OMEMO sending/receiving files segfaults on Raspberry Pi Model B

[ghost]

The commands /sendfile and /url save commands segfault on my Raspberry Pi.

Expected Behavior

It should encrypt/decrypt and send/receive the file.

Current Behavior

Segmentation fault. Stack trace:

Thread 1 "profanity" received signal SIGSEGV, Segmentation fault.
0x000d55c0 in omemo_encrypt_file (in=0x6b9fe0, out=0x68a8e8, file_size=5, gcry_res=0x0) at src/omemo/omemo.c:1678
1678        *gcry_res = aes256gcm_crypt_file(in, out, file_size, key, nonce, true);
(gdb) where
#0  0x000d55c0 in omemo_encrypt_file (in=0x6b9fe0, out=0x68a8e8, file_size=5, gcry_res=0x0) at src/omemo/omemo.c:1678
#1  0x0008cbe8 in _add_omemo_stream (fd=0xbefff890, fh=0xbefff88c, err=0xbefff888) at src/command/cmd_funcs.c:4820
#2  0x0008cf10 in cmd_sendfile (window=0x226050, command=0xb8efc8 "/sendfile", args=0xb65148) at src/command/cmd_funcs.c:4916
#3  0x00095ad4 in _cmd_execute (window=0x226050, command=0xb8efc8 "/sendfile", inp=0xb8f030 "/sendfile ~/test") at src/command/cmd_funcs.c:8210
#4  0x00080c90 in cmd_process_input (window=0x226050, inp=0xb8f030 "/sendfile ~/test") at src/command/cmd_funcs.c:150
#5  0x0003523c in prof_run (log_level=0x146ae0 "DEBUG", account_name=0x0, config_file=0x0, log_file=0x166e18 "prof3.log", theme_name=0x0)
    at src/profanity.c:119
#6  0x000d9e58 in main (argc=1, argv=0xbefffae4) at src/main.c:185

Note that gcry_res = NULL, even though this ought to be a pointer to a local variable from the caller (_add_omemo_stream).

The same segfault happens if I replace *gcry_res = aes256gcm_crypt_file with a constant assignment.

Possible Solution

Steps to Reproduce (for bugs)

1. Install profanity like outlined below
2. Generate crypto material
3. Try to send a file

Context

I'd like to send and receive files on my Raspberry Pi.

Environment

Hardware info:

• Raspberry Pi Model B from 2012 with 512 MB RAM. (armv6l)

Software info:

• Raspbian GNU/Linux 10
• libgcrypt20/stable,now 1.8.4-5 armhf
• libsignal-protocol-c2/stable,now 2.3.1+git20171007-3 armhf (official Debian buster package)
• Libstrophe 0.10.1 -- self-compilled
• profanity on git master (with use-glib-2.58.3.patch applied)

$ profanity --version
Profanity, version 0.10.0dev.master.cb0adae6
[...]
Build information:
XMPP library: libstrophe
Desktop notification support: Disabled
OTR support: Enabled (libotr 4.1.1)
PGP support: Enabled (libgpgme 1.12.0)
OMEMO support: Enabled
C plugins: Enabled
Python plugins: Enabled (2.7.16)
GTK icons: Disabled

[licaon-kter]

Where did you get the glib downgrade patch from?

[ghost]

On 21/03/2021 13:13, Licaon_Kter wrote: Where did you get the glib downgrade patch from?

From Buster Backports: <http://deb.debian.org/debian/pool/main/p/profanity/profanity_0.10.0-1~bpo10+1.debian.tar.xz> It only changes two lines that query the date.

[jubalh]

I don't have a Pi. @mwuttke97 will you work on this?

[ghost]

On 22/03/2021 18:09, Michael Vetter wrote: I don't have a Pi. @mwuttke97 <https://github.com/mwuttke97> will you work on this?

I would appreciate some tips from C programmers, as I have no idea about the nature of this segfault. I've already tried the -Wcast-align option. I'm also curious whether someone else can reproduce it.

[jubalh]

@pasis maybe you have an idea?

[jubalh]

@mwuttke97 maybe it would make sense to get in touch with some Debian ARM people too.

