| Summary: | kasts: Crashes with segmentation fault after a wrong/ invalid podcast URL was added. | ||
|---|---|---|---|
| Product: | [Applications] kasts | Reporter: | dreieck <felics-kde> |
| Component: | general | Assignee: | bart |
| Status: | RESOLVED FIXED | ||
| Severity: | crash | CC: | felics-kde |
| Priority: | NOR | ||
| Version First Reported In: | 23.01.0 | ||
| Target Milestone: | --- | ||
| Platform: | Other | ||
| OS: | Linux | ||
| Latest Commit: | https://invent.kde.org/multimedia/kasts/commit/aae4d7f3c848d1b3e9601c8bd61c65d7963795d5 | Version Fixed/Implemented In: | 23.04.0 |
| Sentry Crash Report: | |||
| Attachments: |
Terminal output of just running `kasts`.
Output of `strace kasts`. Output of `ltrace kasts`. Output of `gdb kasts` session. Output of the `gdb kasts` session with debug information retrieved via debuginfod. kasts database. |
||
Created attachment 157298 [details]
Output of `strace kasts`.
Created attachment 157299 [details]
Output of `ltrace kasts`.
Created attachment 157300 [details]
Output of `gdb kasts` session.
> *I have installed `kasts` as a distribution package from Arch Linux, so no local compilation, no debug information compiled in.*
I see that GDB can download debug information via debuginfod.
So I have done another run of `gdb kasts`, with enabled debuginfod.
I attach the output of the `gdb` session.
Created attachment 157302 [details]
Output of the `gdb kasts` session with debug information retrieved via debuginfod.
Thanks for reporting and thanks for the extensive debug info. I think I know what's happening. In principle Kasts will indicate that you've input an invalid url that doesn't point to an RSS feed without crashing. However, I see that you've run into a corner case. I think you must've accidentally input an empty string (or at least containing only spaces). In the code Kasts will proceed to make a temporary entry in the database for the URL you have input. However, what seems to happen in this special case is that sqlite will interpret that empty string (or only spaces) as NULL. Then in a next step Kasts will try to do create a 'feed' object based on the entry in the DB, but it's not able to retrieve the entry since NULL is not equal to the empty string "" that Kasts is looking for. Therefore no object is created and Kasts will run into a nullptr dereference because it is assuming that the object exists. I think I have enough information to implement proper safeguards in the next version. Unfortunately, this also means that your DB has this NULL entry which is causing it to hang on startup. If you don't mind losing current data (or if you have the data backed up through gpodder sync), then you can remove the database file located at "~/.local/share/KDE/kasts/database.db3". If you still want to keep your data, you can use a tool like "sqlitebrowser" to open that database file and then go to the "browse data" tab, select the "Feeds" table and then remove the NULL entry, which should probably be the last entry (right click -> remove record). Don't forget to save the database before closing. I hope this helps. Created attachment 157304 [details] kasts database. > Unfortunately, this also means that your DB has this NULL entry which is causing it to hang on startup. [...] > If you still want to keep your data, you can use a tool like "sqlitebrowser" to open that database file and then go to the "browse data" tab, select the "Feeds" table and then remove the NULL entry, Using `sqlitebrowser`, I don't find an entry with `NULL` in the `feed` table. And yes, I don't have an (up to date) backup of it, would be nice to recover it, but not a big deal if I loose it. I attach my `~/.local/share/KDE/kasts/database.db3` (zstd-compressed due to size reasons) so that you can also confirm or revoke your theory about the empty entry. > Using `sqlitebrowser`, I don't find an entry with `NULL` in the `feed` table.
OK, that was my confusion.
I was just reading the headers in the table, and I read "feed", and thought that was what your ment. But I overlooked the drop-down-selector called "Table" above.
Yes, when I select "Feeds" there, there is a `NULL` entry, and after I deleted it, `kasts` comes up again.
Thanks for this tip!
