Control: tags -1 + upstream patch
Dear Maintainer, I think I found the issue. In [1] gets a temporary KAboutData object created, with string parameters created by QStringLiteral. Therefore it looks like QStrings created from that have also a private d member pointing to the static data segment of the library libsvn_auth_kwallet-1.so.1. Inside KAboutData::setApplicationData another KAboutData object get created which gets a shared copy of the d member, therefore also pointer to the QStringLiterals. Later the library libsvn_auth_kwallet-1.so.1 gets unloaded. Then on process end the exit handlers try to delete the KAboutData which tries to access the now invalid pointers to the static data segment of the library libsvn_auth_kwallet-1.so.1 --- Attached patch changes the QStringLiteral to QString, therefore also temporary QString objects should be created, which can be destroyed even when the shared library got unloaded. Another possible solution could be if KAboutData would create deep copies of its strings at this assignment [2]. --- I did not really find an upstream bug in the svn tracker [3]. Just a bug at kde.org [5] which refrences also the bug [4] found by Christin. Kind regards, Bernhard [1] https://sources.debian.org/src/subversion/1.13.0-1/subversion/libsvn_auth_kwallet/kwallet.cpp/#L230 https://sources.debian.org/src/subversion/1.13.0-1/subversion/libsvn_auth_kwallet/kwallet.cpp/#L312 [2] https://sources.debian.org/src/kcoreaddons/5.54.0-1/src/lib/kaboutdata.cpp/#L598 [3] https://issues.apache.org/jira/issues/?jql=project%20%3D%20SVN [4] https://bugs.archlinux.org/task/60005 [5] https://bugs.kde.org/show_bug.cgi?id=407271 (gdb) bt #0 0x00007ffff58e3e64 in std::__atomic_base<int>::load(std::memory_order) const (__m=std::memory_order_relaxed, this=0x7ffff5a23280) at /usr/include/c++/8/bits/atomic_base.h:390 #1 0x00007ffff58e3e64 in QAtomicOps<int>::load<int>(std::atomic<int> const&) (_q_value=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:227 #2 0x00007ffff58e3e64 in QBasicAtomicInteger<int>::load() const (this=0x7ffff5a23280) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:103 #3 0x00007ffff58e3e64 in QtPrivate::RefCount::deref() (this=0x7ffff5a23280) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:66 #4 0x00007ffff58e3e64 in QString::~QString() (this=0x5555569742d0, __in_chrg=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:1130 #5 0x00007ffff58e3e64 in KAboutData::Private::~Private() (this=0x5555569742d0, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:460 #6 0x00007ffff58e3e64 in KAboutData::~KAboutData() (this=0x555556972700, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:581 #7 0x00007ffff58e410d in KAboutDataRegistry::~KAboutDataRegistry() (this=0x7ffff595a6e0 <(anonymous namespace)::Q_QGS_s_registry::innerFunction()::holder>, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:1040 #8 0x00007ffff58e410d in (anonymous namespace)::Q_QGS_s_registry::Holder::~Holder() (this=0x7ffff595a6e0 <(anonymous namespace)::Q_QGS_s_registry::innerFunction()::holder>, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:1040 #9 0x00007ffff7c87d8c in __run_exit_handlers (status=0, listp=0x7ffff7e09718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108 #10 0x00007ffff7c87eba in __GI_exit (status=<optimized out>) at exit.c:139 #11 0x00005555555883f6 in main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at perlmain.c:166
