keepassxc icon indicating copy to clipboard operation
keepassxc copied to clipboard

Published 20 hours ago verified publisher icon keepassxreboot

Crash when unlocking database with Windows Hello

Open riedel opened this issue 2 years ago • 10 comments

Overview

Null Pointer dereferencing

Steps to Reproduce

After unlocking

Expected Behavior

Actual Behavior

rcx is 0 at 00007FF795751C00

00007FF795751BD8  mov         rcx,rbx  
00007FF795751BDB  mov         rbx,qword ptr [rsp+40h]  
00007FF795751BE0  mov         rbp,qword ptr [rsp+48h]  
00007FF795751BE5  mov         rsi,qword ptr [rsp+50h]  
00007FF795751BEA  add         rsp,20h  
00007FF795751BEE  pop         r15  
00007FF795751BF0  pop         r14  
00007FF795751BF2  pop         rdi  
00007FF795751BF3  jmp         qword ptr [7FF79590AF70h]  
00007FF795751BFA  int         3  
00007FF795751BFB  int         3  
00007FF795751BFC  int         3  
00007FF795751BFD  int         3  
00007FF795751BFE  int         3  
00007FF795751BFF  int         3  
00007FF795751C00  mov         rax,qword ptr [rcx+90h]  

Stacktrace:
>	KeePassXC.exe!00007ff795751c00()	Unbekannt
 	KeePassXC.exe!00007ff79582a181()	Unbekannt
 	KeePassXC.exe!00007ff79582b494()	Unbekannt
 	Qt5Core.dll!00007ffaa64ee71d()	Unbekannt
 	Qt5Core.dll!00007ffaa648ea00()	Unbekannt
 	KeePassXC.exe!00007ff7957902c1()	Unbekannt
 	KeePassXC.exe!00007ff79578ced1()	Unbekannt
 	Qt5Core.dll!00007ffaa64ee71d()	Unbekannt
 	KeePassXC.exe!00007ff79575c8d0()	Unbekannt
 	KeePassXC.exe!00007ff7957de97d()	Unbekannt
 	Qt5Core.dll!00007ffaa64ee71d()	Unbekannt
 	Qt5Widgets.dll!00007ffaa6971514()	Unbekannt
 	Qt5Core.dll!00007ffaa64ee71d()	Unbekannt
 	Qt5Widgets.dll!00007ffaa68deb57()	Unbekannt
 	Qt5Widgets.dll!00007ffaa68de97a()	Unbekannt
 	KeePassXC.exe!00007ff79585cadc()	Unbekannt
 	KeePassXC.exe!00007ff79585cbc2()	Unbekannt
 	Qt5Widgets.dll!00007ffaa6837b3b()	Unbekannt
 	Qt5Widgets.dll!00007ffaa6814921()	Unbekannt
 	Qt5Widgets.dll!00007ffaa6812480()	Unbekannt
 	Qt5Core.dll!00007ffaa64cf2bb()	Unbekannt
 	Qt5Widgets.dll!00007ffaa685e224()	Unbekannt
 	Qt5Widgets.dll!00007ffaa6814921()	Unbekannt
 	Qt5Widgets.dll!00007ffaa68139bd()	Unbekannt
 	Qt5Core.dll!00007ffaa64cf2bb()	Unbekannt
 	Qt5Gui.dll!00007ffaa5d13bf0()	Unbekannt
 	Qt5Gui.dll!00007ffaa5cfecd0()	Unbekannt
 	Qt5Core.dll!00007ffaa65181c7()	Unbekannt
 	qwindows.dll!00007ffab7192069()	Unbekannt
 	Qt5Core.dll!00007ffaa64cb78d()	Unbekannt
 	Qt5Core.dll!00007ffaa64ce325()	Unbekannt
 	KeePassXC.exe!00007ff79572d3b7()	Unbekannt
 	KeePassXC.exe!00007ff7958ef217()	Unbekannt
 	KeePassXC.exe!00007ff7958ee3b2()	Unbekannt
 	kernel32.dll!00007ffb08727034()	Unbekannt
 	ntdll.dll!00007ffb0a3a2651()	Unbekannt

Context

KeePassXC - Version 2.7.1 Revision: 5916a8f

Qt 5.15.3 (no debug)

OS: Windows 10 Version 2009 CPU: x86_64 Kernel: winnt 10.0.19044

riedel avatar Jul 28 '22 08:07 riedel

You need to provide a stack trace using a debug build so we can do anything with this. The above is not useful to solve the problem.

