[
https://issues.apache.org/jira/browse/GUACAMOLE-1802?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17747694#comment-17747694
]
David S. Jones edited comment on GUACAMOLE-1802 at 7/27/23 12:36 AM:
---------------------------------------------------------------------
I didn't have any issue with this on my el9 build but it bit me on both my el7
and el8 builds, not sure why, might be a reason it slipped through in the first
place tho.
Sadly, since we 'force fit' a OpenSSLv3 front end on all our builds (which
brings a whole set of continuing issue of it's own) my first expectation for
'works on el9 not el7 or 8' (or vice versa) is to suspect some incompatibility
in OpenSSL, glad it was this simple fix : ) I added this fix to my builds and
have successfully completed regression testing, but will wait for the official
release of 1.5.3 before we release.
was (Author: jonesds):
I didn't have any issue with this on my el9 build but it bit me on both my el7
and el8 builds, not sure why, might be a reason it slipped through in the first
place tho.
Sadly, since we 'force fit' a OpenSSLv3 front end on all our builds (which
brings a whole set of continuing issue of it's own) my first expectation for
'works on el9 not el7 or 8' (or vice versa) is to suspect some incompatibility
in OpenSSL, glad it was this simple fix : ) I added this fix to my builds and
have successfully complete regression testing, but will wait for the official
release of 1.5.3 before we release.
> Regression: Fix for GUACAMOLE-1717 causes guacd segfault
> --------------------------------------------------------
>
> Key: GUACAMOLE-1802
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1802
> Project: Guacamole
> Issue Type: Bug
> Components: guacd
> Affects Versions: 1.5.2
> Environment: Red Hat Enterprise Linux 8.8, guacd 1.5.2, freerdp 2.2.0
> Reporter: Robert Scheck
> Assignee: Nick Couchman
> Priority: Critical
> Labels: regression, segfault
> Fix For: 1.5.3
>
>
> I'm the RPM package maintainer of {{guacd}} in Fedora and EPEL (for CentOS
> Stream, RHEL, Rocky Linux etc.). I received a report that since the update of
> {{guacd}} from 1.5.1 to 1.5.2 {{guacd}} segfaults when connecting via RDP
> (downgrading to 1.5.1 again works around the issue). The traceback looks like
> this:
> {noformat}
> (gdb) bt full
> #0 __memset_avx2_unaligned_erms () at
> ../sysdeps/x86_64/multiarch/memset-vec-unaligned-erms.S:182
> No locals.
> #1 0x00007f2e4ada6749 in memset (__len=164, __ch=0, __dest=0x0) at
> /usr/include/bits/string_fortified.h:74
> No locals.
> #2 freerdp_image_copy_from_pointer_data (pDstData=0x0, DstFormat=537168008,
> nDstStep=164, nXDst=0, nYDst=0, nWidth=41, nHeight=39, xorMask=0x7f2e38386b90
> "", xorMaskLength=6396,
> andMask=0x7f2e38080a20
> "\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\377\377\377\200\377\377\001\377\377\200\377",
> <incomplete sequence \374>, andMaskLength=234, xorBpp=32,
> palette=0x7f2e3804bdc8) at
> /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/codec/color.c:544
> pDstLine = 0x0
> y = 0
> dstBitsPerPixel = 32
> dstBytesPerPixel = 4
> __FUNCTION__ = "freerdp_image_copy_from_pointer_data"
> #3 0x00007f2e4b067d47 in guac_rdp_pointer_new () from
> /lib64/libguac-client-rdp.so
> No symbol table info available.