Description: Avoid crash in __run_exit_handlers by using QString instead of QStringLiteral If QStringLiteral is used then pointer to segments in the shared library libsvn_auth_kwallet-1.so.1 are passed to the KAboutData::Private object, which unfortuantely makes no deep copy. Later in the exit handler when the KAboutData object gets destroyed, that pointer are again accessed and trigger the crash. Author: Bernhard Ãbelacker <bernha...@mailbox.org> Bug-Debian: https://bugs.debian.org/945443 Bug-Kde: https://bugs.kde.org/show_bug.cgi?id=407271 Bug-Arch: https://bugs.archlinux.org/task/60005 Forwarded: no Last-Update: 2019-12-10 --- subversion-1.10.4.orig/subversion/libsvn_auth_kwallet/kwallet.cpp +++ subversion-1.10.4/subversion/libsvn_auth_kwallet/kwallet.cpp @@ -227,10 +227,10 @@ kwallet_password_get(svn_boolean_t *done KLocalizedString::setApplicationDomain("subversion"); /* translation domain */ /* componentName appears in KDE GUI prompts */ - KAboutData aboutData(QStringLiteral("subversion"), /* componentName */ + KAboutData aboutData(QString("subversion"), /* componentName */ i18n(get_application_name(parameters, pool)), /* displayName */ - QStringLiteral(SVN_VER_NUMBER)); + QString(SVN_VER_NUMBER)); KAboutData::setApplicationData(aboutData); #else KCmdLineArgs::init(q_argc, q_argv, @@ -309,10 +309,10 @@ kwallet_password_set(svn_boolean_t *done KLocalizedString::setApplicationDomain("subversion"); /* translation domain */ /* componentName appears in KDE GUI prompts */ - KAboutData aboutData(QStringLiteral("subversion"), /* componentName */ + KAboutData aboutData(QString("subversion"), /* componentName */ i18n(get_application_name(parameters, pool)), /* displayName */ - QStringLiteral(SVN_VER_NUMBER)); + QString(SVN_VER_NUMBER)); KAboutData::setApplicationData(aboutData); #else KCmdLineArgs::init(q_argc, q_argv,
# Buster/stable amd64 qemu VM 2019-12-10 apt update apt dist-upgrade apt install systemd-coredump xserver-xorg sddm plasma-desktop konsole net-tools psmisc strace mc tmux subversion rr gdb git-svn perl-debug libkf5coreaddons5-dbgsym libsvn1-dbgsym apt build-dep libsvn1 # as benutzer mkdir /home/benutzer/source/libsvn1/orig -p cd /home/benutzer/source/libsvn1/orig apt source libsvn1 cd mkdir /home/benutzer/source/libkf5coreaddons5/orig -p cd /home/benutzer/source/libkf5coreaddons5/orig apt source libkf5coreaddons5 cd reboot adduser harry # as harry: svnadmin create $HOME/my-repo sed -i 's@# password-db = passwd@password-db = passwd@g' $HOME/my-repo/conf/svnserve.conf sed -i 's@# anon-access = read@anon-access = none@g' $HOME/my-repo/conf/svnserve.conf sed -i 's@# realm = My First Repository@realm = My First Repository@g' $HOME/my-repo/conf/svnserve.conf sed -i 's@# anon-access = read@anon-access = none@g' $HOME/my-repo/conf/svnserve.conf sed -i 's@# auth-access = write@auth-access = write@g' $HOME/my-repo/conf/svnserve.conf sed -i 's/# harry = harryssecret/harry = password/g' $HOME/my-repo/conf/passwd svnserve -d -r $HOME/my-repo # as benutzer mkdir svn cd svn svn checkout svn://127.0.0.1/ test cd test echo test > test svn add test svn commit svn update cd mkdir git cd git git svn clone svn://127.0.0.1/ test journalctl --no-pager coredumpctl list coredumpctl gdb 5358 set width 0 set pagination off bt ########### benutzer@debian:~$ mkdir git benutzer@debian:~$ cd git benutzer@debian:~/git$ git svn clone svn://127.0.0.1/ test Leeres Git-Repository in /home/benutzer/git/test/.git/ initialisiert org.kde.kwindowsystem: Could not find any platform plugin A test r1 = 4d41b3d41e43f9a8eeb24c63fee97842bdc1fff4 (refs/remotes/git-svn) Checked out HEAD: svn://127.0.0.1 r1 error: git-svn died of signal 11 root@debian:~# journalctl --no-pager ... Dez 10 15:54:45 debian kernel: git-svn[5358]: segfault at 7f097ceab280 ip 00007f097cd6be64 sp 00007ffef87164c0 error 4 in libKF5CoreAddons.so.5.54.0[7f097cd61000+60000] Dez 10 15:54:45 debian kernel: Code: f8 ff 74 06 f0 83 2f 01 74 7c 48 8b 7b 08 8b 07 85 c0 0f 84 93 00 00 00 83 f8 ff 74 0a f0 83 2f 01 0f 84 1f 02 00 00 48 8b 03 <8b> 10 85 d2 74 1e 83 fa ff 74 06 f0 83 28 01 74 13 48 8b 7d 00 48 Dez 10 15:54:45 debian systemd[1]: Created slice system-systemd\x2dcoredump.slice. Dez 10 15:54:45 debian systemd[1]: Started Process Core Dump (PID 5464/UID 0). Dez 10 15:54:46 debian systemd-coredump[5465]: Process 5358 (git-svn) of user 1000 dumped core. Stack trace of thread 5358: #0 0x00007f097cd6be64 _ZN10KAboutDataD1Ev (libKF5CoreAddons.so.5) #1 0x00007f097cd6c10d n/a (libKF5CoreAddons.so.5) #2 0x00007f097f10ed8c n/a (libc.so.6) #3 