Control: tags -1 + upstream patch
Dear Maintainer,
I think I found the issue.
In [1] gets a temporary KAboutData object created, with
string parameters created by QStringLiteral. Therefore
it looks like QStrings created from that have also a
private d member pointing to the static data segment of
the library libsvn_auth_kwallet-1.so.1.
Inside KAboutData::setApplicationData another KAboutData
object get created which gets a shared copy of the d member,
therefore also pointer to the QStringLiterals.
Later the library libsvn_auth_kwallet-1.so.1 gets unloaded.
Then on process end the exit handlers try to delete
the KAboutData which tries to access the now invalid pointers
to the static data segment of the library
libsvn_auth_kwallet-1.so.1
---
Attached patch changes the QStringLiteral to QString, therefore
also temporary QString objects should be created, which can be
destroyed even when the shared library got unloaded.
Another possible solution could be if KAboutData would create
deep copies of its strings at this assignment [2].
---
I did not really find an upstream bug in the svn tracker [3].
Just a bug at kde.org [5] which refrences also the
bug [4] found by Christin.
Kind regards,
Bernhard
[1]
https://sources.debian.org/src/subversion/1.13.0-1/subversion/libsvn_auth_kwallet/kwallet.cpp/#L230
https://sources.debian.org/src/subversion/1.13.0-1/subversion/libsvn_auth_kwallet/kwallet.cpp/#L312
[2]
https://sources.debian.org/src/kcoreaddons/5.54.0-1/src/lib/kaboutdata.cpp/#L598
[3] https://issues.apache.org/jira/issues/?jql=project%20%3D%20SVN
[4] https://bugs.archlinux.org/task/60005
[5] https://bugs.kde.org/show_bug.cgi?id=407271
(gdb) bt
#0 0x00007ffff58e3e64 in std::__atomic_base<int>::load(std::memory_order)
const (__m=std::memory_order_relaxed, this=0x7ffff5a23280) at
/usr/include/c++/8/bits/atomic_base.h:390
#1 0x00007ffff58e3e64 in QAtomicOps<int>::load<int>(std::atomic<int> const&)
(_q_value=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:227
#2 0x00007ffff58e3e64 in QBasicAtomicInteger<int>::load() const
(this=0x7ffff5a23280) at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:103
#3 0x00007ffff58e3e64 in QtPrivate::RefCount::deref() (this=0x7ffff5a23280) at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:66
#4 0x00007ffff58e3e64 in QString::~QString() (this=0x5555569742d0,
__in_chrg=<optimized out>) at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:1130
#5 0x00007ffff58e3e64 in KAboutData::Private::~Private() (this=0x5555569742d0,
__in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:460
#6 0x00007ffff58e3e64 in KAboutData::~KAboutData() (this=0x555556972700,
__in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:581
#7 0x00007ffff58e410d in KAboutDataRegistry::~KAboutDataRegistry()
(this=0x7ffff595a6e0 <(anonymous
namespace)::Q_QGS_s_registry::innerFunction()::holder>, __in_chrg=<optimized
out>) at ./src/lib/kaboutdata.cpp:1040
#8 0x00007ffff58e410d in (anonymous
namespace)::Q_QGS_s_registry::Holder::~Holder() (this=0x7ffff595a6e0
<(anonymous namespace)::Q_QGS_s_registry::innerFunction()::holder>,
__in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:1040
#9 0x00007ffff7c87d8c in __run_exit_handlers (status=0, listp=0x7ffff7e09718
<__exit_funcs>, run_list_atexit=run_list_atexit@entry=true,
run_dtors=run_dtors@entry=true) at exit.c:108
#10 0x00007ffff7c87eba in __GI_exit (status=<optimized out>) at exit.c:139
#11 0x00005555555883f6 in main (argc=<optimized out>, argv=<optimized out>,
env=<optimized out>) at perlmain.c:166
Description: Avoid crash in __run_exit_handlers by using QString instead of QStringLiteral
If QStringLiteral is used then pointer to segments in the
shared library libsvn_auth_kwallet-1.so.1 are passed to
the KAboutData::Private object, which unfortuantely makes
no deep copy.
Later in the exit handler when the KAboutData object gets
destroyed, that pointer are again accessed and trigger the
crash.
