crash on sending with specific partner keys

[rsudev]

While playing around with delta-chat I sent a message to one of my eMail accounts with an existing key. After replying crypted, the responses from delta chat where encrypted as well, but the app crashed when trying to send the response. With a different account and key, this was not an issue. The non-working account had DSA/ELG-E keys with 3072/4096 bits for signing/encryption, the working account had RSA/RSA keys with 4096/4096 bits. Could it be an issue with these types of keys? Here is the stacktrace from logcat:

04-25 21:35:25.756 F/libc    (24011): Invalid address 0xd7c84748 passed to free: value not allocated
04-25 21:35:25.757 F/libc    (24011): Fatal signal 6 (SIGABRT), code -6 in tid 24027 (Thread-2)
04-25 21:35:25.757 W/        (1496): debuggerd: handling request: pid=24011 uid=10325 gid=10325 tid=24027
04-25 21:35:25.847 D/clmlib  (24048): Got activities:0x0000000E
04-25 21:35:25.848 F/DEBUG   (24048): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
04-25 21:35:25.848 F/DEBUG   (24048): UUID: c231a3c7-ea8d-4a56-9d58-7da09d6e8b36
04-25 21:35:25.848 F/DEBUG   (24048): Build fingerprint: 'Sony/E6653/E6653:7.1.1/32.4.A.1.54/3761073091:user/release-keys'
04-25 21:35:25.848 F/DEBUG   (24048): Revision: '0'
04-25 21:35:25.848 F/DEBUG   (24048): ABI: 'arm'
04-25 21:35:25.850 F/DEBUG   (24048): pid: 24011, tid: 24027, name: Thread-2  >>> com.b44t.messenger <<<
04-25 21:35:25.851 F/DEBUG   (24048): signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
04-25 21:35:25.868 F/DEBUG   (24048): Abort message: 'Invalid address 0xd7c84748 passed to free: value not allocated'
04-25 21:35:25.868 F/DEBUG   (24048):     r0 00000000  r1 00005ddb  r2 00000006  r3 00000008
04-25 21:35:25.868 F/DEBUG   (24048):     r4 f1a59978  r5 00000006  r6 f1a59920  r7 0000010c
04-25 21:35:25.868 F/DEBUG   (24048):     r8 e87acb08  r9 e50b6000  sl 00000001  fp d7c84748
04-25 21:35:25.868 F/DEBUG   (24048):     ip 00000002  sp f1a595b8  lr f3b6c5f7  pc f3b6ee78  cpsr 20070010
04-25 21:35:25.880 F/DEBUG   (24048): 
04-25 21:35:25.880 F/DEBUG   (24048): backtrace:
04-25 21:35:25.880 F/DEBUG   (24048):     #00 pc 00049e78  /system/lib/libc.so (tgkill+12)
04-25 21:35:25.880 F/DEBUG   (24048):     #01 pc 000475f3  /system/lib/libc.so (pthread_kill+34)
04-25 21:35:25.880 F/DEBUG   (24048):     #02 pc 0001d809  /system/lib/libc.so (raise+10)
04-25 21:35:25.880 F/DEBUG   (24048):     #03 pc 00019301  /system/lib/libc.so (__libc_android_abort+34)
04-25 21:35:25.880 F/DEBUG   (24048):     #04 pc 00017368  /system/lib/libc.so (abort+4)
04-25 21:35:25.880 F/DEBUG   (24048):     #05 pc 0001b803  /system/lib/libc.so (__libc_fatal+22)
04-25 21:35:25.880 F/DEBUG   (24048):     #06 pc 00066b6f  /system/lib/libc.so (ifree+962)
04-25 21:35:25.880 F/DEBUG   (24048):     #07 pc 00066c37  /system/lib/libc.so (je_free+74)
04-25 21:35:25.880 F/DEBUG   (24048):     #08 pc 001bc5f1  /data/app/com.b44t.messenger-1/lib/arm/libmessenger.1.so (CRYPTO_free+24)
04-25 21:35:25.880 F/DEBUG   (24048):     #09 pc 001c21a9  /data/app/com.b44t.messenger-1/lib/arm/libmessenger.1.so (BN_free+16)
04-25 21:35:25.880 F/DEBUG   (24048):     #10 pc 000f2b9c  /data/app/com.b44t.messenger-1/lib/arm/libmessenger.1.so
04-25 21:35:25.881 F/DEBUG   (24048):     #11 pc 000f3c44  /data/app/com.b44t.messenger-1/lib/arm/libmessenger.1.so (pgp_pubkey_free+120)
04-25 21:35:25.881 F/DEBUG   (24048):     #12 pc 000ee32c  /data/app/com.b44t.messenger-1/lib/arm/libmessenger.1.so (pgp_key_free+316)
04-25 21:35:25.881 F/DEBUG   (24048):     #13 pc 000eed20  /data/app/com.b44t.messenger-1/lib/arm/libmessenger.1.so (pgp_keyring_purge+36)
04-25 21:35:25.881 F/DEBUG   (24048):     #14 pc 0011ccd0  /data/app/com.b44t.messenger-1/lib/arm/libmessenger.1.so (mrpgp_pk_encrypt+716)
04-25 21:35:25.881 F/DEBUG   (24048):     #15 pc 00111430  /data/app/com.b44t.messenger-1/lib/arm/libmessenger.1.so (mrmailbox_e2ee_encrypt+988)
04-25 21:35:25.881 F/DEBUG   (24048):     #16 pc 00118228  /data/app/com.b44t.messenger-1/lib/arm/libmessenger.1.so (mrmimefactory_render+2392)
04-25 21:35:25.881 F/DEBUG   (24048):     #17 pc 0010d71c  /data/app/com.b44t.messenger-1/lib/arm/libmessenger.1.so (mrmailbox_send_msg_to_smtp+276)
04-25 21:35:25.881 F/DEBUG   (24048):     #18 pc 00106ba4  /data/app/com.b44t.messenger-1/lib/arm/libmessenger.1.so
04-25 21:35:25.881 F/DEBUG   (24048):     #19 pc 000470c3  /system/lib/libc.so (_ZL15__pthread_startPv+22)
04-25 21:35:25.881 F/DEBUG   (24048):     #20 pc 00019d79  /system/lib/libc.so (__start_thread+6)

[r10s]

@rsudev thanks for the report. can you give a hint how to create such keys, known to crash delta, with gpg?

[r10s]

btw. the crash seems to be around these lines: https://github.com/deltachat/deltachat-core/blob/master/libs/netpgp/src/packet-parse.c#L1290

[rsudev]

Thanks for the fast reply :) As I created those keys quite some years ago I frankly don't know, but gpg2 --full-generate-key should allow you to create similar ones. I can also send you the eMail address in question via PM on IRC if you wish, so you can try my case specifically.

[r10s]

Some additional questions:

After replying crypted,

did you reply with an Autocrypt-enabled Enigmail, K-9 or does the reply also come from Delta with an imported secret key?

[..] the responses from delta chat where encrypted as well, but the app crashed when trying to send the response.

so the message was sent correctly and after that delta crashed?

[rsudev]

I replied with an Autocrypt-enabled Enigmail.´ (in both cases) I entered a response in delta-chat, it was displayed with the padlock icon for the encryption and the clock icon (which should denote that it is still in sending, I guess). At what stage exactly it crashes, I don't know, but the message was seemingly not sent successfully, never reached the recipient and when re-starting delta-chat, it was tried to send it again (also crashing again). I had to reset delta-chat to break this cycle.

[r10s]

ok, thanks, this is very helpful.