Investigate segfault in libQt5Widgets.so on Debian buster

[emkll]

While working on freedomofpress/securedrop-workstation#345, ran into an issue while running the client in a Buster-based sd-svs vm:
When clicking on a source, the UI crashes. The client logs contain the following error:

2019-11-22 16:44:57,402 - root:181(start_app) INFO: Starting SecureDrop Client 0.0.10
2019-11-22 16:45:03,242 - root:53(excepthook) ERROR: Unrecoverable error
Traceback (most recent call last):
  File "/opt/venvs/securedrop-client/lib/python3.7/site-packages/securedrop_client/gui/widgets.py", line 1189, in mouseReleaseEvent
    def mouseReleaseEvent(self, event):
KeyboardInterrupt

syslog contains the following error:

Nov 22 16:34:46 localhost qubes-gui[473]: ERROR reading WM_HINTS
Nov 22 16:34:46 localhost kernel: [  355.713940] sd-client[1143]: segfault at 300070029 ip 00007384b4a844e5 sp 000079891b9893e0 error 4 in libQt5Widgets.so.5.11.3[7384b49ce000+386000]
Nov 22 16:34:46 localhost kernel: [  355.713972] grsec: Segmentation fault occurred at 0000000300070029 in /opt/venvs/securedrop-client/bin/sd-client[sd-client:1143] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/securedrop-client[securedrop-clie:1137] uid/euid:1000/1000 gid/egid:1000/1000
Nov 22 16:34:46 localhost kernel: [  355.714647] grsec: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /opt/venvs/securedrop-client/bin/sd-client[sd-client:1143] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/securedrop-client[securedrop-clie:1137] uid/euid:1000/1000 gid/egid:1000/1000
Nov 22 16:34:46 localhost qubes.StartApp+securedrop-client-dom0: Segmentation fault
Nov 22 16:34:46 localhost qubes-gui[473]: got num_mfn=0x0 for window 0x1000006 (31605x21229558)
Nov 22 16:34:46 localhost qubes-gui[473]: got num_mfn=0x0 for window 0x1000006 (31605x21229558)
Nov 22 16:34:46 localhost qubes-gui[473]: got num_mfn=0x0 for window 0x100001d (31605x21229558)
Nov 22 16:34:46 localhost qubes-gui[473]: got num_mfn=0x0 for window 0x100001d (31605x21229558)

[emkll]

Switched sd-svs over to PVH mode (using the qubes-provided) kernel, the segfault still occurs.

[redshiftzero]

another difference in stretch versus buster that could be relevant here is the version of python3-pyqt5: (5.7.x series in stretch, 5.11.x series in buster)

[emkll]

I cannot reproduce this error in the Dev environment (also Buster), but I've managed to track down the bug and isolate it to this line:

diff --git a/securedrop_client/gui/widgets.py b/securedrop_client/gui/widgets.py
index 7ccdbe4..932f0bd 100644
--- a/securedrop_client/gui/widgets.py
+++ b/securedrop_client/gui/widgets.py
@@ -2255,7 +2255,7 @@ class ConversationView(QWidget):
             self.controller.reply_ready,
             self.controller.reply_succeeded,
             self.controller.reply_failed)
-        self.conversation_layout.addWidget(conversation_item, alignment=Qt.AlignRight)
+        # self.conversation_layout.addWidget(conversation_item, alignment=Qt.AlignRight)
 
     def add_reply_from_reply_box(self, uuid: str, content: str) -> None:
         """

[redshiftzero]

this might be the same issue as #254 (comment)

[emkll]

I can reliably reproduce the segfault when processing a message or reply that has a < character, when combined with html.escape : <, and occurs immediately after the setText method is called from the QLabel class. Double escaping (< prevents the segfault)