From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Description of problem: When starting vncserver for the first time it prompts for a password twice. With FC4 it never accepts the password, and then crashes. The server is started but I can't login with the password I entered. I've included the output from my session below. Looks like vncpasswd is what's crashing and not vncserver itself. Version-Release number of selected component (if applicable): vnc-server-4.1.1-10 How reproducible: Always Steps to Reproduce: 1. Run 'vncserver -geometry 800x600' 2. Enter and confirm a password. 3. vncserver will complain they don't match, then crashes. Additional info: [phil@beastie phil]$ vncserver -geometry 800x600 You will require a password to access your desktops. Password: Verify: Passwords don't match - try again *** glibc detected *** vncpasswd: free(): invalid next size (fast): 0x08316110 * ** ======= Backtrace: ========= /lib/libc.so.6[0xc2f424] /lib/libc.so.6(__libc_free+0x77)[0xc2f95f] /usr/lib/libstdc++.so.6(_ZdlPv+0x21)[0xb38669] /usr/lib/libstdc++.so.6(_ZdaPv+0x1d)[0xb386b5] vncpasswd[0x8048fe4] vncpasswd[0x804919a] vncpasswd(__gxx_personality_v0+0x355)[0x8048d0d] /lib/libc.so.6(__libc_start_main+0xc6)[0xbe0de6] vncpasswd(__gxx_personality_v0+0x59)[0x8048a11] ======= Memory map: ======== 006ec000-006ed000 r-xp 006ec000 00:00 0 00a78000-00a81000 r-xp 00000000 fd:00 11262246 /lib/libgcc_s-4.0.0-20050520.so.1 00a81000-00a82000 rwxp 00009000 fd:00 11262246 /lib/libgcc_s-4.0.0-20050520.so.1 00a84000-00b63000 r-xp 00000000 fd:00 9493475 /usr/lib/libstdc++.so.6.0.4 00b63000-00b68000 rwxp 000df000 fd:00 9493475 /usr/lib/libstdc++.so.6.0.4 00b68000-00b6d000 rwxp 00b68000 00:00 0 00baa000-00bc4000 r-xp 00000000 fd:00 11262212 /lib/ld-2.3.5.so 00bc4000-00bc5000 r-xp 00019000 fd:00 11262212 /lib/ld-2.3.5.so 00bc5000-00bc6000 rwxp 0001a000 fd:00 11262212 /lib/ld-2.3.5.so 00bcc000-00cf0000 r-xp 00000000 fd:00 11262241 /lib/libc-2.3.5.so 00cf0000-00cf2000 r-xp 00124000 fd:00 11262241 /lib/libc-2.3.5.so 00cf2000-00cf4000 rwxp 00126000 fd:00 11262241 /lib/libc-2.3.5.so 00cf4000-00cf6000 rwxp 00cf4000 00:00 0 00cf8000-00d1a000 r-xp 00000000 fd:00 11262244 /lib/libm-2.3.5.so 00d1a000-00d1b000 r-xp 00021000 fd:00 11262244 /lib/libm-2.3.5.so 00d1b000-00d1c000 rwxp 00022000 fd:00 11262244 /lib/libm-2.3.5.so 08048000-0804b000 r-xp 00000000 fd:00 3973677 /usr/bin/vncpasswd 0804b000-0804d000 rw-p 00002000 fd:00 3973677 /usr/bin/vncpasswd 08316000-08337000 rw-p 08316000 00:00 0 [heap] b7e00000-b7e21000 rw-p b7e00000 00:00 0 b7e21000-b7f00000 ---p b7e21000 00:00 0 b7f26000-b7f28000 rw-p b7f26000 00:00 0 b7f36000-b7f38000 rw-p b7f36000 00:00 0 bfd23000-bfd38000 rw-p bfd23000 00:00 0 [stack] New 'beastie.firestorm.cx:1 (phil)' desktop is beastie.firestorm.cx:1 Creating default startup script /home/phil/.vnc/xstartup Starting applications specified in /home/phil/.vnc/xstartup Log file is /home/phil/.vnc/beastie.firestorm.cx:1.log [phil@beastie phil]$
I can't reproduce this bug here. Please install the vnc-debuginfo-4.1.1-10 package from http://download.fedora.redhat.com/pub/fedora/linux/core/4/i386/debug/. If 'vncpasswd' alone reproduces the problem, please run: gdb vncpasswd (gdb) r ... [then when it crashes:] (gdb) bt
Hi Tim, thanks for the quick reply. Still crashing, with this from gdb: Program received signal SIGABRT, Aborted. 0x001c3402 in __kernel_vsyscall () (gdb) bt #0 0x001c3402 in __kernel_vsyscall () #1 0x00bf41f8 in raise () from /lib/libc.so.6 #2 0x00bf5948 in abort () from /lib/libc.so.6 #3 0x00c2952a in __libc_message () from /lib/libc.so.6 #4 0x00c2f424 in _int_free () from /lib/libc.so.6 #5 0x00c2f95f in free () from /lib/libc.so.6 #6 0x00b38669 in operator delete () from /usr/lib/libstdc++.so.6 #7 0x00b386b5 in operator delete[] () from /usr/lib/libstdc++.so.6 #8 0x08048fe4 in rfb::PlainPasswd::replaceBuf (this=0xbfb12408, b=0x0) at ../rfb/util.h:44 #9 0x0804919a in ~PlainPasswd (this=0xbfb12408) at Password.cxx:50 #10 0x08048d0d in main (argc=1, argv=0xbfb124a4) at vncpasswd.cxx:95 #11 0x00be0de6 in __libc_start_main () from /lib/libc.so.6 #12 0x08048a11 in _start () (gdb) I'm not a C++ programmer but that looks like it's trying to free unallocated memory? I've discovered that passwords shorter than 12 characters work fine, so this might be why it worked for you. My password just happened to be exactly 12 characters long. Typical that...
I've had a quick look at the code but I'm still not sure what's going on. There are two PlainPasswd objects (is that the correct term?), one for the password and one for the verification. When the second one is created the first one is somehow being trashed, causing the passwords not to match and then the crash when the corrupted object is being destroyed. It *looks* OK to me, but as I say I'm not a C++ programmer. Could it be a compiler bug?
Fixed: http://www.realvnc.com/pipermail/vnc-list/2005-June/051429.html
*** Bug 169094 has been marked as a duplicate of this bug. ***
*** Bug 172448 has been marked as a duplicate of this bug. ***