[
https://issues.apache.org/jira/browse/GUACAMOLE-898?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17889358#comment-17889358
]
Nick Couchman commented on GUACAMOLE-898:
-----------------------------------------
[~changkun]: Can you please test with the latest version (either 1.5.5 or
upcoming 1.6.0) and see if this is still an issue? I suspect it has been
resolved by changes made to these in the interim.
> Segment fault when two users race on same connection
> ----------------------------------------------------
>
> Key: GUACAMOLE-898
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-898
> Project: Guacamole
> Issue Type: Bug
> Components: libguac, RDP, SSH, VNC
> Affects Versions: 1.0.0
> Reporter: Changkun Ou
> Priority: Minor
>
> The VNC/RDP and SSH plugins all create a {{display/term}} in connection owner
> {{guac_vnc_client_thread/guac_rdp_client_thread}} and {{ssh_client_thread}}
> thread.
> However, the {{client->display or client->term}} is immediately used in
> non-owner threads.
> If two users are racing on the same connection and the {{client->display or
> client->term}} is not ready for the non-owner, then:
> {{guac_common_display_dup(vnc_client->display, user, user->socket);}}
> or
> {{guac_common_display_dup(rdp_client->display, user, user->socket);}}
> or
> {{guac_terminal_dup(ssh_client->term, user, user->socket);}}
> can result in segment fault because the {{display/term}} pointer can still be
> a {{NULL}} pointer.
> Here is a stack trace:
> {code:java}
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ff9c2fad700 (LWP 9)]
> 0x00007ff9cbcd1cc0 in pthread_mutex_lock () from /lib64/libpthread.so.0
> Missing separate debuginfos, use: debuginfo-install
> bzip2-libs-1.0.6-13.el7.x86_64 cairo-1.15.12-4.el7.x86_64
> dbus-libs-1.10.24-13.el7_6.x86_64 elfutils-libelf-0.176-2.el7.x86_64
> elfutils-libs-0.176-2.el7.x86_64 expat-2.1.0-10.el7_3.x86_64
> flac-libs-1.3.0-5.el7_1.x86_64 fontconfig-2.13.0-4.3.el7.x86_64
> freetype-2.8-14.el7.x86_64 glibc-2.17-292.el7.x86_64 gmp-6.0.0-15.el7.x86_64
> gnutls-3.3.29-9.el7_6.x86_64 gsm-1.0.13-11.el7.x86_64
> keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.15.1-37.el7_7.2.x86_64
> libICE-1.0.9-9.el7.x86_64 libSM-1.2.2-2.el7.x86_64 libX11-1.6.7-2.el7.x86_64
> libXau-1.0.8-2.1.el7.x86_64 libXext-1.3.3-3.el7.x86_64
> libXi-1.7.9-1.el7.x86_64 libXrender-0.9.10-1.el7.x86_64
> libXtst-1.2.3-1.el7.x86_64 libasyncns-0.8-7.el7.x86_64
> libattr-2.4.46-13.el7.x86_64 libcap-2.22-10.el7.x86_64
> libcom_err-1.42.9-16.el7.x86_64 libffi-3.0.13-18.el7.x86_64
> libgcc-4.8.5-39.el7.x86_64 libgcrypt-1.5.3-14.el7.x86_64
> libglvnd-1.0.1-0.8.git5baa1e5.el7.x86_64
> libglvnd-egl-1.0.1-0.8.git5baa1e5.el7.x86_64
> libglvnd-glx-1.0.1-0.8.git5baa1e5.el7.x86_64 libgpg-error-1.12-3.el7.x86_64
> libjpeg-turbo-1.2.90-8.el7.x86_64 libogg-1.3.0-7.el7.x86_64
> libpng-1.5.13-7.el7_2.x86_64 libselinux-2.5-14.1.el7.x86_64
> libsndfile-1.0.25-10.el7.x86_64 libtasn1-4.10-1.el7.x86_64
> libuuid-2.23.2-61.el7.x86_64 libvncserver-0.9.9-13.el7_6.x86_64
> libvorbis-1.3.3-8.el7.1.x86_64 libwebp-0.3.0-7.el7.x86_64
> libxcb-1.13-1.el7.x86_64 lz4-1.7.5-3.el7.x86_64 lzo-minilzo-2.06-8.el7.x86_64
> nettle-2.7.1-8.el7.x86_64 openssl-libs-1.0.2k-19.el7.x86_64
> p11-kit-0.23.5-3.el7.x86_64 pcre-8.32-17.el7.x86_64
> pixman-0.34.0-1.el7.x86_64 pulseaudio-libs-10.0-5.el7.x86_64
> systemd-libs-219-67.el7_7.2.x86_64 tcp_wrappers-libs-7.6-77.el7.x86_64
> uuid-1.6.2-26.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-18.el7.x86_64
> (gdb) bt
> #0 0x00007ff9cbcd1cc0 in pthread_mutex_lock () from /lib64/libpthread.so.0
> #1 0x00007ff9c05a0bd3 in guac_common_display_dup (display=0x0,
> user=user@entry=0x7ff9900008c0, socket=0x7ff990000b60) at display.c:169
> #2 0x00007ff9c059fbd7 in guac_vnc_user_join_handler (user=0x7ff9900008c0,
> argc=<optimized out>, argv=0x7ff9900048a0) at user.c:87
> #3 0x00007ff9cbeeafc8 in guac_client_add_user
> (client=client@entry=0x7ff9a4000bb0, user=user@entry=0x7ff9900008c0, argc=22,
> argv=<optimized out>)
> at client.c:307
> #4 0x00007ff9cbef2311 in guac_user_handle_connection (user=0x7ff9900008c0,
> usec_timeout=15000000) at user-handshake.c:414
> (gdb)
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
