FS#71107 - SIGABRT when import PGP key

Attached to Project: Pacman
Opened by BigfootACA (BigfootACA) - Wednesday, 02 June 2021, 19:04 GMT
Last edited by Allan McRae (Allan) - Monday, 07 June 2021, 04:19 GMT
Task Type Bug Report
Category Backend/Core
Status Closed
Assigned To No-one
Architecture x86_64
Severity Medium
Priority Normal
Reported Version 6.0.0
Due in Version 6.0.1
Due Date Undecided
Percent Complete 100%
Votes 5
Private No

Details

Summary and Info:

An error occurred while pacman was importing the PGP key

# pacman -Sy
error: blackarch: key "F9A6E68A711354D84A9B91637533BAFE69A25079" is unknown
:: Import PGP key F9A6E68A711354D84A9B91637533BAFE69A25079? [Y/n]
free(): invalid pointer
Aborted (core dumped)

# pacman -S xxxxx
......
(1/1) checking keys in keyring
downloading required keys...
:: Import PGP key F9F9FA97A403F63E, "lilac (on behalf of Megumi_fox) <i@megumifox.com>"? [Y/n]
free(): invalid pointer
Aborted (core dumped)

Stack trace:
#0 0x00007ff98cc4dd22 raise (libc.so.6 + 0x3cd22)
#1 0x00007ff98cc37862 abort (libc.so.6 + 0x26862)
#2 0x00007ff98cc8fd28 __libc_message (libc.so.6 + 0x7ed28)
#3 0x00007ff98cc9792a malloc_printerr (libc.so.6 + 0x8692a)
#4 0x00007ff98cc98cfc _int_free (libc.so.6 + 0x87cfc)
#5 0x00007ff98cc9c9e8 __libc_free (libc.so.6 + 0x8b9e8)
#6 0x00007ff98cec3b06 n/a (libalpm.so.13 + 0x23b06)
#7 0x00007ff98cec5269 n/a (libalpm.so.13 + 0x25269)
#8 0x00007ff98ceb1cda n/a (libalpm.so.13 + 0x11cda)
#9 0x00007ff98ceb25d8 n/a (libalpm.so.13 + 0x125d8)
#10 0x000055feae2600ae n/a (pacman + 0xc0ae)
#11 0x000055feae25ab28 n/a (pacman + 0x6b28)
#12 0x00007ff98cc38b25 __libc_start_main (libc.so.6 + 0x27b25)
#13 0x000055feae25c48e n/a (pacman + 0x848e)
This task depends upon

Closed by  Allan McRae (Allan)
Monday, 07 June 2021, 04:19 GMT
Reason for closing:  Fixed
Additional comments about closing:  git commit 542910d684191eb7f25ddc5d3d8fe3060028a267
Comment by BigfootACA (BigfootACA) - Thursday, 03 June 2021, 05:40 GMT
I think the problem is happening here (added in commit 5151de30)
lib/libalpm/signing.c: _alpm_key_import
540 gpgme_key_unref(fetch_key.data);
541 free(fetch_key.uid);
542 free(fetch_key.fingerprint);

fetch_key.uid and fetch_key.fingerprint changed here
lib/libalpm/signing.c: key_search_keyserver
350 pgpkey->data = key;
352 pgpkey->fingerprint = key->subkeys->fpr;
356 pgpkey->uid = key->uids->uid;

then gpgme_key_unref releases fetch_key.data, and the following free releases the value repeatedly
Comment by morganamilo (morganamilo) - Thursday, 03 June 2021, 17:59 GMT
I ran into this once a while ago but could never reproduce it. Thanks for reporting.
Comment by morganamilo (morganamilo) - Thursday, 03 June 2021, 18:12 GMT
I managed to reproduce it with the blackarch key in your example but not with a different key.

Turns out the bug only happens when not importing using WKD.

Full stack trace:

#0 0x00007ffff7cdcd22 in raise () from /usr/lib/libc.so.6
#1 0x00007ffff7cc6862 in abort () from /usr/lib/libc.so.6
#2 0x00007ffff7d1ed28 in __libc_message () from /usr/lib/libc.so.6
#3 0x00007ffff7d2692a in malloc_printerr () from /usr/lib/libc.so.6
#4 0x00007ffff7d27cfc in _int_free () from /usr/lib/libc.so.6
#5 0x00007ffff7d2b9e8 in free () from /usr/lib/libc.so.6
#6 0x00007ffff7fa2caa in _alpm_key_import (handle=0x5555555ac030, uid=0x0, fpr=0x5555556292b0 "F9A6E68A711354D84A9B91637533BAFE69A25079")
at ../lib/libalpm/signing.c:541
#7 0x00007ffff7fa40ba in _alpm_process_siglist (handle=0x5555555ac030, identifier=0x55555561ebd0 "blackarch", siglist=0x55555561ec20, optional=2048,
marginal=0, unknown=0) at ../lib/libalpm/signing.c:969
#8 0x00007ffff7f875bf in sync_db_validate (db=0x55555561eb80) at ../lib/libalpm/be_sync.c:117
#9 0x00007ffff7f89fcd in _alpm_db_register_sync (handle=0x5555555ac030, treename=0x5555555a28c0 "blackarch", level=1073741824)
at ../lib/libalpm/be_sync.c:714
#10 0x00007ffff7f8c270 in alpm_register_syncdb (handle=0x5555555ac030, treename=0x5555555a28c0 "blackarch", siglevel=1073741824) at ../lib/libalpm/db.c:64
#11 0x000055555555ecdd in register_repo (repo=0x5555555a2890) at ../src/pacman/conf.c:801
#12 0x000055555555f1b4 in setup_libalpm () at ../src/pacman/conf.c:895
#13 0x00005555555603a1 in parseconfig (file=0x555555582b30 "/etc/pacman.conf") at ../src/pacman/conf.c:1206
#14 0x000055555556714b in main (argc=2, argv=0x7fffffffeb48) at ../src/pacman/pacman.c:1197
Comment by Angelo Geulin (arvl) - Friday, 04 June 2021, 18:26 GMT
I can also reproduce this issue when importing Steven Barrett's key from his liquorix repo.

This is the stack trace I got from the journal:
Jun 05 02:17:24 halifax systemd-coredump[8551]: [🡕] Process 8514 (pacman) of user 0 dumped core.

Stack trace of thread 8514:
#0 0x00007f7e59342d22 raise (libc.so.6 + 0x3cd22)
#1 0x00007f7e5932c862 abort (libc.so.6 + 0x26862)
#2 0x00007f7e59384d28 __libc_message (libc.so.6 + 0x7ed28)
#3 0x00007f7e5938c92a malloc_printerr (libc.so.6 + 0x8692a)
#4 0x00007f7e5938dcfc _int_free (libc.so.6 + 0x87cfc)
#5 0x00007f7e593919e8 __libc_free (libc.so.6 + 0x8b9e8)
#6 0x00007f7e595b8b06 n/a (libalpm.so.13 + 0x23b06)
#7 0x00007f7e595bc7e4 n/a (libalpm.so.13 + 0x277e4)
#8 0x00007f7e595be0fb alpm_trans_commit (libalpm.so.13 + 0x290fb)
#9 0x000055bf46d4b3ed n/a (pacman + 0x123ed)
#10 0x000055bf46d4023f n/a (pacman + 0x723f)
#11 0x00007f7e5932db25 __libc_start_main (libc.so.6 + 0x27b25)
#12 0x000055bf46d4148e n/a (pacman + 0x848e)

Loading...