Description of problem: virt-viewer crashed when connect to a spice guest with incorrect graphic password. Version-Release number of selected component (if applicable): virt-viewer-0.5.2-14.el6.x86_64 spice-gtk-0.14-3.el6.x86_64 spice-server-0.12.0-1.el6.x86_64 spice-vdagent-0.8.1-3.el6.x86_64 spice-gtk-python-0.14-3.el6.x86_64 spice-glib-0.14-3.el6.x86_64 How reproducible: 100% Steps to Reproduce: 1. Have a spice+qxl guest with graphic password 2. Run virt-viewer $guestname --debug 3. Input a wrong password and press OK. 4. Input the right password and paress OK. Actual results: 1. After step 4, virt-viewer crashed and closed. Expected results: 1. After step 4, virt-viewer stayed alive and connect to the guest Additional info: 1. This bug cannot be reproduced by virt-viewer-0.5.2-13.el6.x86_64 2. Following is the debug info and backtrace. [root@KP-T1 ~]# virt-viewer T1 --debug ** (virt-viewer:10077): DEBUG: Insert window 0 0x13690c0 ** (virt-viewer:10077): DEBUG: fullscreen display 0: 0 ** (virt-viewer:10077): DEBUG: fullscreen display 0: 0 ** (virt-viewer:10077): DEBUG: Opening connection to libvirt with URI <null> ** (virt-viewer:10077): DEBUG: Add handle 7 1 0x13ca100 ** (virt-viewer:10077): DEBUG: notebook show status 0x13681e0 ** (virt-viewer:10077): DEBUG: notebook show status 0x13681e0 ** (virt-viewer:10077): DEBUG: Guest T1 is running, determining display ** (virt-viewer:10077): DEBUG: Set connect info: (null),(null),(null),-1,(null),(null),(null),0 ** (virt-viewer:10077): DEBUG: Guest T1 has a spice display ** (virt-viewer:10077): DEBUG: Guest graphics address is 0.0.0.0:5900 ** (virt-viewer:10077): DEBUG: Guest graphics listen '0.0.0.0' is NULL or a wildcard, replacing with 'localhost' ** (virt-viewer:10077): DEBUG: Set connect info: localhost,localhost,5900,-1,(null),(null),(null),0 ** (virt-viewer:10077): DEBUG: Error operation virDomainOpenGraphics forbidden for read only access ** (virt-viewer:10077): DEBUG: After open connection callback fd=-1 ** (virt-viewer:10077): DEBUG: Opening direct TCP connection to display at localhost:5900:-1 ** (virt-viewer:10077): DEBUG: New spice channel 0x13ee930 SpiceMainChannel 0 ** (virt-viewer:10077): DEBUG: Checking full screen auto-conf ** (virt-viewer:10077): DEBUG: notebook show status 0x13681e0 ** (virt-viewer:10077): DEBUG: notebook show status 0x13681e0 ** (virt-viewer:10077): DEBUG: Add timeout 0x13edc70 -1 0x7f5b3df13990 0x13ca8c0 1 ** (virt-viewer:10077): DEBUG: main channel: auth failure (wrong password?) ** (virt-viewer:10077): DEBUG: New spice channel 0x15210e0 SpiceMainChannel 0 ** (virt-viewer:10077): DEBUG: Checking full screen auto-conf ** (virt-viewer:10077): DEBUG: notebook show status 0x13681e0 ** (virt-viewer:10077): DEBUG: Destroy SPICE channel SpiceMainChannel 0 ** (virt-viewer:10077): DEBUG: zap main channel ** (virt-viewer:10077): DEBUG: main channel: auth failure (wrong password?) ** (virt-viewer:10077): DEBUG: New spice channel 0x1521ca0 SpiceMainChannel 0 ** (virt-viewer:10077): DEBUG: