

Comment 18 Ralf Ertzinger 2013-12-17 14:18:00 UTC
I believe this is a compiler issue, although at a quick glance I cannot see any major changes between F19 and F20. There's also a new glibc.

I need to get my hands on an F20 system to reproduce this.

Comment 19 Andre Robatino 2013-12-17 14:56:50 UTC
(In reply to Bob Whitinger from comment #17)

> Now the interesting part, if you copy the /usr/bin/MyPasswordSafe executable
> from the working F19 system to the F20 system then we have normal operation
> on F20 with no further crash.

I confirm that if I extract the files in the F19 x86_64 RPM with the command

rpm2cpio MyPasswordSafe-0.6.7-16.20061216.fc19.x86_64.rpm | cpio -idmv

and use the executable ./usr/bin/MyPasswordSafe , that runs in F20 x86_64 without crashing. Nice workaround.

Comment 20 Andre Robatino 2013-12-18 21:53:48 UTC
Same crash on 64-bit Rawhide. The Versions are essentially the same as F20 except for glibc.

gcc-4.8.2-7.fc21.x86_64
glibc-2.18.90-17.fc21.x86_64
MyPasswordSafe-0.6.7-18.20061216.fc20.x86_64

Comment 21 Andre Robatino 2013-12-20 02:57:39 UTC
Reducing the Severity to "high" since using the F19 x86_64 binary as in comment 19 has been working fine for me.

Comment 22 Ralf Ertzinger 2013-12-20 12:06:56 UTC
I've located the issue (an array overflow on the stack that's found by -fstack-protector-strong introduced by the F20 build system. This is reproducible on F19 if this flag is introduced into the build).

I'll build an updated version this evening.

Comment 23 Ralf Ertzinger 2013-12-21 12:31:43 UTC
*** Bug 1037804 has been marked as a duplicate of this bug. ***

Comment 24 Fedora Update System 2013-12-21 12:32:29 UTC
MyPasswordSafe-0.6.7-19.20061216.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/MyPasswordSafe-0.6.7-19.20061216.fc20

Comment 25 Fedora Update System 2013-12-21 13:46:42 UTC
MyPasswordSafe-0.6.7-19.20061216.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/MyPasswordSafe-0.6.7-19.20061216.fc19

Comment 26 Fedora Update System 2013-12-22 05:43:04 UTC
Package MyPasswordSafe-0.6.7-19.20061216.fc19:
* should fix your issue,
* was pushed to the Fedora 19 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing MyPasswordSafe-0.6.7-19.20061216.fc19'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-23812/MyPasswordSafe-0.6.7-19.20061216.fc19
then log in and leave karma (feedback).

Comment 27 zimon 2013-12-28 22:25:52 UTC
Another user experienced a similar problem:

gave the wrong password, but it crashes just like when the right password is given.

reporter:       libreport-2.1.10
backtrace_rating: 4
cmdline:        MyPasswordSafe
crash_function: GenRandhash
executable:     /usr/bin/MyPasswordSafe
kernel:         3.12.5-302.fc20.x86_64
package:        MyPasswordSafe-0.6.7-18.20061216.fc20
reason:         MyPasswordSafe killed by SIGABRT
runlevel:       N 5
type:           CCpp
uid:            1002

Comment 28 zimon 2013-12-29 10:59:39 UTC
MyPasswordSafe-0.6.7-19.20061216.fc20.x86_64 fixed the problem for me too. Works.

"# rpm -q --changelog MyPasswordSafe | head -3
* Sat Dec 21 2013 Ralf Ertzinger <ralf (atta) skytale.net> - 0.6.7-19.20061216
- Fix stack trashing due to wrong size calculation, closes bz1042667
- Fix compiler warnings about narrowing longs into chars"

Comment 29 Fedora Update System 2013-12-30 04:58:15 UTC
MyPasswordSafe-0.6.7-19.20061216.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 30 Fedora Update System 2013-12-30 05:05:37 UTC
MyPasswordSafe-0.6.7-19.20061216.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.