Menu
▾
▴
[rdesktop-devel] [ rdesktop-Bugs-1967935 ] segfault using 1.6.0 with seamlessrdp
|
From: SourceForge.net <no...@so...> - 2008-09-23 15:55:43
|
Bugs item #1967935, was opened at 2008-05-20 13:01 Message generated for change (Comment added) made by nobody You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=381347&aid=1967935&group_id=24366 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Internals Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Nobody/Anonymous (nobody) Assigned to: Nobody/Anonymous (nobody) Summary: segfault using 1.6.0 with seamlessrdp Initial Comment: I'm using rdesktop 1.6.0 with seamlessrdp to a remote windows box. I'm running rdesktop on Fedora 8 x86_64 with the latest updates. Rdesktop crashes out with a segfault at line 470 in ewmhints.c. It looks as though the WM is not giving an icon to update. This means that icon[0] = width causes a segfault. Dump from gdb: Program terminated with signal 11, Segmentation fault. #0 ewmh_set_icon (wnd=33554776, width=16, height=16, rgba_data=0xa7f910 "") at ewmhints.c:470 470 icon[0] = width; (gdb) where #0 ewmh_set_icon (wnd=33554776, width=16, height=16, rgba_data=0xa7f910 "") at ewmhints.c:470 #1 0x00000000004087a3 in ui_seamless_seticon (id=65998, format=0xa7a9b9 "RGBA", width=16, height=16, chunk=<value optimized out>, data=0x7cbb80 "MMbtQ^\202q;i \232\212\006\235\021v\231", chunk_len=224) at xwin.c:3899 #2 0x000000000042d1aa in seamless_line_handler ( line=0xa7e9e0 "SETICON,551,0x000101ce,2,RGBA,16,16,4db44dff627451ff5e8271ff3ba969ff209a8aff06ac9dff117699ff", '0' <repeats 17 times>, "a7066ff0f5a6dff235d6dff3a636dff45664dff37aa1dff3fd34fff40c752ff557461ff53697bff377984ff1770"..., data=<value optimized out>) at seamless.c:177 #3 0x00000000004066ac in str_handle_lines (input=<value optimized out>, rest=0x7cbb60, linehandler=0x42ce30 <seamless_line_handler>, data=0x0) at rdesktop.c:1344 #4 0x000000000042cdb1 in seamless_process (s=0x6bb9a0) at seamless.c:388 #5 0x000000000041a19a in sec_recv (rdpver=0x7fff8f5bd5df "\003&\\\217\177") at secure.c:828 #6 0x000000000041ba61 in rdp_recv (type=0x7fff8f5c25df "") at rdp.c:89 #7 0x000000000041c0bd in rdp_loop (deactivated=0x7fff8f5c26ac, ext_disc_reason=0x7fff8f5c26a8) at rdp.c:1411 #8 0x000000000041cd5b in rdp_main_loop (deactivated=0x7fff8f5c26ac, ext_disc_reason=0x7fff8f5c26a8) at rdp.c:1396 ---------------------------------------------------------------------- Comment By: Nobody/Anonymous (nobody) Date: 2008-09-23 15:55 Message: I can confirm similar problem with both rdesktop 1.5.0 (from my ubuntu distro) and 1.6.0 (compiled by me). Ubuntu 8.04, x86_64 architecture, using this command: rdesktop -A -s "c:\seamlessrdp\seamlessrdpshell.exe C:\windows\system32\notepad.exe" <ip>:3389 -u <user> -p <pass> On the first attempt it segfaults. On the second attempt it works (in seamless mode). But when I close the window, rdesktop doesn't exit, so I have to Control-C it. On the third and later it is not in seamless mode anymore (I have to logout and log back in for everything to work again). ---------------------------------------------------------------------- Comment By: TRK (ribenakid) Date: 2008-09-10 12:29 Message: There's another problem in the ewmh_del_icon function that I've recently come across too. When closing a Windows Explorer window rdesktop would crash because of bad parameters being passed to memcpy(). Lines 515 & 523 need changing to cope with corrupted data, and I noticed line 524 needs changing to correct the pointer arithmetic for the delete. @@ -512,7 +512,7 @@ i += 2 + cur_set[i] * cur_set[i + 1]; } - if (i == nitems) + if (i >= nitems) goto out; icon_size = width * height + 2; @@ -520,8 +520,8 @@ if (i != 0) memcpy(new_set, cur_set, i * 4); - if (i != nitems - icon_size) - memcpy(new_set + i * 4, cur_set + i * 4 + icon_size, nitems - icon_size); + if (i < nitems - icon_size) + memcpy(new_set + i, cur_set + i + icon_size, (nitems - (i + icon_size))*4); nitems -= icon_size; ---------------------------------------------------------------------- Comment By: Tris (asto) Date: 2008-09-09 05:04 Message: confirm similar problem with identical fix under xfce+emerald+compiz ---------------------------------------------------------------------- Comment By: TRK (ribenakid) Date: 2008-05-20 14:09 Message: Logged In: YES user_id=2092794 Originator: NO After a little more investigation with gdb I've found that the metacity WM appears to be returning a property block for _NET_WM_ICON that has the height set to 0. Changing line 453 in ewmhints.c from "if (i != nitems)" to "if (i < nitems)" catches the corruption and stops it using an invalid icon pointer. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=381347&aid=1967935&group_id=24366 |