Bug 462877

Summary: KMail crashes when clicking away from a PGP signed email to another email before the signature is verified
Product: [Applications] kmail2 Reporter: Marc Joliet <marcec>
Component: generalAssignee: kdepim bugs <kdepim-bugs>
Status: REPORTED ---    
Severity: crash CC: marcec
Priority: NOR Keywords: drkonqi
Version: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information added by DrKonqi
New crash information
New crash information added by DrKonqi

Description Marc Joliet 2022-12-11 02:32:28 UTC 
Application: kmail (5.22.0 (22.12.0))

Qt Version: 5.15.7
Frameworks Version: 5.100.0
Operating System: Linux 6.0.10-1-default x86_64
Windowing System: X11
Distribution: openSUSE Tumbleweed
DrKonqi: 5.26.4 [KCrashBackend]

-- Information about the crash:
KMail crashed with a SEGFAULT when I selected its window and clicked on an Email to read.

The reporter is unsure if this crash is reproducible.

-- Backtrace:
Application: KMail (kmail), signal: Segmentation fault

[KCrash Handler]
#4  0x00007faa979b4802 in KMime::Content::headerByType(char const*) const () from /lib64/libKF5Mime.so.5
#5  0x00007faa979b565a in KMime::Content::contentTransferEncoding(bool) () from /lib64/libKF5Mime.so.5
#6  0x00007faa979b663f in ?? () from /lib64/libKF5Mime.so.5
#7  0x00007faa979b6777 in KMime::Content::decodedText(bool, bool) () from /lib64/libKF5Mime.so.5
#8  0x00007faa98026d3d in MimeTreeParser::ObjectTreeParser::extractNodeInfos (isFirstTextPart=<optimized out>, curNode=0x55acfe5a9aa0, this=0x7ffe3c030ab0) at /usr/src/debug/messagelib-22.12.0/mimetreeparser/src/objecttreeparser.cpp:270
#9  MimeTreeParser::ObjectTreeParser::extractNodeInfos (this=this@entry=0x7ffe3c030ab0, curNode=0x55acfe5a9aa0, isFirstTextPart=isFirstTextPart@entry=true) at /usr/src/debug/messagelib-22.12.0/mimetreeparser/src/objecttreeparser.cpp:267
#10 0x00007faa980289e8 in MimeTreeParser::ObjectTreeParser::parseObjectTree (this=0x7ffe3c030ab0, node=<optimized out>, parseOnlySingleNode=<optimized out>) at /usr/src/debug/messagelib-22.12.0/mimetreeparser/src/objecttreeparser.cpp:122
#11 0x00007faa98357158 in MessageViewer::ViewerPrivate::parseContent (this=0x55acfcd6ce20, content=0x55acfe5a8cd0) at /usr/src/debug/messagelib-22.12.0/messageviewer/src/viewer/viewer_p.cpp:863
#12 0x00007faa98363389 in MessageViewer::ViewerPrivate::displayMessage (this=0x55acfcd6ce20) at /usr/include/qt5/QtCore/qsharedpointer_impl.h:301
#13 MessageViewer::ViewerPrivate::updateReaderWin (this=0x55acfcd6ce20) at /usr/src/debug/messagelib-22.12.0/messageviewer/src/viewer/viewer_p.cpp:2153
#14 0x00007faa991132cd in QtPrivate::QSlotObjectBase::call (a=0x7ffe3c030cf0, r=0x55acfcd6ce20, this=0x55acfce2ac60) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#15 doActivate<false> (sender=0x55acfcba8fc0, signal_index=3, argv=0x7ffe3c030cf0) at kernel/qobject.cpp:3919
#16 0x00007faa9910c74f in QMetaObject::activate (sender=<optimized out>, m=m@entry=0x7faa98040920 <MimeTreeParser::NodeHelper::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffe3c030cf0) at kernel/qobject.cpp:3979
#17 0x00007faa9800ca1e in MimeTreeParser::NodeHelper::update (this=<optimized out>, _t1=<optimized out>) at /usr/src/debug/messagelib-22.12.0/build/mimetreeparser/src/KF5MimeTreeParser_autogen/EWIEGA46WW/moc_nodehelper.cpp:133
