Bug 1007006 - Xephyr random segfault when connecting through XDMCP
Summary: Xephyr random segfault when connecting through XDMCP
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: xorg-x11-server
Version: 6.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Olivier Fourdan
QA Contact: Desktop QE
Depends On:
TreeView+ depends on / blocked
Reported: 2013-09-11 17:32 UTC by Michal Domonkos
Modified: 2015-07-22 05:50 UTC (History)
3 users (show)

Fixed In Version: xorg-x11-server-1.15.0-30.el6
Doc Type: Bug Fix
Doc Text:
Connecting to a remote machine of different endianness architecture using the X Display Manager Control Protocol (XDMCP) could cause unexpected termination of the X server when the data length in the XkbSetGeometry request was erroneously swapped twice, and an incorrect value was produced. With this update, the data is swapped only once when appropriate, ensuring the use of correct data length. Connecting to remote machines no longer causes X server crashes in this situation.
Clone Of:
Last Closed: 2015-07-22 05:50:54 UTC
Target Upstream Version:

Attachments (Terms of Use)
backtrace (1.91 KB, text/plain)
2013-09-11 17:32 UTC, Michal Domonkos
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:1445 0 normal SHIPPED_LIVE xorg-x11-server bug fix and enhancement update 2015-07-20 18:44:00 UTC

Description Michal Domonkos 2013-09-11 17:32:00 UTC
Created attachment 796457 [details]

Description of problem:
Connecting through XDMCP to a remote machine sometimes ends up in a crash with the following backtrace in the terminal (refer to the attachment for a backtrace from gdb). I've managed to reproduce this only on ppc64 arch but it may not be arch-specific.

(EE) Backtrace:
(EE) 0: Xephyr (xorg_backtrace+0x36) [0x464fb6]
(EE) 1: Xephyr (0x400000+0x6ad19) [0x46ad19]
(EE) 2: /lib64/libpthread.so.0 (0x3e1d800000+0xf500) [0x3e1d80f500]
(EE) 3: /lib64/libc.so.6 (memcpy+0x2eb) [0x3e1d489b0b]
(EE) 4: Xephyr (0x400000+0x16de52) [0x56de52]
(EE) 5: Xephyr (0x400000+0x17689d) [0x57689d]
(EE) 6: Xephyr (0x400000+0x1772a5) [0x5772a5]
(EE) 7: Xephyr (0x400000+0x30059) [0x430059]
(EE) 8: Xephyr (0x400000+0x9397a) [0x49397a]
(EE) 9: /lib64/libc.so.6 (__libc_start_main+0xfd) [0x3e1d41ecdd]
(EE) 10: Xephyr (0x400000+0x1dba9) [0x41dba9]
(EE) Segmentation fault at address 0x1133000

Fatal server error:
Caught signal 11 (Segmentation fault). Server aborting

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Put Enable=true under [xdmcp] section in /etc/gdm/custom.conf on the host
2. Restart GDM on the host (initctl restart prefdm)
3. Disable firewall on both the host and client machine
4. Connect from the client using: Xephyr :99 -query <host-ip>

Actual results:
At some point, before a remote GDM instance has finished loading, Xephyr crashes.

Expected results:
No crash.

Comment 6 Michal Domonkos 2015-01-07 17:54:39 UTC
Created attachment 977474 [details]

Comment 7 Michal Domonkos 2015-01-07 17:54:57 UTC
Created attachment 977475 [details]

Comment 18 errata-xmlrpc 2015-07-22 05:50:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.