0x00007f097f10eeba exit (libc.so.6) #4 0x0000556be99ec3f6 main (perl) #5 0x00007f097f0f909b __libc_start_main (libc.so.6) #6 0x0000556be99ec44a _start (perl) Dez 10 15:54:46 debian systemd[1]: systemd-coredump@0-5464-0.service: Succeeded. root@debian:~# coredumpctl list TIME PID UID GID SIG COREFILE EXE Tue 2019-12-10 15:54:46 CET 5358 1000 1000 11 present /usr/bin/perl root@debian:~# coredumpctl gdb 5358 PID: 5358 (git-svn) UID: 1000 (benutzer) GID: 1000 (benutzer) Signal: 11 (SEGV) Timestamp: Tue 2019-12-10 15:54:45 CET (5min ago) Command Line: /usr/bin/perl /usr/lib/git-core/git-svn clone svn://127.0.0.1/ test Executable: /usr/bin/perl Control Group: /user.slice/user-1000.slice/session-3.scope Unit: session-3.scope Slice: user-1000.slice Session: 3 Owner UID: 1000 (benutzer) Boot ID: df82c2bb3dac4bba8d6c97cd2317cada Machine ID: 33f18f39d2a9438eb75b0ed52848afcd Hostname: debian Storage: /var/lib/systemd/coredump/core.git-svn.1000.df82c2bb3dac4bba8d6c97cd2317cada.5358.1575989685000000.lz4 Message: Process 5358 (git-svn) of user 1000 dumped core. Stack trace of thread 5358: #0 0x00007f097cd6be64 _ZN10KAboutDataD1Ev (libKF5CoreAddons.so.5) #1 0x00007f097cd6c10d n/a (libKF5CoreAddons.so.5) #2 0x00007f097f10ed8c n/a (libc.so.6) #3 0x00007f097f10eeba exit (libc.so.6) #4 0x0000556be99ec3f6 main (perl) #5 0x00007f097f0f909b __libc_start_main (libc.so.6) #6 0x0000556be99ec44a _start (perl) ... warning: core file may not match specified executable file. [New LWP 5358] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `/usr/bin/perl /usr/lib/git-core/git-svn clone svn://127.0.0.1/ test'. Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007f097cd6be64 in KAboutData::~KAboutData() () from /lib/x86_64-linux-gnu/libKF5CoreAddons.so.5 (gdb) set width 0 (gdb) set pagination off (gdb) bt #0 0x00007f097cd6be64 in KAboutData::~KAboutData() () from /lib/x86_64-linux-gnu/libKF5CoreAddons.so.5 #1 0x00007f097cd6c10d in ?? () from /lib/x86_64-linux-gnu/libKF5CoreAddons.so.5 #2 0x00007f097f10ed8c in __run_exit_handlers (status=0, listp=0x7f097f290718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108 #3 0x00007f097f10eeba in __GI_exit (status=<optimized out>) at exit.c:139 #4 0x0000556be99ec3f6 in main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at perlmain.c:166 (gdb) bt #0 0x00007f097cd6be64 in std::__atomic_base<int>::load (__m=std::memory_order_relaxed, this=0x7f097ceab280) at /usr/include/c++/8/bits/atomic_base.h:390 #1 QAtomicOps<int>::load<int> (_q_value=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:227 #2 QBasicAtomicInteger<int>::load (this=0x7f097ceab280) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:103 #3 QtPrivate::RefCount::deref (this=0x7f097ceab280) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:66 #4 QString::~QString (this=0x556becba8760, __in_chrg=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:1130 #5 KAboutData::Private::~Private (this=0x556becba8760, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:460 #6 KAboutData::~KAboutData (this=0x556becbab3e0, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:581 #7 0x00007f097cd6c10d in KAboutDataRegistry::~KAboutDataRegistry (this=0x7f097cde26e0 <(anonymous namespace)::Q_QGS_s_registry::innerFunction()::holder>, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:1040 #8 (anonymous namespace)::Q_QGS_s_registry::Holder::~Holder (this=0x7f097cde26e0 <(anonymous namespace)::Q_QGS_s_registry::innerFunction()::holder>, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:1040 #9 0x00007f097f10ed8c in __run_exit_handlers (status=0, listp=0x7f097f290718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108 #10 0x00007f097f10eeba in __GI_exit (status=<optimized out>) at exit.c:139 #11 0x0000556be99ec3f6 in main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at perlmain.c:166 ########### export DISPLAY=:0 cd git rm test -rf gdb -q --args /usr/bin/perl /usr/lib/git-core/git-svn clone svn://127.0.0.1/ test set width 0 set pagination off