Author: Bernhard Ãbelacker <bernha...@mailbox.org>
Bug-Debian: https://bugs.debian.org/945443
Bug-Kde: https://bugs.kde.org/show_bug.cgi?id=407271
Bug-Arch: https://bugs.archlinux.org/task/60005
Forwarded: no
Last-Update: 2019-12-10
--- subversion-1.10.4.orig/subversion/libsvn_auth_kwallet/kwallet.cpp
+++ subversion-1.10.4/subversion/libsvn_auth_kwallet/kwallet.cpp
@@ -227,10 +227,10 @@ kwallet_password_get(svn_boolean_t *done
KLocalizedString::setApplicationDomain("subversion"); /* translation domain */
/* componentName appears in KDE GUI prompts */
- KAboutData aboutData(QStringLiteral("subversion"), /* componentName */
+ KAboutData aboutData(QString("subversion"), /* componentName */
i18n(get_application_name(parameters,
pool)), /* displayName */
- QStringLiteral(SVN_VER_NUMBER));
+ QString(SVN_VER_NUMBER));
KAboutData::setApplicationData(aboutData);
#else
KCmdLineArgs::init(q_argc, q_argv,
@@ -309,10 +309,10 @@ kwallet_password_set(svn_boolean_t *done
KLocalizedString::setApplicationDomain("subversion"); /* translation domain */
/* componentName appears in KDE GUI prompts */
- KAboutData aboutData(QStringLiteral("subversion"), /* componentName */
+ KAboutData aboutData(QString("subversion"), /* componentName */
i18n(get_application_name(parameters,
pool)), /* displayName */
- QStringLiteral(SVN_VER_NUMBER));
+ QString(SVN_VER_NUMBER));
KAboutData::setApplicationData(aboutData);
#else
KCmdLineArgs::init(q_argc, q_argv,
# Buster/stable amd64 qemu VM 2019-12-10
apt update
apt dist-upgrade
apt install systemd-coredump xserver-xorg sddm plasma-desktop konsole net-tools
psmisc strace mc tmux subversion rr gdb git-svn perl-debug
libkf5coreaddons5-dbgsym libsvn1-dbgsym
apt build-dep libsvn1
# as benutzer
mkdir /home/benutzer/source/libsvn1/orig -p
cd /home/benutzer/source/libsvn1/orig
apt source libsvn1
cd
mkdir /home/benutzer/source/libkf5coreaddons5/orig -p
cd /home/benutzer/source/libkf5coreaddons5/orig
apt source libkf5coreaddons5
cd
reboot
adduser harry
# as harry:
svnadmin create $HOME/my-repo
sed -i 's@# password-db = passwd@password-db = passwd@g'
$HOME/my-repo/conf/svnserve.conf
sed -i 's@# anon-access = read@anon-access = none@g'
$HOME/my-repo/conf/svnserve.conf
sed -i 's@# realm = My First Repository@realm = My First Repository@g'
$HOME/my-repo/conf/svnserve.conf
sed -i 's@# anon-access = read@anon-access = none@g'
$HOME/my-repo/conf/svnserve.conf
sed -i 's@# auth-access = write@auth-access = write@g'
$HOME/my-repo/conf/svnserve.conf
sed -i 's/# harry = harryssecret/harry = password/g' $HOME/my-repo/conf/passwd
svnserve -d -r $HOME/my-repo
# as benutzer
mkdir svn
cd svn
svn checkout svn://127.0.0.1/ test
cd test
echo test > test
svn add test
svn commit
svn update
cd
mkdir git
cd git
git svn clone svn://127.0.0.1/ test
journalctl --no-pager
coredumpctl list
coredumpctl gdb 5358
set width 0
set pagination off
bt
###########
benutzer@debian:~$ mkdir git
benutzer@debian:~$ cd git
benutzer@debian:~/git$ git svn clone svn://127.0.0.1/ test
Leeres Git-Repository in /home/benutzer/git/test/.git/ initialisiert
org.kde.kwindowsystem: Could not find any platform plugin
A test
r1 = 4d41b3d41e43f9a8eeb24c63fee97842bdc1fff4 (refs/remotes/git-svn)
Checked out HEAD:
svn://127.0.0.1 r1
error: git-svn died of signal 11
root@debian:~# journalctl --no-pager
...
Dez 10 15:54:45 debian kernel: git-svn[5358]: segfault at 7f097ceab280 ip
00007f097cd6be64 sp 00007ffef87164c0 error 4 in
libKF5CoreAddons.so.5.54.0[7f097cd61000+60000]
Dez 10 15:54:45 debian kernel: Code: f8 ff 74 06 f0 83 2f 01 74 7c 48 8b 7b 08
8b 07 85 c0 0f 84 93 00 00 00 83 f8 ff 74 0a f0 83 2f 01 0f 84 1f 02 00 00 48
8b 03 <8b> 10 85 d2 74 1e 83 fa ff 74 06 f0 83 28 01 74 13 48 8b 7d 00 48
Dez 10 15:54:45 debian systemd[1]: Created slice
system-systemd\x2dcoredump.slice.
Dez 10 15:54:45 debian systemd[1]: Started Process Core Dump (PID 5464/UID 0).
Dez 10 15:54:46 debian systemd-coredump[5465]: Process 5358 (git-svn) of user
1000 dumped core.
Stack trace of thread 5358:
#0 0x00007f097cd6be64
_ZN10KAboutDataD1Ev (libKF5CoreAddons.so.5)
#1 0x00007f097cd6c10d n/a
(libKF5CoreAddons.so.5)
#2 0x00007f097f10ed8c n/a
(libc.so.6)
#3 0x00007f097f10eeba exit
(libc.so.6)
#4 0x0000556be99ec3f6 main
(perl)
#5 0x00007f097f0f909b
__libc_start_main (libc.so.6)
#6 0x0000556be99ec44a _start
(perl)
Dez 10 15:54:46 debian systemd[1]: systemd-coredump@0-5464-0.service: Succeeded.
