[jira] [Created] (GUACAMOLE-1802) Regression: Fix for GUACAMOLE-1717 causes guacd segfault

Wed, 07 Jun 2023 05:36:04 -0700 

Robert Scheck created GUACAMOLE-1802:
----------------------------------------

             Summary: Regression: Fix for GUACAMOLE-1717 causes guacd segfault
                 Key: GUACAMOLE-1802
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1802
             Project: Guacamole
          Issue Type: Bug
          Components: guacd
    Affects Versions: 1.5.2
         Environment: Red Hat Enterprise Linux 8.8, guacd 1.5.2, freerdp 2.2.0
            Reporter: Robert Scheck


I'm the RPM package maintainer of `guacd` in Fedora and EPEL (for CentOS 
Stream, RHEL, Rocky Linux etc.). I received a report that since the update of 
`guacd` from 1.5.1 to 1.5.2 `guacd` segfaults when connecting via RDP 
(downgrading to 1.5.1 again works around the issue). The traceback looks like 
this:

```
(gdb) bt full
#0  __memset_avx2_unaligned_erms () at 
../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:182
No locals.
#1  0x00007f2e4ada6749 in memset (__len=164, __ch=0, __dest=0x0) at 
/usr/include/bits/string_fortified.h:74
No locals.
#2  freerdp_image_copy_from_pointer_data (pDstData=0x0, DstFormat=537168008, 
nDstStep=164, nXDst=0, nYDst=0, nWidth=41, nHeight=39, xorMask=0x7f2e38386b90 
"", xorMaskLength=6396, 
    andMask=0x7f2e38080a20 
"\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\001\377\377\200\377",
 <incomplete sequence \374>, andMaskLength=234, xorBpp=32, 
palette=0x7f2e3804bdc8) at 
/usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/codec/color.c:544
        pDstLine = 0x0
        y = 0
        dstBitsPerPixel = 32
        dstBytesPerPixel = 4
        _{_}FUNCTION{_}_ = "freerdp_image_copy_from_pointer_data"
#3  0x00007f2e4b067d47 in guac_rdp_pointer_new () from 
/lib64/libguac-client-rdp.so
No symbol table info available.
#4  0x00007f2e4ad1e1c3 in update_pointer_new (pointer_new=0x7f2e3807a610, 
context=0x7f2e38015780) at 
/usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/cache/pointer.c:222
        pointer = 0x7f2e38386ad0
        cache = 0x7f2e3804c9d0
        pointer = <optimized out>
        cache = <optimized out>
#5  update_pointer_new (context=0x7f2e38015780, pointer_new=0x7f2e3807a610) at 
/usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/cache/pointer.c:198
        pointer = <optimized out>
        cache = <optimized out>
#6  0x00007f2e4ad78ae4 in fastpath_recv_update 
(fastpath=fastpath@entry=0x7f2e3802f8e0, updateCode=updateCode@entry=11 '\v', 
s=0x7f2e38033960) at 
/usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/fastpath.c:467
        pointer_new = 0x7f2e3807a610
        rc = 0
        status = 0
        update = <optimized out>
        context = 0x7f2e38015780
        pointer = 0x7f2e3802d690
        _{_}FUNCTION{_}_ = "fastpath_recv_update"
        _log_cached_ptr = <optimized out>
#7  0x00007f2e4ad79097 in fastpath_recv_update_data (s=0x7f2e38384200, 
fastpath=0x7f2e3802f8e0) at 
/usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/fastpath.c:575
        size = 1361
        status = 0
        compression = <optimized out>
        compressionFlags = <optimized out>
        transport = 0x7f2e380271f0
        rdp = <optimized out>
        bulkStatus = <optimized out>
        updateCode = 11 '\v'
        fragmentation = 0 '\000'
        DstSize = 6646
        pDstData = 0x7f2e3f1c7030 " "
        status = <optimized out>
        size = <optimized out>
        rdp = <optimized out>
        bulkStatus = <optimized out>
        updateCode = <optimized out>
        fragmentation = <optimized out>
        compression = <optimized out>
        compressionFlags = <optimized out>
        DstSize = <optimized out>