directory /home/benutzer/source/libkf5coreaddons5/orig/kcoreaddons-5.54.0 b KAboutData::KAboutData y b KAboutData::~KAboutData y b KAboutData::Private::operator= y run #disable @plt info b disa 1.1 disa 1.2 disa 1.3 disa 1.8 disa 2.1 disa 2.3 ignore 1 1 ignore 2 1 cont bt cont # Without dbgsym for libsvn_subr-1.so.1 (gdb) bt #0 KAboutData::KAboutData (this=0x7fffffffd980, _componentName=..., _displayName=..., _version=...) at ./src/lib/kaboutdata.cpp:552 #1 0x00007ffff5a26168 in ?? () from /lib/x86_64-linux-gnu/libsvn_auth_kwallet-1.so.1 #2 0x00007ffff72719ff in svn_auth.simple_creds_cache_get () from /lib/x86_64-linux-gnu/libsvn_subr-1.so.1 #3 0x00007ffff5a255ca in ?? () from /lib/x86_64-linux-gnu/libsvn_auth_kwallet-1.so.1 #4 0x00007ffff7243adc in svn_auth_first_credentials () from /lib/x86_64-linux-gnu/libsvn_subr-1.so.1 #5 0x00007ffff6e89a2d in ?? () from /lib/x86_64-linux-gnu/libsvn_ra_svn-1.so.1 #6 0x00007ffff6e89b18 in ?? () from /lib/x86_64-linux-gnu/libsvn_ra_svn-1.so.1 #7 0x00007ffff176b844 in _plug_get_simple () from /usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so #8 0x00007ffff176af02 in ?? () from /usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so #9 0x00007ffff6a9313d in sasl_client_step () from /lib/x86_64-linux-gnu/libsasl2.so.2 #10 0x00007ffff6e8ab36 in svn_ra_svn.do_cyrus_auth () from /lib/x86_64-linux-gnu/libsvn_ra_svn-1.so.1 #11 0x00007ffff6e82524 in ?? () from /lib/x86_64-linux-gnu/libsvn_ra_svn-1.so.1 #12 0x00007ffff6e85186 in ?? () from /lib/x86_64-linux-gnu/libsvn_ra_svn-1.so.1 #13 0x00007ffff6e85ac2 in ?? () from /lib/x86_64-linux-gnu/libsvn_ra_svn-1.so.1 #14 0x00007ffff73de86b in svn_ra_open4 () from /lib/x86_64-linux-gnu/libsvn_ra-1.so.1 #15 0x00007ffff73db4fd in svn_ra_open3 () from /lib/x86_64-linux-gnu/libsvn_ra-1.so.1 #16 0x00007ffff73db526 in svn_ra_open2 () from /lib/x86_64-linux-gnu/libsvn_ra-1.so.1 #17 0x00007ffff73db5e6 in svn_ra_open () from /lib/x86_64-linux-gnu/libsvn_ra-1.so.1 #18 0x00007ffff64a560a in _wrap_svn_ra_open () from /usr/lib/x86_64-linux-gnu/perl5/5.28/auto/SVN/_Ra/_Ra.so #19 0x0000555555640361 in Perl_pp_entersub (my_perl=0x555555868260) at pp_hot.c:5232 #20 0x0000555555636686 in Perl_runops_standard (my_perl=0x555555868260) at run.c:42 #21 0x00005555555b202a in S_run_body (oldscope=<optimized out>, my_perl=<optimized out>) at perl.c:2689 #22 perl_run (my_perl=0x555555868260) at perl.c:2617 #23 0x0000555555588402 in main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at perlmain.c:122 benutzer@debian:~/git$ export DISPLAY=:0 benutzer@debian:~/git$ rm test -rf benutzer@debian:~/git$ gdb -q --args /usr/bin/perl /usr/lib/git-core/git-svn clone svn://127.0.0.1/ test Reading symbols from /usr/bin/perl...Reading symbols from /usr/lib/debug//usr/bin/perl...done. done. (gdb) set width 0 (gdb) set pagination off (gdb) directory /home/benutzer/source/libkf5coreaddons5/orig/kcoreaddons-5.54.0 Source directories searched: /home/benutzer/source/libkf5coreaddons5/orig/kcoreaddons-5.54.0:$cdir:$cwd (gdb) b KAboutData::KAboutData Function "KAboutData::KAboutData" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (KAboutData::KAboutData) pending. (gdb) b KAboutData::~KAboutData Function "KAboutData::~KAboutData" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 2 (KAboutData::~KAboutData) pending. (gdb) b KAboutData::Private::operator= Function "KAboutData::Private::operator=" not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 3 (KAboutData::Private::operator=) pending. (gdb) run Starting program: /usr/bin/perl /usr/lib/git-core/git-svn clone svn://127.0.0.1/ test [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [Detaching after fork from child process 612] ... [Detaching after fork from child process 655] Leeres Git-Repository in /home/benutzer/git/test/.git/ initialisiert [Detaching after fork from child process 656] ... [Detaching after fork from child process 665] Breakpoint 1, 0x00007ffff5a21270 in KAboutData::KAboutData(QString