Bug 160471 - vncpasswd crashing when entering password
vncpasswd crashing when entering password
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: vnc (Show other bugs)
4
i686 Linux
medium Severity high
: ---
: ---
Assigned To: Tim Waugh
David Lawrence
:
: 169094 172448 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-06-15 07:32 EDT by Philip Heron
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version: 4.1.1-12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-27 12:46:24 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Philip Heron 2005-06-15 07:32:13 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Description of problem:
When starting vncserver for the first time it prompts for a password twice. With FC4 it never accepts the password, and then crashes. The server is started but I can't login with the password I entered.

I've included the output from my session below. Looks like vncpasswd is what's crashing and not vncserver itself.

Version-Release number of selected component (if applicable):
vnc-server-4.1.1-10

How reproducible:
Always

Steps to Reproduce:
1. Run 'vncserver -geometry 800x600'
2. Enter and confirm a password.
3. vncserver will complain they don't match, then crashes.
  

Additional info:

[phil@beastie phil]$ vncserver -geometry 800x600

You will require a password to access your desktops.

Password:
Verify:
Passwords don't match - try again
*** glibc detected *** vncpasswd: free(): invalid next size (fast): 0x08316110 *
**
======= Backtrace: =========
/lib/libc.so.6[0xc2f424]
/lib/libc.so.6(__libc_free+0x77)[0xc2f95f]
/usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0xb38669]
/usr/lib/libstdc++.so.6(_ZdaPv+0x1d)[0xb386b5]
vncpasswd[0x8048fe4]
vncpasswd[0x804919a]
vncpasswd(__gxx_personality_v0+0x355)[0x8048d0d]
/lib/libc.so.6(__libc_start_main+0xc6)[0xbe0de6]
vncpasswd(__gxx_personality_v0+0x59)[0x8048a11]
======= Memory map: ========
006ec000-006ed000 r-xp 006ec000 00:00 0
00a78000-00a81000 r-xp 00000000 fd:00 11262246   /lib/libgcc_s-4.0.0-20050520.so.1
00a81000-00a82000 rwxp 00009000 fd:00 11262246   /lib/libgcc_s-4.0.0-20050520.so.1
00a84000-00b63000 r-xp 00000000 fd:00 9493475    /usr/lib/libstdc++.so.6.0.4
00b63000-00b68000 rwxp 000df000 fd:00 9493475    /usr/lib/libstdc++.so.6.0.4
00b68000-00b6d000 rwxp 00b68000 00:00 0
00baa000-00bc4000 r-xp 00000000 fd:00 11262212   /lib/ld-2.3.5.so
00bc4000-00bc5000 r-xp 00019000 fd:00 11262212   /lib/ld-2.3.5.so
00bc5000-00bc6000 rwxp 0001a000 fd:00 11262212   /lib/ld-2.3.5.so
00bcc000-00cf0000 r-xp 00000000 fd:00 11262241   /lib/libc-2.3.5.so
00cf0000-00cf2000 r-xp 00124000 fd:00 11262241   /lib/libc-2.3.5.so
00cf2000-00cf4000 rwxp 00126000 fd:00 11262241   /lib/libc-2.3.5.so
00cf4000-00cf6000 rwxp 00cf4000 00:00 0
00cf8000-00d1a000 r-xp 00000000 fd:00 11262244   /lib/libm-2.3.5.so
00d1a000-00d1b000 r-xp 00021000 fd:00 11262244   /lib/libm-2.3.5.so
00d1b000-00d1c000 rwxp 00022000 fd:00 11262244   /lib/libm-2.3.5.so
08048000-0804b000 r-xp 00000000 fd:00 3973677    /usr/bin/vncpasswd
0804b000-0804d000 rw-p 00002000 fd:00 3973677    /usr/bin/vncpasswd
08316000-08337000 rw-p 08316000 00:00 0          [heap]
b7e00000-b7e21000 rw-p b7e00000 00:00 0
b7e21000-b7f00000 ---p b7e21000 00:00 0
b7f26000-b7f28000 rw-p b7f26000 00:00 0
b7f36000-b7f38000 rw-p b7f36000 00:00 0
bfd23000-bfd38000 rw-p bfd23000 00:00 0          [stack]

New 'beastie.firestorm.cx:1 (phil)' desktop is beastie.firestorm.cx:1

Creating default startup script /home/phil/.vnc/xstartup
Starting applications specified in /home/phil/.vnc/xstartup
Log file is /home/phil/.vnc/beastie.firestorm.cx:1.log

[phil@beastie phil]$
Comment 1 Tim Waugh 2005-06-15 10:13:13 EDT
I can't reproduce this bug here.

Please install the vnc-debuginfo-4.1.1-10 package from
http://download.fedora.redhat.com/pub/fedora/linux/core/4/i386/debug/.

If 'vncpasswd' alone reproduces the problem, please run:

gdb vncpasswd
(gdb) r
...
[then when it crashes:]
(gdb) bt
Comment 2 Philip Heron 2005-06-15 11:20:48 EDT
Hi Tim, thanks for the quick reply. Still crashing, with this from gdb:

Program received signal SIGABRT, Aborted.
0x001c3402 in __kernel_vsyscall ()
(gdb) bt
#0  0x001c3402 in __kernel_vsyscall ()
#1  0x00bf41f8 in raise () from /lib/libc.so.6
#2  0x00bf5948 in abort () from /lib/libc.so.6
#3  0x00c2952a in __libc_message () from /lib/libc.so.6
#4  0x00c2f424 in _int_free () from /lib/libc.so.6
#5  0x00c2f95f in free () from /lib/libc.so.6
#6  0x00b38669 in operator delete () from /usr/lib/libstdc++.so.6
#7  0x00b386b5 in operator delete[] () from /usr/lib/libstdc++.so.6
#8  0x08048fe4 in rfb::PlainPasswd::replaceBuf (this=0xbfb12408, b=0x0)
    at ../rfb/util.h:44
#9  0x0804919a in ~PlainPasswd (this=0xbfb12408) at Password.cxx:50
#10 0x08048d0d in main (argc=1, argv=0xbfb124a4) at vncpasswd.cxx:95
#11 0x00be0de6 in __libc_start_main () from /lib/libc.so.6
#12 0x08048a11 in _start ()
(gdb)

I'm not a C++ programmer but that looks like it's trying to free unallocated memory?

I've discovered that passwords shorter than 12 characters work fine, so this
might be why it worked for you. My password just happened to be exactly 12
characters long. Typical that...
Comment 3 Philip Heron 2005-06-24 06:30:09 EDT
I've had a quick look at the code but I'm still not sure what's going on. There
are two PlainPasswd objects (is that the correct term?), one for the password
and one for the verification. When the second one is created the first one is
somehow being trashed, causing the passwords not to match and then the crash
when the corrupted object is being destroyed.

It *looks* OK to me, but as I say I'm not a C++ programmer. Could it be a
compiler bug?
Comment 6 Tim Waugh 2005-09-22 18:18:20 EDT
*** Bug 169094 has been marked as a duplicate of this bug. ***
Comment 7 Tim Waugh 2005-11-07 06:04:55 EST
*** Bug 172448 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.