You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Nick Couchman (Jira)" <ji...@apache.org> on 2023/06/07 13:35:00 UTC
[jira] [Assigned] (GUACAMOLE-1802) Regression: Fix for GUACAMOLE-1717 causes guacd segfault
[ https://issues.apache.org/jira/browse/GUACAMOLE-1802?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nick Couchman reassigned GUACAMOLE-1802:
----------------------------------------
Assignee: Nick Couchman
> Regression: Fix for GUACAMOLE-1717 causes guacd segfault
> --------------------------------------------------------
>
> Key: GUACAMOLE-1802
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1802
> Project: Guacamole
> Issue Type: Bug
> Components: guacd
> Affects Versions: 1.5.2
> Environment: Red Hat Enterprise Linux 8.8, guacd 1.5.2, freerdp 2.2.0
> Reporter: Robert Scheck
> Assignee: Nick Couchman
> Priority: Critical
> Labels: regression, segfault
>
> I'm the RPM package maintainer of {{guacd}} in Fedora and EPEL (for CentOS Stream, RHEL, Rocky Linux etc.). I received a report that since the update of {{guacd}} from 1.5.1 to 1.5.2 {{guacd}} segfaults when connecting via RDP (downgrading to 1.5.1 again works around the issue). The traceback looks like this:
> {noformat}
> (gdb) bt full
> #0 __memset_avx2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:182
> No locals.
> #1 0x00007f2e4ada6749 in memset (__len=164, __ch=0, __dest=0x0) at /usr/include/bits/string_fortified.h:74
> No locals.
> #2 freerdp_image_copy_from_pointer_data (pDstData=0x0, DstFormat=537168008, nDstStep=164, nXDst=0, nYDst=0, nWidth=41, nHeight=39, xorMask=0x7f2e38386b90 "", xorMaskLength=6396,
> andMask=0x7f2e38080a20 "\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\001\377\377\200\377", <incomplete sequence \374>, andMaskLength=234, xorBpp=32, palette=0x7f2e3804bdc8) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/codec/color.c:544
> pDstLine = 0x0
> y = 0
> dstBitsPerPixel = 32
> dstBytesPerPixel = 4
> __FUNCTION__ = "freerdp_image_copy_from_pointer_data"
> #3 0x00007f2e4b067d47 in guac_rdp_pointer_new () from /lib64/libguac-client-rdp.so
> No symbol table info available.
> #4 0x00007f2e4ad1e1c3 in update_pointer_new (pointer_new=0x7f2e3807a610, context=0x7f2e38015780) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/cache/pointer.c:222
> pointer = 0x7f2e38386ad0
> cache = 0x7f2e3804c9d0
> pointer = <optimized out>
> cache = <optimized out>
> #5 update_pointer_new (context=0x7f2e38015780, pointer_new=0x7f2e3807a610) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/cache/pointer.c:198
> pointer = <optimized out>
> cache = <optimized out>
> #6 0x00007f2e4ad78ae4 in fastpath_recv_update (fastpath=fastpath@entry=0x7f2e3802f8e0, updateCode=updateCode@entry=11 '\v', s=0x7f2e38033960) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/fastpath.c:467
> pointer_new = 0x7f2e3807a610
> rc = 0
> status = 0
> update = <optimized out>
> context = 0x7f2e38015780
> pointer = 0x7f2e3802d690
> __FUNCTION__ = "fastpath_recv_update"
> _log_cached_ptr = <optimized out>
> #7 0x00007f2e4ad79097 in fastpath_recv_update_data (s=0x7f2e38384200, fastpath=0x7f2e3802f8e0) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/fastpath.c:575
> size = 1361
> status = 0
> compression = <optimized out>
> compressionFlags = <optimized out>
> transport = 0x7f2e380271f0
> rdp = <optimized out>
> bulkStatus = <optimized out>
> updateCode = 11 '\v'
> fragmentation = 0 '\000'
> DstSize = 6646
> pDstData = 0x7f2e3f1c7030 " "
> status = <optimized out>
> size = <optimized out>
> rdp = <optimized out>
> bulkStatus = <optimized out>
> updateCode = <optimized out>
> fragmentation = <optimized out>
> compression = <optimized out>
> compressionFlags = <optimized out>
> DstSize = <optimized out>
> pDstData = <optimized out>
> transport = <optimized out>
> __FUNCTION__ = "fastpath_recv_update_data"
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> totalSize = <optimized out>
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> #8 fastpath_recv_updates (fastpath=0x7f2e3802f8e0, s=s@entry=0x7f2e38384200) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/fastpath.c:659
> rc = -2
> update = 0x7f2e3802d2c0
> __FUNCTION__ = "fastpath_recv_updates"
> #9 0x00007f2e4ad724e2 in rdp_recv_fastpath_pdu (s=0x7f2e38384200, rdp=0x7f2e3801a850) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1462
> length = 1365
> fastpath = 0x7f2e3802f8e0
> length = <optimized out>
> fastpath = <optimized out>
> __FUNCTION__ = "rdp_recv_fastpath_pdu"
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> flags = <optimized out>
> _log_cached_ptr = 0x0
> #10 rdp_recv_pdu (rdp=rdp@entry=0x7f2e3801a850, s=s@entry=0x7f2e38384200) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1470
> No locals.
> #11 0x00007f2e4ad72fb3 in rdp_recv_callback (transport=<optimized out>, s=0x7f2e38384200, extra=0x7f2e3801a850) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1647
> status = 0
> rdp = 0x7f2e3801a850
> __FUNCTION__ = "rdp_recv_callback"
> #12 0x00007f2e4ad7cfa4 in transport_check_fds (transport=transport@entry=0x7f2e380271f0) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/transport.c:1062
> status = 1368
> recv_status = <optimized out>
> received = 0x7f2e38384200
> now = <optimized out>
> dueDate = 454091
> __FUNCTION__ = "transport_check_fds"
> #13 0x00007f2e4ad73a57 in rdp_check_fds (rdp=0x7f2e3801a850) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1707
> status = <optimized out>
> transport = 0x7f2e380271f0
> __FUNCTION__ = "rdp_check_fds"
> #14 0x00007f2e4ad5b1c1 in freerdp_check_fds (instance=0x7f2e380154f0) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/freerdp.c:333
> status = <optimized out>
> rdp = <optimized out>
> __FUNCTION__ = "freerdp_check_fds"
> #15 0x00007f2e4ad5c226 in freerdp_check_event_handles (context=0x7f2e38015780) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/freerdp.c:381
> status = <optimized out>
> __FUNCTION__ = "freerdp_check_event_handles"
> #16 0x00007f2e4b06948d in guac_rdp_client_thread () from /lib64/libguac-client-rdp.so
> No symbol table info available.
> #17 0x00007f2e4f4731ca in start_thread (arg=<optimized out>) at pthread_create.c:479
> ret = <optimized out>
> pd = <optimized out>
> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139836629378816, -991114267329111259, 139836637768638, 139836637768639, 0, 139836629376512, 892376756324326181, 892350843852217125}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0,
> cleanup = 0x0, canceltype = 0}}}
> not_first_call = <optimized out>
> #18 0x00007f2e4de0ee73 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
> No locals.
> (gdb)
> {noformat}
> {{freerdp_image_copy_from_pointer_data()}} leads me back to [commit 23e42fb6|https://github.com/apache/guacamole-server/commit/23e42fb6c5a5d58f82d9a91dc58036178896ba16] which leads me to [GUACAMOLE-1717|https://issues.apache.org/jira/browse/GUACAMOLE-1717].
> Reverting the commit mentioned above in a test build avoids the segfault, which makes this IMHO a regression.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)