        pDstData = <optimized out>
        transport = <optimized out>
        _{_}FUNCTION{_}_ = "fastpath_recv_update_data"
        _log_cached_ptr = 0x0
        _log_cached_ptr = 0x0
        _log_cached_ptr = 0x0
        _log_cached_ptr = 0x0
        totalSize = <optimized out>
        _log_cached_ptr = 0x0
        _log_cached_ptr = 0x0
        _log_cached_ptr = 0x0
        _log_cached_ptr = 0x0
        _log_cached_ptr = 0x0
#8  fastpath_recv_updates (fastpath=0x7f2e3802f8e0, s=s@entry=0x7f2e38384200) 
at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/fastpath.c:659
        rc = -2
        update = 0x7f2e3802d2c0
        _{_}FUNCTION{_}_ = "fastpath_recv_updates"
#9  0x00007f2e4ad724e2 in rdp_recv_fastpath_pdu (s=0x7f2e38384200, 
rdp=0x7f2e3801a850) at 
/usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1462
        length = 1365
        fastpath = 0x7f2e3802f8e0
        length = <optimized out>
        fastpath = <optimized out>
        _{_}FUNCTION{_}_ = "rdp_recv_fastpath_pdu"
        _log_cached_ptr = 0x0
        _log_cached_ptr = 0x0
        flags = <optimized out>
        _log_cached_ptr = 0x0
#10 rdp_recv_pdu (rdp=rdp@entry=0x7f2e3801a850, s=s@entry=0x7f2e38384200) at 
/usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1470
No locals.
#11 0x00007f2e4ad72fb3 in rdp_recv_callback (transport=<optimized out>, 
s=0x7f2e38384200, extra=0x7f2e3801a850) at 
/usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1647
        status = 0
        rdp = 0x7f2e3801a850
        _{_}FUNCTION{_}_ = "rdp_recv_callback"
#12 0x00007f2e4ad7cfa4 in transport_check_fds 
(transport=transport@entry=0x7f2e380271f0) at 
/usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/transport.c:1062
        status = 1368
        recv_status = <optimized out>
        received = 0x7f2e38384200
        now = <optimized out>
        dueDate = 454091
        _{_}FUNCTION{_}_ = "transport_check_fds"
#13 0x00007f2e4ad73a57 in rdp_check_fds (rdp=0x7f2e3801a850) at 
/usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1707
        status = <optimized out>
        transport = 0x7f2e380271f0
        _{_}FUNCTION{_}_ = "rdp_check_fds"
#14 0x00007f2e4ad5b1c1 in freerdp_check_fds (instance=0x7f2e380154f0) at 
/usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/freerdp.c:333
        status = <optimized out>
        rdp = <optimized out>
        _{_}FUNCTION{_}_ = "freerdp_check_fds"
#15 0x00007f2e4ad5c226 in freerdp_check_event_handles (context=0x7f2e38015780) 
at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/freerdp.c:381
        status = <optimized out>
        _{_}FUNCTION{_}_ = "freerdp_check_event_handles"
#16 0x00007f2e4b06948d in guac_rdp_client_thread () from 
/lib64/libguac-client-rdp.so
No symbol table info available.
#17 0x00007f2e4f4731ca in start_thread (arg=<optimized out>) at 
pthread_create.c:479
        ret = <optimized out>
        pd = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf =

{139836629378816, -991114267329111259, 139836637768638, 139836637768639, 0, 
139836629376512, 892376756324326181, 892350843852217125}

, mask_was_saved = 0}}, priv = {pad =

{0x0, 0x0, 0x0, 0x0}

, data =

{prev = 0x0,                cleanup = 0x0, canceltype = 0}

}}
        not_first_call = <optimized out>
#18 0x00007f2e4de0ee73 in clone () at 
../sysdeps/unix/sysv/linux/x86_64/clone.S:95
No locals.
(gdb) 
```

`freerdp_image_copy_from_pointer_data()` leads me back to [commit 
23e42fb6](https://github.com/apache/guacamole-server/commit/23e42fb6c5a5d58f82d9a91dc58036178896ba16)
 which leads me to GUACAMOLE-1717.

Reverting the commit mentioned above in a test build avoids the segfault, which 
makes this IMHO a regression.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to