root@debian:~# coredumpctl list
TIME PID UID GID SIG COREFILE EXE
Tue 2019-12-10 15:54:46 CET 5358 1000 1000 11 present /usr/bin/perl
root@debian:~# coredumpctl gdb 5358
PID: 5358 (git-svn)
UID: 1000 (benutzer)
GID: 1000 (benutzer)
Signal: 11 (SEGV)
Timestamp: Tue 2019-12-10 15:54:45 CET (5min ago)
Command Line: /usr/bin/perl /usr/lib/git-core/git-svn clone svn://127.0.0.1/
test
Executable: /usr/bin/perl
Control Group: /user.slice/user-1000.slice/session-3.scope
Unit: session-3.scope
Slice: user-1000.slice
Session: 3
Owner UID: 1000 (benutzer)
Boot ID: df82c2bb3dac4bba8d6c97cd2317cada
Machine ID: 33f18f39d2a9438eb75b0ed52848afcd
Hostname: debian
Storage:
/var/lib/systemd/coredump/core.git-svn.1000.df82c2bb3dac4bba8d6c97cd2317cada.5358.1575989685000000.lz4
Message: Process 5358 (git-svn) of user 1000 dumped core.
Stack trace of thread 5358:
#0 0x00007f097cd6be64 _ZN10KAboutDataD1Ev
(libKF5CoreAddons.so.5)
#1 0x00007f097cd6c10d n/a (libKF5CoreAddons.so.5)
#2 0x00007f097f10ed8c n/a (libc.so.6)
#3 0x00007f097f10eeba exit (libc.so.6)
#4 0x0000556be99ec3f6 main (perl)
#5 0x00007f097f0f909b __libc_start_main (libc.so.6)
#6 0x0000556be99ec44a _start (perl)
...
warning: core file may not match specified executable file.
[New LWP 5358]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/bin/perl /usr/lib/git-core/git-svn clone
svn://127.0.0.1/ test'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f097cd6be64 in KAboutData::~KAboutData() () from
/lib/x86_64-linux-gnu/libKF5CoreAddons.so.5
(gdb) set width 0
(gdb) set pagination off
(gdb) bt
#0 0x00007f097cd6be64 in KAboutData::~KAboutData() () from
/lib/x86_64-linux-gnu/libKF5CoreAddons.so.5
#1 0x00007f097cd6c10d in ?? () from /lib/x86_64-linux-gnu/libKF5CoreAddons.so.5
#2 0x00007f097f10ed8c in __run_exit_handlers (status=0, listp=0x7f097f290718
<__exit_funcs>, run_list_atexit=run_list_atexit@entry=true,
run_dtors=run_dtors@entry=true) at exit.c:108
#3 0x00007f097f10eeba in __GI_exit (status=<optimized out>) at exit.c:139
#4 0x0000556be99ec3f6 in main (argc=<optimized out>, argv=<optimized out>,
env=<optimized out>) at perlmain.c:166
(gdb) bt
#0 0x00007f097cd6be64 in std::__atomic_base<int>::load
(__m=std::memory_order_relaxed, this=0x7f097ceab280) at
/usr/include/c++/8/bits/atomic_base.h:390
#1 QAtomicOps<int>::load<int> (_q_value=...) at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:227
#2 QBasicAtomicInteger<int>::load (this=0x7f097ceab280) at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:103
#3 QtPrivate::RefCount::deref (this=0x7f097ceab280) at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:66
#4 QString::~QString (this=0x556becba8760, __in_chrg=<optimized out>) at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:1130
#5 KAboutData::Private::~Private (this=0x556becba8760, __in_chrg=<optimized
out>) at ./src/lib/kaboutdata.cpp:460
#6 KAboutData::~KAboutData (this=0x556becbab3e0, __in_chrg=<optimized out>) at
./src/lib/kaboutdata.cpp:581
#7 0x00007f097cd6c10d in KAboutDataRegistry::~KAboutDataRegistry
(this=0x7f097cde26e0 <(anonymous
namespace)::Q_QGS_s_registry::innerFunction()::holder>, __in_chrg=<optimized
out>) at ./src/lib/kaboutdata.cpp:1040
#8 (anonymous namespace)::Q_QGS_s_registry::Holder::~Holder
(this=0x7f097cde26e0 <(anonymous
namespace)::Q_QGS_s_registry::innerFunction()::holder>, __in_chrg=<optimized
out>) at ./src/lib/kaboutdata.cpp:1040
#9 0x00007f097f10ed8c in __run_exit_handlers (status=0, listp=0x7f097f290718
<__exit_funcs>, run_list_atexit=run_list_atexit@entry=true,
run_dtors=run_dtors@entry=true) at exit.c:108
#10 0x00007f097f10eeba in __GI_exit (status=<optimized out>) at exit.c:139
#11 0x0000556be99ec3f6 in main (argc=<optimized out>, argv=<optimized out>,
env=<optimized out>) at perlmain.c:166
###########
export DISPLAY=:0
cd git
rm test -rf
gdb -q --args /usr/bin/perl /usr/lib/git-core/git-svn clone svn://127.0.0.1/
test
set width 0
