Bug 145064

Summary: konversation crash, when writing in a channel with blowfish encryption with very long key
Product: [Applications] konversation Reporter: srudloff
Component: encryptionAssignee: Konversation Bugs <konversation-bugs-null>
Status: RESOLVED INTENTIONAL    
Severity: crash CC: hein, konversation-bugs-null
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description srudloff 2007-05-05 09:47:07 UTC 
Version:            (using KDE KDE 3.5.6)
Installed from:    Ubuntu Packages

When I write in a channel with blowfish encryption and a very long key konversation don't encrypt the channel right and when I write something it crashes.
Here are the backtrace and the console output:

liquid@ubuntu:~$ konversation
X Error: BadDevice, invalid or uninitialized input device 169
  Major opcode:  147
  Minor opcode:  3
  Resource id:  0x0
Failed to open device
X Error: BadDevice, invalid or uninitialized input device 169
  Major opcode:  147
  Minor opcode:  3
  Resource id:  0x0
Failed to open device
liquid@ubuntu:~$ ASSERT: "m_frontView && m_frontView->getServer() == m_frontServer" in /build/buildd/konversation-1.0.1/./konversation/src/viewcontainer.cpp (1762)
*** glibc detected *** konversation: free(): invalid next size (fast): 0x091bd1f8 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb67b87cd]
/lib/tls/i686/cmov/libc.so.6(cfree+0x90)[0xb67bbe30]
/usr/lib/libqt-mt.so.3(_ZN7QGArrayD2Ev+0x6f)[0xb729f2e5]
/usr/lib/libqt-mt.so.3(_ZN9QMemArrayIcED2Ev+0x2b)[0xb6ff5815]
/usr/lib/libqt-mt.so.3(_ZN8QCStringD1Ev+0x2b)[0xb7290105]
konversation[0x81d8a2f]
konversation[0x8118c33]
konversation[0x812a32c]
/usr/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEP15QConnectionListP8QUObject+0x12f)[0xb6faa88b]
/usr/lib/libqt-mt.so.3(_ZN7QObject15activate_signalEi+0x162)[0xb6fab330]
/usr/lib/libqt-mt.so.3(_ZN6QTimer7timeoutEv+0x2e)[0xb7338ba6]
/usr/lib/libqt-mt.so.3(_ZN6QTimer5eventEP6QEvent+0x54)[0xb6fd2596]
/usr/lib/libqt-mt.so.3(_ZN12QApplication14internalNotifyEP7QObjectP6QEvent+0x274)[0xb6f41a60]
/usr/lib/libqt-mt.so.3(_ZN12QApplication6notifyEP7QObjectP6QEvent+0x1e9)[0xb6f4388f]
/usr/lib/libkdecore.so.4(_ZN12KApplication6notifyEP7QObjectP6QEvent+0x1f2)[0xb7705ce2]
/usr/lib/libqt-mt.so.3(_ZN12QApplication9sendEventEP7QObjectP6QEvent+0x5b)[0xb6ed41e9]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop14activateTimersEv+0x203)[0xb6f344ab]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop13processEventsEj+0xcad)[0xb6ee8d25]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop9enterLoopEv+0x70)[0xb6f5c136]
/usr/lib/libqt-mt.so.3(_ZN10QEventLoop4execEv+0x32)[0xb6f5bf46]
/usr/lib/libqt-mt.so.3(_ZN12QApplication4execEv+0x25)[0xb6f43609]
konversation[0x812d25e]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc)[0xb6766ebc]
konversation(_ZN7QWidget17setUpdatesEnabledEb+0x49)[0x807c501]
======= Memory map: ========
08048000-08249000 r-xp 00000000 08:01 3329108    /usr/bin/konversation
08249000-0824d000 rw-p 00200000 08:01 3329108    /usr/bin/konversation
0824d000-091f9000 rw-p 0824d000 00:00 0          [heap]
b36d6000-b3712000 r--p 00000000 08:01 1721232    /usr/share/fonts/truetype/ttf-dejavu/DejaVuSansMono-Bold.ttf
b3712000-b3751000 r--p 00000000 08:01 1721235    /usr/share/fonts/truetype/ttf-dejavu/DejaVuSansMono.ttf