Checking full screen auto-conf ** (virt-viewer:10077): DEBUG: notebook show status 0x13681e0 ** (virt-viewer:10077): DEBUG: Destroy SPICE channel SpiceMainChannel 0 ** (virt-viewer:10077): DEBUG: zap main channel *** glibc detected *** virt-viewer: free(): invalid pointer: 0x000000000151d510 *** ======= Backtrace: ========= /lib64/libc.so.6[0x395dc75366] /lib64/libglib-2.0.so.0(g_array_free+0x7a)[0x3d4c813dda] /usr/lib64/libspice-client-glib-2.0.so.8[0x3dfc41aa40] /lib64/libgobject-2.0.so.0(g_object_unref+0x15f)[0x3d4d40dacf] /usr/lib64/libspice-client-glib-2.0.so.8[0x3dfc41957d] /lib64/libglib-2.0.so.0(g_main_context_dispatch+0x22e)[0x3d4c838f0e] /lib64/libglib-2.0.so.0[0x3d4c83c938] /lib64/libglib-2.0.so.0(g_main_loop_run+0x195)[0x3d4c83cd55] /usr/lib64/libgtk-x11-2.0.so.0(gtk_main+0xa7)[0x3d4fd4c307] virt-viewer(main+0x6fa)[0x41df5a] /lib64/libc.so.6(__libc_start_main+0xfd)[0x395dc1ecdd] virt-viewer[0x40b999] ======= Memory map: ======== 00400000-00428000 r-xp 00000000 08:03 407485 /usr/bin/virt-viewer 00627000-00629000 rw-p 00027000 08:03 407485 /usr/bin/virt-viewer 012f2000-01811000 rw-p 00000000 00:00 0 [heap] 3162800000-3162840000 r-xp 00000000 08:03 417075 /usr/lib64/libibus.so.2.0.0 3162840000-3162a40000 ---p 00040000 08:03 417075 /usr/lib64/libibus.so.2.0.0 3162a40000-3162a42000 rw-p 00040000 08:03 417075 /usr/lib64/libibus.so.2.0.0 3162a42000-3162a43000 rw-p 00000000 00:00 0 3162c00000-3162c17000 r-xp 00000000 08:03 400425 /usr/lib64/libgvfscommon.so.0.0.0 3162c17000-3162e16000 ---p 00017000 08:03 400425 /usr/lib64/libgvfscommon.so.0.0.0 3162e16000-3162e17000 rw-p 00016000 08:03 400425 /usr/lib64/libgvfscommon.so.0.0.0 3164800000-3164804000 r-xp 00000000 08:03 417856 /usr/lib64/libcanberra-gtk.so.0.1.5 3164804000-3164a03000 ---p 00004000 08:03 417856 /usr/lib64/libcanberra-gtk.so.0.1.5 3164a03000-3164a04000 rw-p 00003000 08:03 417856 /usr/lib64/libcanberra-gtk.so.0.1.5 395d400000-395d420000 r-xp 00000000 08:03 664415 /lib64/ld-2.12.so 395d61f000-395d620000 r--p 0001f000 08:03 664415 /lib64/ld-2.12.so 395d620000-395d621000 rw-p 00020000 08:03 664415 /lib64/ld-2.12.so 395d621000-395d622000 rw-p 00000000 00:00 0 395d800000-395d802000 r-xp 00000000 08:03 664420 /lib64/libdl-2.12.so 395d802000-395da02000 ---p 00002000 08:03 664420 /lib64/libdl-2.12.so 395da02000-395da03000 r--p 00002000 08:03 664420 /lib64/libdl-2.12.so 395da03000-395da04000 rw-p 00003000 08:03 664420 /lib64/libdl-2.12.so 395dc00000-395dd89000 r-xp 00000000 08:03 664416 /lib64/libc-2.12.so 395dd89000-395df88000 ---p 00189000 08:03 664416 /lib64/libc-2.12.so 395df88000-395df8c000 r--p 00188000 08:03 664416 /lib64/libc-2.12.so 395df8c000-395df8d000 rw-p 0018c000 08:03 664416 /lib64/libc-2.12.so 395df8d000-395df92000 rw-p 00000000 00:00 0 395e000000-395e017000 r-xp 00000000 08:03 664427 /lib64/libpthread-2.12.so 395e017000-395e217000 ---p 00017000 08:03 664427 /lib64/libpthread-2.12.so 395e217000-395e218000 r--p 00017000 08:03 664427 /lib64/libpthread-2.12.so 395e218000-395e219000 