set pagination off
directory /home/benutzer/source/libkf5coreaddons5/orig/kcoreaddons-5.54.0
b KAboutData::KAboutData
y
b KAboutData::~KAboutData
y
b KAboutData::Private::operator=
y
run
#disable @plt
info b
disa 1.1
disa 1.2
disa 1.3
disa 1.8
disa 2.1
disa 2.3
ignore 1 1
ignore 2 1
cont
bt
cont
# Without dbgsym for libsvn_subr-1.so.1
(gdb) bt
#0 KAboutData::KAboutData (this=0x7fffffffd980, _componentName=...,
_displayName=..., _version=...) at ./src/lib/kaboutdata.cpp:552
#1 0x00007ffff5a26168 in ?? () from
/lib/x86_64-linux-gnu/libsvn_auth_kwallet-1.so.1
#2 0x00007ffff72719ff in svn_auth.simple_creds_cache_get () from
/lib/x86_64-linux-gnu/libsvn_subr-1.so.1
#3 0x00007ffff5a255ca in ?? () from
/lib/x86_64-linux-gnu/libsvn_auth_kwallet-1.so.1
#4 0x00007ffff7243adc in svn_auth_first_credentials () from
/lib/x86_64-linux-gnu/libsvn_subr-1.so.1
#5 0x00007ffff6e89a2d in ?? () from /lib/x86_64-linux-gnu/libsvn_ra_svn-1.so.1
#6 0x00007ffff6e89b18 in ?? () from /lib/x86_64-linux-gnu/libsvn_ra_svn-1.so.1
#7 0x00007ffff176b844 in _plug_get_simple () from
/usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so
#8 0x00007ffff176af02 in ?? () from
/usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so
#9 0x00007ffff6a9313d in sasl_client_step () from
/lib/x86_64-linux-gnu/libsasl2.so.2
#10 0x00007ffff6e8ab36 in svn_ra_svn.do_cyrus_auth () from
/lib/x86_64-linux-gnu/libsvn_ra_svn-1.so.1
#11 0x00007ffff6e82524 in ?? () from /lib/x86_64-linux-gnu/libsvn_ra_svn-1.so.1
#12 0x00007ffff6e85186 in ?? () from /lib/x86_64-linux-gnu/libsvn_ra_svn-1.so.1
#13 0x00007ffff6e85ac2 in ?? () from /lib/x86_64-linux-gnu/libsvn_ra_svn-1.so.1
#14 0x00007ffff73de86b in svn_ra_open4 () from
/lib/x86_64-linux-gnu/libsvn_ra-1.so.1
#15 0x00007ffff73db4fd in svn_ra_open3 () from
/lib/x86_64-linux-gnu/libsvn_ra-1.so.1
#16 0x00007ffff73db526 in svn_ra_open2 () from
/lib/x86_64-linux-gnu/libsvn_ra-1.so.1
#17 0x00007ffff73db5e6 in svn_ra_open () from
/lib/x86_64-linux-gnu/libsvn_ra-1.so.1
#18 0x00007ffff64a560a in _wrap_svn_ra_open () from
/usr/lib/x86_64-linux-gnu/perl5/5.28/auto/SVN/_Ra/_Ra.so
#19 0x0000555555640361 in Perl_pp_entersub (my_perl=0x555555868260) at
pp_hot.c:5232
#20 0x0000555555636686 in Perl_runops_standard (my_perl=0x555555868260) at
run.c:42
#21 0x00005555555b202a in S_run_body (oldscope=<optimized out>,
my_perl=<optimized out>) at perl.c:2689
#22 perl_run (my_perl=0x555555868260) at perl.c:2617
#23 0x0000555555588402 in main (argc=<optimized out>, argv=<optimized out>,
env=<optimized out>) at perlmain.c:122
benutzer@debian:~/git$ export DISPLAY=:0
benutzer@debian:~/git$ rm test -rf
benutzer@debian:~/git$ gdb -q --args /usr/bin/perl /usr/lib/git-core/git-svn
clone svn://127.0.0.1/ test
Reading symbols from /usr/bin/perl...Reading symbols from
/usr/lib/debug//usr/bin/perl...done.
done.
(gdb) set width 0
(gdb) set pagination off
(gdb) directory /home/benutzer/source/libkf5coreaddons5/orig/kcoreaddons-5.54.0
Source directories searched:
/home/benutzer/source/libkf5coreaddons5/orig/kcoreaddons-5.54.0:$cdir:$cwd
(gdb) b KAboutData::KAboutData
Function "KAboutData::KAboutData" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (KAboutData::KAboutData) pending.
(gdb) b KAboutData::~KAboutData
Function "KAboutData::~KAboutData" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 2 (KAboutData::~KAboutData) pending.
(gdb) b KAboutData::Private::operator=
Function "KAboutData::Private::operator=" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 3 (KAboutData::Private::operator=) pending.
(gdb) run
Starting program: /usr/bin/perl /usr/lib/git-core/git-svn clone
svn://127.0.0.1/ test
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Detaching after fork from child process 612]
...
[Detaching after fork from child process 655]
Leeres Git-Repository in /home/benutzer/git/test/.git/ initialisiert
[Detaching after fork from child process 656]
...
