Bug 1048994

Summary: [abrt] tigervnc: rfb::zrleDecode8(): vncviewer killed by SIGSEGV
Product: [Fedora] Fedora Reporter: Christian Kujau <redhat>
Component: tigervncAssignee: Tim Waugh <twaugh>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: bphinz, thoger, twaugh
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/b0316245ce44b0d804e926fbcb53e7363d0b48ac
Whiteboard: abrt_hash:1b8d31da96f243bc909d2d02b703c138e2ebd249
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-26 13:29:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1050928    
Attachments:
Description Flags
File: backtrace
none
File: cgroup
none
File: core_backtrace
none
File: dso_list
none
File: environ
none
File: exploitable
none
File: limits
none
File: maps
none
File: open_fds
none
File: proc_pid_status
none
File: var_log_messages none

Description Christian Kujau 2014-01-06 17:52:28 UTC 
Description of problem:
Connected to a MacOS 10.6.8 machine where I used the Safari Webbrowser, then vncviewer crashed. Not reproducible so far.

Version-Release number of selected component:
tigervnc-1.3.0-7.fc20

Additional info:
reporter:       libreport-2.1.10
backtrace_rating: 4
cmdline:        vncviewer localhost:3387
crash_function: rfb::zrleDecode8
executable:     /usr/bin/vncviewer
kernel:         3.12.5-302.fc20.x86_64
runlevel:       3 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (6 frames)
 #0 rfb::zrleDecode8 at /usr/src/debug/tigervnc-1.3.0/common/rfb/zrleDecode.h:231
 #1 rfb::CMsgReader::readRect at /usr/src/debug/tigervnc-1.3.0/common/rfb/CMsgReader.cxx:115
 #2 rfb::CMsgReaderV3::readMsg at /usr/src/debug/tigervnc-1.3.0/common/rfb/CMsgReaderV3.cxx:96
 #3 CConn::socketEvent at /usr/src/debug/tigervnc-1.3.0/vncviewer/CConn.cxx:213
 #4 fl_wait at Fl_x.cxx:275
 #5 Fl::wait at Fl.cxx:579

Potential duplicate: bug 740683
Comment 1 Christian Kujau 2014-01-06 17:52:33 UTC 
Created attachment 846221 [details]
File: backtrace
Comment 2 Christian Kujau 2014-01-06 17:52:34 UTC 
Created attachment 846222 [details]
File: cgroup
Comment 3 Christian Kujau 2014-01-06 17:52:36 UTC 
Created attachment 846223 [details]
File: core_backtrace
Comment 4 Christian Kujau 2014-01-06 17:52:37 UTC 
Created attachment 846224 [details]
File: dso_list
Comment 5 Christian Kujau 2014-01-06 17:52:39 UTC 
Created attachment 846225 [details]
File: environ
Comment 6 Christian Kujau 2014-01-06 17:52:40 UTC 
Created attachment 846226 [details]
File: exploitable
Comment 7 Christian Kujau 2014-01-06 17:52:42 UTC 
Created attachment 846227 [details]
File: limits
Comment 8 Christian Kujau 2014-01-06 17:52:44 UTC 
Created attachment 846228 [details]
File: maps
Comment 9 Christian Kujau 2014-01-06 17:52:50 UTC 
Created attachment 846229 [details]
File: open_fds
Comment 10 Christian Kujau 2014-01-06 17:52:55 UTC 
Created attachment 846230 [details]
File: proc_pid_status
Comment 11 Christian Kujau 2014-01-06 17:52:56 UTC 
Created attachment 846231 [details]
File: var_log_messages
Comment 14 Ratul Gupta 2014-01-09 11:33:52 UTC 
Thank you Christian Kujau for reporting this issue.

Currently we are treating this issue as EMBARGOED, so please do not make this issue public, unless done so by the Red Hat Security Response Team.
Comment 17 Tomas Hoger 2014-03-19 17:24:53 UTC 
Issue is public now, see bug 1050928.
Comment 18 Tim Waugh 2014-03-26 13:29:14 UTC 
Fixed in:
  tigervnc-1.3.0-10.fc19
  tigervnc-1.3.0-14.fc20