1358090 – shared memory leakage in vncviewer

Bug 1358090 - shared memory leakage in vncviewer

Summary: shared memory leakage in vncviewer

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	tigervnc
Sub Component:
Version:	7.2
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Jan Grulich
QA Contact:	Desktop QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1393395
TreeView+	depends on / blocked

Reported:	2016-07-20 02:42 UTC by Tsukahara Ken
Modified:	2017-08-01 20:50 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-01 20:50:05 UTC

Attachments	(Terms of Use)
workaround (596 bytes, text/plain) 2016-07-20 02:42 UTC, Tsukahara Ken	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2017:2000	normal	SHIPPED_LIVE	Moderate: tigervnc and fltk security, bug fix, and enhancement update	2017-08-01 18:33:08 UTC

Description Tsukahara Ken 2016-07-20 02:42:27 UTC

Created attachment 1181888 [details]
workaround

Description of problem:
vncviewer creates a shared memory segment for MIT-SHM.
It is not removed when vncviewer is killed by signal.

Version-Release number of selected component (if applicable):
tigervnc-1.3.1-4.el7_2.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Check initial shared memory information.
   $ ipcs -m
   ------ Shared Memory Segments --------
   key        shmid      owner      perms      bytes      nattch     status
   0x011456ac 0          root       600        1000       6
   0x00000000 229377     user1      600        524288     2          dest
   0x00000000 262146     user1      600        4194304    2          dest
   0x00000000 360451     user1      600        4194304    2          dest
   0x00000000 458758     user1      600        4194304    2          dest
2. Run vncviewer. -display to local Xorg(using MIT-SHM).
   $ vncviewer -display :0.0 192.168.0.100:5900
3. Check shared memory information. shmid 753668 is created and attached.
   $ ipcs -m
   ------ Shared Memory Segments --------
   key        shmid      owner      perms      bytes      nattch     status
   0x011456ac 0          root       600        1000       6
   0x00000000 229377     user1      600        524288     2          dest
   0x00000000 262146     user1      600        4194304    2          dest
   0x00000000 360451     user1      600        4194304    2          dest
   0x00000000 753668     user1      777        5242880    2
   0x00000000 458758     user1      600        4194304    2          dest
4. Kill the vncviewer by SIGTERM (or SIGINT).
   $ killall vncviewer

Actual results:
   shmid 753668 still exists.
   $ ipcs -m
   ------ Shared Memory Segments --------
   key        shmid      owner      perms      bytes      nattch     status
   0x011456ac 0          root       600        1000       6
   0x00000000 229377     user1      600        524288     2          dest
   0x00000000 262146     user1      600        4194304    2          dest
   0x00000000 360451     user1      600        4194304    2          dest
   0x00000000 753668     user1      777        5242880    0
   0x00000000 458758     user1      600        4194304    2          dest

Expected results:
   shmid 753668 should be removed.
   $ ipcs -m
   ------ Shared Memory Segments --------
   key        shmid      owner      perms      bytes      nattch     status
   0x011456ac 0          root       600        1000       6
   0x00000000 229377     user1      600        524288     2          dest
   0x00000000 262146     user1      600        4194304    2          dest
   0x00000000 360451     user1      600        4194304    2          dest
   0x00000000 458758     user1      600        4194304    2          dest

Additional info:
   PlatformPixelBuffer destructor is never called after CleanupSignalHandler().

Workaround:
   Mark the shared memory as "destroyed" as soon as possible.
   It will be invisible soon after the vncviewer is killed.
   See attachment.

Comment 2 Jan Grulich 2017-01-19 09:15:37 UTC

Should be already fixed in upstream, granting dev_ack.

Comment 3 Tsukahara Ken 2017-01-19 10:50:13 UTC

OK. I just have sent a pull-request in the github.
https://github.com/TigerVNC/tigervnc/pull/402

Comment 4 Jan Grulich 2017-01-19 10:59:30 UTC

Perfect, I actually meant that it's already fixed in upstream, but apparently I was looking into something else. Thanks.

Comment 5 Tsukahara Ken 2017-01-19 16:30:24 UTC

It just has been merged into upstream.
https://github.com/TigerVNC/tigervnc/pull/402

Comment 9 errata-xmlrpc 2017-08-01 20:50:05 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2017:2000

Note You need to log in before you can comment on or make changes to this bug.