Bug 7242 - crash with massive session size
Summary: crash with massive session size
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: VNC (show other bugs)
Version: 1.3.1
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.10.0
Assignee: Pierre Ossman
Keywords: ossman_tester, relnotes, upstream
Depends on: 7158
  Show dependency treegraph
Reported: 2018-08-27 16:41 CEST by Pierre Ossman
Modified: 2018-09-18 20:09 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:


Description Pierre Ossman cendio 2018-08-27 16:41:04 CEST
When connecting to a very large session the client can crash with:

Thread 2 "vncviewer" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0xb5b4c410 (LWP 4400)]
0xb690f724 in memcpy () from /usr/lib/libc.so.6
(gdb) bt
#0  0xb690f724 in memcpy () from /usr/lib/libc.so.6
#1  0x2a035074 in rfb::ModifiablePixelBuffer::fillRect(rfb::Rect const&, void const*) ()
#2  0x2a0357b4 in rfb::ModifiablePixelBuffer::fillRect(rfb::PixelFormat const&, rfb::Rect const&, void const*) ()
#3  0x2a03d7cc in rfb::TightDecoder::decodeRect(rfb::Rect const&, void const*, unsigned int, rfb::ConnParams const&, rfb::ModifiablePixelBuffer*) ()
#4  0x2a031b30 in rfb::DecodeManager::DecodeThread::worker() ()
#5  0x2a04a868 in os::Thread::startRoutine(void*) ()
#6  0xb6d00f08 in start_thread () from /usr/lib/libpthread.so.0
#7  0xb696b938 in ?? () from /usr/lib/libc.so.6

Upstream report here:


Fix here:

Comment 1 Pierre Ossman cendio 2018-09-17 14:34:28 CEST
Should be fixed now with new vendor drop of TigerVNC.
Comment 3 Pierre Ossman cendio 2018-09-17 14:47:53 CEST
I'm seeing crashes with both the server and client when using 4.9.0. But both work fine when using trunk.

Note You need to log in before you can comment on or make changes to this bug.