> #4 0x00007f2e4ad1e1c3 in update_pointer_new (pointer_new=0x7f2e3807a610,
> context=0x7f2e38015780) at
> /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/cache/pointer.c:222
> pointer = 0x7f2e38386ad0
> cache = 0x7f2e3804c9d0
> pointer = <optimized out>
> cache = <optimized out>
> #5 update_pointer_new (context=0x7f2e38015780, pointer_new=0x7f2e3807a610)
> at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/cache/pointer.c:198
> pointer = <optimized out>
> cache = <optimized out>
> #6 0x00007f2e4ad78ae4 in fastpath_recv_update
> (fastpath=fastpath@entry=0x7f2e3802f8e0, updateCode=updateCode@entry=11 '\v',
> s=0x7f2e38033960) at
> /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/fastpath.c:467
> pointer_new = 0x7f2e3807a610
> rc = 0
> status = 0
> update = <optimized out>
> context = 0x7f2e38015780
> pointer = 0x7f2e3802d690
> __FUNCTION__ = "fastpath_recv_update"
> _log_cached_ptr = <optimized out>
> #7 0x00007f2e4ad79097 in fastpath_recv_update_data (s=0x7f2e38384200,
> fastpath=0x7f2e3802f8e0) at
> /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/fastpath.c:575
> size = 1361
> status = 0
> compression = <optimized out>
> compressionFlags = <optimized out>
> transport = 0x7f2e380271f0
> rdp = <optimized out>
> bulkStatus = <optimized out>
> updateCode = 11 '\v'
> fragmentation = 0 '\000'
> DstSize = 6646
> pDstData = 0x7f2e3f1c7030 " "
> status = <optimized out>
> size = <optimized out>
> rdp = <optimized out>
> bulkStatus = <optimized out>
> updateCode = <optimized out>
> fragmentation = <optimized out>
> compression = <optimized out>
> compressionFlags = <optimized out>
> DstSize = <optimized out>
> pDstData = <optimized out>
> transport = <optimized out>
> __FUNCTION__ = "fastpath_recv_update_data"
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> totalSize = <optimized out>
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> #8 fastpath_recv_updates (fastpath=0x7f2e3802f8e0, s=s@entry=0x7f2e38384200)
> at /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/fastpath.c:659
> rc = -2
> update = 0x7f2e3802d2c0
> __FUNCTION__ = "fastpath_recv_updates"
> #9 0x00007f2e4ad724e2 in rdp_recv_fastpath_pdu (s=0x7f2e38384200,
> rdp=0x7f2e3801a850) at
> /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1462
> length = 1365
> fastpath = 0x7f2e3802f8e0
> length = <optimized out>
> fastpath = <optimized out>
> __FUNCTION__ = "rdp_recv_fastpath_pdu"
> _log_cached_ptr = 0x0
> _log_cached_ptr = 0x0
> flags = <optimized out>
> _log_cached_ptr = 0x0
> #10 rdp_recv_pdu (rdp=rdp@entry=0x7f2e3801a850, s=s@entry=0x7f2e38384200) at
> /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1470
> No locals.
> #11 0x00007f2e4ad72fb3 in rdp_recv_callback (transport=<optimized out>,
> s=0x7f2e38384200, extra=0x7f2e3801a850) at
> /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1647
> status = 0
> rdp = 0x7f2e3801a850
> __FUNCTION__ = "rdp_recv_callback"
> #12 0x00007f2e4ad7cfa4 in transport_check_fds
> (transport=transport@entry=0x7f2e380271f0) at
> /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/transport.c:1062
> status = 1368
> recv_status = <optimized out>
> received = 0x7f2e38384200
> now = <optimized out>
> dueDate = 454091
> __FUNCTION__ = "transport_check_fds"
> #13 0x00007f2e4ad73a57 in rdp_check_fds (rdp=0x7f2e3801a850) at
> /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/rdp.c:1707
> status = <optimized out>
> transport = 0x7f2e380271f0
> __FUNCTION__ = "rdp_check_fds"
> #14 0x00007f2e4ad5b1c1 in freerdp_check_fds (instance=0x7f2e380154f0) at
> /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/freerdp.c:333
> status = <optimized out>
> rdp = <optimized out>
> __FUNCTION__ = "freerdp_check_fds"
> #15 0x00007f2e4ad5c226 in freerdp_check_event_handles
> (context=0x7f2e38015780) at
> /usr/src/debug/freerdp-2.2.0-10.el8.x86_64/libfreerdp/core/freerdp.c:381
> status = <optimized out>
> __FUNCTION__ = "freerdp_check_event_handles"
> #16 0x00007f2e4b06948d in guac_rdp_client_thread () from
> /lib64/libguac-client-rdp.so
> No symbol table info available.
> #17 0x00007f2e4f4731ca in start_thread (arg=<optimized out>) at
> pthread_create.c:479
> ret = <optimized out>
> pd = <optimized out>
> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {139836629378816,
> -991114267329111259, 139836637768638, 139836637768639, 0, 139836629376512,
> 892376756324326181, 892350843852217125}, mask_was_saved = 0}}, priv = {pad =
> {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0,
> cleanup = 0x0, canceltype = 0}}}
> not_first_call = <optimized out>
> #18 0x00007f2e4de0ee73 in clone () at
> ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
> No locals.
> (gdb)
> {noformat}
> {{freerdp_image_copy_from_pointer_data()}} leads me back to [commit
> 23e42fb6|https://github.com/apache/guacamole-server/commit/23e42fb6c5a5d58f82d9a91dc58036178896ba16]
> which leads me to
> [GUACAMOLE-1717|https://issues.apache.org/jira/browse/GUACAMOLE-1717].
> Reverting the commit mentioned above in a test build avoids the segfault,
> which makes this IMHO a regression.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
