keepassxc
keepassxc copied to clipboard
keepassxreboot
macOS: KeePassXC 2.7.3 segfault when unlocking database with quick unlock enabled
Overview
Starting KeePasXC on an M2 MacBook Air works, it's also possible to create a database. However, loading any database after restarting KeePassXC results in a crash (segmentation fault), even for databases that work with KeePassXC on Intel (same OS version, same KeePassXC version).
Steps to Reproduce
- Open KeePassXC 2.7.3
- Create a new database (use default values, enter a password).
- Save the database.
- Quit KeePassXC.
- Open KeePassXC.
- Open the newly created database.
Expected Behavior
KeePassXC should load the Database.
Actual Behavior
KeePassXC crashes with a segfault. This only happens on the M2 machine. It works fine on an Intel machine.
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Codes: 0x0000000000000001, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process: exc handler [5183]
Please let me know if you need further debugging info. I'd need a pointer how to collect it, though.
Context
(Sorry for the German locale, I hope this is ok.)
KeePassXC - Version 2.7.3 Revision: d8483d3
Qt 5.15.6 Diagnosemodus ist deaktiviert.
Betriebssystem: macOS 12.6 CPU-Architektur: arm64 Kernel: darwin 21.6.0
Aktivierte Erweiterungen:
- Auto-Type
- Browser-Integration
- SSH-Agent
- KeeShare
- YubiKey
- Schnelle Entsperrung
Kryptographische Bibliotheken:
- Botan 2.19.2
Operating System: macOS Desktop Env: Windowing System:
Close your browser and try again.
There's no browser involved. This problem occurs when no other app other than KeePassXC is open. Opening any database crashes KeePassXC right after entering the credentials for the DB.
Are you using the M1 version of keepassxc? Sounds like you are crashing in botan because you might be using the x86 version in emulated mode. Also, what @phoerious meant to say is close your browser, reinstall keepassxc, then open keepassxc.
I've installed KeePassXC using Homebrew. I checked, it installs KeePassXC-2.7.3-arm64.dmg:
> file /Applications/KeePassXC.app/Contents/MacOS/KeePassXC
/Applications/KeePassXC.app/Contents/MacOS/KeePassXC: Mach-O 64-bit executable arm64
But to be 100% sure I deleted the Homebrew version, downloaded the M1 version from keepassxc.org, closed the browser and started KeePassXC but I keep having the same issue.
I can confirm its happening on an M1 as well. I tried the Homebrew and keepassxc.org download version - same behaviour. Segfault when attempting to open db - immediately after entering password. Changes here is that I upgraded to Ventura a few hours before.
-Air M2 -Ventura -KeePassXC-2.7.3-arm64
I can confirm when open the database, crashes -> Version 2.7.1-arm64 works!
MacBook Air M2 macOS Ventura
- KeePassXC-2.7.3-arm64 crashed
- KeePassXC-2.7.2-arm64 crashed
I can confirm when open the database, crashes -> Version 2.7.1-arm64 works!
We're using KeePassXC 2.7.3 with Intel MacBook but crash happens when openening the DB. Same as above, downgrade to 2.7.1 fix this issue.
Not happening here when using 2.7.3 ARM64 version from keepassxc.org. But, using M1 processor.
Crash confirmed for Version: 2.7.3 () Code Type: ARM-64 (Native) on Mac Studio (Apple M1 Max) 13.0 (22A380) Downgrade to 2.7.1 works fine
Looks like a string buffer problem (strlen + 4, see below)
Crash dump attached: KeePassXC-2022-10-25-091718.ips.zip
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Codes: 0x0000000000000001, 0x0000000000000000
Termination Reason: Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process: exc handler [19533]
VM Region Info: 0 is not in any region. Bytes before following region: 4305141760
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
UNUSED SPACE AT START
--->
__TEXT 1009b4000-100ecc000 [ 5216K] r-x/r-x SM=COW ...cOS/KeePassXC
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_platform.dylib 0x19984d704 _platform_strlen + 4
1 KeePassXC 0x100c0a978 0x1009b4000 + 2451832
2 KeePassXC 0x100c0a8e0 0x1009b4000 + 2451680
...
Confirming this issue.
- MacBook Pro M1 Pro
- Ventura 22A380
- KeePassXC-2.7.3-arm64
It works if I use KeePassXC-2.7.1-arm64
My Mac (Intel) has the same problem.