(In reply to felics-kde from comment #8) > Yes, when I select "Feeds" there, there is a `NULL` entry, and after I > deleted it, `kasts` comes up again. I had just opened the file and noticed the NULL entry. I was just going to send you the fixed database, but that's no longer needed then. :) > Thanks for this tip! You're welcome! NB: From the debug data it looks like Artix is actually shipping a version straight from the git master branch, not the official 23.01 release itself, since it's showing stuff that hasn't been released yet. Git commit 45e50e40fbac833f787c24e2b609ccc8626e126d by Bart De Vries. Committed on 15/03/2023 at 14:10. Pushed by bdevries into branch 'master'. Fix bug with empty feed causing nullptr dereference If an empty URL was entered (i.e. only whitespace) then that would be accepted and added to the database as temporary entry to be loaded and checked later. However, sqlite will convert this to a NULL entry. This would lead to Kasts not being able to retrieve that feed from the DB, and hence not being able to create a proper object. This would then lead to a nullptr dereference down the line. Note that this is a corner case: other invalid URLs are spotted correctly and do not cause the application to crash. M +11 -2 src/datamanager.cpp https://invent.kde.org/multimedia/kasts/commit/45e50e40fbac833f787c24e2b609ccc8626e126d Git commit aae4d7f3c848d1b3e9601c8bd61c65d7963795d5 by Bart De Vries. Committed on 15/03/2023 at 14:11. Pushed by bdevries into branch 'release/23.04'. Fix bug with empty feed causing nullptr dereference If an empty URL was entered (i.e. only whitespace) then that would be accepted and added to the database as temporary entry to be loaded and checked later. However, sqlite will convert this to a NULL entry. This would lead to Kasts not being able to retrieve that feed from the DB, and hence not being able to create a proper object. This would then lead to a nullptr dereference down the line. Note that this is a corner case: other invalid URLs are spotted correctly and do not cause the application to crash. M +11 -2 src/datamanager.cpp https://invent.kde.org/multimedia/kasts/commit/aae4d7f3c848d1b3e9601c8bd61c65d7963795d5 |
Created attachment 157297 [details] Terminal output of just running `kasts`. ## SUMMARY I tried to add a new podcast (probably using a wrong URL), and kasts crashed. Now kasts will not come up at allm but crashes with a segmentation fault. Even if an invalid podcast URL is entered via the GUI or present in the database, this error should be handled gracefully and in no circumstance lead to a segmentation fault. Segmentation faults are a sign that there might be even a security hole. ## STEPS TO REPRODUCE 1. I opened `kasts` and tried to add a podcast URL. I don't remember the URL and do not know where I can recover it from the `kasts` database. 2. `kasts` crashed. 3. Try to start `kasts`, it crashes with a segmentation fault. ## OBSERVED RESULT When I start `kasts`, it prints to the terminal ``` Database version 6 qrc:/main.qml:419:5: QML ErrorListOverlay: Binding loop detected for property "implicitHeight" qrc:/main.qml:419:5: QML ErrorListOverlay: Binding loop detected for property "implicitHeight" qrc:/main.qml:128:26: QML OverlayDrawer: Binding loop detected for property "implicitWidth" qrc:/DesktopPlayerControls.qml:398:5: QML Dialog: Binding loop detected for property "implicitHeight" qrc:/DesktopPlayerControls.qml:398:5: QML Dialog: Binding loop detected for property "implicitHeight" Failed to load feed "" Segmentation fault ``` and then crashes. * `kasts --version` and `kasts --help` do run. For step 3 above, I attach the following reports: * Terminal output of just running `kasts`, * terminal output of running `strace kasts`, * terminal output of running `ltrace kasts`, * terminal output of `gdb casts` with backtrace (gdb with pwndbg). (My username I have censored and replaced with `[...]` from each attachment.) I have installed `kasts` as a distribution package from Arch Linux, so no local compilation, no debug information compiled in. ## EXPECTED RESULT * Run without a crash, and report wrong podcast URLs. ## SOFTWARE/OS VERSIONS * Linux/KDE Plasma: No KDE desktop, just standalone KDE application. `kasts` version: 23.01.0. * Distribution: Artix GNU/Linux, rolling release.