Description of problem: Created a new encfs folder named 'test' using cryptkeeper in "Documents". I am able to reproduce the problem. Version-Release number of selected component: cryptkeeper-0.9.5-10.fc21 Additional info: reporter: libreport-2.3.0 backtrace_rating: 4 cmdline: cryptkeeper crash_function: __strcmp_sse2_unaligned executable: /usr/bin/cryptkeeper kernel: 3.17.6-300.fc21.x86_64 runlevel: N 3 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (10 frames) #0 __strcmp_sse2_unaligned at ../sysdeps/x86_64/multiarch/strcmp-sse2-unaligned.S:30 #1 is_mounted at encfs_wrapper.cpp:49 #2 encfs_stash_new at encfs_wrapper.cpp:157 #3 CreateStashWizard::GoForward at CreateStashWizard.cpp:211 #4 _g_closure_invoke_va at gclosure.c:831 #7 gtk_real_button_released at gtkbutton.c:1712 #8 _g_closure_invoke_va at gclosure.c:831 #11 gtk_button_button_release at gtkbutton.c:1604 #12 _gtk_marshal_BOOLEAN__BOXED at gtkmarshalers.c:86 #17 gtk_widget_event_internal at gtkwidget.c:5017
Created attachment 993086 [details] File: backtrace
Created attachment 993087 [details] File: cgroup
Created attachment 993088 [details] File: core_backtrace
Created attachment 993089 [details] File: dso_list
Created attachment 993090 [details] File: environ
Created attachment 993091 [details] File: exploitable
Created attachment 993092 [details] File: limits
Created attachment 993093 [details] File: maps
Created attachment 993094 [details] File: open_fds
Created attachment 993095 [details] File: proc_pid_status
The cause of the bug is a missing NULL check: mnt_dir_expanded = realpath(m->mnt_dir, NULL); realpath() may return NULL, as it does on my system when the process has no permission to iterate the mnt_dir path.
I get a segmentation fault with the unpatched code, but adding a NULL check as suggested above seems to fix the problem. I just added the line marked below in file src/encfs_wrapper.cpp from source RPM cryptkeeper-0.9.5-10.fc21.src.rpm for (;;) { char *mnt_dir_expanded; struct mntent *m = getmntent(f); if (!m) break; mnt_dir_expanded = realpath(m->mnt_dir, NULL); + if (mnt_dir_expanded == NULL) continue; // added by mjf if (strcmp(mount_dir_expanded, mnt_dir_expanded)==0) { free(mnt_dir_expanded); return true; } } This just causes that iteration of the loop to be skipped when realpath() returns NULL (which seems to be when m->mnt_dir is also NULL). I don't know if this is always the right thing to do, but it seems to work on my fedora 21 system.
This message is a reminder that Fedora 21 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 21. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '21'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 21 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 21 changed to end-of-life (EOL) status on 2015-12-01. Fedora 21 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.
Reproduced somehow similar behaviour in Fedora 23, 64 bits. Not exact backtrace as showed in "Description of the problem", but stack trace shows some coincidences: * segfault in libc-2.22.so[7f506346f000+1b7000] * Stack trace of thread 10592: #0 0x00007f506350d93e __strcmp_sse2_unaligned (libc.so.6) I would like this problem to be fixed, but I'm not sure if trying to reopen this bug is the correct way to do it. Would you please, tell me if I should give more information here, or rather open a new bug report? Best Regards.
The bug is still present in Fedora 23. I'm still using the patched version that I described in comment #12 above. My only problem with it is that the icon no longer shows in the task bar under KDE. But it still works if I click in the blank space where the icon ought to be.