b3751000-b3752000 ---p b3751000 00:00 0
b3752000-b3f52000 rw-p b3752000 00:00 0
b3f52000-b3f53000 ---p b3f52000 00:00 0
b3f53000-b4753000 rw-p b3f53000 00:00 0
b4753000-b4755000 r-xp 00000000 08:01 1181150    /lib/libnss_mdns4_minimal.so.2
b4755000-b4756000 rw-p 00001000 08:01 1181150    /lib/libnss_mdns4_minimal.so.2
b476d000-b476e000 ---p b476d000 00:00 0
b476e000-b4f6e000 rw-p b476e000 00:00 0
b4f6e000-b4f6f000 ---p b4f6e000 00:00 0
b4f6f000-b576f000 rw-p b4f6f000 00:00 0
b5e00000-b5e21000 rw-p b5e00000 00:00 0
b5e21000-b5f00000 ---p b5e21000 00:00 0
b5f70000-b5fca000 r--p 00000000 08:03 22169465   /home/liquid/.fonts/arial.ttf
b5fca000-b609e000 r-xp 00000000 08:01 3375786    /usr/lib/libscim-1.0.so.8.1.0
b609e000-b60ac000 rw-p 000d4000 08:01 3375786    /usr/lib/libscim-1.0.so.8.1.0
b60ac000-b60ae000 r-xp 00000000 08:01 3375787    /usr/lib/libscim-x11utils-1.0.so.8.1.0
b60ae000-b60af000 rw-p 00001000 08:01 3375787    /usr/lib/libscim-x11utils-1.0.so.8.1.0
b60c0000-b60c4000 r-xp 00000000 08:01 1179809    /lib/tls/i686/cmov/libnss_dns-2.5.so
b60c4000-b60c6000 rw-p 00003000 08:01 1179809    /lib/tls/i686/cmov/libnss_dns-2.5.so
b60c6000-b60e4000 r-xp 00000000 08:01 1823035    /usr/lib/qt3/plugins/inputmethods/libqscim.so
b60e4000-b60e5000 rw-p 0001e000 08:01 1823035    /usr/lib/qt3/plugins/inputmethods/libqscim.so
b60e5000-b6109000 r-xp 00000000 08:01 1819700    /usr/lib/qt3/plugins/inputmethods/libqsimple.so
b6109000-b610a000 rw-p 00024000 08:01 1819700    /usr/lib/qt3/plugins/inputmethods/libqsimple.so
b610a000-b6115000 r-xp 00000000 08:01 3375167    /usr/lib/libkabc_file.so.1.0.0
b6115000-b6116000 rw-p 0000b000 08:01 3375167    /usr/lib/libkabc_file.so.1.0.0
b6116000-b6118000 r-xp 00000000 08:01 1837161    /usr/lib/kde3/kabc_file.so
b6118000-b6119000 rw-p 00001000 08:01 1837161    /usr/lib/kde3/kabc_file.so
b6119000-b62c7000 r--s 00000000 08:01 3343358    /var/tmp/kdecache-liquid/ksycoca
b62c7000-b633d000 r--p 00000000 08:01 1721223    /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans-Bold.ttf
b633d000-b63ba000 r--p 00000000 08:01 1721227    /usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf
b63ba000-b63e4000 r-xp 00000000 08:01 1676692    /usr/lib/liblcms.so.1.0.15
b63e4000-b63e5000 rw-p 00029000 08:01 1676692    /usr/lib/liblcms.so.1.0.15
b63e5000-b63e8000 rw-p b63e5000 00:00 0
b63e8000-b6453000 r-xp 00000000 08:01 1676694    /usr/lib/libmng.so.1.1.0.9
b6453000-b6456000 rw-p 0006a000 08:01 1676694    /usr/lib/libmng.so.1.1.0.9
b6457000-b6462000 r-xp 00000000 08:01 1819701    /usr/lib/qt3/plugins/inputmethods/libqxim.so
b6462000-b6463000 rw-p 0000a000 08:01 1819701    /usr/lib/qt3/plugins/inputmethods/libqxim.so
b6463000-b646c000 r-xp 00000000 08:01 1819698    /usr/lib/qt3/plugins/inputmethods/libqimsw-multi.so
b646c000-b646d000 rw-p 00009000 08:01 1819698    /usr/lib/qt3/plugins/inputmethods/libqimsw-multi.so
b646d000-b6472000 r-xp 00000000 08:01 1819696    /usr/lib/qt3/plugins/imageformats/libqmng.so
b6472000-b6473000 rw-p 00004000 08:01 1819696    /usr/lib/qt3/plugins/imageformats/libqmng.so
b6473000-b6498000 r--p 00000000 08:01 1706785    /usr/share/locale-langpack/de/LC_MESSAGES/kio.mo
b6498000-b6KCrash: Application 'konversation' crashing...