[licaon-kter]

Seeing the same on RPi1/256Mb

How do I build a debug version if needed?

[ghost]

On 23/03/2021 15:31, Licaon_Kter wrote: Seeing the same on RPi1/256Mb How do I build a debug version?

``` ./configure-debug && make ```

[jubalh]

@mwuttke97 did you run profanity under valgrind?

[jubalh]

We have int crypt_res; which we pass: fragment = omemo_encrypt_file(*fh, tmpfh, file_size(*fd), &crypt_res); and in there: *gcry_res = aes256gcm_crypt_file(in, out, file_size, key, nonce, true); but gcry_res is NULL so *gcry_res is a problem. But how can it be NULL? Buffer overflow under this arch maybe?

[licaon-kter]

Pretty much the same output, right?

Program received signal SIGSEGV, Segmentation fault.
                                                    0x000999a0 in omemo_encrypt_file (in=in@entry=0x486518,
    out=out@entry=0x455e80, file_size=4, gcry_res=0x0)
    at src/omemo/omemo.c:1678                                         1678        *gcry_res = aes256gcm_crypt_file(in, out, file_size, key, nonce, true);
(gdb) bt                                                              #0  0x000999a0 in omemo_encrypt_file
    (in=in@entry=0x486518, out=out@entry=0x455e80, file_size=4, gcry_res=0x0) at src/omemo/omemo.c:1678
#1  0x0006c408 in _add_omemo_stream (fd=0xbeffeefc,
    fd@entry=0xbeffeef4, fh=0xbeffef00,
    fh@entry=0xbeffeef8, err=err@entry=0xbeffeefc)
    at src/command/cmd_funcs.c:4820
#2  0x0006c658 in cmd_sendfile
    (window=0x1a3300, command=<optimized out>, args=<optimized out>)
    at src/command/cmd_funcs.c:4916
#3  0x00064e24 in _cmd_execute
    (window=window@entry=0x1a3300, command=command@entry=0x1989b8 "/sendfile", inp=inp@entry=0x71d880 "/sendfile ~/testfile.txt")
    at src/command/cmd_funcs.c:8206
#4  0x00064d0c in cmd_process_input
    (inp=0x71d880 "/sendfile ~/testfile.txt", window=0x1a3300)
    at src/command/cmd_funcs.c:150
#5  0x00064d0c in cmd_process_input
    (window=0x1a3300, inp=inp@entry=0x71d880 "/sendfile ~/testfile.txt") at src/command/cmd_funcs.c:127
#6  0x00033864 in prof_run
    (log_level=<optimized out>, account_name=<optimized out>, config_file=0x0, log_file=<optimized out>, theme_name=0x0)
    at src/profanity.c:119
#7  0x0002fe94 in main (argc=<optimized out>, argv=<optimized out>)
    at src/main.c:185

...built debug, gdb, omemo sendfile

[jubalh]

Yep

[ghost]

Here's the assembly code of the two topmost functions on the stack: https://gist.github.com/mwuttke97/fff6cd6d776d925216a2874eaf41878b

[ghost]

@licaon-kter: In the MUC, optmzr proposed to add the option -D_FILE_OFFSET_BITS=64 to the build flag. This actually solved the problem for me. This is how I built profanity:

./configure CFLAGS='-g3 -O0 -D_FILE_OFFSET_BITS=64' CXXFLAGS='-g3 -O0 -D_FILE_OFFSET_BITS=64' && make clean && make

[pasis]

@mwuttke97: the root cause is that cmd_funcs.c treats off_t as 64bit and omemo.c as 32bit. This breaks ABI. You can see this from assembler code you posted:
omemo_encrypt_file() accepts pointer to gcry_res in register r3, but _add_omemo_stream() puts the pointer to stack, since r3 holds higher part of 64bit size which is 0. As result, this 0 is dereferenced.

@jubalh To fix this and avoid in the future, config.h must be included in all(!) C files as the 1st header.

[jubalh]

Tested by @mwuttke97, feedback via MUC.

[licaon-kter]

Confirmed here too, thanks :)