You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2020/01/21 19:24:00 UTC
[jira] [Updated] (GUACAMOLE-935) Double-free within RDP bitmap free
on Ubuntu 18.04
[ https://issues.apache.org/jira/browse/GUACAMOLE-935?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mike Jumper updated GUACAMOLE-935:
----------------------------------
Description:
When built against the version of FreeRDP 2.0.0 packaged with Ubuntu 18.04 ({{2.0.0-rc0}}), a double-free occurs which prevents RDP connections from functioning:
{code:none}
guacd[17706]: INFO: Guacamole proxy daemon (guacd) version 1.1.0 started
guacd[17706]: INFO: Listening on host 127.0.0.1, port 4822
guacd[17706]: INFO: Creating new client for protocol "rdp"
guacd[17706]: INFO: Connection ID is "$b588ef8c-917d-4a26-ab09-1b881172d0ef"
guacd[17711]: INFO: No security mode specified. Defaulting to security mode negotiation with server.
guacd[17711]: INFO: Resize method: none
guacd[17711]: INFO: User "@192fcd59-6c7e-44c9-b744-3f0d21af1260" joined connection "$b588ef8c-917d-4a26-ab09-1b881172d0ef" (1 users now present)
guacd[17711]: INFO: Loading keymap "base"
guacd[17711]: INFO: Loading keymap "en-us-qwerty"
double free or corruption (out)
{code}
According to gdb, this occurs within {{Bitmap_Free()}}:
{code:none}
#0 0x00007ffff7360e97 in __GI_raise (sig=sig@entry=6)
at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff7362801 in __GI_abort () at abort.c:79
#2 0x00007ffff73ab897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff74d8b9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff73b290a in malloc_printerr (str=str@entry=0x7ffff74da870 "double free or corruption (out)") at malloc.c:5350
#4 0x00007ffff73b9e75 in _int_free (have_lock=0, p=0x7fffd80b9200, av=0x7ffff770dc40 <main_arena>) at malloc.c:4278
#5 0x00007ffff73b9e75 in __GI___libc_free (mem=0x7fffd80b9210)
at malloc.c:3124
#6 0x00007ffff27c3c86 in _aligned_free (memblock=0x7fffd80b9230)
at /home/ubuntu/FreeRDP/winpr/libwinpr/crt/alignment.c:213
#7 0x00007ffff2d78d6f in Bitmap_Free (context=0x7fffd8019560, bitmap=0x7fffd8080a80) at /home/ubuntu/FreeRDP/libfreerdp/core/graphics.c:64
#8 0x00007ffff2d2bc82 in gdi_bitmap_update (context=0x7fffd8019560, bitmapUpdate=0x7fffd8032360) at /home/ubuntu/FreeRDP/libfreerdp/gdi/gdi.c:490
#9 0x00007ffff2d9c292 in fastpath_recv_update_common (fastpath=0x7fffd8032cd0, s=0x7fffd80a5fe0) at /home/ubuntu/FreeRDP/libfreerdp/core/fastpath.c:309
#10 0x00007ffff2d9c490 in fastpath_recv_update (fastpath=0x7fffd8032cd0, updateCode=1 '\001', size=2336, s=0x7fffd80a5fe0)
at /home/ubuntu/FreeRDP/libfreerdp/core/fastpath.c:367
...
{code}
was:
When built against the version of FreeRDP 2.0.0 packaged with Ubuntu 18.04 (commit ), a double-free occurs which prevents RDP connections from functioning:
{code:none}
guacd[17706]: INFO: Guacamole proxy daemon (guacd) version 1.1.0 started
guacd[17706]: INFO: Listening on host 127.0.0.1, port 4822
guacd[17706]: INFO: Creating new client for protocol "rdp"
guacd[17706]: INFO: Connection ID is "$b588ef8c-917d-4a26-ab09-1b881172d0ef"
guacd[17711]: INFO: No security mode specified. Defaulting to security mode negotiation with server.