[Detaching after fork from child process 665]
Breakpoint 1, 0x00007ffff5a21270 in KAboutData::KAboutData(QString const&,
QString const&, QString const&)@plt () from
/lib/x86_64-linux-gnu/libsvn_auth_kwallet-1.so.1
(gdb) info b
Num Type Disp Enb Address What
1 breakpoint keep y <MULTIPLE>
breakpoint already hit 1 time
1.1 y 0x00007ffff58d92b0
<KAboutData::KAboutData(QString const&, QString const&, QString const&)@plt>
1.2 y 0x00007ffff58da1e0
<KAboutData::KAboutData(QString const&, QString const&, QString const&, QString
const&, KAboutLicense::LicenseKey, QString const&, QString const&, QString
const&, QString const&)@plt>
1.3 y 0x00007ffff58db570
<KAboutData::KAboutData(KAboutData const&)@plt>
1.4 y 0x00007ffff58e4270 in
KAboutData::KAboutData(QString const&, QString const&, QString const&) at
./src/lib/kaboutdata.cpp:552
1.5 y 0x00007ffff58e4cb0 in
KAboutData::KAboutData(QString const&, QString const&, QString const&, QString
const&, KAboutLicense::LicenseKey, QString const&, QString const&, QString
const&, QString const&) at ./src/lib/kaboutdata.cpp:496
1.6 y 0x00007ffff58e5d84 in
KAboutData::KAboutData(QString const&, QString const&, QString const&, QString
const&, KAboutLicense::LicenseKey, QString const&, QString const&, QString
const&, QString const&)::{default arg#1}::{lambda()#1}::operator()() const at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:823
1.7 y 0x00007ffff58e6b00 in
KAboutData::KAboutData(KAboutData const&) at ./src/lib/kaboutdata.cpp:584
1.8 y 0x00007ffff5a21270
<KAboutData::KAboutData(QString const&, QString const&, QString const&)@plt>
2 breakpoint keep y <MULTIPLE>
2.1 y 0x00007ffff58dafa0
<KAboutData::~KAboutData()@plt>
2.2 y 0x00007ffff58e3c50 in
KAboutData::~KAboutData() at ./src/lib/kaboutdata.cpp:581
2.3 y 0x00007ffff5a21120
<KAboutData::~KAboutData()@plt>
3 breakpoint keep y <MULTIPLE>
3.1 y 0x00007ffff58e681c in
KAboutData::Private::operator=(KAboutData::Private const&) at
./src/lib/kaboutdata.cpp:460
3.2 y 0x00007ffff58e6b3f in
KAboutData::Private::operator=(KAboutData::Private const&) at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qarraydata.h:255
(gdb) disa 1.1
(gdb) disa 1.2
(gdb) disa 1.3
(gdb) disa 1.8
(gdb) disa 2.1
(gdb) disa 2.3
(gdb) ignore 1 1
Will ignore next crossing of breakpoint 1.
(gdb) ignore 2 1
Will ignore next crossing of breakpoint 2.
(gdb) cont
Continuing.
Breakpoint 1, KAboutData::KAboutData (this=0x555556972700, other=...) at
./src/lib/kaboutdata.cpp:584
584 KAboutData::KAboutData(const KAboutData &other): d(new Private)
(gdb) bt
#0 0x00007ffff58e6b00 in KAboutData::KAboutData(KAboutData const&)
(this=0x555556972700, other=...) at ./src/lib/kaboutdata.cpp:584
#1 0x00007ffff58e7d88 in KAboutData::setApplicationData(KAboutData const&)
(aboutData=...) at ./src/lib/kaboutdata.cpp:1105
#2 0x00007ffff5a221db in kwallet_password_get(svn_boolean_t*, char const**,
apr_hash_t*, char const*, char const*, apr_hash_t*, svn_boolean_t, apr_pool_t*)
(done=done@entry=0x7fffffffda4c, password=password@entry=0x7fffffffda50,
creds=<optimized out>, realmstring=realmstring@entry=0x7ffff1763b30
"<svn://127.0.0.1:3690> My First Repository",
username=username@entry=0x7ffff1755240 "harry",
parameters=parameters@entry=0x7ffff1763bc8, non_interactive=0,
pool=0x7ffff77cd028) at ./subversion/libsvn_auth_kwallet/kwallet.cpp:234
#3 0x00007ffff72729ff in svn_auth__simple_creds_cache_get
(credentials=0x7fffffffdb18, iter_baton=0x7fffffffdb20,
provider_baton=<optimized out>, parameters=0x7ffff1763bc8,
realmstring=0x7ffff1763b30 "<svn://127.0.0.1:3690> My First Repository",
password_get=password_get@entry=0x7ffff5a22040
<kwallet_password_get(svn_boolean_t*, char const**, apr_hash_t*, char const*,
char const*, apr_hash_t*, svn_boolean_t, apr_pool_t*)>, passtype=0x7ffff5a23000
"kwallet", pool=0x7ffff77cd028) at
./subversion/libsvn_subr/simple_providers.c:243
#4 0x00007ffff5a215ca in kwallet_simple_first_creds(void**, void**, void*,
apr_hash_t*, char const*, apr_pool_t*) (credentials=<optimized out>,
iter_baton=<optimized out>, provider_baton=<optimized out>,
parameters=<optimized out>, realmstring=<optimized out>, pool=<optimized out>)
at ./subversion/libsvn_auth_kwallet/kwallet.cpp:360
#5 0x00007ffff7244adc in svn_auth_first_credentials
(credentials=credentials@entry=0x7fffffffdb70,
