210792 – Blowfish crash [QByteArray::at, Konversation::Cipher::b64ToByte, Konversation::Cipher::blowfishECB]

Bug 210792 - Blowfish crash [QByteArray::at, Konversation::Cipher::b64ToByte, Konversation::Cipher::blowfishECB]

Summary: Blowfish crash [QByteArray::at, Konversation::Cipher::b64ToByte, Konversation...

Status:	RESOLVED FIXED

Alias:	None

Product:	konversation
Classification:	Applications
Component:	encryption (show other bugs)
Version:	1.5-rc1
Platform:	Ubuntu Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Travis McHenry

URL:
Keywords:

Duplicates (1):	311730 (view as bug list)
Depends on:
Blocks:

Reported:	2009-10-16 16:11 UTC by Cédric Descamps
Modified:	2014-10-28 20:47 UTC (History)
CC List:	4 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Cédric Descamps 2009-10-16 16:11:48 UTC

Application: konversation (1.2+ #4001)
KDE Version: 4.3.71 (KDE 4.3.71 (KDE 4.4 >= 20091007))
Qt Version: 4.5.2
Operating System: Linux 2.6.28-15-generic x86_64
Distribution: Ubuntu 9.04

What I was doing when the application crashed:
I do nothing when it crashed

 -- Backtrace:
Application: Konversation (konversation), signal: Aborted
[Current thread is 0 (LWP 13678)]