Process: KeePassXC [10562]
Path: /Applications/KeePassXC.app/Contents/MacOS/KeePassXC
Identifier: org.keepassxc.keepassxc
Version: 2.7.3 ()
Code Type: X86-64 (Native)
Parent Process: launchd [1]
User ID: 501
OS Version: macOS 13.0 (22A380)
.....
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Codes: 0x0000000000000001, 0x0000000000000000
Termination Reason: Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process: exc handler [10562]
VM Region Info: 0 is not in any region. Bytes before following region: 4493336576
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
UNUSED SPACE AT START
--->
__TEXT 10bd2e000-10c212000 [ 5008K] r-x/r-x SM=COW ...cOS/KeePassXC
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_platform.dylib 0x7ff816a54572 _platform_strlen + 18
1 KeePassXC 0x10bf5c85d 0x10bd2e000 + 2287709
2 KeePassXC 0x10bf5adaf 0x10bd2e000 + 2280879
3 KeePassXC 0x10bf5b337 0x10bd2e000 + 2282295
4 KeePassXC 0x10be29b01 0x10bd2e000 + 1030913
5 QtCore 0x10d81b79c 0x10d600000 + 2209692
6 QtWidgets 0x10ce0d7e1 0x10cc64000 + 1742817
7 QtCore 0x10d81b79c 0x10d600000 + 2209692
8 QtWidgets 0x10cd5f2ff 0x10cc64000 + 1028863
9 QtWidgets 0x10cd5eea4 QAbstractButton::click() + 116
When you try to unlock base (password + yubikey), the app crashes.
Same behaviour of KeePassXC after upgrade to the newest version 2.7.3 as described by @VitaliyYakob
After entering hte password and pressing the YubiKey the passwordmanager crashes.
MacBook Air (M1, 2020) Chip: Apple M1 KeePassXC: 2.7.3
I can confirm this behaviour. It crashes after typing the password and pressing enter.
- M1 Mac Mini
- Ventura
- KeePassXC 2.7.3 ARM64
Same bug here on MacOS 12.6 (Intel) with version 2.7.3. EDIT: Works with downgrade 2.7.1
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Codes: 0x0000000000000001, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process: exc handler [41557]
VM Region Info: 0 is not in any region. Bytes before following region: 4413186048
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
UNUSED SPACE AT START
--->
__TEXT 1070be000-1075a2000 [ 5008K] r-x/r-x SM=COW ...cOS/KeePassXC
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_platform.dylib 0x7ff818b966b2 _platform_strlen + 18
1 KeePassXC 0x1072ec85d 0x1070be000 + 2287709
2 KeePassXC 0x1072eadaf 0x1070be000 + 2280879
3 KeePassXC 0x1072eb337 0x1070be000 + 2282295
4 KeePassXC 0x1071b9b01 0x1070be000 + 1030913
5 QtCore 0x108c2b79c 0x108a10000 + 2209692
6 QtWidgets 0x10821d7e1 0x108074000 + 1742817
7 QtCore 0x108c2b79c 0x108a10000 + 2209692
8 QtWidgets 0x10816f2ff 0x108074000 + 1028863
9 QtWidgets 0x10816eea4 QAbstractButton::click() + 116
10 KeePassXC 0x1071e3975 0x1070be000 + 1202549
11 KeePassXC 0x1071e36fe 0x1070be000 + 1201918
12 QtWidgets 0x1080c074d QWidget::event(QEvent*) + 525
13 QtWidgets 0x108084b16 QApplicationPrivate::notify_helper(QObject*, QEvent*) + 262
14 QtWidgets 0x10808606a QApplication::notify(QObject*, QEvent*) + 938
15 QtCore 0x108bfa407 QCoreApplication::notifyInternal2(QObject*, QEvent*) + 167
16 QtWidgets 0x1080ddd0d 0x108074000 + 433421
17 QtWidgets 0x108084b16 QApplicationPrivate::notify_helper(QObject*, QEvent*) + 262
18 QtWidgets 0x108085e9d QApplication::notify(QObject*, QEvent*) + 477
19 QtCore 0x108bfa407 QCoreApplication::notifyInternal2(QObject*, QEvent*) + 167
20 QtGui 0x109035357 QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*) + 167
21 QtGui 0x10901a7fc QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 204
22 QtGui 0x109015d5b QWindowSystemInterface::flushWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 587
23 libqcocoa.dylib 0x109620430 0x1095f0000 + 197680
24 libqcocoa.dylib 0x1096205f8 0x1095f0000 + 198136
25 AppKit 0x7ff81b7f4f56 -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 7150
26 AppKit 0x7ff81b7f314e -[NSWindow(NSEventRouting) sendEvent:] + 352
27 libqcocoa.dylib 0x1096239a7 0x1095f0000 + 211367
28 AppKit 0x7ff81b7f1f78 -[NSApplication(NSEvent) sendEvent:] + 2996
29 libqcocoa.dylib 0x10962a67a 0x1095f0000 + 239226
30 AppKit 0x7ff81baaa18b -[NSApplication _handleEvent:] + 65
31 AppKit 0x7ff81b672d3e -[NSApplication run] + 623
32 libqcocoa.dylib 0x109626fe3 0x1095f0000 + 225251
33 QtCore 0x108bf69d6 QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 502
34 QtCore 0x108bfa9a2 QCoreApplication::exec() + 130
35 KeePassXC 0x1070c8d61 0x1070be000 + 44385
36 dyld 0x10ebe352e start + 462
Can one of you disable quick unlock from the security settings page and try again?