#18 0x00007faa991132cd in QtPrivate::QSlotObjectBase::call (a=0x7ffe3c030df0, r=0x55acfcba8fc0, this=0x55acfe5b8810) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#19 doActivate<false> (sender=0x55acfe500930, signal_index=3, argv=0x7ffe3c030df0) at kernel/qobject.cpp:3919
#20 0x00007faa9910c74f in QMetaObject::activate (sender=sender@entry=0x55acfe500930, m=<optimized out>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffe3c030df0) at kernel/qobject.cpp:3979
#21 0x00007faa9802d5f4 in MimeTreeParser::CryptoBodyPartMemento::update (_t1=<optimized out>, this=0x55acfe500930) at /usr/src/debug/messagelib-22.12.0/build/mimetreeparser/src/KF5MimeTreeParser_autogen/YHS7SJUNTZ/moc_cryptobodypartmemento.cpp:144
#22 MimeTreeParser::CryptoBodyPartMemento::notify (this=0x55acfe500930) at /usr/src/debug/messagelib-22.12.0/mimetreeparser/src/memento/cryptobodypartmemento.h:48
#23 MimeTreeParser::VerifyDetachedBodyPartMemento::slotKeyListJobDone (this=0x55acfe500930) at /usr/src/debug/messagelib-22.12.0/mimetreeparser/src/memento/verifydetachedbodypartmemento.cpp:157
#24 0x00007faa991132cd in QtPrivate::QSlotObjectBase::call (a=0x7ffe3c030e90, r=0x55acfe500930, this=0x55acfe5c5c80) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#25 doActivate<false> (sender=0x7faa600537f0, signal_index=4, argv=0x7ffe3c030e90) at kernel/qobject.cpp:3919
#26 0x00007faa97b776c7 in QGpgME::_detail::ThreadedJobMixin<QGpgME::KeyListJob, std::tuple<GpgME::KeyListResult, std::vector<GpgME::Key, std::allocator<GpgME::Key> >, QString, GpgME::Error> >::slotFinished (this=0x7faa600537f0) at /usr/src/debug/gpgme-1.18.0/lang/qt/src/threadedjobmixin.h:217
#27 0x00007faa99107c40 in QObject::event (this=0x7faa600537f0, e=0x7faa0800a700) at kernel/qobject.cpp:1347
#28 0x00007faa99da53fe in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x7faa600537f0, e=0x7faa0800a700) at kernel/qapplication.cpp:3637
#29 0x00007faa990dc128 in QCoreApplication::notifyInternal2 (receiver=0x7faa600537f0, event=0x7faa0800a700) at kernel/qcoreapplication.cpp:1064
#30 0x00007faa990df0c1 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x55acfc6d4990) at kernel/qcoreapplication.cpp:1821
#31 0x00007faa99134353 in postEventSourceDispatch (s=0x55acfc84e130) at kernel/qeventdispatcher_glib.cpp:277
#32 0x00007faa956bba90 in g_main_context_dispatch () from /lib64/libglib-2.0.so.0
#33 0x00007faa956bbe48 in ?? () from /lib64/libglib-2.0.so.0
#34 0x00007faa956bbedc in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#35 0x00007faa99133b56 in QEventDispatcherGlib::processEvents (this=0x55acfc84eca0, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#36 0x00007faa990dab9b in QEventLoop::exec (this=this@entry=0x7ffe3c031370, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#37 0x00007faa990e2d06 in QCoreApplication::exec () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#38 0x000055acfbc76701 in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kmail-22.12.0/src/main.cpp:184
[Inferior 1 (process 25150) detached]

The reporter indicates this bug may be a duplicate of or related to bug 263922.

Reported using DrKonqi
Comment 1 Marc Joliet 2022-12-12 10:56:49 UTC 
Created attachment 154529 [details]
New crash information added by DrKonqi

kmail (5.22.0 (22.12.0)) using Qt 5.15.7

This was one of many crashes I got today trying to read the same email several times in a row.  So I suppose the bug is now at least partially reproducible.

