www.cendio.com
Bug 7242 - crash with massive session size
: crash with massive session size
Status: CLOSED FIXED
: ThinLinc
VNC
: 1.3.1
: PC Unknown
: P2 Normal
: 4.10.0
Assigned To:
:
:
: 7158
:
  Show dependency treegraph
 
Reported: 2018-08-27 16:41 by
Modified: 2018-09-18 20:09 (History)
Acceptance Criteria:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2018-08-27 16:41:04
When connecting to a very large session the client can crash with:

Thread 2 "vncviewer" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb5b4c410 (LWP 4400)]
0xb690f724 in memcpy () from /usr/lib/libc.so.6
(gdb) bt
#0  0xb690f724 in memcpy () from /usr/lib/libc.so.6
#1  0x2a035074 in rfb::ModifiablePixelBuffer::fillRect(rfb::Rect const&, void
const*) ()
#2  0x2a0357b4 in rfb::ModifiablePixelBuffer::fillRect(rfb::PixelFormat const&,
rfb::Rect const&, void const*) ()
#3  0x2a03d7cc in rfb::TightDecoder::decodeRect(rfb::Rect const&, void const*,
unsigned int, rfb::ConnParams const&, rfb::ModifiablePixelBuffer*) ()
#4  0x2a031b30 in rfb::DecodeManager::DecodeThread::worker() ()
#5  0x2a04a868 in os::Thread::startRoutine(void*) ()
#6  0xb6d00f08 in start_thread () from /usr/lib/libpthread.so.0
#7  0xb696b938 in ?? () from /usr/lib/libc.so.6

Upstream report here:

https://github.com/TigerVNC/tigervnc/issues/645

Fix here:

https://github.com/TigerVNC/tigervnc/commit/f81148c43a25d4c69e635b6ad13eab674b473aca
------- Comment #1 From cendio 2018-09-17 14:34:28 -------
Should be fixed now with new vendor drop of TigerVNC.
------- Comment #3 From cendio 2018-09-17 14:47:53 -------
I'm seeing crashes with both the server and client when using 4.9.0. But both
work fine when using trunk.