const&, QString const&, QString const&)@plt () from /lib/x86_64-linux-gnu/libsvn_auth_kwallet-1.so.1 (gdb) info b Num Type Disp Enb Address What 1 breakpoint keep y <MULTIPLE> breakpoint already hit 1 time 1.1 y 0x00007ffff58d92b0 <KAboutData::KAboutData(QString const&, QString const&, QString const&)@plt> 1.2 y 0x00007ffff58da1e0 <KAboutData::KAboutData(QString const&, QString const&, QString const&, QString const&, KAboutLicense::LicenseKey, QString const&, QString const&, QString const&, QString const&)@plt> 1.3 y 0x00007ffff58db570 <KAboutData::KAboutData(KAboutData const&)@plt> 1.4 y 0x00007ffff58e4270 in KAboutData::KAboutData(QString const&, QString const&, QString const&) at ./src/lib/kaboutdata.cpp:552 1.5 y 0x00007ffff58e4cb0 in KAboutData::KAboutData(QString const&, QString const&, QString const&, QString const&, KAboutLicense::LicenseKey, QString const&, QString const&, QString const&, QString const&) at ./src/lib/kaboutdata.cpp:496 1.6 y 0x00007ffff58e5d84 in KAboutData::KAboutData(QString const&, QString const&, QString const&, QString const&, KAboutLicense::LicenseKey, QString const&, QString const&, QString const&, QString const&)::{default arg#1}::{lambda()#1}::operator()() const at /usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:823 1.7 y 0x00007ffff58e6b00 in KAboutData::KAboutData(KAboutData const&) at ./src/lib/kaboutdata.cpp:584 1.8 y 0x00007ffff5a21270 <KAboutData::KAboutData(QString const&, QString const&, QString const&)@plt> 2 breakpoint keep y <MULTIPLE> 2.1 y 0x00007ffff58dafa0 <KAboutData::~KAboutData()@plt> 2.2 y 0x00007ffff58e3c50 in KAboutData::~KAboutData() at ./src/lib/kaboutdata.cpp:581 2.3 y 0x00007ffff5a21120 <KAboutData::~KAboutData()@plt> 3 breakpoint keep y <MULTIPLE> 3.1 y 0x00007ffff58e681c in KAboutData::Private::operator=(KAboutData::Private const&) at ./src/lib/kaboutdata.cpp:460 3.2 y 0x00007ffff58e6b3f in KAboutData::Private::operator=(KAboutData::Private const&) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qarraydata.h:255 (gdb) disa 1.1 (gdb) disa 1.2 (gdb) disa 1.3 (gdb) disa 1.8 (gdb) disa 2.1 (gdb) disa 2.3 (gdb) ignore 1 1 Will ignore next crossing of breakpoint 1. (gdb) ignore 2 1 Will ignore next crossing of breakpoint 2. (gdb) cont Continuing. Breakpoint 1, KAboutData::KAboutData (this=0x555556972700, other=...) at ./src/lib/kaboutdata.cpp:584 584 KAboutData::KAboutData(const KAboutData &other): d(new Private) (gdb) bt #0 0x00007ffff58e6b00 in KAboutData::KAboutData(KAboutData const&) (this=0x555556972700, other=...) at ./src/lib/kaboutdata.cpp:584 #1 0x00007ffff58e7d88 in KAboutData::setApplicationData(KAboutData const&) (aboutData=...) at ./src/lib/kaboutdata.cpp:1105 #2 0x00007ffff5a221db in kwallet_password_get(svn_boolean_t*, char const**, apr_hash_t*, char const*, char const*, apr_hash_t*, svn_boolean_t, apr_pool_t*) (done=done@entry=0x7fffffffda4c, password=password@entry=0x7fffffffda50, creds=<optimized out>, realmstring=realmstring@entry=0x7ffff1763b30 "<svn://127.0.0.1:3690> My First Repository", username=username@entry=0x7ffff1755240 "harry", parameters=parameters@entry=0x7ffff1763bc8, non_interactive=0, pool=0x7ffff77cd028) at ./subversion/libsvn_auth_kwallet/kwallet.cpp:234 #3 0x00007ffff72729ff in svn_auth__simple_creds_cache_get (credentials=0x7fffffffdb18, iter_baton=0x7fffffffdb20, provider_baton=<optimized out>, parameters=0x7ffff1763bc8, realmstring=0x7ffff1763b30 "<svn://127.0.0.1:3690> My First Repository", password_get=password_get@entry=0x7ffff5a22040 <kwallet_password_get(svn_boolean_t*, char const**, apr_hash_t*, char const*, char const*, apr_hash_t*, svn_boolean_t, apr_pool_t*)>, passtype=0x7ffff5a23000 "kwallet", pool=0x7ffff77cd028) at ./subversion/libsvn_subr/simple_providers.c:243 #4 0x00007ffff5a215ca in kwallet_simple_first_creds(void**, void**, void*, apr_hash_t*, char const*, apr_pool_t*) (credentials=<optimized out>, iter_baton=<optimized out>, provider_baton=<optimized out>, parameters=<optimized out>, realmstring=<optimized