state=state@entry=0x7fffffffdd98, cred_kind=cred_kind@entry=0x7ffff6e91f15
"svn.simple", realmstring=0x7ffff1763b30 "<svn://127.0.0.1:3690> My First
Repository", auth_baton=0x7ffff62570c8, pool=0x7ffff1768028) at
./subversion/libsvn_subr/auth.c:290
#6 0x00007ffff6e85a2d in get_credentials (baton=baton@entry=0x7fffffffdd90) at
./subversion/libsvn_ra_svn/cyrus_auth.c:327
#7 0x00007ffff6e85b18 in get_username_cb (b=0x7fffffffdd90, id=<optimized
out>, username=0x7fffffffdc28, len=0x0) at
./subversion/libsvn_ra_svn/cyrus_auth.c:360
#8 0x00007ffff176c844 in _plug_get_simple () at
/usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so
#9 0x00007ffff176bf02 in () at /usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so
#10 0x00007ffff6a8f13d in sasl_client_step () at
/lib/x86_64-linux-gnu/libsasl2.so.2
#11 0x00007ffff6e90685 in svn_sasl__client_step (conn=<optimized out>,
serverin=<optimized out>, serverinlen=<optimized out>, prompt_need=<optimized
out>, clientout=<optimized out>, clientoutlen=<optimized out>) at
./subversion/libsvn_ra_svn/wrapped_sasl.c:120
#12 0x00007ffff6e86b36 in try_auth (sess=0x7ffff1768168, pool=0x7ffff1756028,
mechstring=<optimized out>, last_err=<synthetic pointer>, success=<synthetic
pointer>, sasl_ctx=0x55555696d6e0) at
./subversion/libsvn_ra_svn/cyrus_auth.c:534
#13 0x00007ffff6e86b36 in svn_ra_svn__do_cyrus_auth
(sess=sess@entry=0x7ffff1768168, mechlist=0x7ffff1763a68, realm=0x7ffff1763a48
"My First Repository", pool=pool@entry=0x7ffff1768028) at
./subversion/libsvn_ra_svn/cyrus_auth.c:913
#14 0x00007ffff6e7e524 in handle_auth_request (sess=sess@entry=0x7ffff1768168,
pool=pool@entry=0x7ffff1768028) at ./subversion/libsvn_ra_svn/client.c:252
#15 0x00007ffff6e81186 in open_session (sess_p=sess_p@entry=0x7fffffffdf88,
url=url@entry=0x555556935a10 "svn://127.0.0.1", uri=uri@entry=0x7fffffffdf90,
tunnel_name=tunnel_name@entry=0x0, tunnel_argv=tunnel_argv@entry=0x0,
config=config@entry=0x7ffff625c0f0, callbacks=0x7ffff625c230,
callbacks_baton=0x5555564c0248, auth_baton=0x7ffff62570c8,
result_pool=0x7ffff1768028, scratch_pool=0x7ffff624f028) at
./subversion/libsvn_ra_svn/client.c:762
#16 0x00007ffff6e81ac2 in ra_svn_open (session=0x7ffff6257210,
corrected_url=<optimized out>, url=<optimized out>, callbacks=0x7ffff625c230,
callback_baton=0x5555564c0248, auth_baton=0x7ffff62570c8,
config=0x7ffff625c0f0, result_pool=0x7ffff6257028, scratch_pool=0x7ffff624f028)
at ./subversion/libsvn_ra_svn/client.c:900
#17 0x00007ffff73df86b in svn_ra_open4
(session_p=session_p@entry=0x7fffffffe220,
corrected_url_p=corrected_url_p@entry=0x0,
repos_URL=repos_URL@entry=0x555556935a10 "svn://127.0.0.1",
uuid=uuid@entry=0x0, callbacks=0x7ffff625c230,
callback_baton=callback_baton@entry=0x5555564c0248, config=0x7ffff625c0f0,
pool=0x7ffff625c028) at ./subversion/libsvn_ra/ra_loader.c:384
#18 0x00007ffff73dc4fd in svn_ra_open3
(session_p=session_p@entry=0x7fffffffe220,
repos_URL=repos_URL@entry=0x555556935a10 "svn://127.0.0.1",
uuid=uuid@entry=0x0, callbacks=<optimized out>,
callback_baton=callback_baton@entry=0x5555564c0248,
config=config@entry=0x7ffff625c0f0, pool=0x7ffff625c028) at
./subversion/libsvn_ra/deprecated.c:162
#19 0x00007ffff73dc526 in svn_ra_open2
(session_p=session_p@entry=0x7fffffffe220,
repos_URL=repos_URL@entry=0x555556935a10 "svn://127.0.0.1",
callbacks=<optimized out>, callback_baton=callback_baton@entry=0x5555564c0248,
config=config@entry=0x7ffff625c0f0, pool=pool@entry=0x7ffff625c028) at
./subversion/libsvn_ra/deprecated.c:173
#20 0x00007ffff73dc5e6 in svn_ra_open (session_p=0x7fffffffe220,
repos_URL=0x555556935a10 "svn://127.0.0.1", callbacks=0x7ffff625c0a0,
callback_baton=0x5555564c0248, config=0x7ffff625c0f0, pool=0x7ffff625c028) at
./subversion/libsvn_ra/deprecated.c:196
#21 0x00007ffff64a160a in _wrap_svn_ra_open () at
/usr/lib/x86_64-linux-gnu/perl5/5.28/auto/SVN/_Ra/_Ra.so
#22 0x0000555555640361 in Perl_pp_entersub (my_perl=0x555555868260) at
pp_hot.c:5232
#23 0x0000555555636686 in Perl_runops_standard (my_perl=0x555555868260) at
run.c:42
#24 0x00005555555b202a in S_run_body (oldscope=<optimized out>,
my_perl=<optimized out>) at perl.c:2689
#25 0x00005555555b202a in perl_run (my_perl=0x555555868260) at perl.c:2617
#26 0x0000555555588402 in main (argc=<optimized out>, argv=<optimized out>,
env=<optimized out>) at perlmain.c:122
(gdb) cont
Continuing.