Or better describe exactly what you are doing.

droidmonkey avatar Jul 28 '22 10:07 droidmonkey

I too have been getting crashes when opening databases since today. I turned off Windows Hello and it no longer crashes. When I turn on Windows Hello again, it crashes again. I think I did a Windows Update yesterday, so that might be the cause.

akiot-b avatar Jul 29 '22 09:07 akiot-b

That is tracked by #7977

droidmonkey avatar Jul 29 '22 10:07 droidmonkey

My guess is that this really could be the same thing. However, I cannot fully reproduce this. I will wait a bit with the snapshot release as suggested and close this if I cannot reproduce any time soon. My guess was dereferencing a null with such a large offset of 0x90 could be somehow tracked to a datastructure, so I reported anyways.

riedel avatar Jul 29 '22 13:07 riedel

Experiencing the same issue on 2.7.1, no stack trace available but seems to happen consistently opening any DB. Downgrading to 2.7.0 resolves the issue.

Environment

Key Value
OS Name Microsoft Windows 10 Enterprise LTSC
Version 10.0.17763 Build 17763
Processor AMD Ryzen 5 3600 6-Core Processor, 3600 Mhz, 6 Core(s), 12 Logical Processor(s)

lonelymaw avatar Jul 29 '22 19:07 lonelymaw

Does it happen after you interact with Windows Hello?

droidmonkey avatar Jul 30 '22 14:07 droidmonkey

For me it happened directly after the Windows Hello interaction (actually I forgot to "answer" it for a bit).

PS: are there any existing debug builds? I am trying to get my build up and running it seems some new dependencies arrived since I tried to build it the last time

riedel avatar Jul 30 '22 15:07 riedel

Debug builds are here: https://snapshot.keepassxc.org

You download the zip or msi and the PDB file for the debugger.

droidmonkey avatar Jul 30 '22 15:07 droidmonkey

I think I caught a different but related one with the latest snapshot: here is the trace (also directly after Windows Hello). There is no null pointer around (seems more like an unhandled exception).

Sorry for the German (I forgot to install the English language pack for VS)

KernelBase.dll!00007ffc862d4fd9()
vcruntime140.dll!00007ffc6e8e66c0()
KeePassXC.exe!winrt::throw_hresult(const winrt::hresult result) Zeile 4783
	unter C:\Program Files (x86)\Windows Kits\10\include\10.0.22000.0\cppwinrt\winrt\base.h (4783)
[Inlineframe] KeePassXC.exe!winrt::check_hresult(const winrt::hresult) Zeile 4828
	unter C:\Program Files (x86)\Windows Kits\10\include\10.0.22000.0\cppwinrt\winrt\base.h (4828)
KeePassXC.exe!winrt::impl::consume_Windows_Foundation_IAsyncOperation<winrt::Windows::Foundation::IAsyncOperation<winrt::Windows::Security::Credentials::KeyCredentialOperationResult>,winrt::Windows::Security::Credentials::KeyCredentialOperationResult>::GetResults() Zeile 118
	unter C:\Program Files (x86)\Windows Kits\10\include\10.0.22000.0\cppwinrt\winrt\windows.foundation.h (118)
KeePassXC.exe!winrt::impl::wait_get<winrt::Windows::Foundation::IAsyncOperation<winrt::Windows::Security::Credentials::KeyCredentialOperationResult>>(const winrt::Windows::Foundation::IAsyncOperation<winrt::Windows::Security::Credentials::KeyCredentialOperationResult> & async) Zeile 3162
	unter C:\Program Files (x86)\Windows Kits\10\include\10.0.22000.0\cppwinrt\winrt\windows.foundation.h (3162)
KeePassXC.exe!winrt::impl::consume_Windows_Foundation_IAsyncOperation<winrt::Windows::Foundation::IAsyncOperation<winrt::Windows::Security::Credentials::KeyCredentialOperationResult>,winrt::Windows::Security::Credentials::KeyCredentialOperationResult>::get() Zeile 3258
	unter C:\Program Files (x86)\Windows Kits\10\include\10.0.22000.0\cppwinrt\winrt\windows.foundation.h (3258)
KeePassXC.exe!`anonymous-namespace'::deriveEncryptionKey::__l2::<Lambdafunktion>() Zeile 74
	unter C:\BuildAgent\work\c401303cba1b4098\src\winhello\WindowsHello.cpp (74)
KeePassXC.exe!QtConcurrent::StoredFunctorCall0<bool,bool <Lambdafunktion>(void)>::runFunctor() Zeile 60
	unter C:\vcpkg\installed\x64-windows\include\qt5\QtConcurrent\qtconcurrentstoredfunctioncall.h (60)
KeePassXC.exe!QtConcurrent::RunFunctionTask<bool>::run() Zeile 117
	unter C:\vcpkg\installed\x64-windows\include\qt5\QtConcurrent\qtconcurrentrunbase.h (117)
[Externer Code]

riedel avatar Jul 31 '22 07:07 riedel

Ok so you have the same crash as the other issue for windows hello. I need to handle the exception around that call then.

droidmonkey avatar Jul 31 '22 10:07 droidmonkey