out>, pool=<optimized out>) at ./subversion/libsvn_auth_kwallet/kwallet.cpp:360 #5 0x00007ffff7244adc in svn_auth_first_credentials (credentials=credentials@entry=0x7fffffffdb70, state=state@entry=0x7fffffffdd98, cred_kind=cred_kind@entry=0x7ffff6e91f15 "svn.simple", realmstring=0x7ffff1763b30 "<svn://127.0.0.1:3690> My First Repository", auth_baton=0x7ffff62570c8, pool=0x7ffff1768028) at ./subversion/libsvn_subr/auth.c:290 #6 0x00007ffff6e85a2d in get_credentials (baton=baton@entry=0x7fffffffdd90) at ./subversion/libsvn_ra_svn/cyrus_auth.c:327 #7 0x00007ffff6e85b18 in get_username_cb (b=0x7fffffffdd90, id=<optimized out>, username=0x7fffffffdc28, len=0x0) at ./subversion/libsvn_ra_svn/cyrus_auth.c:360 #8 0x00007ffff176c844 in _plug_get_simple () at /usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so #9 0x00007ffff176bf02 in () at /usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so #10 0x00007ffff6a8f13d in sasl_client_step () at /lib/x86_64-linux-gnu/libsasl2.so.2 #11 0x00007ffff6e90685 in svn_sasl__client_step (conn=<optimized out>, serverin=<optimized out>, serverinlen=<optimized out>, prompt_need=<optimized out>, clientout=<optimized out>, clientoutlen=<optimized out>) at ./subversion/libsvn_ra_svn/wrapped_sasl.c:120 #12 0x00007ffff6e86b36 in try_auth (sess=0x7ffff1768168, pool=0x7ffff1756028, mechstring=<optimized out>, last_err=<synthetic pointer>, success=<synthetic pointer>, sasl_ctx=0x55555696d6e0) at ./subversion/libsvn_ra_svn/cyrus_auth.c:534 #13 0x00007ffff6e86b36 in svn_ra_svn__do_cyrus_auth (sess=sess@entry=0x7ffff1768168, mechlist=0x7ffff1763a68, realm=0x7ffff1763a48 "My First Repository", pool=pool@entry=0x7ffff1768028) at ./subversion/libsvn_ra_svn/cyrus_auth.c:913 #14 0x00007ffff6e7e524 in handle_auth_request (sess=sess@entry=0x7ffff1768168, pool=pool@entry=0x7ffff1768028) at ./subversion/libsvn_ra_svn/client.c:252 #15 0x00007ffff6e81186 in open_session (sess_p=sess_p@entry=0x7fffffffdf88, url=url@entry=0x555556935a10 "svn://127.0.0.1", uri=uri@entry=0x7fffffffdf90, tunnel_name=tunnel_name@entry=0x0, tunnel_argv=tunnel_argv@entry=0x0, config=config@entry=0x7ffff625c0f0, callbacks=0x7ffff625c230, callbacks_baton=0x5555564c0248, auth_baton=0x7ffff62570c8, result_pool=0x7ffff1768028, scratch_pool=0x7ffff624f028) at ./subversion/libsvn_ra_svn/client.c:762 #16 0x00007ffff6e81ac2 in ra_svn_open (session=0x7ffff6257210, corrected_url=<optimized out>, url=<optimized out>, callbacks=0x7ffff625c230, callback_baton=0x5555564c0248, auth_baton=0x7ffff62570c8, config=0x7ffff625c0f0, result_pool=0x7ffff6257028, scratch_pool=0x7ffff624f028) at ./subversion/libsvn_ra_svn/client.c:900 #17 0x00007ffff73df86b in svn_ra_open4 (session_p=session_p@entry=0x7fffffffe220, corrected_url_p=corrected_url_p@entry=0x0, repos_URL=repos_URL@entry=0x555556935a10 "svn://127.0.0.1", uuid=uuid@entry=0x0, callbacks=0x7ffff625c230, callback_baton=callback_baton@entry=0x5555564c0248, config=0x7ffff625c0f0, pool=0x7ffff625c028) at ./subversion/libsvn_ra/ra_loader.c:384 #18 0x00007ffff73dc4fd in svn_ra_open3 (session_p=session_p@entry=0x7fffffffe220, repos_URL=repos_URL@entry=0x555556935a10 "svn://127.0.0.1", uuid=uuid@entry=0x0, callbacks=<optimized out>, callback_baton=callback_baton@entry=0x5555564c0248, config=config@entry=0x7ffff625c0f0, pool=0x7ffff625c028) at ./subversion/libsvn_ra/deprecated.c:162 #19 0x00007ffff73dc526 in svn_ra_open2 (session_p=session_p@entry=0x7fffffffe220, repos_URL=repos_URL@entry=0x555556935a10 "svn://127.0.0.1", callbacks=<optimized out>, callback_baton=callback_baton@entry=0x5555564c0248, config=config@entry=0x7ffff625c0f0, pool=pool@entry=0x7ffff625c028) at ./subversion/libsvn_ra/deprecated.c:173 #20 0x00007ffff73dc5e6 in svn_ra_open (session_p=0x7fffffffe220, repos_URL=0x555556935a10 "svn://127.0.0.1", callbacks=0x7ffff625c0a0, callback_baton=0x5555564c0248, config=0x7ffff625c0f0, pool=0x7ffff625c028) at ./subversion/libsvn_ra/deprecated.c:196 #21 0x00007ffff64a160a in _wrap_svn_ra_open () at /usr/lib/x86_64-linux-gnu/perl5/5.28/auto/SVN/_Ra/_Ra.so #22 0x0000555555640361 in Perl_pp_entersub (my_perl=0x555555868260) at pp_hot.c:5232 #23 0x0000555555636686 in Perl_runops_standard (my_perl=0x555555868260) at run.c:42 #24 0x00005555555b202a in S_run_body (oldscope=<optimized out>, my_perl=<optimized out>) at perl.c:2689 #25 0x00005555555b202a in perl_run (my_perl=0x555555868260) at perl.c:2617 #26 0x0000555555588402 in main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at perlmain.c:122 (gdb) cont Continuing. Breakpoint 3, 0x00007ffff58e6b3f in KAboutData::Private::operator= (this=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qarraydata.h:255 255 static QTypedArrayData *sharedNull() Q_DECL_NOTHROW (gdb) up #1 KAboutData::KAboutData (this=0x555556972700, other=...) at ./src/lib/kaboutdata.cpp:586 586 *d = *other.d; (gdb) next 586 *d = *other.d; (gdb) 587 QList<KAboutLicense>::iterator it = d->_licenseList.begin(), itEnd = d->_licenseList.end(); (gdb) print d->_componentName.d $1 = (QString::Data *) 0x7ffff5a23280 <kwallet_password_get(int*, char const**, apr_hash_t*, char const*, char const*, apr_hash_t*, int, apr_pool_t*)::{lambda()#1}::operator()() const::qstring_literal> (gdb) info share From To Syms Read Shared Object Library ... 0x00007ffff5a30f50 0x00007ffff5a6370e Yes (*) /lib/x86_64-linux-gnu/libblkid.so.1 0x00007ffff5a212f0 0x00007ffff5a22858 Yes /lib/x86_64-linux-gnu/libsvn_auth_kwallet-1.so.1 <<<<<<<< 0x00007ffff59dad50 0x00007ffff5a06941 Yes (*) /lib/x86_64-linux-gnu/libdbus-1.so.3 0x00007ffff59b28f0 0x00007ffff59c368a Yes (*) /lib/x86_64-linux-gnu/libKF5Wallet.so.5 0x00007ffff5963ed0 0x00007ffff59977d5 Yes (*) /lib/x86_64-linux-gnu/libKF5I18n.so.5 0x00007ffff58dbdc0 0x00007ffff5938714 Yes /lib/x86_64-linux-gnu/libKF5CoreAddons.so.5 ... (*): Shared library is missing debugging information. (gdb) cont Continuing. [New Thread 0x7ffff165b700 (LWP 668)] org.kde.kwindowsystem: Could not find any platform plugin [Detaching after fork from child process 669] ... [Detaching after fork from child process 706] A test [Detaching after fork from child process 708] ... [Detaching after fork from child process 723] r1 = 4d41b3d41e43f9a8eeb24c63fee97842bdc1fff4 (refs/remotes/git-svn) [Detaching after fork from child process 724] ... [Detaching after fork from child process 749] Checked out HEAD: svn://127.0.0.1 r1 [Detaching after fork from child process 750] [Thread 0x7ffff165b700 (LWP 668) exited] warning: Temporarily disabling breakpoints for unloaded shared library "/lib/x86_64-linux-gnu/libsvn_auth_kwallet-1.so.1" Thread 1 "perl" hit Breakpoint 2, KAboutData::~KAboutData (this=0x555556972700, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:581 581 delete d; (gdb) bt #0 0x00007ffff58e3c50 in KAboutData::~KAboutData() (this=0x555556972700, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:581 #1 0x00007ffff58e410d in KAboutDataRegistry::~KAboutDataRegistry() (this=0x7ffff595a6e0 <(anonymous namespace)::Q_QGS_s_registry::innerFunction()::holder>, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:1040 #2 0x00007ffff58e410d in (anonymous namespace)::Q_QGS_s_registry::Holder::~Holder() (this=0x7ffff595a6e0 <(anonymous namespace)::Q_QGS_s_registry::innerFunction()::holder>, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:1040 #3 0x00007ffff7c87d8c in __run_exit_handlers (status=0, listp=0x7ffff7e09718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108 #4 0x00007ffff7c87eba in __GI_exit (status=<optimized out>) at exit.c:139 #5 0x00005555555883f6 in main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at perlmain.c:166 (gdb) print d->_componentName.d $2 = (QString::Data *) 0x7ffff5a23280 (gdb) info share From To Syms Read Shared Object Library ... 0x00007ffff5a30f50 0x00007ffff5a6370e Yes (*) /lib/x86_64-linux-gnu/libblkid.so.1 0x00007ffff58dbdc0 0x00007ffff5938714 Yes /lib/x86_64-linux-gnu/libKF5CoreAddons.so.5 ... <<<<<<<<< no more libsvn_auth_kwallet-1.so.1 (*): Shared library is missing debugging information. (gdb) cont Continuing. Thread 1 "perl" received signal SIGSEGV, Segmentation fault. 