508734 – X crashes when 300 virtual devices & IPs exist.

Bug 508734 - X crashes when 300 virtual devices & IPs exist.

Summary: X crashes when 300 virtual devices & IPs exist.

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	xorg-x11-server
Sub Component:
Version:	11
Hardware:	All
OS:	Linux
Priority:	low
Severity:	high
Target Milestone:	---
Assignee:	X/OpenGL Maintenance List
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-06-29 16:54 UTC by Ben Greear
Modified:	2018-04-11 17:00 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-11-06 18:43:00 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Ben Greear 2009-06-29 16:54:15 UTC

Description of problem:

X crashes on startup when 300 or so interfaces with IPs exist,
due to buffer overflow and/or memory corruption.

Version-Release number of selected component (if applicable):

Reproduced on Fedora 8, 10, and 11.  Likely exists elsewhere.


How reproducible:

Every time.


Steps to Reproduce:
1.Create 300 mac-vlans (or any other virtual devices, most likely).  Give
them IP addresses.

2. run 'startx'

3. View crash dump related to XdmcpRegisterConnection buffer overflow
or similar.
  
Actual results:

X will not start, crashes.

Expected results:

It should start normally.

Additional info:

This is fixed upstream, see this link:
http://lists.freedesktop.org/pipermail/xorg-commit/2009-April/020912.html

Please include these patches for all distributions currently supported!

Here is a version of this patch that is verified to fix the problem
on Fedora 8:

[greearb@fc8-64-build SOURCES]$ more xdmcp_ben.patch 
--- a/os/xdmcp.c	2009-06-29 09:07:48.000000000 -0700
+++ b/os/xdmcp.c	2009-06-29 09:12:56.000000000 -0700
@@ -488,6 +488,10 @@
 	    return;
 	}
     }
+
+    if (ConnectionAddresses.length + 1 == 256)
+	return;
+
     newAddress = (CARD8 *) xalloc (addrlen * sizeof (CARD8));
     if (!newAddress)
 	return;

Comment 1 Matěj Cepl 2009-11-05 18:33:25 UTC

Since this bugzilla report was filed, there have been several major updates in various components of the Xorg system, which may have resolved this issue. Users who have experienced this problem are encouraged to upgrade their system to the latest version of their packages. For packages from updates-testing repository you can use command

yum upgrade --enablerepo='*-updates-testing'

Alternatively, you can also try to test whether this bug is reproducible with the upcoming Fedora 12 distribution by downloading LiveMedia of F12 Beta available at http://alt.fedoraproject.org/pub/alt/nightly-composes/ . By using that you get all the latest packages without need to install anything on your computer. For more information on using LiveMedia take a look at https://fedoraproject.org/wiki/FedoraLiveCD .

Please, if you experience this problem on the up-to-date system, let us now in the comment for this bug, or whether the upgraded system works for you.

If you won't be able to reply in one month, I will have to close this bug as INSUFFICIENT_DATA. Thank you.

[This is a bulk message for all open Fedora Rawhide Xorg-related bugs. I'm adding myself to the CC list for each bug, so I'll see any comments you make after this and do my best to make sure every issue gets proper attention.]

Comment 2 Adam Jackson 2009-11-06 18:43:00 UTC

Fixed in F12.

Note You need to log in before you can comment on or make changes to this bug.