Bug 1395366 - Segfault when no GL available on X server
Summary: Segfault when no GL available on X server
Alias: None
Product: Fedora
Classification: Fedora
Component: libepoxy
Version: 24
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
Assignee: Dave Airlie
QA Contact: Fedora Extras Quality Assurance
Depends On:
TreeView+ depends on / blocked
Reported: 2016-11-15 19:35 UTC by Tom Horsley
Modified: 2017-05-18 20:58 UTC (History)
5 users (show)

Fixed In Version: libepoxy-1.4.1-1.fc24
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-05-18 20:58:36 UTC
Type: Bug

Attachments (Terms of Use)
Patch to add NULL pointer checks to libepoxy (1.99 KB, text/plain)
2016-11-16 14:20 UTC, Tom Horsley
no flags Details

Description Tom Horsley 2016-11-15 19:35:39 UTC
Description of problem:

Some recent update is making every gtk3 program abort when run under x2go.
The most immediate symptom appears to be libepoxy passing a NULL pointer to
sscanf to interpret what it believes is a version string:

From virt-manager blowing up under gdb:

#0  0x00007ffff6da025f in rawmemchr () at /lib64/libc.so.6
#1  0x00007ffff6d87fe2 in _IO_str_init_static_internal () at /lib64/libc.so.6
#2  0x00007ffff6d76767 in __isoc99_vsscanf () at /lib64/libc.so.6
#3  0x00007ffff6d76707 in __isoc99_sscanf () at /lib64/libc.so.6
#4  0x00007fffdd72db35 in epoxy_glx_version () at /lib64/libepoxy.so.0

From emacs blowing up in a shell:


You'll note the common theme :-).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.Run an x2go session
2.Run any gtk3 program under that session

Actual results:

Expected results:
Gtk3 displaying something without using GL.

Additional info:

Just looking at the libepoxy source rpm I see things like:

    version_string = glXQueryServerString(dpy, screen, GLX_VERSION);
    ret = sscanf(version_string, "%d.%d", &server_major, &server_minor);

No check for NULL version_string :-(.

I have no idea if the programs would work if they got past these calls, but
this seems to happen really early in all gtk3 programs.

Comment 1 Tom Horsley 2016-11-16 14:20:41 UTC
Created attachment 1221160 [details]
Patch to add NULL pointer checks to libepoxy

Here is the patch I used to stick checks for NULL pointers in lots of places that were calling str* and sscanf routines. I can now start virt-manager and virt-viewer under an x2go session without getting a segfault.

Comment 2 Mihai Moldovan 2017-02-28 02:59:38 UTC
X2Go users are seeing this on FC25 as well.

Please backport upstream's fix: https://github.com/anholt/libepoxy/commit/a15a92c2cbe0a8f45a1ff6258b22957c17c7118e

Comment 3 Mihai Moldovan 2017-03-01 09:35:36 UTC
This bug seems to be triggered by a MESA upgrade, check https://bugzilla.redhat.com/show_bug.cgi?id=1427174

Backporting the fix might still be worthwhile - even of MESA wasn't broken and reported a correct GLX version, instead of crashing on a NULL version.

Comment 4 JM 2017-03-09 00:28:33 UTC
The bug is fixed in Version 1.4.1 (stable) of libepoxy , see "https://github.com/anholt/libepoxy/releases", so maybe it's time to update libepoxy?

Comment 5 Fedora Update System 2017-03-09 02:32:54 UTC
libepoxy-1.4.1-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-4ebc23db22

Comment 6 Fedora Update System 2017-03-17 20:24:21 UTC
libepoxy-1.4.1-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-4ebc23db22

Comment 7 Fedora Update System 2017-05-18 20:58:36 UTC
libepoxy-1.4.1-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.