Breakpoint 3, 0x00007ffff58e6b3f in KAboutData::Private::operator=
(this=<optimized out>) at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qarraydata.h:255
255 static QTypedArrayData *sharedNull() Q_DECL_NOTHROW
(gdb) up
#1 KAboutData::KAboutData (this=0x555556972700, other=...) at
./src/lib/kaboutdata.cpp:586
586 *d = *other.d;
(gdb) next
586 *d = *other.d;
(gdb)
587 QList<KAboutLicense>::iterator it = d->_licenseList.begin(), itEnd
= d->_licenseList.end();
(gdb) print d->_componentName.d
$1 = (QString::Data *) 0x7ffff5a23280 <kwallet_password_get(int*, char const**,
apr_hash_t*, char const*, char const*, apr_hash_t*, int,
apr_pool_t*)::{lambda()#1}::operator()() const::qstring_literal>
(gdb) info share
From To Syms Read Shared Object Library
...
0x00007ffff5a30f50 0x00007ffff5a6370e Yes (*)
/lib/x86_64-linux-gnu/libblkid.so.1
0x00007ffff5a212f0 0x00007ffff5a22858 Yes
/lib/x86_64-linux-gnu/libsvn_auth_kwallet-1.so.1 <<<<<<<<
0x00007ffff59dad50 0x00007ffff5a06941 Yes (*)
/lib/x86_64-linux-gnu/libdbus-1.so.3
0x00007ffff59b28f0 0x00007ffff59c368a Yes (*)
/lib/x86_64-linux-gnu/libKF5Wallet.so.5
0x00007ffff5963ed0 0x00007ffff59977d5 Yes (*)
/lib/x86_64-linux-gnu/libKF5I18n.so.5
0x00007ffff58dbdc0 0x00007ffff5938714 Yes
/lib/x86_64-linux-gnu/libKF5CoreAddons.so.5
...
(*): Shared library is missing debugging information.
(gdb) cont
Continuing.
[New Thread 0x7ffff165b700 (LWP 668)]
org.kde.kwindowsystem: Could not find any platform plugin
[Detaching after fork from child process 669]
...
[Detaching after fork from child process 706]
A test
[Detaching after fork from child process 708]
...
[Detaching after fork from child process 723]
r1 = 4d41b3d41e43f9a8eeb24c63fee97842bdc1fff4 (refs/remotes/git-svn)
[Detaching after fork from child process 724]
...
[Detaching after fork from child process 749]
Checked out HEAD:
svn://127.0.0.1 r1
[Detaching after fork from child process 750]
[Thread 0x7ffff165b700 (LWP 668) exited]
warning: Temporarily disabling breakpoints for unloaded shared library
"/lib/x86_64-linux-gnu/libsvn_auth_kwallet-1.so.1"
Thread 1 "perl" hit Breakpoint 2, KAboutData::~KAboutData (this=0x555556972700,
__in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:581
581 delete d;
(gdb) bt
#0 0x00007ffff58e3c50 in KAboutData::~KAboutData() (this=0x555556972700,
__in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:581
#1 0x00007ffff58e410d in KAboutDataRegistry::~KAboutDataRegistry()
(this=0x7ffff595a6e0 <(anonymous
namespace)::Q_QGS_s_registry::innerFunction()::holder>, __in_chrg=<optimized
out>) at ./src/lib/kaboutdata.cpp:1040
#2 0x00007ffff58e410d in (anonymous
namespace)::Q_QGS_s_registry::Holder::~Holder() (this=0x7ffff595a6e0
<(anonymous namespace)::Q_QGS_s_registry::innerFunction()::holder>,
__in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:1040
#3 0x00007ffff7c87d8c in __run_exit_handlers (status=0, listp=0x7ffff7e09718
<__exit_funcs>, run_list_atexit=run_list_atexit@entry=true,
run_dtors=run_dtors@entry=true) at exit.c:108
#4 0x00007ffff7c87eba in __GI_exit (status=<optimized out>) at exit.c:139
#5 0x00005555555883f6 in main (argc=<optimized out>, argv=<optimized out>,
env=<optimized out>) at perlmain.c:166
(gdb) print d->_componentName.d
$2 = (QString::Data *) 0x7ffff5a23280
(gdb) info share
From To Syms Read Shared Object Library
...
