Bug 1048994 - [abrt] tigervnc: rfb::zrleDecode8(): vncviewer killed by SIGSEGV
Summary: [abrt] tigervnc: rfb::zrleDecode8(): vncviewer killed by SIGSEGV
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: tigervnc
Version: 20
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tim Waugh
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:1b8d31da96f243bc909d2d02b70...
Depends On:
Blocks: CVE-2014-0011
TreeView+ depends on / blocked
 
Reported: 2014-01-06 17:52 UTC by Christian Kujau
Modified: 2014-03-26 13:29 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-03-26 13:29:14 UTC
Type: ---


Attachments (Terms of Use)
File: backtrace (34.46 KB, text/plain)
2014-01-06 17:52 UTC, Christian Kujau
no flags Details
File: cgroup (173 bytes, text/plain)
2014-01-06 17:52 UTC, Christian Kujau
no flags Details
File: core_backtrace (2.79 KB, text/plain)
2014-01-06 17:52 UTC, Christian Kujau
no flags Details
File: dso_list (3.59 KB, text/plain)
2014-01-06 17:52 UTC, Christian Kujau
no flags Details
File: environ (3.01 KB, text/plain)
2014-01-06 17:52 UTC, Christian Kujau
no flags Details
File: exploitable (82 bytes, text/plain)
2014-01-06 17:52 UTC, Christian Kujau
no flags Details
File: limits (1.29 KB, text/plain)
2014-01-06 17:52 UTC, Christian Kujau
no flags Details
File: maps (23.38 KB, text/plain)
2014-01-06 17:52 UTC, Christian Kujau
no flags Details
File: open_fds (192 bytes, text/plain)
2014-01-06 17:52 UTC, Christian Kujau
no flags Details
File: proc_pid_status (946 bytes, text/plain)
2014-01-06 17:52 UTC, Christian Kujau
no flags Details
File: var_log_messages (360 bytes, text/plain)
2014-01-06 17:52 UTC, Christian Kujau
no flags Details

Description Christian Kujau 2014-01-06 17:52:28 UTC
Description of problem:
Connected to a MacOS 10.6.8 machine where I used the Safari Webbrowser, then vncviewer crashed. Not reproducible so far.

Version-Release number of selected component:
tigervnc-1.3.0-7.fc20

Additional info:
reporter:       libreport-2.1.10
backtrace_rating: 4
cmdline:        vncviewer localhost:3387
crash_function: rfb::zrleDecode8
executable:     /usr/bin/vncviewer
kernel:         3.12.5-302.fc20.x86_64
runlevel:       3 5
type:           CCpp
uid:            1000

Truncated backtrace:
Thread no. 1 (6 frames)
 #0 rfb::zrleDecode8 at /usr/src/debug/tigervnc-1.3.0/common/rfb/zrleDecode.h:231
 #1 rfb::CMsgReader::readRect at /usr/src/debug/tigervnc-1.3.0/common/rfb/CMsgReader.cxx:115
 #2 rfb::CMsgReaderV3::readMsg at /usr/src/debug/tigervnc-1.3.0/common/rfb/CMsgReaderV3.cxx:96
 #3 CConn::socketEvent at /usr/src/debug/tigervnc-1.3.0/vncviewer/CConn.cxx:213
 #4 fl_wait at Fl_x.cxx:275
 #5 Fl::wait at Fl.cxx:579

Potential duplicate: bug 740683

Comment 1 Christian Kujau 2014-01-06 17:52:33 UTC
Created attachment 846221 [details]
File: backtrace

Comment 2 Christian Kujau 2014-01-06 17:52:34 UTC
Created attachment 846222 [details]
File: cgroup

Comment 3 Christian Kujau 2014-01-06 17:52:36 UTC
Created attachment 846223 [details]
File: core_backtrace

Comment 4 Christian Kujau 2014-01-06 17:52:37 UTC
Created attachment 846224 [details]
File: dso_list

Comment 5 Christian Kujau 2014-01-06 17:52:39 UTC
Created attachment 846225 [details]
File: environ

Comment 6 Christian Kujau 2014-01-06 17:52:40 UTC
Created attachment 846226 [details]
File: exploitable

Comment 7 Christian Kujau 2014-01-06 17:52:42 UTC
Created attachment 846227 [details]
File: limits

Comment 8 Christian Kujau 2014-01-06 17:52:44 UTC
Created attachment 846228 [details]
File: maps

Comment 9 Christian Kujau 2014-01-06 17:52:50 UTC
Created attachment 846229 [details]
File: open_fds

Comment 10 Christian Kujau 2014-01-06 17:52:55 UTC
Created attachment 846230 [details]
File: proc_pid_status

Comment 11 Christian Kujau 2014-01-06 17:52:56 UTC
Created attachment 846231 [details]
File: var_log_messages

Comment 14 Ratul Gupta 2014-01-09 11:33:52 UTC
Thank you Christian Kujau for reporting this issue.

Currently we are treating this issue as EMBARGOED, so please do not make this issue public, unless done so by the Red Hat Security Response Team.

Comment 17 Tomas Hoger 2014-03-19 17:24:53 UTC
Issue is public now, see bug 1050928.

Comment 18 Tim Waugh 2014-03-26 13:29:14 UTC
Fixed in:
  tigervnc-1.3.0-10.fc19
  tigervnc-1.3.0-14.fc20


Note You need to log in before you can comment on or make changes to this bug.