Ubuntu
keepassx package

Keepassx crashes on save when password entry changes

Bug #311359 reported by invisible
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
KeePassX
Unknown
Unknown
keepassx (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: keepassx

I can't reproduce it reliably, but it happens often: when i save my keepass database, keepassx will crash. It always happens immediately upon pushing the "save" button, but the save appears to complete successfully (my changes are present when I re-open the file).

I am running it on kubuntu 8.10 x86_64 on a quad-core intel machine, using keepassx 0.3.3-1

Running from the command line produces the following error message
*** glibc detected *** keepassx: double free or corruption (!prev): 0x0000000002e4ea00 ***

Backtrace and memory dump are attached

Related branches

lp:~debfx/keepassx/fix-lp311359
Reinhard Tartler: Pending requested
Diff: None lines
Revision history for this message
invisible (justreporting) wrote :
Revision history for this message
Felix Geyer (debfx) wrote :

Please install the keepassx-dbgsym package: https://wiki.ubuntu.com/DebuggingProgramCrash
and post another backtrace of the crash.

Revision history for this message
attikon (attikon) wrote :

Confirmed on Ubuntu Interpid 8.10 x86 as well.
It happens randomly but at least any changes are saved.

Revision history for this message
Graham Poulter (grahampo) wrote :

Confirmed on Ubuntu Intrepid 8.10 x86_64 as well.

This happens when clicking save or pressing Ctrl+S. The "double free or corruption" always happens if the database is already "saved" when pressing the shortcut. Sometimes it also happens even when there are changes still to save.

The crash started appearing one day after heavily editing the keepass file with Windows keepass. I normally edit a bit at a time with windows, linux, windows, linux (passing it between on flash drive), but this time I added dozens of entries in windows. The save crash may therefore be related to a rare quirk in keepass files.

Revision history for this message
Graham Poulter (grahampo) wrote :

Indeed, the crash does not happen if you create a new keepassx file and try to save.

It only happens with certain files, in my case after heavily editing the file under windows keepass.

Revision history for this message
Graham Poulter (grahampo) wrote :

I found a work-around: export the crashing file to "KeePassX XML File", then re-import as a new database. The new database does not crash keepassx on save.

Mysteriously, the old database file *also* no longer crashes on save.

$ apt-cache policy keepassx
keepassx:
  Installed: 0.3.3-1
  Candidate: 0.3.3-1
  Version table:
 *** 0.3.3-1 0
        500 http://mirror.is.co.za intrepid/universe Packages
        100 /var/lib/dpkg/status

Revision history for this message
Felix Geyer (debfx) wrote :

Is there any chance that you can reproduce this with a new database that doesn't contain any sensitive information?
How often did KeePassX crash when saving the database?

Revision history for this message
Felix Geyer (debfx) wrote :

I tracked down the problem. It affects all KeePassX versions.

Patch for 0.3.* is available:
http://keepassx.svn.sourceforge.net/viewvc/keepassx/trunk/src/Kdb3Database.cpp?view=patch&r1=281&r2=280&pathrev=281

Revision history for this message
Graham Poulter (grahampo) wrote :

Thank you Felix. I hadn't actually tried to create another crashing file (no idea how to reproduce the quirk), but thank you for tracking it down. I suppose I could have installed debugsyms like you recommended to invisible, but I see even that doesn't give you the line number. Would probably have needed to compile from source and run through gdb - is that what you did?

Revision history for this message
Felix Geyer (debfx) wrote :

I noticed it's not enough to install the dbgsym package.
You have to follow https://wiki.ubuntu.com/Backtrace to get a useful backtrace.

Felix Geyer (debfx)
Changed in keepassx (Ubuntu):
status: New → Confirmed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package keepassx - 0.4.0-1

---------------
keepassx (0.4.0-1) unstable; urgency=low

  * New upstream release. (Closes: #522488)
  * adapt debian/watch file to new upstream naming style.

keepassx (0.3.4-2) unstable; urgency=low

  [ Felix Geyer ]
  * introduce quilt
  * Bug fix: "Keepassx crashes on save when password entry changes".
    LP: #311359
    - add debian/patches/svn281_fix_buffer_too_small.patch
    - build-depend on quilt

  [ Reinhard Tartler ]
  * target unstable
  * convert all format patches to quilt
  * add a README.source file documenting quilt usage
  * bump Standards-Version to 3.8.0

 -- Ubuntu Archive Auto-Sync <email address hidden> Wed, 29 Apr 2009 00:15:51 +0100

Changed in keepassx (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Bruce Wagner (bruce-brucewagner) wrote :

I have version 0.4.3 for Linux Mint 12.....

And I still have this exact same bug.... based on the exact symptoms described in the OP.