0x00007ffff58e3e64 in std::__atomic_base<int>::load (__m=std::memory_order_relaxed, this=0x7ffff5a23280) at /usr/include/c++/8/bits/atomic_base.h:390 warning: Source file is more recent than executable. 390 load(memory_order __m = memory_order_seq_cst) const noexcept (gdb) bt #0 0x00007ffff58e3e64 in std::__atomic_base<int>::load(std::memory_order) const (__m=std::memory_order_relaxed, this=0x7ffff5a23280) at /usr/include/c++/8/bits/atomic_base.h:390 #1 0x00007ffff58e3e64 in QAtomicOps<int>::load<int>(std::atomic<int> const&) (_q_value=...) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qatomic_cxx11.h:227 #2 0x00007ffff58e3e64 in QBasicAtomicInteger<int>::load() const (this=0x7ffff5a23280) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qbasicatomic.h:103 #3 0x00007ffff58e3e64 in QtPrivate::RefCount::deref() (this=0x7ffff5a23280) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qrefcount.h:66 #4 0x00007ffff58e3e64 in QString::~QString() (this=0x5555569742d0, __in_chrg=<optimized out>) at /usr/include/x86_64-linux-gnu/qt5/QtCore/qstring.h:1130 #5 0x00007ffff58e3e64 in KAboutData::Private::~Private() (this=0x5555569742d0, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:460 #6 0x00007ffff58e3e64 in KAboutData::~KAboutData() (this=0x555556972700, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:581 #7 0x00007ffff58e410d in KAboutDataRegistry::~KAboutDataRegistry() (this=0x7ffff595a6e0 <(anonymous namespace)::Q_QGS_s_registry::innerFunction()::holder>, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:1040 #8 0x00007ffff58e410d in (anonymous namespace)::Q_QGS_s_registry::Holder::~Holder() (this=0x7ffff595a6e0 <(anonymous namespace)::Q_QGS_s_registry::innerFunction()::holder>, __in_chrg=<optimized out>) at ./src/lib/kaboutdata.cpp:1040 #9 0x00007ffff7c87d8c in __run_exit_handlers (status=0, listp=0x7ffff7e09718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:108 #10 0x00007ffff7c87eba in __GI_exit (status=<optimized out>) at exit.c:139 #11 0x00005555555883f6 in main (argc=<optimized out>, argv=<optimized out>, env=<optimized out>) at perlmain.c:166 (gdb) kill Kill the program being debugged? (y or n) y [Inferior 1 (process 607) killed] (gdb) q ############ cd /home/benutzer/source/libsvn1 cp orig try2 -a cd try2/subversion-1.10.4 945443_Avoid-crash-in-__run_exit_handlers-by-using-QString-instead-of-QStringLiteral.patch Description: Avoid crash in __run_exit_handlers by using QString instead of QStringLiteral If QStringLiteral is used then pointer to segments in the shared library libsvn_auth_kwallet-1.so.1 are passed to the KAboutData::Private object, which unfortuantely makes no deep copy. Later in the exit handler when the KAboutData object gets destroyed, that pointer are again accessed and trigger the crash. Author: Bernhard Übelacker <bernha...@mailbox.org> Bug-Debian: https://bugs.debian.org/945443 Bug-Kde: https://bugs.kde.org/show_bug.cgi?id=407271 Bug-Arch: https://bugs.archlinux.org/task/60005 Forwarded: no Last-Update: 2019-12-10 # dpkg-buildpackage DEB_BUILD_OPTIONS='nocheck' dpkg-buildpackage dpkg -i /home/benutzer/source/libsvn1/try1/{subversion,libsvn1-dbgsym,libsvn1,libsvn-perl}_1.10.4-1+deb10u1_amd64.deb ########### https://bugs.archlinux.org/task/60005 https://bugs.kde.org/show_bug.cgi?id=407271 https://sources.debian.org/src/subversion/1.13.0-1/subversion/libsvn_auth_kwallet/kwallet.cpp/#L230 https://sources.debian.org/src/subversion/1.13.0-1/subversion/libsvn_auth_kwallet/kwallet.cpp/#L312 https://sources.debian.org/src/kcoreaddons/5.54.0-1/src/lib/kaboutdata.cpp/#L598 https://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_auth_kwallet/kwallet.cpp?view=markup#l230 https://svn.apache.org/viewvc/subversion/trunk/subversion/libsvn_auth_kwallet/kwallet.cpp?view=markup#l312 https://cgit.kde.org/kcoreaddons.git/tree/src/lib/kaboutdata.cpp#n600