Description of problem: Connected to a MacOS 10.6.8 machine where I used the Safari Webbrowser, then vncviewer crashed. Not reproducible so far. Version-Release number of selected component: tigervnc-1.3.0-7.fc20 Additional info: reporter: libreport-2.1.10 backtrace_rating: 4 cmdline: vncviewer localhost:3387 crash_function: rfb::zrleDecode8 executable: /usr/bin/vncviewer kernel: 3.12.5-302.fc20.x86_64 runlevel: 3 5 type: CCpp uid: 1000 Truncated backtrace: Thread no. 1 (6 frames) #0 rfb::zrleDecode8 at /usr/src/debug/tigervnc-1.3.0/common/rfb/zrleDecode.h:231 #1 rfb::CMsgReader::readRect at /usr/src/debug/tigervnc-1.3.0/common/rfb/CMsgReader.cxx:115 #2 rfb::CMsgReaderV3::readMsg at /usr/src/debug/tigervnc-1.3.0/common/rfb/CMsgReaderV3.cxx:96 #3 CConn::socketEvent at /usr/src/debug/tigervnc-1.3.0/vncviewer/CConn.cxx:213 #4 fl_wait at Fl_x.cxx:275 #5 Fl::wait at Fl.cxx:579 Potential duplicate: bug 740683
Created attachment 846221 [details] File: backtrace
Created attachment 846222 [details] File: cgroup
Created attachment 846223 [details] File: core_backtrace
Created attachment 846224 [details] File: dso_list
Created attachment 846225 [details] File: environ
Created attachment 846226 [details] File: exploitable
Created attachment 846227 [details] File: limits
Created attachment 846228 [details] File: maps
Created attachment 846229 [details] File: open_fds
Created attachment 846230 [details] File: proc_pid_status
Created attachment 846231 [details] File: var_log_messages
Thank you Christian Kujau for reporting this issue. Currently we are treating this issue as EMBARGOED, so please do not make this issue public, unless done so by the Red Hat Security Response Team.
Issue is public now, see bug 1050928.
Fixed in: tigervnc-1.3.0-10.fc19 tigervnc-1.3.0-14.fc20