Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate segfault in libQt5Widgets.so on Debian buster #628

Closed
emkll opened this issue Nov 22, 2019 · 5 comments · Fixed by #630
Closed

Investigate segfault in libQt5Widgets.so on Debian buster #628

emkll opened this issue Nov 22, 2019 · 5 comments · Fixed by #630
Labels
bug Something isn't working

Comments

@emkll
Copy link
Contributor

emkll commented Nov 22, 2019

While working on freedomofpress/securedrop-workstation#345, ran into an issue while running the client in a Buster-based sd-svs vm:
When clicking on a source, the UI crashes. The client logs contain the following error:

2019-11-22 16:44:57,402 - root:181(start_app) INFO: Starting SecureDrop Client 0.0.10
2019-11-22 16:45:03,242 - root:53(excepthook) ERROR: Unrecoverable error
Traceback (most recent call last):
  File "/opt/venvs/securedrop-client/lib/python3.7/site-packages/securedrop_client/gui/widgets.py", line 1189, in mouseReleaseEvent
    def mouseReleaseEvent(self, event):
KeyboardInterrupt

syslog contains the following error:

Nov 22 16:34:46 localhost qubes-gui[473]: ERROR reading WM_HINTS
Nov 22 16:34:46 localhost kernel: [  355.713940] sd-client[1143]: segfault at 300070029 ip 00007384b4a844e5 sp 000079891b9893e0 error 4 in libQt5Widgets.so.5.11.3[7384b49ce000+386000]
Nov 22 16:34:46 localhost kernel: [  355.713972] grsec: Segmentation fault occurred at 0000000300070029 in /opt/venvs/securedrop-client/bin/sd-client[sd-client:1143] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/securedrop-client[securedrop-clie:1137] uid/euid:1000/1000 gid/egid:1000/1000
Nov 22 16:34:46 localhost kernel: [  355.714647] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /opt/venvs/securedrop-client/bin/sd-client[sd-client:1143] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/securedrop-client[securedrop-clie:1137] uid/euid:1000/1000 gid/egid:1000/1000
Nov 22 16:34:46 localhost qubes.StartApp+securedrop-client-dom0: Segmentation fault
Nov 22 16:34:46 localhost qubes-gui[473]: got num_mfn=0x0 for window 0x1000006 (31605x21229558)
Nov 22 16:34:46 localhost qubes-gui[473]: got num_mfn=0x0 for window 0x1000006 (31605x21229558)
Nov 22 16:34:46 localhost qubes-gui[473]: got num_mfn=0x0 for window 0x100001d (31605x21229558)
Nov 22 16:34:46 localhost qubes-gui[473]: got num_mfn=0x0 for window 0x100001d (31605x21229558)
@emkll emkll added the bug Something isn't working label Nov 22, 2019
@emkll
Copy link
Contributor Author

emkll commented Nov 25, 2019

Switched sd-svs over to PVH mode (using the qubes-provided) kernel, the segfault still occurs.

@redshiftzero
Copy link
Contributor

another difference in stretch versus buster that could be relevant here is the version of python3-pyqt5: (5.7.x series in stretch, 5.11.x series in buster)

@emkll
Copy link
Contributor Author

emkll commented Nov 25, 2019

I cannot reproduce this error in the Dev environment (also Buster), but I've managed to track down the bug and isolate it to this line:

diff --git a/securedrop_client/gui/widgets.py b/securedrop_client/gui/widgets.py
index 7ccdbe4..932f0bd 100644
--- a/securedrop_client/gui/widgets.py
+++ b/securedrop_client/gui/widgets.py
@@ -2255,7 +2255,7 @@ class ConversationView(QWidget):
             self.controller.reply_ready,
             self.controller.reply_succeeded,
             self.controller.reply_failed)
-        self.conversation_layout.addWidget(conversation_item, alignment=Qt.AlignRight)
+        # self.conversation_layout.addWidget(conversation_item, alignment=Qt.AlignRight)
 
     def add_reply_from_reply_box(self, uuid: str, content: str) -> None:
         """

@redshiftzero
Copy link
Contributor

this might be the same issue as #254 (comment)

@emkll
Copy link
Contributor Author

emkll commented Nov 25, 2019
edited
Loading

I can reliably reproduce the segfault when processing a message or reply that has a < character, when combined with html.escape : &lt;, and occurs immediately after the setText method is called from the QLabel class. Double escaping (&amp;lt; prevents the segfault)

emkll added a commit that referenced this issue Nov 25, 2019
@emkll
Explitly set TextFormat to Plaintext for SecureQLabel
ab77ac7 
Presence of a `&lt` would result in the AutoText [1] to result in improper rendering of the Label, resulting in a segmentation fault (see #628). Setting the format to plaintext not only resolves this issue but also provides defense-in-depth to ensure RichText is not displayed.

[1]: https://doc.qt.io/qt-5/qt.html#TextFormat-enum
@emkll emkll mentioned this issue Nov 25, 2019
Merged
3 tasks
sssoleileraaa pushed a commit that referenced this issue Nov 27, 2019
@emkll @sssoleileraaa
Explitly set TextFormat to Plaintext for SecureQLabel
ff394d5 
Presence of a `&lt` would result in the AutoText [1] to result in improper rendering of the Label, resulting in a segmentation fault (see #628). Setting the format to plaintext not only resolves this issue but also provides defense-in-depth to ensure RichText is not displayed.

[1]: https://doc.qt.io/qt-5/qt.html#TextFormat-enum
@sssoleileraaa sssoleileraaa mentioned this issue May 8, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix segfault and update PyQt in dev environment freedomofpress/securedrop-client
2 participants
@redshiftzero @emkll