-- Backtrace (Reduced):
#4  0x00007f29caeff7fe in KMime::Content::headerByType(char const*) const () from /lib64/libKF5Mime.so.5
#5  0x00007f29caf0065a in KMime::Content::contentTransferEncoding(bool) () from /lib64/libKF5Mime.so.5
[...]
#7  0x00007f29caf01777 in KMime::Content::decodedText(bool, bool) () from /lib64/libKF5Mime.so.5
#8  0x00007f29cb571d3d in MimeTreeParser::ObjectTreeParser::extractNodeInfos (isFirstTextPart=<optimized out>, curNode=0x55ba8ec971a0, this=0x7ffccd3ab7d0) at /usr/src/debug/messagelib-22.12.0/mimetreeparser/src/objecttreeparser.cpp:270
#9  MimeTreeParser::ObjectTreeParser::extractNodeInfos (this=this@entry=0x7ffccd3ab7d0, curNode=0x55ba8ec971a0, isFirstTextPart=isFirstTextPart@entry=true) at /usr/src/debug/messagelib-22.12.0/mimetreeparser/src/objecttreeparser.cpp:267
Comment 2 Marc Joliet 2022-12-12 15:23:13 UTC 
Created attachment 154539 [details]
New crash information added by DrKonqi

kmail (5.22.0 (22.12.0)) using Qt 5.15.7

This is one of the latest crashes.  However, I then ran "akonadictl fsck" and "akonadictl vacuum", and immediately afterwards I was finally able to read the emails that were triggering the crash without any visible issue.

-- Backtrace (Reduced):
#4  0x00007f96609fc7fe in KMime::Content::headerByType(char const*) const () from /lib64/libKF5Mime.so.5
#5  0x00007f96609fd65a in KMime::Content::contentTransferEncoding(bool) () from /lib64/libKF5Mime.so.5
[...]
#7  0x00007f96609fe777 in KMime::Content::decodedText(bool, bool) () from /lib64/libKF5Mime.so.5
#8  0x00007f966106ed3d in MimeTreeParser::ObjectTreeParser::extractNodeInfos (isFirstTextPart=<optimized out>, curNode=0x5562b987b240, this=0x7fff079626c0) at /usr/src/debug/messagelib-22.12.0/mimetreeparser/src/objecttreeparser.cpp:270
#9  MimeTreeParser::ObjectTreeParser::extractNodeInfos (this=this@entry=0x7fff079626c0, curNode=0x5562b987b240, isFirstTextPart=isFirstTextPart@entry=true) at /usr/src/debug/messagelib-22.12.0/mimetreeparser/src/objecttreeparser.cpp:267
Comment 3 Marc Joliet 2022-12-14 13:24:57 UTC 
Created attachment 154581 [details]
New crash information added by DrKonqi

kmail (5.22.0 (22.12.0)) using Qt 5.15.7

So the crashes still happen, and it's really annoying.  The backtrace is a little different, but the behaviour I encounter is the same, so I'm assuming this is still the same bug.  This is after a recent KDE frameworks update in OpenSuse Tumbleweed.

-- Backtrace (Reduced):
#4  0x00007f076d33d7fe in QVector<KMime::Headers::Base*>::begin (this=<optimized out>) at /usr/include/qt5/QtCore/qvector.h:220
#5  KMime::Content::headerByType (this=this@entry=0x564c37c96040, type=0x7f076d356046 "Content-Transfer-Encoding") at /usr/src/debug/kmime-22.12.0/src/kmime_content.cpp:617
#6  0x00007f076d33e65a in KMime::Content::header<KMime::Headers::ContentTransferEncoding> (create=true, this=0x564c37c96040) at /usr/src/debug/kmime-22.12.0/src/kmime_content.h:681
#7  KMime::Content::contentTransferEncoding (this=0x564c37c96040, create=<optimized out>) at /usr/src/debug/kmime-22.12.0/src/kmime_content.cpp:874
#8  0x00007f076d33f63f in KMime::ContentPrivate::decodeText (this=0x30, q=q@entry=0x564c37c96040) at /usr/src/debug/kmime-22.12.0/src/kmime_content.cpp:729
Comment 4 Marc Joliet 2022-12-26 21:26:46 UTC 
OK, I think I've determined the precise cause of the crashes.  They consistently happen when:
- clicking away from an Email,
- that is signed with a PGP key,
- *before* KMail has finished verifying the signature.
If I wait for signature verification to finish, KMail does not crash.
Comment 5 Marc Joliet 2023-01-27 19:59:32 UTC 
Created attachment 155711 [details]
New crash information added by DrKonqi

