[kmymoney] [Bug 512485] New: kmymoney crashes with sqlcipher 5.7.0+

[Boyuan Yang]

https://bugs.kde.org/show_bug.cgi?id=512485

            Bug ID: 512485
           Summary: kmymoney crashes with sqlcipher 5.7.0+
    Classification: Applications
           Product: kmymoney
      Version First 5.2.1
       Reported In:
          Platform: Debian unstable
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: database
          Assignee: kmymoney-de...@kde.org
          Reporter: 073p...@gmail.com
  Target Milestone: ---

SUMMARY

Kmymoney is not compatible with sqlcipher v5.7.0+.

Downstream bug report: https://bugs.debian.org/1120685 , but the actual useful
information is at https://bugs.debian.org/1121167 .

STEPS TO REPRODUCE
1. Build kmymoney with sqlcipher v5.7.0 or later, ideally v5.11.0.
2. Launch kmymoney.

OBSERVED RESULT

Segmentation fault


EXPECTED RESULT

The program launches successfully

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: 6.5.3
KDE Plasma Version: 6.5.3
KDE Frameworks Version: 6.20
Qt Version: 6.9.2

ADDITIONAL INFORMATION

When we look at the related source code:

https://sources.debian.org/src/kmymoney/5.2.1-1/kmymoney/kmymoney.cpp#L1045

```cpp
#ifdef ENABLE_SQLCIPHER
    /* Issues:
     * 1) libsqlite3 loads implicitly before libsqlcipher
     *  thus making the second one loaded but non-functional,
     * 2) libsqlite3 gets linked into kmymoney target implicitly
     *  and it's not possible to unload or unlink it explicitly
     *
     * Solution:
     * Use e.g. dummy sqlite3_key call, so that libsqlcipher gets loaded
implicitly before libsqlite3
     * thus making the first one functional.
     *
     * Additional info:
     * 1) loading libsqlcipher explicitly doesn't solve the issue,
     * 2) using sqlite3_key only in sqlstorage plugin doesn't solve the issue,
     * 3) in a separate, minimal test case, loading libsqlite3 explicitly
     *  with QLibrary::ExportExternalSymbolsHint makes libsqlcipher
non-functional
    */
    sqlite3_key(nullptr, nullptr, 0);
#endif
```

The `sqlite3_key(nullptr, nullptr, 0);` call is problematic as it will likely
result in an undefined behavior.

When we build the following minimal example C program:

```
-> % cat test_key_null.c
#include <stdio.h>
#include "/usr/include/sqlcipher/sqlite3.h"

//extern int sqlite3_key(sqlite3 *db, const void *pKey, int nKey);

int main(void)
{
    printf("Calling sqlite3_key(NULL, NULL, 0)...\n");

    int rc = sqlite3_key(NULL, NULL, 0);

    printf("Return code: %d\n", rc);
    return 0;
```

...and build it with the following command line:

gcc test_key_null.c -o test_key_null $(pkg-config --cflags --libs sqlcipher)
-I/usr/include -DSQLITE_HAS_CODEC

When building with sqlcipher 4.6.1:

-> % ./test_key_null
Calling sqlite3_key(NULL, NULL, 0)...
Return code: 1

When building with sqlcipher 4.11.0:

-> % ./test_key_null
Calling sqlite3_key(NULL, NULL, 0)...
[1]    2190 segmentation fault  ./test_key_null

As a result, I suggest no longer using sqlite3_key(NULL, NULL, 0) anymore.