Thread 2 (Thread 0x7f2d6974c950 (LWP 13684)):
#0  0x00007f2d77e6f2e9 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#1  0x00007f2d780f8d89 in QWaitConditionPrivate::wait (this=0x1b438e0, time=18446744073709551615) at thread/qwaitcondition_unix.cpp:87
#2  0x00007f2d780f88e6 in QWaitCondition::wait (this=0x1b3e7e0, mutex=0x1b3e7d8, time=18446744073709551615) at thread/qwaitcondition_unix.cpp:159
#3  0x00007f2d798cbcca in QHostInfoAgent::run (this=0x1b3e7c0) at kernel/qhostinfo.cpp:260
#4  0x00007f2d780f83d6 in QThreadPrivate::start (arg=0x1b3e7c0) at thread/qthread_unix.cpp:188
#5  0x00007f2d77e6b3ba in start_thread () from /lib/libpthread.so.0
#6  0x00007f2d765c9fcd in clone () from /lib/libc.so.6
#7  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f2d7c20b750 (LWP 13678)):
[KCrash Handler]
#4  0x00007f2d76516fb5 in raise () from /lib/libc.so.6
#5  0x00007f2d76518bc3 in abort () from /lib/libc.so.6
#6  0x00007f2d780ebea4 in qt_message_output (msgType=QtFatalMsg, buf=0x1e6d528 "ASSERT: \"i >= 0 && i < size()\" in file /d/qt/inst/kde-qt/include/QtCore/qbytearray.h, line 388")
    at global/qglobal.cpp:2042
#7  0x00007f2d780ebfd1 in qFatal (msg=0x7f2d7827b3b8 "ASSERT: \"%s\" in file %s, line %d") at global/qglobal.cpp:2241
#8  0x00007f2d780ec4b5 in qt_assert (assertion=0x631c4e "i >= 0 && i < size()", file=0x631c20 "/d/qt/inst/kde-qt/include/QtCore/qbytearray.h", line=388) at global/qglobal.cpp:1811
#9  0x00000000005a5a7b in QByteArray::at (this=0x7fff84246620, i=428) at /d/qt/inst/kde-qt/include/QtCore/qbytearray.h:388
#10 0x00000000005a342d in Konversation::Cipher::b64ToByte (this=0x1d65590, text=
      {static shared_null = {ref = {_q_value = 1841}, alloc = 0, size = 0, data = 0x879638 "", array = ""}, static shared_empty = {ref = {_q_value = 33}, alloc = 0, size = 0, data = 0x7f2d785506f8 "", array = ""}, d = 0x7fff84246620}) at /d/kde/src/trunk/konversation/src/cipher.cpp:438
#11 0x00000000005a384c in Konversation::Cipher::blowfishECB (this=0x1d65590, cipherText=
      {static shared_null = {ref = {_q_value = 1841}, alloc = 0, size = 0, data = 0x879638 "", array = ""}, static shared_empty = {ref = {_q_value = 33}, alloc = 0, size = 0, data = 0x7f2d785506f8 "", array = ""}, d = 0x7fff84246720}, direction=false) at /d/kde/src/trunk/konversation/src/cipher.cpp:350
#12 0x00000000005a4bf4 in Konversation::Cipher::decrypt (this=0x1d65590, cipherText=
      {static shared_null = {ref = {_q_value = 1841}, alloc = 0, size = 0, data = 0x879638 "", array = ""}, static shared_empty = {ref = {_q_value = 33}, alloc = 0, size = 0, data = 0x7f2d785506f8 "", array = ""}, d = 0x7fff84246a00}) at /d/kde/src/trunk/konversation/src/cipher.cpp:132
#13 0x000000000049c567 in Server::incoming (this=0x1a26630) at /d/kde/src/trunk/konversation/src/irc/server.cpp:1017
#14 0x000000000049fcc4 in Server::qt_metacall (this=0x1a26630, _c=QMetaObject::InvokeMetaMethod, _id=79, _a=0x7fff84246db0) at /d/kde/build/trunk/src/server.moc:382
#15 0x00007f2d7822ea44 in QMetaObject::activate (sender=0x1a22d20, from_signal_index=4, to_signal_index=4, argv=0x0) at kernel/qobject.cpp:3112
#16 0x00007f2d78230119 in QMetaObject::activate (sender=0x1a22d20, m=0x7f2d7854b140, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3186
#17 0x00007f2d78278658 in QIODevice::readyRead (this=0x1a22d20) at .moc/debug-shared/moc_qiodevice.cpp:85
#18 0x00007f2d7991168f in QSslSocketBackendPrivate::transmit (this=0x16f91a0) at ssl/qsslsocket_openssl.cpp:668
#19 0x00007f2d79907e78 in QSslSocketPrivate::_q_readyReadSlot (this=0x16f91a0) at ssl/qsslsocket.cpp:2010
#20 0x00007f2d7990a8eb in QSslSocket::qt_metacall (this=0x1a22d20, _c=QMetaObject::InvokeMetaMethod, _id=15, _a=0x7fff842480b0) at .moc/debug-shared/moc_qsslsocket.cpp:114
#21 0x00007f2d7822ea44 in QMetaObject::activate (sender=0x1ad8da0, from_signal_index=4, to_signal_index=4, argv=0x0) at kernel/qobject.cpp:3112
#22 0x00007f2d78230119 in QMetaObject::activate (sender=0x1ad8da0, m=0x7f2d7854b140, local_signal_index=0, argv=0x0) at kernel/qobject.cpp:3186
#23 0x00007f2d78278658 in QIODevice::readyRead (this=0x1ad8da0) at .moc/debug-shared/moc_qiodevice.cpp:85
#24 0x00007f2d798ee64d in QAbstractSocketPrivate::canReadNotification (this=0x1a98c30) at socket/qabstractsocket.cpp:604
#25 0x00007f2d798f1dab in QAbstractSocketPrivate::readNotification (this=0x1a98c30) at ../../include/QtNetwork/private/../../../src/network/socket/qabstractsocket_p.h:77
#26 0x00007f2d798d8a1b in QAbstractSocketEngine::readNotification (this=0x1ab5f20) at socket/qabstractsocketengine.cpp:154
#27 0x00007f2d798da48d in QReadNotifier::event (this=0x1c5fb90, e=0x7fff84248850) at socket/qnativesocketengine.cpp:1036
#28 0x00007f2d771f9917 in QApplicationPrivate::notify_helper (this=0x162c9c0, receiver=0x1c5fb90, e=0x7fff84248850) at kernel/qapplication.cpp:4056
#29 0x00007f2d771f9cb9 in QApplication::notify (this=0x7fff84248c60, receiver=0x1c5fb90, e=0x7fff84248850) at kernel/qapplication.cpp:3603
#30 0x00007f2d79151f39 in KApplication::notify (this=0x7fff84248c60, receiver=0x1c5fb90, event=0x7fff84248850) at /d/kde/src/trunk/kdelibs/kdeui/kernel/kapplication.cpp:302
#31 0x00007f2d782132a3 in QCoreApplication::notifyInternal (this=0x7fff84248c60, receiver=0x1c5fb90, event=0x7fff84248850) at kernel/qcoreapplication.cpp:610
#32 0x00007f2d79ed8523 in QCoreApplication::sendEvent () from /d/qt/inst/kde-qt/lib/libQt3Support.so.4
#33 0x00007f2d7824c39c in socketNotifierSourceDispatch (source=0x1630330) at kernel/qeventdispatcher_glib.cpp:110
#34 0x00007f2d72d2d20a in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#35 0x00007f2d72d308e0 in ?? () from /usr/lib/libglib-2.0.so.0
#36 0x00007f2d72d30a7c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#37 0x00007f2d7824b01a in QEventDispatcherGlib::processEvents (this=0x1600f30, flags={i = -2077980064}) at kernel/qeventdispatcher_glib.cpp:327
#38 0x00007f2d772c652b in QGuiEventDispatcherGlib::processEvents (this=0x1600f30, flags={i = -2077979968}) at kernel/qguieventdispatcher_glib.cpp:202
#39 0x00007f2d7820fa0f in QEventLoop::processEvents (this=0x7fff84248bb0, flags={i = -2077979808}) at kernel/qeventloop.cpp:149
#40 0x00007f2d7820fc33 in QEventLoop::exec (this=0x7fff84248bb0, flags={i = -2077979696}) at kernel/qeventloop.cpp:201
#41 0x00007f2d78213ced in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#42 0x00007f2d771f9674 in QApplication::exec () at kernel/qapplication.cpp:3525
#43 0x0000000000468876 in main (argc=1, argv=0x7fff84249968) at /d/kde/src/trunk/konversation/src/main.cpp:101

Reported using DrKonqi

Comment 1 Eike Hein 2009-10-16 17:17:59 UTC

This is caused by the ancient QCA on your Kubuntu. Closing as duplicate.

