Bug 310214 – Deleting 2 lsigned keys at same time segfaults seahorse

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 310214 - Deleting 2 lsigned keys at same time segfaults seahorse


Summary:	Deleting 2 lsigned keys at same time segfaults seahorse


Status:	RESOLVED FIXED

Product:	seahorse
Classification:	Applications
Component:	general
Version:	0.7.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	Seahorse Maintainer
QA Contact:	Seahorse Maintainer

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2005-07-13 12:29 UTC by Dick Gevers
Modified:	2005-07-18 13:37 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
Extra pointer validation patch (2.21 KB, patch) 2005-07-17 06:13 UTC, Flavio daCosta	committed	Details \| Review

Description Dick Gevers 2005-07-13 12:29:09 UTC

Version details: From 0.7.8-1mdk rpm
Distribution/Version: Mandriva Cooker 2006.0

I have been able to reproduce this twice: keys that were previously lsigned and
now either expired or revoked, when next to each other (above and below) in the
Seahorse gui, selecting both, rightclicking and pressing "Delete" gave a segfault:

quote
** (seahorse:13019): CRITICAL **: file seahorse-key-op.c: line 360
(sign_transit): should not be reached

** (seahorse:13019): CRITICAL **: edit_key: assertion `GPG_IS_OK (err)' failed

** (seahorse:13019): CRITICAL **: file seahorse-key-op.c: line 360
(sign_transit): should not be reached

** (seahorse:13019): CRITICAL **: edit_key: assertion `GPG_IS_OK (err)' failed

[1]+  Segmentation fault      seahorse
unquote

Comment 1 Adam Schreiber 2005-07-14 13:56:36 UTC

Jim and I confirmed a similar bug last night where deleting any single public
key crashed seahorse.  Looking at the stack trace I would suppose the single key
bug is due to a bad pointer access.

Comment 2 Jim Pharis 2005-07-16 17:04:07 UTC

Flav found that the crash seems to go away on a 1 key delete by putting a
conditional if skrow != NULL just before seahorse_key_row_remove_all (skrow) the
single key delete won't crash. 

seahorse_key_store_key_added (SeahorseKeySource ...
...
if (skrow != NULL)
  seahorse_key_row_remove_all (skrow)

I'm wondering if the option to delete multiple keys at once should just be
disabled all together. In practice, I would think that bulk deleting of keys is
a pretty rare case.

Just a thought.

Comment 3 Flavio daCosta 2005-07-17 06:13:19 UTC

Created attachment 49313 [details] [review]
Extra pointer validation patch

Patches:
libseahorse/seahorse-key-store.c
libseahorse/seahorse-multi-source.c

Comment 4 Flavio daCosta 2005-07-17 06:15:13 UTC

Oops, put the patch above the post.

Looks like there were some null pointers being passed around.  I also noticed a
seg fault when using the druid to create a new key, right at the end.  I added
some extra checks for null pointers in a few functions and both issues appear to
be working correctly now.

**Note: anonycvs.gnome.org has version seahorse-key-store.c 1.17 which is
missing the 'if (skrow)' and therefore is in this patch as well...

Comment 5 Adam Schreiber 2005-07-17 17:44:17 UTC

Committed to both HEAD and seahorse-0-8

Comment 6 Stef Walter 2005-07-18 13:37:51 UTC

Wonderful. Good work.