Details
-
Bug
-
Status: Resolved
-
Critical
-
Resolution: Fixed
-
1.5.2
-
Red Hat Enterprise Linux 8.8, guacd 1.5.2, freerdp 2.2.0
Description
I'm the RPM package maintainer of guacd in Fedora and EPEL (for CentOS Stream, RHEL, Rocky Linux etc.). I received a report that since the update of guacd from 1.5.1 to 1.5.2 guacd segfaults when connecting via RDP (downgrading to 1.5.1 again works around the issue). The traceback looks like this:
(gdb) bt full
#0 __memset_avx2_unaligned_erms () at ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:182
No locals.
#1 0x00007f2e4ada6749 in memset (__len=164, __ch=0, __dest=0x0) at /usr/include/bits/string_fortified.h:74
No locals.
#2 freerdp_image_copy_from_pointer_data (pDstData=0x0, DstFormat=537168008, nDstStep=164, nXDst=0, nYDst=0, nWidth=41, nHeight=39, xorMask=0x7f2e38386b90 "", xorMaskLength=6396,
andMask=0x7f2e38080a20 "\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\001\377\377\200\377", <incomplete sequence \374>, andMaskLength=234, xorBpp=32, palette=0x7f2e3804bdc8) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/codec/color.c:544
pDstLine = 0x0
y = 0
dstBitsPerPixel = 32
dstBytesPerPixel = 4
__FUNCTION__ = "freerdp_image_copy_from_pointer_data"
#3 0x00007f2e4b067d47 in guac_rdp_pointer_new () from /lib64/libguac-client-rdp.so
No symbol table info available.
#4 0x00007f2e4ad1e1c3 in update_pointer_new (pointer_new=0x7f2e3807a610, context=0x7f2e38015780) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/cache/pointer.c:222
pointer = 0x7f2e38386ad0
cache = 0x7f2e3804c9d0
pointer = <optimized out>
cache = <optimized out>
#5 update_pointer_new (context=0x7f2e38015780, pointer_new=0x7f2e3807a610) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/cache/pointer.c:198
pointer = <optimized out>
cache = <optimized out>
#6 0x00007f2e4ad78ae4 in fastpath_recv_update (fastpath=fastpath@entry=0x7f2e3802f8e0, updateCode=updateCode@entry=11 '\v', s=0x7f2e38033960) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/fastpath.c:467
pointer_new = 0x7f2e3807a610
rc = 0
status = 0
update = <optimized out>
context = 0x7f2e38015780
pointer = 0x7f2e3802d690
__FUNCTION__ = "fastpath_recv_update"
_log_cached_ptr = <optimized out>
#7 0x00007f2e4ad79097 in fastpath_recv_update_data (s=0x7f2e38384200, fastpath=0x7f2e3802f8e0) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/fastpath.c:575
size = 1361
status = 0
compression = <optimized out>
compressionFlags = <optimized out>
transport = 0x7f2e380271f0
rdp = <optimized out>
bulkStatus = <optimized out>
updateCode = 11 '\v'
fragmentation = 0 '\000'
DstSize = 6646
pDstData = 0x7f2e3f1c7030 " "
status = <optimized out>
size = <optimized out>
rdp = <optimized out>
bulkStatus = <optimized out>
updateCode = <optimized out>
fragmentation = <optimized out>
compression = <optimized out>
compressionFlags = <optimized out>
DstSize = <optimized out>
pDstData = <optimized out>
transport = <optimized out>
__FUNCTION__ = "fastpath_recv_update_data"
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
totalSize = <optimized out>
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
#8 fastpath_recv_updates (fastpath=0x7f2e3802f8e0, s=s@entry=0x7f2e38384200) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/fastpath.c:659
rc = -2
update = 0x7f2e3802d2c0
__FUNCTION__ = "fastpath_recv_updates"
#9 0x00007f2e4ad724e2 in rdp_recv_fastpath_pdu (s=0x7f2e38384200, rdp=0x7f2e3801a850) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1462
length = 1365
fastpath = 0x7f2e3802f8e0
length = <optimized out>
fastpath = <optimized out>
__FUNCTION__ = "rdp_recv_fastpath_pdu"
_log_cached_ptr = 0x0
_log_cached_ptr = 0x0
flags = <optimized out>
_log_cached_ptr = 0x0
#10 rdp_recv_pdu (rdp=rdp@entry=0x7f2e3801a850, s=s@entry=0x7f2e38384200) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1470
No locals.
#11 0x00007f2e4ad72fb3 in rdp_recv_callback (transport=<optimized out>, s=0x7f2e38384200, extra=0x7f2e3801a850) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1647
status = 0
rdp = 0x7f2e3801a850
__FUNCTION__ = "rdp_recv_callback"
#12 0x00007f2e4ad7cfa4 in transport_check_fds (transport=transport@entry=0x7f2e380271f0) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/transport.c:1062
status = 1368
recv_status = <optimized out>
received = 0x7f2e38384200
now = <optimized out>
dueDate = 454091
__FUNCTION__ = "transport_check_fds"
#13 0x00007f2e4ad73a57 in rdp_check_fds (rdp=0x7f2e3801a850) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1707
status = <optimized out>
transport = 0x7f2e380271f0
__FUNCTION__ = "rdp_check_fds"
#14 0x00007f2e4ad5b1c1 in freerdp_check_fds (instance=0x7f2e380154f0) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/freerdp.c:333
status = <optimized out>
rdp = <optimized out>
__FUNCTION__ = "freerdp_check_fds"
#15 0x00007f2e4ad5c226 in freerdp_check_event_handles (context=0x7f2e38015780) at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/freerdp.c:381
status = <optimized out>
__FUNCTION__ = "freerdp_check_event_handles"
#16 0x00007f2e4b06948d in guac_rdp_client_thread () from /lib64/libguac-client-rdp.so
No symbol table info available.
#17 0x00007f2e4f4731ca in start_thread (arg=<optimized out>) at pthread_create.c:479
ret = <optimized out>
pd = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139836629378816, -991114267329111259, 139836637768638, 139836637768639, 0, 139836629376512, 892376756324326181, 892350843852217125}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0,
cleanup = 0x0, canceltype = 0}}}
not_first_call = <optimized out>
#18 0x00007f2e4de0ee73 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
No locals.
(gdb)
freerdp_image_copy_from_pointer_data() leads me back to commit 23e42fb6 which leads me to GUACAMOLE-1717.
Reverting the commit mentioned above in a test build avoids the segfault, which makes this IMHO a regression.
Attachments
Issue Links
- is caused by
-
-
- Closed
-
- is duplicated by
-
-
- Closed
-