0x00007ffff5a30f50 0x00007ffff5a6370e Yes (*)
/lib/x86_64-linux-gnu/libblkid.so.1
0x00007ffff58dbdc0 0x00007ffff5938714 Yes
/lib/x86_64-linux-gnu/libKF5CoreAddons.so.5
...
<<<<<<<<< no more libsvn_auth_kwallet-1.so.1
(*): Shared library is missing debugging information.
(gdb) cont
Continuing.
Thread 1 "perl" received signal SIGSEGV, Segmentation fault.
0x00007ffff58e3e64 in std::__atomic_base<int>::load
(__m=std::memory_order_relaxed, this=0x7ffff5a23280) at
/usr/include/c++/8/bits/atomic_base.h:390
warning: Source file is more recent than executable.
390 load(memory_order __m = memory_order_seq_cst) const noexcept
(gdb) bt
#0 0x00007ffff58e3e64 in std::__atomic_base<int>::load(std::memory_order)
const (__m=std::memory_order_relaxed, this=0x7ffff5a23280) at
/usr/include/c++/8/bits/atomic_base.h:390
#1 0x00007ffff58e3e64 in QAtomicOps<int>::load<int>(std::atomic<int> const&)
(_q_value=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:227
#2 0x00007ffff58e3e64 in QBasicAtomicInteger<int>::load() const
(this=0x7ffff5a23280) at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:103
#3 0x00007ffff58e3e64 in QtPrivate::RefCount::deref() (this=0x7ffff5a23280) at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:66
#4 0x00007ffff58e3e64 in QString::~QString() (this=0x5555569742d0,
__in_chrg=<optimized out>) at
/usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:1130
#5 0x00007ffff58e3e64 in KAboutData::Private::~Private() (this=0x5555569742d0,
__in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:460
#6 0x00007ffff58e3e64 in KAboutData::~KAboutData() (this=0x555556972700,
__in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:581
#7 0x00007ffff58e410d in KAboutDataRegistry::~KAboutDataRegistry()
(this=0x7ffff595a6e0 <(anonymous
namespace)::Q_QGS_s_registry::innerFunction()::holder>, __in_chrg=<optimized
out>) at ./src/lib/kaboutdata.cpp:1040
#8 0x00007ffff58e410d in (anonymous
namespace)::Q_QGS_s_registry::Holder::~Holder() (this=0x7ffff595a6e0
<(anonymous namespace)::Q_QGS_s_registry::innerFunction()::holder>,
__in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:1040
#9 0x00007ffff7c87d8c in __run_exit_handlers (status=0, listp=0x7ffff7e09718
<__exit_funcs>, run_list_atexit=run_list_atexit@entry=true,
run_dtors=run_dtors@entry=true) at exit.c:108
#10 0x00007ffff7c87eba in __GI_exit (status=<optimized out>) at exit.c:139
#11 0x00005555555883f6 in main (argc=<optimized out>, argv=<optimized out>,
env=<optimized out>) at perlmain.c:166
(gdb) kill
Kill the program being debugged? (y or n) y
[Inferior 1 (process 607) killed]
(gdb) q
############
cd /home/benutzer/source/libsvn1
cp orig try2 -a
cd try2/subversion-1.10.4
945443_Avoid-crash-in-__run_exit_handlers-by-using-QString-instead-of-QStringLiteral.patch
Description: Avoid crash in __run_exit_handlers by using QString instead of
QStringLiteral
If QStringLiteral is used then pointer to segments in the
shared library libsvn_auth_kwallet-1.so.1 are passed to
the KAboutData::Private object, which unfortuantely makes
no deep copy.
Later in the exit handler when the KAboutData object gets
destroyed, that pointer are again accessed and trigger the
crash.
Author: Bernhard Übelacker <bernha...@mailbox.org>
Bug-Debian: https://bugs.debian.org/945443
Bug-Kde: https://bugs.kde.org/show_bug.cgi?id=407271
Bug-Arch: https://bugs.archlinux.org/task/60005
Forwarded: no
Last-Update: 2019-12-10
# dpkg-buildpackage
DEB_BUILD_OPTIONS='nocheck' dpkg-buildpackage
dpkg -i
/home/benutzer/source/libsvn1/try1/{subversion,libsvn1-dbgsym,libsvn1,libsvn-perl}_1.10.4-1+deb10u1_amd64.deb
###########
https://bugs.archlinux.org/task/60005
https://bugs.kde.org/show_bug.cgi?id=407271
https://sources.debian.org/src/subversion/1.13.0-1/subversion/libsvn_auth_kwallet/kwallet.cpp/#L230
https://sources.debian.org/src/subversion/1.13.0-1/subversion/libsvn_auth_kwallet/kwallet.cpp/#L312
https://sources.debian.org/src/kcoreaddons/5.54.0-1/src/lib/kaboutdata.cpp/#L598
https://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_auth_kwallet/kwallet.cpp?view=markup#l230
https://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_auth_kwallet/kwallet.cpp?view=markup#l312
https://cgit.kde.org/kcoreaddons.git/tree/src/lib/kaboutdata.cpp#n600