*** This bug has been marked as a duplicate of bug 210229 ***

Comment 2 Eike Hein 2009-10-16 17:41:11 UTC

t-nor (the reporter) on IRC says this was with kdesupport's QCA rather than Kubuntu's, so this is distinct from bug 210229 after all. Reopening.

Comment 3 Christoph Feck 2012-12-20 22:33:43 UTC

dup of bug 311730 ?

Comment 4 Jekyll Wu 2013-04-05 07:10:05 UTC

*** Bug 311730 has been marked as a duplicate of this bug. ***

Comment 5 Myriam Schweingruber 2013-04-14 00:57:17 UTC

(In reply to comment #4)
> *** Bug 311730 has been marked as a duplicate of this bug. ***

Backtrace:

[KCrash Handler]
#5  0x00007fc78f9a7d25 in raise () from /lib64/libc.so.6
#6  0x00007fc78f9a91a8 in abort () from /lib64/libc.so.6
#7  0x00007fc7916f39a4 in qt_message_output(QtMsgType, char const*) () from /usr/lib64/libQtCore.so.4
#8  0x00007fc7916f3b58 in ?? () from /usr/lib64/libQtCore.so.4
#9  0x00007fc7916f3ce4 in qFatal(char const*, ...) () from /usr/lib64/libQtCore.so.4
#10 0x00007fc7916f3d2a in qt_assert(char const*, char const*, int) () from /usr/lib64/libQtCore.so.4
#11 0x000000000062a41c in QByteArray::at (this=0x7fff8cabcc60, i=443) at /usr/include/QtCore/qbytearray.h:414
#12 0x000000000062a059 in Konversation::Cipher::b64ToByte (this=0x2e79070, text=...) at /home/jevez/konversation/konversation/src/cipher.cpp:444
#13 0x00000000006299f4 in Konversation::Cipher::blowfishECB (this=0x2e79070, cipherText=..., direction=false) at /home/jevez/konversation/konversation/src/cipher.cpp:356
#14 0x0000000000627f04 in Konversation::Cipher::decrypt (this=0x2e79070, cipherText=...) at /home/jevez/konversation/konversation/src/cipher.cpp:138
#15 0x00000000004bf16c in Server::incoming (this=0x2689bf0) at /home/jevez/konversation/konversation/src/irc/server.cpp:1322
#16 0x00000000004d0046 in Server::qt_static_metacall (_o=0x2689bf0, _c=QMetaObject::InvokeMetaMethod, _id=99, _a=0x7fff8cabd410) at /home/jevez/konversation/konversation/build/src/server.moc:425
#17 0x00007fc79180df5f in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib64/libQtCore.so.4
#18 0x00007fc791d03dfa in ?? () from /usr/lib64/libkdecore.so.5
#19 0x00007fc79180df5f in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib64/libQtCore.so.4
#20 0x00007fc793400911 in ?? () from /usr/lib64/libQtNetwork.so.4
#21 0x00007fc7933f9959 in ?? () from /usr/lib64/libQtNetwork.so.4
#22 0x00007fc79180df5f in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib64/libQtCore.so.4
#23 0x00007fc7933dc9ac in ?? () from /usr/lib64/libQtNetwork.so.4
#24 0x00007fc7933e541d in ?? () from /usr/lib64/libQtNetwork.so.4
#25 0x00007fc79070b74c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib64/libQtGui.so.4
#26 0x00007fc79070fc7a in QApplication::notify(QObject*, QEvent*) () from /usr/lib64/libQtGui.so.4
#27 0x00007fc7924ac006 in KApplication::notify(QObject*, QEvent*) () from /usr/lib64/libkdeui.so.5
#28 0x00007fc7917f773e in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib64/libQtCore.so.4
#29 0x00007fc791825148 in ?? () from /usr/lib64/libQtCore.so.4
#30 0x00007fc78b9a33b5 in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#31 0x00007fc78b9a36e8 in ?? () from /usr/lib64/libglib-2.0.so.0
#32 0x00007fc78b9a37a4 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#33 0x00007fc791825936 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQtCore.so.4
#34 0x00007fc7907ab8ae in ?? () from /usr/lib64/libQtGui.so.4
#35 0x00007fc7917f673f in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQtCore.so.4
#36 0x00007fc7917f69c8 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQtCore.so.4
#37 0x00007fc7917fb3a8 in QCoreApplication::exec() () from /usr/lib64/libQtCore.so.4
#38 0x0000000000485dfd in main (argc=5, argv=0x7fff8cabff78) at /home/jevez/konversation/konversation/src/main.cpp:133

Comment 6 Eike Hein 2014-10-24 12:09:09 UTC

This appears to be caused by a missing sanity check on the sizes of incoming ECB blocks. 1f55cee8 in the repo should fix it. The fix is on all open branches (1.5, master and frameworks).