Bug 1007006 - Xephyr random segfault when connecting through XDMCP
Xephyr random segfault when connecting through XDMCP
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: xorg-x11-server (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Olivier Fourdan
Desktop QE
Depends On:
  Show dependency treegraph
Reported: 2013-09-11 13:32 EDT by Michal Domonkos
Modified: 2015-07-22 01:50 EDT (History)
3 users (show)

See Also:
Fixed In Version: xorg-x11-server-1.15.0-30.el6
Doc Type: Bug Fix
Doc Text:
Connecting to a remote machine of different endianness architecture using the X Display Manager Control Protocol (XDMCP) could cause unexpected termination of the X server when the data length in the XkbSetGeometry request was erroneously swapped twice, and an incorrect value was produced. With this update, the data is swapped only once when appropriate, ensuring the use of correct data length. Connecting to remote machines no longer causes X server crashes in this situation.
Story Points: ---
Clone Of:
Last Closed: 2015-07-22 01:50:54 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
backtrace (1.91 KB, text/plain)
2013-09-11 13:32 EDT, Michal Domonkos
no flags Details

  None (edit)
Description Michal Domonkos 2013-09-11 13:32:00 EDT
Created attachment 796457 [details]

Description of problem:
Connecting through XDMCP to a remote machine sometimes ends up in a crash with the following backtrace in the terminal (refer to the attachment for a backtrace from gdb). I've managed to reproduce this only on ppc64 arch but it may not be arch-specific.

(EE) Backtrace:
(EE) 0: Xephyr (xorg_backtrace+0x36) [0x464fb6]
(EE) 1: Xephyr (0x400000+0x6ad19) [0x46ad19]
(EE) 2: /lib64/libpthread.so.0 (0x3e1d800000+0xf500) [0x3e1d80f500]
(EE) 3: /lib64/libc.so.6 (memcpy+0x2eb) [0x3e1d489b0b]
(EE) 4: Xephyr (0x400000+0x16de52) [0x56de52]
(EE) 5: Xephyr (0x400000+0x17689d) [0x57689d]
(EE) 6: Xephyr (0x400000+0x1772a5) [0x5772a5]
(EE) 7: Xephyr (0x400000+0x30059) [0x430059]
(EE) 8: Xephyr (0x400000+0x9397a) [0x49397a]
(EE) 9: /lib64/libc.so.6 (__libc_start_main+0xfd) [0x3e1d41ecdd]
(EE) 10: Xephyr (0x400000+0x1dba9) [0x41dba9]
(EE) Segmentation fault at address 0x1133000

Fatal server error:
Caught signal 11 (Segmentation fault). Server aborting

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Put Enable=true under [xdmcp] section in /etc/gdm/custom.conf on the host
2. Restart GDM on the host (initctl restart prefdm)
3. Disable firewall on both the host and client machine
4. Connect from the client using: Xephyr :99 -query <host-ip>

Actual results:
At some point, before a remote GDM instance has finished loading, Xephyr crashes.

Expected results:
No crash.
Comment 6 Michal Domonkos 2015-01-07 12:54:39 EST
Created attachment 977474 [details]
Comment 7 Michal Domonkos 2015-01-07 12:54:57 EST
Created attachment 977475 [details]
Comment 18 errata-xmlrpc 2015-07-22 01:50:54 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.