haiwen / seafile-client

Seafile desktop client.
http://seafile.com
Apache License 2.0
474 stars 280 forks source link

Segfault on Fedora 36 #1445

Open webermar opened 1 year ago

webermar commented 1 year ago

System is a Intel i7-5600U with Fedora 36 and seafile-client v8.0.10 installed. (via official Repo aka dnf)

When trying to start the client, it crashes after opening/showing the Seafile-Client Window. Interaction with the gui isn't possible at any time.

The journal says it segfaults/crashes in strlen_avx2_rtm: abrt-notification[12317]: Process 220189 (seaf-daemon) crashed in strlen_avx2_rtm()

Journal after trying to start the client: [12270]: json_parse on "{\"type\":\"rpm\",\"name\":\"libxcrypt\",\"version\":\"4.4.33-4.fc36\",\"architecture\":\"x86_64\",\"osCpe\":\"cpe:/o:fedoraproject:fedora:36\"}\003" failed: Invalid argument systemd-coredump[12269]: [🡕] Process 12261 (seaf-daemon) of user 1000 dumped core.

                                               Module linux-vdso.so.1 with build-id 2f84e7f3fad45f833dbddfb1bd2a0cd8b4b1152a
                                               Module libnss_resolve.so.2 with build-id a6a93e6f9428c11ab21661b965530fcf624dc6d4
                                               Metadata for module libnss_resolve.so.2 owned by FDO found: {
                                                       "type" : "rpm",
                                                       "name" : "systemd",
                                                       "version" : "250.10-2.fc36",
                                                       "architecture" : "x86_64",
                                                       "osCpe" : "cpe:/o:fedoraproject:fedora:36"
                                               }

                                               Module libnss_mdns4_minimal.so.2 with build-id fe461d55e34f82892fff98869493b1faba410e52
                                               Metadata for module libnss_mdns4_minimal.so.2 owned by FDO found: {
                                                       "type" : "rpm",
                                                       "name" : "nss-mdns",
                                                       "version" : "0.15.1-5.fc36",
                                                       "architecture" : "x86_64",
                                                       "osCpe" : "cpe:/o:fedoraproject:fedora:36"
                                               }

                                               Module libgcc_s.so.1 with build-id cbcf5689acb247f987a22375c392c19a530a85c0
                                               Module libnss_myhostname.so.2 with build-id 88f212fa2db41b7aa61581acf403cb5873bd7bcd
                                               Metadata for module libnss_myhostname.so.2 owned by FDO found: {
                                                       "type" : "rpm",
                                                       "name" : "systemd",
                                                       "version" : "250.10-2.fc36",
                                                       "architecture" : "x86_64",
                                                       "osCpe" : "cpe:/o:fedoraproject:fedora:36"
                                               }

                                               Module libpcre2-8.so.0 with build-id 0d207ce0c9db9ba59d4a8264b95c5ebf3ddec190
                                               Metadata for module libpcre2-8.so.0 owned by FDO found: {
                                                       "type" : "rpm",
                                                       "name" : "pcre2",
                                                       "version" : "10.40-1.fc36",
                                                       "architecture" : "x86_64",
                                                       "osCpe" : "cpe:/o:fedoraproject:fedora:36"
                                               }

                                               Module libcrypt.so.2 with build-id a8ca68e321a4a1d45d15cdd85e8a7a40b7d052ce
                                               Stack trace of thread 12266:
                                               #0  0x00007ff6619643bd __strlen_avx2_rtm (libc.so.6 + 0x1643bd)
                                               #1  0x000055ab1db336de seafile_decrypt_repo_enc_key (seaf-daemon + 0x1e6de)
                                               #2  0x000055ab1db4084d seaf_repo_fetch_and_checkout (seaf-daemon + 0x2b84d)
                                               #3  0x000055ab1db2cd6c http_download_thread (seaf-daemon + 0x17d6c)
                                               #4  0x000055ab1db27cc9 job_thread_wrapper (seaf-daemon + 0x12cc9)
                                               #5  0x00007ff661c8dd02 g_thread_pool_thread_proxy.lto_priv.0 (libglib-2.0.so.0 + 0x81d02)
                                               #6  0x00007ff661c8b302 g_thread_proxy (libglib-2.0.so.0 + 0x7f302)
                                               #7  0x00007ff66188cdcd start_thread (libc.so.6 + 0x8cdcd)
                                               #8  0x00007ff661912630 __clone3 (libc.so.6 + 0x112630)

                                               Stack trace of thread 12261:
                                               #0  0x00007ff661911c0e epoll_wait (libc.so.6 + 0x111c0e)
                                               #1  0x00007ff661dd5ba4 epoll_dispatch.lto_priv.0 (libevent-2.1.so.7 + 0x2eba4)
                                               #2  0x00007ff661dcd085 event_base_loop (libevent-2.1.so.7 + 0x26085)
                                               #3  0x000055ab1db20ba7 main (seaf-daemon + 0xbba7)
                                               #4  0x00007ff661829510 __libc_start_call_main (libc.so.6 + 0x29510)
                                               #5  0x00007ff6618295c9 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x295c9)
                                               #6  0x000055ab1db21385 _start (seaf-daemon + 0xc385)