Can one of you disable quick unlock from the security settings page and try again?
I disabled quick unlock and then it opens the database without any problems.
I scoured the TouchID code (which did get modified heavily for 2.7.2) and nothing jumped out to me as causing this problem. Do you all have TouchID devices? Do you have an Apple Watch paired with the computer? I checked the code diff and the only major lines introduced are these:
// Cleanse the key information from the memory
Botan::secure_scrub_memory(key.data(), key.size());
Botan::secure_scrub_memory(iv.data(), iv.size());
But that is operating on Qt objects, not Apple-based objects.
Another change that is odd is:
CFDataRef keychainValueData =
CFDataCreateWithBytesNoCopy(kCFAllocatorDefault, reinterpret_cast<UInt8 *>(keychainKeyValue.data()),
keychainKeyValue.length(), kCFAllocatorDefault);
kCFAllocatorDefault is introduced where it used to be NULL.
@yowidin can you assist here, I think your refactor may have introduced this error.
I scoured the TouchID code (which did get modified heavily for 2.7.2) and nothing jumped out to me as causing this problem. Do you all have TouchID devices? Do you have an Apple Watch paired with the computer?
No, mine is a Mac Studio, not a mobile device.
Disabling TouchID removes the crash for 2.7.3 ! 🏆 MacBook Pro 2020 (Intel), no Apple Watch paired
I scoured the TouchID code (which did get modified heavily for 2.7.2) and nothing jumped out to me as causing this problem. Do you all have TouchID devices? Do you have an Apple Watch paired with the computer?
I only have an Apple Watch paired with my Mac Mini M1.
I do not have Apple Watch ~~but do have TouchID on the laptop but not enabled in KeepassXC~~.
I too can confirm - disabling TouchID in KeepassXC Preferences removes the segfault, I can access a db now.
(ignore earlier comment, swore I disabled it.... but I double checked...)
@droidmonkey It's been a while since I did the refactoring, so nothing obvious pops into mind. I'm using the 2.7.3 since yesterday without any issues. Until then I used a local build with the refactored code in it, also without any issues.
Just tested it by creating a new database, and locking and unlocking it without any issues.
I'm using 12.5.1, so it may be related to an OS update: looks like everyone here uses at least 12.6. I will try to update the OS and look into it.
Most probably a "use after free" somewhere in the code. Quote from the macOS release notes:
In apps built with the macOS 13 SDK or later, the system memory allocator free operation zeroes out most deallocated blocks in macOS 13 beta or later. Invalid accesses to free memory might result in new crashes or corruption, including: - Read-after-free bugs that previously observed the old contents of a block may now observe zeroes instead - Write-after-free bugs may now cause subsequent calls to calloc to return non-zero memory To debug these issues, use Address Sanitizer and Guard Malloc (see libgmalloc(3)). (97449075)
I can confirm when open the database, crashes -> Version 2.7.1-arm64 works!
MacBook Pro M1 Pro macOS Ventura
KeePassXC-2.7.3-arm64 crashes (after typing in the password to open the vault) KeePassXC-2.7.1-arm64 works