rw-p 00018000 08:03 664427 /lib64/libpthread-2.12.so 395e219000-395e21d000 rw-p 00000000 00:00 0 395e400000-395e407000 r-xp 00000000 08:03 664428 /lib64/librt-2.12.so 395e407000-395e606000 ---p 00007000 08:03 664428 /lib64/librt-2.12.so 395e606000-395e607000 r--p 00006000 08:03 664428 /lib64/librt-2.12.so 395e607000-395e608000 rw-p 00007000 08:03 664428 /lib64/librt-2.12.so 395e800000-395e883000 r-xp 00000000 08:03 664417 /lib64/libm-2.12.so 395e883000-395ea82000 ---p 00083000 08:03 664417 /lib64/libm-2.12.so 395ea82000-395ea83000 r--p 00082000 08:03 664417 /lib64/libm-2.12.so 395ea83000-395ea84000 rw-p 00083000 08:03 664417 /lib64/libm-2.12.so 395f000000-395f015000 r-xp 00000000 08:03 664419 /lib64/libz.so.1.2.3 395f015000-395f214000 ---p 00015000 08:03 664419 /lib64/libz.so.1.2.3 395f214000-395f215000 r--p 00014000 08:03 664419 /lib64/libz.so.1.2.3 395f215000-395f216000 rw-p 00015000 08:03 664419 /lib64/libz.so.1.2.3 395f400000-395f41d000 r-xp 00000000 08:03 664425 /lib64/libselinux.so.1 395f41d000-395f61c000 ---p 0001d000 08:03 664425 /lib64/libselinux.so.1 395f61c000-395f61d000 r--p 0001c000 08:03 664425 /lib64/libselinux.so.1 395f61d000-395f61e000 rw-p 0001d000 08:03 664425 /lib64/libselinux.so.1 395f61e000-395f61f000 rw-p 00000000 00:00 0 395f800000-395f83f000 r-xp 00000000 08:03 664439 /lib64/libdbus-1.so.3.4.0 395f83f000-395fa3f000 ---p 0003f000 08:03 664439 /lib64/libdbus-1.so.3.4.0 395fa3f000-395fa40000 r--p 0003f000 08:03 664439 /lib64/libdbus-1.so.3.4.0 395fa40000-395fa41000 rw-p 00040000 08:03 664439 /lib64/libdbus-1.so.3.4.0 395fc00000-395fc16000 r-xp 00000000 08:03 664424 /lib64/libresolv-2.12.so 395fc16000-395fe16000 ---p 00016000 08:03 664424 /lib64/libresolv-2.12.so 395fe16000-395fe17000 r--p 00016000 08:03 664424 /lib64/libresolv-2.12.so 395fe17000-395fe18000 rw-p 00017000 08:03 664424 /lib64/libresolv-2.12.so 395fe18000-395fe1a000 rw-p 00000000 00:00 0 3961800000-3961802000 r-xp 00000000 08:03 416984 /usr/lib64/libXau.so.6.0.0 3961802000-3961a02000 ---p 00002000 08:03 416984 /usr/lib64/libXau.so.6.0.0 3961a02000-3961a03000 rw-p 00002000 08:03 416984 /usr/lib64/libXau.so.6.0.0 3961c00000-3961c34000 r-xp 00000000 08:03 664468 /lib64/libdevmapper.so.1.02 3961c34000-3961e34000 ---p 00034000 08:03 664468 /lib64/libdevmapper.so.1.02 3961e34000-3961e37000 rw-p 00034000 08:03 664468 /lib64/libdevmapper.so.1.02 3961e37000-3961e38000 rw-p 00000000 00:00 0 3962800000-3962898000 r-xp 00000000 08:03 404960 /usr/lib64/libfreetype.so.6.3.22Aborted (core dumped)
Patch 34 "Don-t-leak-SPICE-ticket.patch" should not be there as it is wrong and reverted upstream by http://git.fedorahosted.org/cgit/virt-viewer.git/commit/?id=a4e588e3eacf4e5590ff98171a495f8fa0e37375
Verified pass on the following build: virt-viewer-0.5.2-16.el6 Reproduced steps: Same as Comment 0 Actual result: virt-viewer can connect to guest after inputting correct password and stayed operational. So mark this bug as VERIFIED.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0361.html