FULL BACKTRACE

#0  sqlcipher_find_db_index (db=0x0, zDb=0x7ffff53ba14d "main") at
./sqlite3.c:111826
        db_index = <optimized out>
        pDb = <optimized out>
#1  0x00007ffff52e7c8d in sqlite3_key_v2 (db=0x0, zDb=0x7ffff53ba14d "main",
pKey=0x0, nKey=0) at ./sqlite3.c:111850
        db_index = <optimized out>
        __func__ = "sqlite3_key_v2"
#2  0x0000555555644408 in KMyMoneyApp::KMyMoneyApp (this=0x555555ae6f50,
parent=<optimized out>, __in_chrg=<optimized out>, __vtt_parm=<optimized out>)
    at ./kmymoney/kmymoney.cpp:1045
        frame = <optimized out>
        layout = <optimized out>
        viewActions = {d = 0x0}
        locale = {static DefaultTwoDigitBaseYear = 1900, d = {d = {ptr = 0x0}}}
        frame = <optimized out>
        layout = <optimized out>
        viewActions = <optimized out>
        locale = <optimized out>
        it = <optimized out>
        weekDay = <optimized out>
        __for_range = <optimized out>
        __for_begin = <optimized out>
        __for_end = <optimized out>
#3  0x0000555555618a56 in main (argc=<optimized out>, argv=<optimized out>) at
./kmymoney/main.cpp:232
        app = {<QGuiApplication> = {<QCoreApplication> = {<QObject> =
{_vptr.QObject = 0x7ffff6baaa28 <vtable for QApplication+16>, static
staticMetaObject = {d = {
                    superdata = {direct = 0x0},
                    stringdata = 0x7ffff58556d0
<_ZN7QObject32qt_staticMetaObjectStaticContentIN12_GLOBAL__N_125qt_meta_tag_ZN7QObjectE_tEEE.lto_priv.0+272>,
                    data = 0x7ffff58555c0
<_ZN7QObject32qt_staticMetaObjectStaticContentIN12_GLOBAL__N_125qt_meta_tag_ZN7QObjectE_tEEE.lto_priv.0>,
                    static_metacall = 0x7ffff55ffac0
<QObject::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>,
relatedMetaObjects = 0x0,
                    metaTypes = 0x7ffff59de9c0
<_ZN7QObject36qt_staticMetaObjectRelocatingContentIN12_GLOBAL__N_125qt_meta_tag_ZN7QObjectE_tEEE.lto_priv.0>,
                    extradata = 0x0}}, d_ptr = {d = 0x55555594b540}}, static
staticMetaObject = {d = {superdata = {direct = 0x5555558fcc20
<QObject::staticMetaObject>},
                  stringdata = 0x7ffff5854c88
<_ZN16QCoreApplication32qt_staticMetaObjectStaticContentIN12_GLOBAL__N_135qt_meta_tag_ZN16QCoreApplicationE_tEEE.lto_priv.0+392>,
data = 0x7ffff5854b00
<_ZN16QCoreApplication32qt_staticMetaObjectStaticContentIN12_GLOBAL__N_135qt_meta_tag_ZN16QCoreApplicationE_tEEE.lto_priv.0>,
                  static_metacall = 0x7ffff55addf0
<QCoreApplication::qt_static_metacall(QObject*, QMetaObject::Call, int,
void**)>, relatedMetaObjects = 0x0,
                  metaTypes = 0x7ffff59de5c0
<_ZN16QCoreApplication36qt_staticMetaObjectRelocatingContentIN12_GLOBAL__N_135qt_meta_tag_ZN16QCoreApplicationE_tEEE.lto_priv.0>,
                  extradata = 0x0}}, static self = 0x7fffffffd900}, static
staticMetaObject = {d = {superdata = {
                  direct = 0x7ffff59de640
<QCoreApplication::staticMetaObject>},
                stringdata = 0x7ffff6108e50
<_ZN15QGuiApplication32qt_staticMetaObjectStaticContentIN12_GLOBAL__N_134qt_meta_tag_ZN15QGuiApplicationE_tEEE.lto_priv.0+752>,
                data = 0x7ffff6108b60
<_ZN15QGuiApplication32qt_staticMetaObjectStaticContentIN12_GLOBAL__N_134qt_meta_tag_ZN15QGuiApplicationE_tEEE.lto_priv.0>,
                static_metacall = 0x7ffff5c014a0
<QGuiApplication::qt_static_metacall(QObject*, QMetaObject::Call, int,
void**)>, relatedMetaObjects = 0x0,
                metaTypes = 0x7ffff623c240
<_ZN15QGuiApplication36qt_staticMetaObjectRelocatingContentIN12_GLOBAL__N_134qt_meta_tag_ZN15QGuiApplicationE_tEEE.lto_priv.0>,
                extradata = 0x0}}}, static staticMetaObject = {d = {superdata =
{direct = 0x7ffff623c7e0 <QGuiApplication::staticMetaObject>},
              stringdata = 0x7ffff6a40568
<_ZN12QApplication32qt_staticMetaObjectStaticContentIN12_GLOBAL__N_131qt_meta_tag_ZN12QApplicationE_tEEE.lto_priv.0+392>,
              data = 0x7ffff6a403e0
<_ZN12QApplication32qt_staticMetaObjectStaticContentIN12_GLOBAL__N_131qt_meta_tag_ZN12QApplicationE_tEEE.lto_priv.0>,
              static_metacall = 0x7ffff65bc900
<QApplication::qt_static_metacall(QObject*, QMetaObject::Call, int, void**)>,
relatedMetaObjects = 0x0,
              metaTypes = 0x7ffff6b9a7c0
<_ZN12QApplication36qt_staticMetaObjectRelocatingContentIN12_GLOBAL__N_131qt_meta_tag_ZN12QApplicationE_tEEE.lto_priv.0>,
              extradata = 0x0}}}
        aboutData = {d = std::unique_ptr<KAboutDataPrivate> = {get() =
0x5555576de210}}
        fileUrls = {<QListSpecialMethods<QString>> =
{<QListSpecialMethodsBase<QString>> = {<No data fields>}, <No data fields>}, d
= {d = 0x0, ptr = 0x0, size = 0}}
        isNoCatchOption = false
        isNoFileOption = false
        file = <optimized out>
        fname = {d = {d = 0x555555ae6830, ptr = 0x0, size = 0}, static _empty =
0 u'\000'}
        url = {d = 0x555557653f70}
        rc = <optimized out>

-- 
You are receiving this mail because:
You are watching all bug changes.