(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1234041136 (LWP 14616)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[KCrash handler]
#6  0xffffe410 in __kernel_vsyscall ()
#7  0xb677adf0 in raise () from /lib/tls/i686/cmov/libc.so.6
#8  0xb677c641 in abort () from /lib/tls/i686/cmov/libc.so.6
#9  0xb67b09bb in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0x00000013 in ?? ()
#11 0xbfe09540 in ?? ()
#12 0x00000400 in ?? ()
#13 0xb6f006b4 in ?? () from /usr/lib/libqt-mt.so.3
#14 0xb68777a8 in ?? () from /lib/tls/i686/cmov/libc.so.6
#15 0x00000017 in ?? ()
#16 0xbfe0a968 in ?? ()
#17 0x0000000c in ?? ()
#18 0xb68777c1 in ?? () from /lib/tls/i686/cmov/libc.so.6
#19 0x00000002 in ?? ()
#20 0xb68777d4 in ?? () from /lib/tls/i686/cmov/libc.so.6
#21 0x00000020 in ?? ()
#22 0xb68777c5 in ?? () from /lib/tls/i686/cmov/libc.so.6
#23 0x00000004 in ?? ()
#24 0xbfe09abb in ?? ()
#25 0x00000008 in ?? ()
#26 0xb68777cb in ?? () from /lib/tls/i686/cmov/libc.so.6
#27 0x00000005 in ?? ()
#28 0xb688f120 in ?? () from /lib/tls/i686/cmov/libc.so.6
#29 0xb6bc9c39 in ?? () from /usr/lib/libXft.so.2
#30 0xb688dff4 in ?? () from /lib/tls/i686/cmov/libc.so.6
#31 0xb687781c in ?? () from /lib/tls/i686/cmov/libc.so.6
#32 0xb67b7fd1 in ?? () from /lib/tls/i686/cmov/libc.so.6
#33 0x00000020 in ?? ()
#34 0xb68777cb in ?? () from /lib/tls/i686/cmov/libc.so.6
#35 0x00000005 in ?? ()
#36 0xbfe09480 in ?? ()
#37 0xb6bc9c39 in ?? () from /usr/lib/libXft.so.2
#38 0xbfe09abb in ?? ()
#39 0x00000008 in ?? ()
#40 0xbfe094a0 in ?? ()
#41 0xb67b0990 in ?? () from /lib/tls/i686/cmov/libc.so.6
#42 0xbfe09abb in ?? ()
#43 0xb687781c in ?? () from /lib/tls/i686/cmov/libc.so.6
#44 0xb688f120 in ?? () from /lib/tls/i686/cmov/libc.so.6
#45 0x091e0758 in ?? ()
#46 0xb68777c5 in ?? () from /lib/tls/i686/cmov/libc.so.6
#47 0x00000004 in ?? ()
#48 0xbfe094c0 in ?? ()
#49 0xb68777c6 in ?? () from /lib/tls/i686/cmov/libc.so.6
#50 0x00000025 in ?? ()
#51 0xb687781c in ?? () from /lib/tls/i686/cmov/libc.so.6
#52 0xbfe094c8 in ?? ()
#53 0xb69a8ff4 in ?? () from /usr/lib/libstdc++.so.6
#54 0xb68777d4 in ?? () from /lib/tls/i686/cmov/libc.so.6
#55 0x00000020 in ?? ()
#56 0xbfe094e0 in ?? ()
#57 0xb6adeb2c in ?? () from /usr/lib/libX11.so.6
#58 0x08268b40 in ?? ()
#59 0x08268b40 in ?? ()
#60 0xbfe094f8 in ?? ()
#61 0x0000003a in ?? ()
#62 0xb68777c1 in ?? () from /lib/tls/i686/cmov/libc.so.6
#63 0x00000002 in ?? ()
#64 0xbfe094f0 in ?? ()
#65 0x494ceb2c in ?? ()
#66 0xbfe0a968 in ?? ()
#67 0x0000000c in ?? ()
#68 0xbfe09510 in ?? ()
#69 0xb67b0990 in ?? () from /lib/tls/i686/cmov/libc.so.6
#70 0xbfe0a968 in ?? ()
#71 0xbfe09a54 in ?? ()
#72 0x00e029f8 in ?? ()
#73 0x00000902 in ?? ()
#74 0xb68777a8 in ?? () from /lib/tls/i686/cmov/libc.so.6
#75 0x00000017 in ?? ()
#76 0x00000000 in ?? ()
Comment 1 Eike Hein 2008-05-01 13:06:48 UTC 
The blowfish code in Konversation has just seen revision and a number of bugfixes, related to key management and encoding, in the SVN version. If possible, please re-test with the SVN version. Instructions for how to retrieve the SVN version can be found here: http://konversation.kde.org/wiki/SVN

Note: In order for backtraces to be useful, debug symbols need to be installed. Many distributions provide these in separate packages, e.g. a 'konversation-dbg' package. For self-compiled versions or source-based distributions, the advice given in http://www.gentoo.org/proj/en/qa/backtraces.xml broadly applies.
Comment 2 Eike Hein 2009-05-13 01:16:31 UTC 
Does this still happen for you with Konversation 1.1 or the pre-release KDE 4 port?
Comment 3 Eike Hein 2009-10-11 20:39:40 UTC 
The Blowfish code has been nearly entirely rewritten for the KDE 4 version and development of the KDE 3 codebase has ceased.