Bug 1358090 - shared memory leakage in vncviewer
Summary: shared memory leakage in vncviewer
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: tigervnc
Version: 7.2
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Jan Grulich
QA Contact: Desktop QE
URL:
Whiteboard:
Depends On:
Blocks: 1393395
TreeView+ depends on / blocked
 
Reported: 2016-07-20 02:42 UTC by Tsukahara Ken
Modified: 2017-08-01 20:50 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 20:50:05 UTC


Attachments (Terms of Use)
workaround (596 bytes, text/plain)
2016-07-20 02:42 UTC, Tsukahara Ken
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2017:2000 normal SHIPPED_LIVE Moderate: tigervnc and fltk security, bug fix, and enhancement update 2017-08-01 18:33:08 UTC

Description Tsukahara Ken 2016-07-20 02:42:27 UTC
Created attachment 1181888 [details]
workaround

Description of problem:
vncviewer creates a shared memory segment for MIT-SHM.
It is not removed when vncviewer is killed by signal.

Version-Release number of selected component (if applicable):
tigervnc-1.3.1-4.el7_2.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Check initial shared memory information.
   $ ipcs -m
   ------ Shared Memory Segments --------
   key        shmid      owner      perms      bytes      nattch     status
   0x011456ac 0          root       600        1000       6
   0x00000000 229377     user1      600        524288     2          dest
   0x00000000 262146     user1      600        4194304    2          dest
   0x00000000 360451     user1      600        4194304    2          dest
   0x00000000 458758     user1      600        4194304    2          dest
2. Run vncviewer. -display to local Xorg(using MIT-SHM).
   $ vncviewer -display :0.0 192.168.0.100:5900
3. Check shared memory information. shmid 753668 is created and attached.
   $ ipcs -m
   ------ Shared Memory Segments --------
   key        shmid      owner      perms      bytes      nattch     status
   0x011456ac 0          root       600        1000       6
   0x00000000 229377     user1      600        524288     2          dest
   0x00000000 262146     user1      600        4194304    2          dest
   0x00000000 360451     user1      600        4194304    2          dest
   0x00000000 753668     user1      777        5242880    2
   0x00000000 458758     user1      600        4194304    2          dest
4. Kill the vncviewer by SIGTERM (or SIGINT).
   $ killall vncviewer

Actual results:
   shmid 753668 still exists.
   $ ipcs -m
   ------ Shared Memory Segments --------
   key        shmid      owner      perms      bytes      nattch     status
   0x011456ac 0          root       600        1000       6
   0x00000000 229377     user1      600        524288     2          dest
   0x00000000 262146     user1      600        4194304    2          dest
   0x00000000 360451     user1      600        4194304    2          dest
   0x00000000 753668     user1      777        5242880    0
   0x00000000 458758     user1      600        4194304    2          dest

Expected results:
   shmid 753668 should be removed.
   $ ipcs -m
   ------ Shared Memory Segments --------
   key        shmid      owner      perms      bytes      nattch     status
   0x011456ac 0          root       600        1000       6
   0x00000000 229377     user1      600        524288     2          dest
   0x00000000 262146     user1      600        4194304    2          dest
   0x00000000 360451     user1      600        4194304    2          dest
   0x00000000 458758     user1      600        4194304    2          dest

Additional info:
   PlatformPixelBuffer destructor is never called after CleanupSignalHandler().

Workaround:
   Mark the shared memory as "destroyed" as soon as possible.
   It will be invisible soon after the vncviewer is killed.
   See attachment.

Comment 2 Jan Grulich 2017-01-19 09:15:37 UTC
Should be already fixed in upstream, granting dev_ack.

Comment 3 Tsukahara Ken 2017-01-19 10:50:13 UTC
OK. I just have sent a pull-request in the github.
https://github.com/TigerVNC/tigervnc/pull/402

Comment 4 Jan Grulich 2017-01-19 10:59:30 UTC
Perfect, I actually meant that it's already fixed in upstream, but apparently I was looking into something else. Thanks.

Comment 5 Tsukahara Ken 2017-01-19 16:30:24 UTC
It just has been merged into upstream.
https://github.com/TigerVNC/tigervnc/pull/402

Comment 9 errata-xmlrpc 2017-08-01 20:50:05 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2000


Note You need to log in before you can comment on or make changes to this bug.