Bug 5236 - rdesktop crashes due to memory corruption
Summary: rdesktop crashes due to memory corruption
Status: CLOSED DUPLICATE of bug 5126
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: | rdesktop (deprecated) (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.3.0
Assignee: Henrik Andersson
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-08-29 13:01 CEST by Henrik Andersson
Modified: 2014-09-18 10:44 CEST (History)
0 users

See Also:
Acceptance Criteria:


Attachments

Description Henrik Andersson cendio 2014-08-29 13:01:39 CEST
With the following backtrace...

Executing profile command: ${TLPREFIX}/bin/tl-run-windesk
Connecting to RDP server htlrds03.intern.hoglandet.se...
ERROR:  scard_enum_devices: PCSC service not available
*** glibc detected *** /opt/thinlinc/bin/rdesktop: free(): invalid next size (fast): 0x0000000001dd40a0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x384087da76]
/lib64/libc.so.6[0x384087ed5e]
/opt/thinlinc/bin/rdesktop[0x45064e]
/opt/thinlinc/bin/rdesktop[0x45233e]
/opt/thinlinc/bin/rdesktop[0x433670]
/opt/thinlinc/bin/rdesktop[0x4359d4]
/opt/thinlinc/bin/rdesktop[0x438806]
/opt/thinlinc/bin/rdesktop[0x40d187]
/lib64/libc.so.6(__libc_start_main+0xed)[0x384082169d]
/opt/thinlinc/bin/rdesktop[0x40bca9]
======= Memory map: ========
00400000-00710000 r-xp 00000000 fd:01 2752878                            /opt/thinlinc/bin/rdesktop
00910000-0093d000 rw-p 00310000 fd:01 2752878                            /opt/thinlinc/bin/rdesktop
0093d000-00c6e000 rw-p 00000000 00:00 0 
01d7b000-01e04000 rw-p 00000000 00:00 0                                  [heap]
3840400000-3840422000 r-xp 00000000 fd:01 1179678                        /lib64/ld-2.14.90.so
3840621000-3840622000 r--p 00021000 fd:01 1179678                        /lib64/ld-2.14.90.so
3840622000-3840623000 rw-p 00022000 fd:01 1179678                        /lib64/ld-2.14.90.so
Comment 1 Henrik Andersson cendio 2014-08-29 13:04:46 CEST
Running valgrind on rdesktop identified a issues in cssp.c were rdp_out_unistr() is used on a buffer of X bytes but internally rdp_out_unistr() wants X + 4 bytes buffer allocation.

Fix commited upstream in r1826.
Comment 2 Henrik Andersson cendio 2014-08-29 13:06:05 CEST
(In reply to comment #1)
> Running valgrind on rdesktop identified a issues in cssp.c were
> rdp_out_unistr() is used on a buffer of X bytes but internally rdp_out_unistr()
> wants X + 4 bytes buffer allocation.
> 
> Fix commited upstream in r1826.

Fix brought to ctc in commit 29304.
Comment 3 Henrik Andersson cendio 2014-09-01 09:07:20 CEST
This is a regression in impl. for bug #5126, marking as duplicate.

*** This bug has been marked as a duplicate of bug 5126 ***

Note You need to log in before you can comment on or make changes to this bug.