Segmentation fault if the application is exited while the job is running

[KitsuneRal]

With Qt Keychain 0.14.3, if ReadPasswordJob is running at the moment when the application gets a quit event, the library crashes with on_password_lookup() in libsecret.cpp trying to call (in my case) q->emitFinishedWithError(QKeychain::EntryNotFound) - however, q is pointing to freed memory by then. Perhaps it's worth using QPointer for callbackArg::self and check its validity somewhere around this line.

[frankosterfeld]

The problem I see is that we can pass the QPointer to libsecret and have it manage its lifetime. Looking at the API documentation, I would think we would have to pass a GCancellable and make sure to cancel it when the job is destroyed. This might be easy to trigger by deleting a job just after start.

[frankosterfeld]

I can trigger this by e.g. adding deleteLater() in ReadJobPrivate::scheduledStart(), after triggering the async password lookup. A tried passing a GCancellable during construction and cancel it in the job's dtor, but that didn't work how I expected, the callback is still called by libsecret. Needs more investigation whether I'm holding it wrong, or libsecret not checking whether the cancellable was canceled before calling the callback.

[m-meltner]

Hello,

this bug made kmail on my desktop machine unusable as process "akonadi_imap_resource" crashed. My setup does not use gnome keyring and kwallet is disabled and I use keepassxc as libsecret backend. So I looked into this bug and created a patch which fixes it. But as I think that this patch does not fix the core problem but is rather a band-aid I think it should not be included in the master branch, so no pull request from my side. But it gives an indication what is wrong.

qtkeychain_crash_fix.tar.gz

• Michael

[clawoflight]

hi, any news on this? This completely breaks kmail, so it's not a niche bug by any means.