ubuntu-x-swat team mailing list archive
-
ubuntu-x-swat team
-
Mailing list archive
-
Message #104952
[Bug 525066] Re: x11vnc able to segfault xorg
Hi Sheng,
Thanks for providing the detailed backtrace. Looks like it's a stack
overflow in the client callback code when the client disappeared. The
leftover callback resulted in an endless loop.
** Description changed:
Binary package hint: xorg
Lots of discussion over at:
http://ubuntuforums.org/showthread.php?t=965695
But the gist of it is, x11vnc is able to segfault xorg. Quite simple to
reproduce. Find a "victim" machine and boot it up to the gdm login
prompt. Then ssh into the machine and run:
# DISPLAY=:0 x11vnc
(notice logged in as root) and then connect with a vnc client. Try to
log in and very quickly the vnc connection will be closed and when you
reconnect you will be at a new login prompt. That's because the last
X11 server crashed. Check out /var/log/Xorg.0.log.old on the victim
machine.
+ (gdb) attach 3038
+ ...
+ 0x00007f7652ee9485 in ?? () from /lib/libdrm_intel.so.1
+ (gdb) cont
+ Continuing.
+
+ Program received signal SIGSEGV, Segmentation fault.
+ 0x00007f765395b662 in RecordAReply (pcbl=0x7e29a0, nulldata=0x0, calldata=0x7fffc929a050) at ../../record/record.c:601
+ in ../../record/record.c
+ (gdb)
+ [K(gdb) bt
+ #0 0x00007f765395b662 in RecordAReply (pcbl=0x7e29a0, nulldata=0x0, calldata=0x7fffc929a050) at ../../record/record.c:601
+ #1 0x000000000043191c in _CallCallbacks (pcbl=0x7e29a0, call_data=0x7fffc929a050) at ../../dix/dixutils.c:743
+ #2 CallCallbacks (pcbl=0x7e29a0, call_data=0x7fffc929a050) at ../../dix/dixutils.c:877
+ #3 0x0000000000460091 in WriteToClient (who=0x41c8270, count=60, __buf=0x3d0b838) at ../../os/io.c:800
+ #4 0x00007f765395a8d2 in RecordFlushReplyBuffer (pContext=0x3d0b810, data1=0x0, len1=0, data2=<value optimized out>, len2=<value optimized out>)
+ at ../../record/record.c:251
+ #5 0x00007f765395a946 in RecordFlushAllContexts (pcbl=<value optimized out>, nulldata=<value optimized out>, calldata=<value optimized out>)
+ at ../../record/record.c:867
+ #6 0x000000000043191c in _CallCallbacks (pcbl=0x7e29a8, call_data=0x0) at ../../dix/dixutils.c:743
+ #7 CallCallbacks (pcbl=0x7e29a8, call_data=0x0) at ../../dix/dixutils.c:877
+ #8 0x000000000045ffd4 in WriteToClient (who=0x41c8270, count=60, __buf=0x3d0b838) at ../../os/io.c:824
+ #9 0x00007f765395a8d2 in RecordFlushReplyBuffer (pContext=0x3d0b810, data1=0x0, len1=0, data2=<value optimized out>, len2=<value optimized out>)
+ at ../../record/record.c:251
+ #10 0x00007f765395a946 in RecordFlushAllContexts (pcbl=<value optimized out>, nulldata=<value optimized out>, calldata=<value optimized out>)
+ at ../../record/record.c:867
+ #11 0x000000000043191c in _CallCallbacks (pcbl=0x7e29a8, call_data=0x0) at ../../dix/dixutils.c:743
+ #12 CallCallbacks (pcbl=0x7e29a8, call_data=0x0) at ../../dix/dixutils.c:877
+ #13 0x000000000045ffd4 in WriteToClient (who=0x41c8270, count=60, __buf=0x3d0b838) at ../../os/io.c:824
+ #14 0x00007f765395a8d2 in RecordFlushReplyBuffer (pContext=0x3d0b810, data1=0x0, len1=0, data2=<value optimized out>, len2=<value optimized out>)
+ at ../../record/record.c:251
+ [Repeats endlessly...]
+
ProblemType: Bug
Architecture: i386
Date: Sat Feb 20 17:09:35 2010
DistroRelease: Ubuntu 9.10
MachineType: To Be Filled By O.E.M. To Be Filled By O.E.M.
NonfreeKernelModules: nvidia
Package: xorg 1:7.4+3ubuntu10
ProcCmdLine: auto BOOT_IMAGE=ubuntu root=/dev/mapper/rootvol-ubuntu_root
ProcEnviron:
- LANG=en_CA.UTF-8
- SHELL=/bin/bash
+ LANG=en_CA.UTF-8
+ SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-19.56-generic
RelatedPackageVersions:
- xserver-xorg 1:7.4+3ubuntu10
- libgl1-mesa-glx 7.6.0-1ubuntu4
- libdrm2 2.4.14-1ubuntu1
- xserver-xorg-video-intel 2:2.9.0-1ubuntu2.1
- xserver-xorg-video-ati 1:6.12.99+git20090929.7968e1fb-0ubuntu1
+ xserver-xorg 1:7.4+3ubuntu10
+ libgl1-mesa-glx 7.6.0-1ubuntu4
+ libdrm2 2.4.14-1ubuntu1
+ xserver-xorg-video-intel 2:2.9.0-1ubuntu2.1
+ xserver-xorg-video-ati 1:6.12.99+git20090929.7968e1fb-0ubuntu1
SourcePackage: xorg
Uname: Linux 2.6.31-19-generic i686
dmi.bios.date: 10/23/2003
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 080009
dmi.board.name: P4P800S
dmi.board.vendor: ASUSTeK Computer Inc.
dmi.board.version: Rev 1.xx
dmi.chassis.asset.tag: Asset-1234567890
dmi.chassis.type: 3
dmi.chassis.vendor: Chassis Manufacture
dmi.chassis.version: Chassis Version
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr080009:bd10/23/2003:svnToBeFilledByO.E.M.:pnToBeFilledByO.E.M.:pvrToBeFilledByO.E.M.:rvnASUSTeKComputerInc.:rnP4P800S:rvrRev1.xx:cvnChassisManufacture:ct3:cvrChassisVersion:
dmi.product.name: To Be Filled By O.E.M.
dmi.product.version: To Be Filled By O.E.M.
dmi.sys.vendor: To Be Filled By O.E.M.
fglrx: Not loaded
system:
- distro: Ubuntu
- architecture: i686kernel: 2.6.31-19-generic
+ distro: Ubuntu
+ architecture: i686kernel: 2.6.31-19-generic
** Changed in: xorg-server (Ubuntu)
Assignee: (unassigned) => Bryce Harrington (bryce)
--
You received this bug notification because you are a member of Ubuntu-X,
which is subscribed to xorg-server in ubuntu.
https://bugs.launchpad.net/bugs/525066
Title:
x11vnc able to segfault xorg
References