kmail (5.22.1 (22.12.1)) using Qt 5.15.8

Just adding a new backtrace to show that the bug still occurs, and it still happens consistently when opening an email before PGP signature verification has finished.

-- Backtrace (Reduced):
#4  0x00007ffbec33d7fe in QVector<KMime::Headers::Base*>::begin (this=<optimized out>) at /usr/include/qt5/QtCore/qvector.h:220
#5  KMime::Content::headerByType (this=this@entry=0x56336fe6cd40, type=0x7ffbec356046 "Content-Transfer-Encoding") at /usr/src/debug/kmime-22.12.1/src/kmime_content.cpp:617
#6  0x00007ffbec33e65a in KMime::Content::header<KMime::Headers::ContentTransferEncoding> (create=true, this=0x56336fe6cd40) at /usr/src/debug/kmime-22.12.1/src/kmime_content.h:681
#7  KMime::Content::contentTransferEncoding (this=0x56336fe6cd40, create=<optimized out>) at /usr/src/debug/kmime-22.12.1/src/kmime_content.cpp:874
#8  0x00007ffbec33f63f in KMime::ContentPrivate::decodeText (this=0x21, q=q@entry=0x56336fe6cd40) at /usr/src/debug/kmime-22.12.1/src/kmime_content.cpp:729
Comment 6 Marc Joliet 2023-07-12 15:20:06 UTC 
Created attachment 160257 [details]
New crash information

I hadn't been able to reproduce the bug recently (maybe for a few weeks, but I'm not exactly sure), so I got adventurous and stopped waiting for the first PGP signature to be verified before looking at other emails.  But then it happened again this week, see attached crash report.  The reproducer remains the same: launch KMail, select a PGP signed email to read, then select a different email to read before the first one's PGP signature has finished verifying, and KMail should crash.
Comment 7 Marc Joliet 2023-09-05 22:34:57 UTC 
Created attachment 161434 [details]
New crash information added by DrKonqi

kmail (5.24.0 (23.08.0)) using Qt 5.15.10

Same reproducer as usual: click away from GPG signed email before the signature was verified (this time coincidentally to an email that was *also* GPG signed, in case that might make a difference).

(I guess I'm just going to keep adding these until somebody says otherwise.)

-- Backtrace (Reduced):
#4  0x00007fdc99c54a3e in QVector<KMime::Headers::Base*>::begin (this=<optimized out>) at /usr/include/qt5/QtCore/qvector.h:220
#5  KMime::Content::headerByType (this=this@entry=0x55fe0cffe0c0, type=0x7fdc99c6d040 "Content-Transfer-Encoding") at /usr/src/debug/kmime-23.08.0/src/kmime_content.cpp:626
#6  0x00007fdc99c558aa in KMime::Content::header<KMime::Headers::ContentTransferEncoding> (create=true, this=0x55fe0cffe0c0) at /usr/src/debug/kmime-23.08.0/src/kmime_content.h:681
#7  KMime::Content::contentTransferEncoding (this=this@entry=0x55fe0cffe0c0, create=create@entry=true) at /usr/src/debug/kmime-23.08.0/src/kmime_content.cpp:883
#8  0x00007fdc99c5687f in KMime::ContentPrivate::decodeText (this=0x0, q=q@entry=0x55fe0cffe0c0) at /usr/src/debug/kmime-23.08.0/src/kmime_content.cpp:738