Bug 8488 - Session crashes if mouse gets disabled
Summary: Session crashes if mouse gets disabled
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: VNC (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Bugzilla mail exporter
URL:
Keywords:
Depends on: 8485
Blocks:
  Show dependency treegraph
 
Reported: 2025-01-13 14:04 CET by Pierre Ossman
Modified: 2025-01-14 13:33 CET (History)
0 users

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Pierre Ossman cendio 2025-01-13 14:04:12 CET 
If you disable the mouse pointer from within ThinLinc, then the entire session crashes with this in the log:

> (EE) 
> (EE) Backtrace:
> (EE) 0: /opt/thinlinc/libexec/Xvnc (xorg_backtrace+0x41) [0x76d921]
> (EE) 1: /opt/thinlinc/libexec/Xvnc (0x400000+0x370f29) [0x770f29]
> (EE) 2: /lib64/libc.so.6 (0x7fd160482000+0x1a090) [0x7fd16049c090]
> (EE) 3: /opt/thinlinc/libexec/Xvnc (miPointerGetPosition+0x87) [0x75d927]
> (EE) 4: /opt/thinlinc/libexec/Xvnc (vncGetPointerPos+0x32) [0x593312]
> (EE) 5: /opt/thinlinc/libexec/Xvnc (_ZN14XserverDesktop12blockHandlerEPi+0xea) [0x591a7a]
> (EE) 6: /opt/thinlinc/libexec/Xvnc (vncCallBlockHandlers+0x27) [0x5864b7]
> (EE) 7: /opt/thinlinc/libexec/Xvnc (BlockHandler+0x56) [0x723706]
> (EE) 8: /opt/thinlinc/libexec/Xvnc (WaitForSomething+0xc5) [0x76b9d5]
> (EE) 9: /opt/thinlinc/libexec/Xvnc (Dispatch+0xac) [0x71ecec]
> (EE) 10: /opt/thinlinc/libexec/Xvnc (dix_main+0x388) [0x722dd8]
> (EE) 11: /lib64/libc.so.6 (0x7fd160482000+0x3248) [0x7fd160485248]
> (EE) 12: /lib64/libc.so.6 (__libc_start_main+0x8b) [0x7fd16048530b]
> (EE) 13: /opt/thinlinc/libexec/Xvnc (0x400000+0xc4220) [0x4c4220]
> (EE) 
> (EE) Segmentation fault at address 0x2c
> (EE) 
> Fatal server error:
> (EE) Caught signal 11 (Segmentation fault). Server aborting
> (EE) 

This can easily be provoked by doing:

> $ xinput set-int-prop 6 117 8 0

(this changes the property "enabled" for the VNC pointer device to 0)

It is also available in the GUI in (at least) Xfce, where they have a checkbox for it.

This is a regression from 4.17.0, where this crash cannot be observed.

This issue was originally reported upstream:

https://github.com/TigerVNC/tigervnc/pull/1894
Comment 1 Pierre Ossman cendio 2025-01-13 14:20:41 CET 
It is unclear what caused this regression. It seems to have something to do with floating devices. But the bug cannot be triggered on 4.17.0 by setting the pointer device to be floating.

This is the most likely candidate I can find, given the range of commits between the broken and working state:

https://gitlab.freedesktop.org/xorg/xserver/-/commit/5c4816afa7722ea47d1a7dea983a953e7b454d26
Comment 2 Pierre Ossman cendio 2025-01-13 14:56:36 CET 
That was a red herring. A git bisect showed that the issue is indeed connected to disabling the device. Specifically:


https://gitlab.freedesktop.org/xorg/xserver/-/commit/8b75ec34dfbe435cd3a17e64138e22a37395a6d8
Note You need to log in before you can comment on or make changes to this bug.