                                               Stack trace of thread 12262:
                                               #0  0x00007ff66190841c __select (libc.so.6 + 0x10841c)
                                               #1  0x000055ab1db3673a wt_monitor_job_linux.lto_priv.0 (seaf-daemon + 0x2173a)
                                               #2  0x000055ab1db27cc9 job_thread_wrapper (seaf-daemon + 0x12cc9)
                                               #3  0x00007ff661c8dd02 g_thread_pool_thread_proxy.lto_priv.0 (libglib-2.0.so.0 + 0x81d02)
                                               #4  0x00007ff661c8b302 g_thread_proxy (libglib-2.0.so.0 + 0x7f302)
                                               #5  0x00007ff66188cdcd start_thread (libc.so.6 + 0x8cdcd)
                                               #6  0x00007ff661912630 __clone3 (libc.so.6 + 0x112630)

                                               Stack trace of thread 12263:
                                               #0  0x00007ff66191323f accept (libc.so.6 + 0x11323f)
                                               #1  0x00007ff662258959 named_pipe_listen (libsearpc.so.1 + 0x5959)
                                               #2  0x00007ff66188cdcd start_thread (libc.so.6 + 0x8cdcd)
                                               #3  0x00007ff661912630 __clone3 (libc.so.6 + 0x112630)

                                               Stack trace of thread 12264:
                                               #0  0x00007ff6618d8695 clock_nanosleep@GLIBC_2.2.5 (libc.so.6 + 0xd8695)
                                               #1  0x00007ff6618dcf07 __nanosleep (libc.so.6 + 0xdcf07)
                                               #2  0x00007ff661c847ff g_usleep (libglib-2.0.so.0 + 0x787ff)
                                               #3  0x000055ab1db2c4e2 update_cached_head_commit_ids (seaf-daemon + 0x174e2)
                                               #4  0x00007ff66188cdcd start_thread (libc.so.6 + 0x8cdcd)
                                               #5  0x00007ff661912630 __clone3 (libc.so.6 + 0x112630)

                                               Stack trace of thread 12265:
                                               #0  0x00007ff6618d8695 clock_nanosleep@GLIBC_2.2.5 (libc.so.6 + 0xd8695)
                                               #1  0x00007ff6618dcf07 __nanosleep (libc.so.6 + 0xdcf07)
                                               #2  0x00007ff661c847ff g_usleep (libglib-2.0.so.0 + 0x787ff)
                                               #3  0x000055ab1db398d2 cleanup_deleted_stores.lto_priv.0 (seaf-daemon + 0x248d2)
                                               #4  0x00007ff66188cdcd start_thread (libc.so.6 + 0x8cdcd)
                                               #5  0x00007ff661912630 __clone3 (libc.so.6 + 0x112630)
                                               ELF object binary architecture: AMD x86-64

The i7-5600U has official Support for AVX2: https://www.intel.de/content/www/de/de/products/sku/85215/intel-core-i75600u-processor-4m-cache-up-to-3-20-ghz/specifications.html

I don't have any idea, what the real problem could be. It worked fine before.

vasylenkomykola commented 1 year ago

I have the same problem. A cursory inspection showed that from some places the seafile_decrypt_repo_enc_key function is called with the specified password as NULL. However, the strlen function is not null-safe. After moving one line, the problem disappeared, but I don't know how true this is. Encrypted and non-encrypted libraries work without crashes.

Module libcrypt.so.2 with build-id a8ca68e321a4a1d45d15cdd85e8a7a40b7d052ce
Stack trace of thread 7059:
#0  0x00007f09f915b87d __strlen_avx2 (libc.so.6 + 0x15b87d)
#1  0x00005630771556de seafile_decrypt_repo_enc_key (seaf-daemon + 0x1e6de)
#2  0x000056307716284d seaf_repo_fetch_and_checkout (seaf-daemon + 0x2b84d)
#3  0x000056307714ed6c http_download_thread (seaf-daemon + 0x17d6c)
#4  0x0000563077149cc9 job_thread_wrapper (seaf-daemon + 0x12cc9)
#5  0x00007f09f9538d02 g_thread_pool_thread_proxy.lto_priv.0 (libglib-2.0.so.0 + 0x81d02)
#6  0x00007f09f9536302 g_thread_proxy (libglib-2.0.so.0 + 0x7f302)
#7  0x00007f09f908cdcd start_thread (libc.so.6 + 0x8cdcd)
#8  0x00007f09f9112630 __clone3 (libc.so.6 + 0x112630)

seafile-8.0.10-sigsegv_strlen_avx2.patch

diff -upr a/common/seafile-crypt.c b/common/seafile-crypt.c
--- a/common/seafile-crypt.c    2022-12-27 10:53:39.000000000 +0200
+++ b/common/seafile-crypt.c    2023-03-04 01:23:18.214962454 +0200
@@ -236,9 +236,8 @@ seafile_decrypt_repo_enc_key (int enc_ve
 {
     unsigned char key[32], iv[16];

-    seafile_derive_key (passwd, strlen(passwd), enc_version, repo_salt, key, iv);
-
     if (enc_version == 1) {
+        seafile_derive_key (passwd, strlen(passwd), enc_version, repo_salt, key, iv);
         memcpy (key_out, key, 16);
         memcpy (iv_out, iv, 16);
         return 0;
killing commented 1 year ago

This is a bug related to delete confirmation of files in encrypted libraries. It'll be fixed in 9.0.2.