Description of problem: I have just updated to libX11-1.0.3-7.fc6 from libX11-1.0.3-6.fc6 and rdesktop has stopped working, giving a Segmentation fault when I log in to the remote system. I have obtained a core dump #0 0x4820a2b2 in XPutImage () from /usr/lib/libX11.so.6 #1 0x0805155c in ui_desktop_restore (offset=0, x=303, y=144, cx=417, cy=263) at xwin.c:3226 #2 0x080633d0 in process_orders (s=0x80b5f20, num_orders=152) at orders.c:375 #3 0x080685f9 in rdp5_process (s=0x80b5f20) at rdp5.c:85 #4 0x08060311 in rdp_recv (type=0xbff77ceb "") at rdp.c:99 #5 0x080608d8 in rdp_loop (deactivated=0xbff78084, ext_disc_reason=0xbff78080) at rdp.c:1378 #6 0x080614ec in rdp_main_loop (deactivated=0xbff78084, ext_disc_reason=0xbff78080) at rdp.c:1363 #7 0x0804d2f5 in main (argc=1, argv=Cannot access memory at address 0x5 ) at rdesktop.c:912 which suggests the problem is in XPutImage.
Thanks for the bug report. We have reviewed the information you have provided above, and there is some additional information we require that will be helpful in our diagnosis of this issue. Please attach your X server config file (/etc/X11/xorg.conf) and X server log file (/var/log/Xorg.*.log) to the bug report as individual uncompressed file attachments using the bugzilla file attachment link below. Could you please also try to run without any /etc/X11/xorg.conf whatsoever and let X11 autodetect your display and video card? Attach to this bug /var/log/Xorg.0.log from this attempt as well, please. We will review this issue again once you've had a chance to attach this information. Thanks in advance.
Created attachment 152285 [details] xorg.conf that triggers the bug Here are the files you asked for. My testing while generating these files indicates that the seg fault occurs when the colour depth is 16-bit, but rdesktop runs successfully when the colour depth is 24-bit. Running without an xorg.conf doesn't work as X isn't started.
Created attachment 152286 [details] Xorg.0.log when the bug is triggered
Created attachment 152287 [details] Xorg.0.log when X is run without an xorg.conf file (fails to start)
Note that the remote desktop being contacted is 16-bit, as the WARNING message WARNING: Remote desktop does not support colour depth 24; falling back to 16 is displayed when rdesktop is run from a 24-bit colour X session.
Can you install libX11-debuginfo and repeat the backtrace from gdb please? Would be good to see exactly what's segfaulting in libX11. Since 1.0.3-7 was a security fix only relative to -6, I rather suspect that this is a bug in rdesktop that's always been there and is only now exposed.
With libX11-debuginfo installed #0 of the above core is now #0 0x4820a2b2 in XPutImage (dpy=0x8f606a0, d=41943045, gc=0x8f73688, image=0x0, req_xoffset=0, req_yoffset=0, x=303, y=144, req_width=417, req_height=263) at PutImage.c:967
As image=0x0 (ie. null pointer), it might be useful to note that the code in rdesktop (xwin.c) leading up to this call to the library is ui_desktop_restore(uint32 offset, int x, int y, int cx, int cy) { XImage *image; uint8 *data; offset *= g_bpp / 8; data = cache_get_desktop(offset, cx, cy, g_bpp / 8); if (data == NULL) return; image = XCreateImage(g_display, g_visual, g_depth, ZPixmap, 0, (char *) data, cx, cy, BitmapPad(g_display), cx * g_bpp / 8); if (g_ownbackstore) { XPutImage(g_display, g_backstore, g_gc, image, 0, 0, x, y, cx, cy);
Happening here too on FC5 after updating to libX11.i386 1.0.0-4.fc5. Core dumps after the colour depth warning. Let me know if you want me to open this as a separate bug against FC5.
The problem may be related to this? http://www.nabble.com/Bug-418098:--PATCH--rdesktop-segfault-with-libx11-6-1.0.3-7-t3560107.html
Looks like it to me. Reassigning to rdesktop.
rdesktop-1.5.0-2.fc6 packages are on it's way as soon as rel-eng gets around to pushing them.
rdesktop-1.5.0-2.fc6 has been pushed for fc6, which should resolve this issue. If these problems are still present in this version, then please make note of it in this bug report.
Will there be any fix for FC5 users?
OK, FC5 is tracked in bug 238580.