guacd[17711]: INFO: Resize method: none
guacd[17711]: INFO: User "@192fcd59-6c7e-44c9-b744-3f0d21af1260" joined connection "$b588ef8c-917d-4a26-ab09-1b881172d0ef" (1 users now present)
guacd[17711]: INFO: Loading keymap "base"
guacd[17711]: INFO: Loading keymap "en-us-qwerty"
double free or corruption (out)
{code}
According to gdb, this occurs within {{Bitmap_Free()}}:
{code:none}
#0 0x00007ffff7360e97 in __GI_raise (sig=sig@entry=6)
at ../sysdeps/unix/sysv/linux/raise.c:51
#1 0x00007ffff7362801 in __GI_abort () at abort.c:79
#2 0x00007ffff73ab897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff74d8b9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181
#3 0x00007ffff73b290a in malloc_printerr (str=str@entry=0x7ffff74da870 "double free or corruption (out)") at malloc.c:5350
#4 0x00007ffff73b9e75 in _int_free (have_lock=0, p=0x7fffd80b9200, av=0x7ffff770dc40 <main_arena>) at malloc.c:4278
#5 0x00007ffff73b9e75 in __GI___libc_free (mem=0x7fffd80b9210)
at malloc.c:3124
#6 0x00007ffff27c3c86 in _aligned_free (memblock=0x7fffd80b9230)
at /home/ubuntu/FreeRDP/winpr/libwinpr/crt/alignment.c:213
#7 0x00007ffff2d78d6f in Bitmap_Free (context=0x7fffd8019560, bitmap=0x7fffd8080a80) at /home/ubuntu/FreeRDP/libfreerdp/core/graphics.c:64
#8 0x00007ffff2d2bc82 in gdi_bitmap_update (context=0x7fffd8019560, bitmapUpdate=0x7fffd8032360) at /home/ubuntu/FreeRDP/libfreerdp/gdi/gdi.c:490
#9 0x00007ffff2d9c292 in fastpath_recv_update_common (fastpath=0x7fffd8032cd0, s=0x7fffd80a5fe0) at /home/ubuntu/FreeRDP/libfreerdp/core/fastpath.c:309
#10 0x00007ffff2d9c490 in fastpath_recv_update (fastpath=0x7fffd8032cd0, updateCode=1 '\001', size=2336, s=0x7fffd80a5fe0)
at /home/ubuntu/FreeRDP/libfreerdp/core/fastpath.c:367
...
{code}
> Double-free within RDP bitmap free on Ubuntu 18.04
> --------------------------------------------------
>
> Key: GUACAMOLE-935
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-935
> Project: Guacamole
> Issue Type: Bug
> Components: RDP
> Affects Versions: 1.1.0
> Reporter: Mike Jumper
> Priority: Major
> Fix For: 1.1.0
>
>
> When built against the version of FreeRDP 2.0.0 packaged with Ubuntu 18.04 ({{2.0.0-rc0}}), a double-free occurs which prevents RDP connections from functioning:
> {code:none}
> guacd[17706]: INFO: Guacamole proxy daemon (guacd) version 1.1.0 started
> guacd[17706]: INFO: Listening on host 127.0.0.1, port 4822
> guacd[17706]: INFO: Creating new client for protocol "rdp"
> guacd[17706]: INFO: Connection ID is "$b588ef8c-917d-4a26-ab09-1b881172d0ef"
> guacd[17711]: INFO: No security mode specified. Defaulting to security mode negotiation with server.
> guacd[17711]: INFO: Resize method: none
> guacd[17711]: INFO: User "@192fcd59-6c7e-44c9-b744-3f0d21af1260" joined connection "$b588ef8c-917d-4a26-ab09-1b881172d0ef" (1 users now present)
> guacd[17711]: INFO: Loading keymap "base"
> guacd[17711]: INFO: Loading keymap "en-us-qwerty"
> double free or corruption (out)
> {code}
> According to gdb, this occurs within {{Bitmap_Free()}}:
> {code:none}
> #0 0x00007ffff7360e97 in __GI_raise (sig=sig@entry=6)
> at ../sysdeps/unix/sysv/linux/raise.c:51
> #1 0x00007ffff7362801 in __GI_abort () at abort.c:79
> #2 0x00007ffff73ab897 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff74d8b9a "%s\n") at ../sysdeps/posix/libc_fatal.c:181
> #3 0x00007ffff73b290a in malloc_printerr (str=str@entry=0x7ffff74da870 "double free or corruption (out)") at malloc.c:5350
> #4 0x00007ffff73b9e75 in _int_free (have_lock=0, p=0x7fffd80b9200, av=0x7ffff770dc40 <main_arena>) at malloc.c:4278
> #5 0x00007ffff73b9e75 in __GI___libc_free (mem=0x7fffd80b9210)
> at malloc.c:3124
> #6 0x00007ffff27c3c86 in _aligned_free (memblock=0x7fffd80b9230)
> at /home/ubuntu/FreeRDP/winpr/libwinpr/crt/alignment.c:213
> #7 0x00007ffff2d78d6f in Bitmap_Free (context=0x7fffd8019560, bitmap=0x7fffd8080a80) at /home/ubuntu/FreeRDP/libfreerdp/core/graphics.c:64
> #8 0x00007ffff2d2bc82 in gdi_bitmap_update (context=0x7fffd8019560, bitmapUpdate=0x7fffd8032360) at /home/ubuntu/FreeRDP/libfreerdp/gdi/gdi.c:490
> #9 0x00007ffff2d9c292 in fastpath_recv_update_common (fastpath=0x7fffd8032cd0, s=0x7fffd80a5fe0) at /home/ubuntu/FreeRDP/libfreerdp/core/fastpath.c:309
> #10 0x00007ffff2d9c490 in fastpath_recv_update (fastpath=0x7fffd8032cd0, updateCode=1 '\001', size=2336, s=0x7fffd80a5fe0)
> at /home/ubuntu/FreeRDP/libfreerdp/core/fastpath.c:367
> ...
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)