Segmentation fault when deleting entry with TOTP Seed

[louib]

Expected Behavior

No seg fault, entry is deleted as expected.

Current Behavior

seg fault.

Steps to Reproduce (for bugs)

1. Create an entry with a TOTP Seed
2. Save database
3. Delete the entry (will send to the recycle bin by default)
4. Save database
5. Right click the recycle bin and click Empty recycle bin
6. Seg fault

Debug Info

KeePassXC - Version 2.2.4
Revision: 6476b6b

Libraries:

• Qt 5.5.1
• libgcrypt 1.6.5

Operating system: Ubuntu 16.04.3 LTS
CPU architecture: x86_64
Kernel: linux 4.10.0-42-generic

Enabled extensions:

• Auto-Type

@TheZ3ro I believe it might have to do with the new details view, which I guess has a recurring job to update the totp code. Is it possible that the totp refreshing job wakes up to a deleted entry?

[TheZ3ro]

Yes, probably. It's because of that.
I will look into it asap

[adolfogc]

Is it possible that the totp refreshing job wakes up to a deleted entry?

It seems like this is the case, a stray pointer. Here is a stack trace:

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       EXC_I386_GPFLT
Exception Note:        EXC_CORPSE_NOTIFY

Termination Signal:    Segmentation fault: 11
Termination Reason:    Namespace SIGNAL, Code 0xb
Terminating Process:   exc handler [0]

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   org.qt-project.QtCore         	0x0000000111138c43 operator<(QString const&, QString const&) + 3
1   org.keepassx.keepassxc        	0x000000010fdf1bdd bool qMapLessThanKey<QString>(QString const&, QString const&) + 29
2   org.keepassx.keepassxc        	0x000000010fdf1b7f QMapNode<QString, QString>::lowerBound(QString const&) + 63
3   org.keepassx.keepassxc        	0x000000010fdf1ae5 QMapData<QString, QString>::findNode(QString const&) const + 53
4   org.keepassx.keepassxc        	0x000000010fdefc70 QMap<QString, QString>::contains(QString const&) const + 32
5   org.keepassx.keepassxc        	0x000000010fdefc3c EntryAttributes::hasKey(QString const&) const + 44
6   org.keepassx.keepassxc        	0x000000010fde4cc7 Entry::hasTotp() const + 71
7   org.keepassx.keepassxc        	0x000000010fde4dd7 Entry::totp() const + 39
8   org.keepassx.keepassxc        	0x000000010fe8dad6 DetailsWidget::updateTotp() + 54
9   org.keepassx.keepassxc        	0x000000010ff333e8 0x10fdcd000 + 1467368
10  org.qt-project.QtCore         	0x00000001112b2d3b QMetaObject::activate(QObject*, int, int, void**) + 2923
11  org.qt-project.QtCore         	0x00000001112ba692 QTimer::timerEvent(QTimerEvent*) + 98
12  org.qt-project.QtCore         	0x00000001112ab166 QObject::event(QEvent*) + 102
13  org.qt-project.QtWidgets      	0x000000011050a3bd QApplicationPrivate::notify_helper(QObject*, QEvent*) + 269
14  org.qt-project.QtWidgets      	0x000000011050b75a QApplication::notify(QObject*, QEvent*) + 362
15  org.qt-project.QtCore         	0x00000001112821f8 QCoreApplication::notifyInternal2(QObject*, QEvent*) + 168
16  org.qt-project.QtCore         	0x00000001112d86aa QTimerInfoList::activateTimers() + 874
17  libqcocoa.dylib               	0x00000001141b0132 0x114187000 + 168242
18  com.apple.CoreFoundation      	0x00007fff41d395a1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
19  com.apple.CoreFoundation      	0x00007fff41df335c __CFRunLoopDoSource0 + 108
20  com.apple.CoreFoundation      	0x00007fff41d1c040 __CFRunLoopDoSources0 + 208
21  com.apple.CoreFoundation      	0x00007fff41d1b4bd __CFRunLoopRun + 1293
22  com.apple.CoreFoundation      	0x00007fff41d1ad23 CFRunLoopRunSpecific + 483
23  com.apple.HIToolbox           	0x00007fff41032e26 RunCurrentEventLoopInMode + 286
24  com.apple.HIToolbox           	0x00007fff41032b96 ReceiveNextEventCommon + 613
25  com.apple.HIToolbox           	0x00007fff41032914 _BlockUntilNextEventMatchingListInModeWithFilter + 64
26  com.apple.AppKit              	0x00007fff3f2fdf5f _DPSNextEvent + 2085
27  com.apple.AppKit              	0x00007fff3fa93b4c -[NSApplication(NSEvent) _nextEventMatchingEventMask:untilDate:inMode:dequeue:] + 3044
28  com.apple.AppKit              	0x00007fff3f2f2d6d -[NSApplication run] + 764
29  libqcocoa.dylib               	0x00000001141b0dfd 0x114187000 + 171517
30  org.qt-project.QtCore         	0x000000011127ddae QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 398
31  org.qt-project.QtCore         	0x00000001112828f1 QCoreApplication::exec() + 369
32  org.keepassx.keepassxc        	0x000000010fdd4376 main + 5878
33  libdyld.dylib                 	0x00007fff6961e115 start + 1

[TheZ3ro]

Can you guys test if this PR fixes this problem? #1338

[adolfogc]

I tested PR #1338, but the problem persists. Would emitting a signal when the recycle bin is about to be emptied and when it has been emptied work to prevent this? The signal would be used in DetailsWidget to toggle a flag. One issue I see with this is the order in which the slots would be handled, as updateTotp/0 depends on a timeout. What do you guys think about this?

[phoerious]

I can reproduce the crash and will prepare a fix.