Bug 508734 - X crashes when 300 virtual devices & IPs exist.
X crashes when 300 virtual devices & IPs exist.
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: xorg-x11-server (Show other bugs)
11
All Linux
low Severity high
: ---
: ---
Assigned To: X/OpenGL Maintenance List
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-06-29 12:54 EDT by Ben Greear
Modified: 2009-11-06 13:43 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-11-06 13:43:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ben Greear 2009-06-29 12:54:15 EDT
Description of problem:

X crashes on startup when 300 or so interfaces with IPs exist,
due to buffer overflow and/or memory corruption.

Version-Release number of selected component (if applicable):

Reproduced on Fedora 8, 10, and 11.  Likely exists elsewhere.


How reproducible:

Every time.


Steps to Reproduce:
1.Create 300 mac-vlans (or any other virtual devices, most likely).  Give
them IP addresses.

2. run 'startx'

3. View crash dump related to XdmcpRegisterConnection buffer overflow
or similar.
  
Actual results:

X will not start, crashes.

Expected results:

It should start normally.

Additional info:

This is fixed upstream, see this link:
http://lists.freedesktop.org/pipermail/xorg-commit/2009-April/020912.html

Please include these patches for all distributions currently supported!

Here is a version of this patch that is verified to fix the problem
on Fedora 8:

[greearb@fc8-64-build SOURCES]$ more xdmcp_ben.patch 
--- a/os/xdmcp.c	2009-06-29 09:07:48.000000000 -0700
+++ b/os/xdmcp.c	2009-06-29 09:12:56.000000000 -0700
@@ -488,6 +488,10 @@
 	    return;
 	}
     }
+
+    if (ConnectionAddresses.length + 1 == 256)
+	return;
+
     newAddress = (CARD8 *) xalloc (addrlen * sizeof (CARD8));
     if (!newAddress)
 	return;
Comment 1 Matěj Cepl 2009-11-05 13:33:25 EST
Since this bugzilla report was filed, there have been several major updates in various components of the Xorg system, which may have resolved this issue. Users who have experienced this problem are encouraged to upgrade their system to the latest version of their packages. For packages from updates-testing repository you can use command

yum upgrade --enablerepo='*-updates-testing'

Alternatively, you can also try to test whether this bug is reproducible with the upcoming Fedora 12 distribution by downloading LiveMedia of F12 Beta available at http://alt.fedoraproject.org/pub/alt/nightly-composes/ . By using that you get all the latest packages without need to install anything on your computer. For more information on using LiveMedia take a look at https://fedoraproject.org/wiki/FedoraLiveCD .

Please, if you experience this problem on the up-to-date system, let us now in the comment for this bug, or whether the upgraded system works for you.

If you won't be able to reply in one month, I will have to close this bug as INSUFFICIENT_DATA. Thank you.

[This is a bulk message for all open Fedora Rawhide Xorg-related bugs. I'm adding myself to the CC list for each bug, so I'll see any comments you make after this and do my best to make sure every issue gets proper attention.]
Comment 2 Adam Jackson 2009-11-06 13:43:00 EST
Fixed in F12.

Note You need to log in before you can comment on or make changes to this bug.