| Summary: | vinagre can crash the remote X server with vnc module loaded. | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Dave Airlie <airlied> |
| Component: | tigervnc | Assignee: | Tim Waugh <twaugh> |
| Status: | CLOSED WORKSFORME | QA Contact: | qe-baseos-daemons |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 6.2 | ||
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-05-01 16:32:44 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. If you would like it considered as an exception in the current release, please ask your support representative. I can't seem to reproduce this. |
Description of problem: The X server with the vnc module in can be crashed using vinagre remotely. Version-Release number of selected component (if applicable): How reproducible: Every time. Steps to Reproduce: 1. Setup X server with vnc.so loaded 2. Connect vinagre 3. Click on View->Refresh Screen Actual results: Server crashes Expected results: server works. backtrace in gdb with debuginfo installed. Program received signal SIGSEGV, Segmentation fault. 0x006e175c in __memcpy_ssse3_rep () from /lib/libc.so.6 (gdb) bt #0 0x006e175c in __memcpy_ssse3_rep () from /lib/libc.so.6 #1 0x0046250e in noTransFn (table_=0x0, inPF=..., inPtr=0xb7735008, inStride=1280, outPF=..., outPtr=0xb6b0f008, outStride=1024, width=1024, height=<value optimized out>) at /usr/include/bits/string3.h:52 #2 0x0045ff42 in rfb::TransImageGetter::getImage (this=0x9b88100, outPtr=0xb6b0f008, r=..., outStride=1024) at TransImageGetter.cxx:269 #3 0x0045cd8e in rfb::tightEncode32 (r=..., os=0x9b3fba0, zos=0x9b3fbb0, buf=0xb6b0f008, cp=0x9b88024, ig=0x9b88100) at ../../common/rfb/tightEncode.h:327 #4 0x0045e503 in rfb::TightEncoder::writeSubrect (this=0x9b3fb98, r=..., ig=0x9b88100) at TightEncoder.cxx:204 #5 0x0045e672 in rfb::TightEncoder::writeRect (this=0x9b3fb98, r=..., ig=0x9b88100, actual=0xbff72e1c) at TightEncoder.cxx:186 #6 0x0044ff38 in rfb::SMsgWriter::writeRect (this=0x9b0a980, r=..., encoding=7, ig=0x9b88100, actual=0xbff72e1c) at SMsgWriter.cxx:179 #7 0x0044fda1 in rfb::SMsgWriter::writeRect (this=0x9b0a980, r=..., ig=0x9b88100, actual=0xbff72e1c) at SMsgWriter.cxx:169 #8 0x004501f2 in rfb::SMsgWriter::writeRects (this=0x9b0a980, ui=..., ig=0x9b88100, updatedRegion=0xbff72ef0) at SMsgWriter.cxx:160 #9 0x004650a7 in rfb::VNCSConnectionST::writeFramebufferUpdate ( this=0x9b88020) at VNCSConnectionST.cxx:731 #10 0x00465ac5 in rfb::VNCSConnectionST::processMessages (this=0x9b88020) at VNCSConnectionST.cxx:125 ---Type <return> to continue, or q <return> to quit--- #11 0x00467021 in rfb::VNCServerST::processSocketEvent (this=0x992b170, sock=0x9b62ed0) at VNCServerST.cxx:163 #12 0x0042fe6f in XserverDesktop::wakeupHandler (this=0x992a580, fds=0x8237d80, nfds=1) at XserverDesktop.cc:573 #13 0x00427569 in vncWakeupHandler (data=0x0, nfds=1, readmask=0x8237d80) at vncExtInit.cc:311 #14 0x0806ab8f in WakeupHandler () #15 0x080aa692 in WaitForSomething () #16 0x0808d61e in ?? () #17 0x08062bfa in _start ()