Out of memory problem with pinentry-qt

[Steffen Hansen]

* Ingo Kl=F6cker <kloecker@kde.org> [Apr 16. 2003 07:32]:
Content-Description: signed data
> Hi,
>=20
> pinentry-qt has a serious "Out of memory" problem. To reproduce run=20
> pinentry-qt, enter "getpin" and then move the mouse a few times over=20
> the buttons (I'm using Keramik style, maybe that's important). You will=
=20
> get the following output:
> =3D=3D=3D=3D=3D
> > pinentry-qt
> Warning: using insecure memory!
> [0x4103102c] -> OK Your orders please
> OK Your orders please
> getpin
> [0x4103102c] <- getpin
> Out of memory!
> Aborted
> =3D=3D=3D=3D=3D
>=20
> A possible reason could be a memory leak in the Keramik style. My=20
> radical solution to make pinentry-qt stable was to #ifdef 0 the whole=20
> code of pinentry/qt/cppmemory.cpp and the two occurrences of is_secure=20
> in pinentry/qt/main.cpp. Of course now pinentry-qt doesn't use secure=20
> memory anymore but as pinentry-qt wasn't suid root the memory was=20
> anyway not secure. Or was it?

You are right. On Linux you unfortunately need to be root to call
mlock(). Which version of pinentry do you use btw? The version in CVS
only overrides new[] and delete[] with secure mem. versions, because
those are the operators that QString uses for the string data. Non-array
objects are allocated with the regular new operator.

wkr.
--=20
Steffen Hansen

Senior Software Engineer, Klar=E4lvdalens Datakonsult AB

email: hansen@kde.org, steffen@klaralvdalens-datakonsult.se,
       steffen@hrhansen.dk
www:   http://www.hrhansen.dk