Revision history for this message
David Greenbaum (zymurgeek) wrote :
Download full text (8.6 KiB)

I've seen this behavior in KeepassX 0.4.3 on Ubuntu 10.04 starting earlier this year. It's 100% reproducible and happens only on save. The crash message is:

*** glibc detected *** keepassx: free(): invalid next size (normal): 0x08baa418 ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6(+0x6b161)[0x93d161]
/lib/tls/i686/cmov/libc.so.6(+0x6c9b8)[0x93e9b8]
/lib/tls/i686/cmov/libc.so.6(cfree+0x6d)[0x941a9d]
/usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0x223741]
/usr/lib/libstdc++.so.6(_ZdaPv+0x1d)[0x22379d]
keepassx[0x80974d7]
keepassx[0x8074077]
keepassx[0x8111c4a]
/usr/lib/libQtCore.so.4(_ZN11QMetaObject8metacallEP7QObjectNS_4CallEiPPv+0x3a)[0x456c9a]
/usr/lib/libQtCore.so.4(_ZN11QMetaObject8activateEP7QObjectPKS_iPPv+0x2d5)[0x4653d5]
/usr/lib/libQtGui.so.4(_ZN7QAction9triggeredEb+0x49)[0xf88bd9]
/usr/lib/libQtGui.so.4(_ZN7QAction8activateENS_11ActionEventE+0x7c)[0xf8adcc]
/usr/lib/libQtGui.so.4(_ZN7QAction5eventEP6QEvent+0xe8)[0xf8c698]
/usr/lib/libQtGui.so.4(_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent+0xac)[0xf8f4dc]
/usr/lib/libQtGui.so.4(_ZN12QApplication6notifyEP7QObjectP6QEvent+0x17e)[0xf9605e]
/usr/lib/libQtCore.so.4(_ZN16QCoreApplication14notifyInternalEP7QObjectP6QEvent+0x7b)[0x451a3b]
/usr/lib/libQtGui.so.4(+0x17734d)[0xfd134d]
/usr/lib/libQtGui.so.4(+0x17915e)[0xfd315e]
/usr/lib/libQtGui.so.4(_ZN12QApplication6notifyEP7QObjectP6QEvent+0x1f63)[0xf97e43]
/usr/lib/libQtCore.so.4(_ZN16QCoreApplication14notifyInternalEP7QObjectP6QEvent+0x7b)[0x451a3b]
/usr/lib/libQtGui.so.4(+0x1362be)[0xf902be]
/usr/lib/libQtGui.so.4(+0x1efd90)[0x1049d90]
/usr/lib/libQtGui.so.4(+0x1f22f5)[0x104c2f5]
/usr/lib/libQtGui.so.4(_ZN12QApplication15x11ProcessEventEP7_XEvent+0x9b7)[0x101f757]
/usr/lib/libQtGui.so.4(+0x1f560a)[0x104f60a]
/lib/libglib-2.0.so.0(g_main_context_dispatch+0x1d5)[0x5a25e5]
/lib/libglib-2.0.so.0(+0x3f2d8)[0x5a62d8]
/lib/libglib-2.0.so.0(g_main_context_iteration+0x68)[0x5a64b8]
/usr/lib/libQtCore.so.4(_ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE+0x65)[0x47d5d5]
/usr/lib/libQtGui.so.4(+0x1f5135)[0x104f135]
/usr/lib/libQtCore.so.4(_ZN10QEventLoop13processEventsE6QFlagsINS_17ProcessEventsFlagEE+0x49)[0x450059]
/usr/lib/libQtCore.so.4(_ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE+0xfa)[0x4504aa]
/usr/lib/libQtCore.so.4(_ZN16QCoreApplication4execEv+0xaf)[0x45469f]
/usr/lib/libQtGui.so.4(_ZN12QApplication4execEv+0x27)[0xf8f577]
keepassx[0x806c35c]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0x8e8bd6]
keepassx[0x805f031]
======= Memory map: ========
00110000-00128000 r-xp 00000000 fc:04 165499 /usr/lib/libxcb.so.1.1.0
00128000-00129000 r--p 00017000 fc:04 165499 /usr/lib/libxcb.so.1.1.0
00129000-0012a000 rw-p 00018000 fc:04 165499 /usr/lib/libxcb.so.1.1.0
0012a000-00138000 r-xp 00000000 fc:04 165766 /usr/lib/libXext.so.6.4.0
00138000-00139000 r--p 0000d000 fc:04 165766 /usr/lib/libXext.so.6.4.0
00139000-0013a000 rw-p 0000e000 fc:04 165766 /usr/lib/libXext.so.6.4.0
0013a000-0014f000 r-xp 00000000 fc:04 166509 /usr/lib/libaudio.so.2.4
0014f000-00150000 r--p 00015000 fc:04 166509 /usr/lib/libaudio.so.2.4
00150000-00151000 rw-p 00016000 fc:04 1...

Read more...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.