Removing those parameters indeed fixes the crash.
John
On 03/01/2015 08:00 AM, Bernhard Übelacker wrote:
> Hello John Goerzen,
> I was able to reproduce a crash with xfreerdp.
>
> First a question:
> does the crash still happen, if you omit this part of the command line:
> --plugin rdpsnd --data alsa latency:100 --
>
> ---------------
>
> After installing the 5 *-dbg packages I get such a stack:
> gdb --args xfreerdp --plugin rdpsnd --data alsa latency:100 --
> /v:192.168.178.45
> directory libfreerdp/core:libfreerdp/common:client/common
> set height 0
> set width 0
> run
> Starting program: /usr/bin/xfreerdp --plugin rdpsnd --data alsa
> latency:100 -- /v:192.168.178.45
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library
> "/lib/x86_64-linux-gnu/libthread_db.so.1".
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x00007ffff5bb058c in freerdp_static_channel_collection_add
> (settings=settings@entry=0x65ac10, channel=channel@entry=0x666bb0) at
> /build/freerdp-oDMFQO/freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/common/settings.c:214
> 214
> settings->StaticChannelArray[settings->StaticChannelCount++] = channel;
>
> (gdb) bt
> #0 0x00007ffff5bb058c in freerdp_static_channel_collection_add
> (settings=settings@entry=0x65ac10, channel=channel@entry=0x666bb0) at
> /build/freerdp-oDMFQO/freerdp-1.1.0~git20140921.1.440916e+dfsg1/libfreerdp/common/settings.c:214
> #1 0x00007ffff6ce5563 in freerdp_client_add_static_channel
> (settings=settings@entry=0x65ac10, count=<optimized out>, params=0x666b60) at
> /build/freerdp-oDMFQO/freerdp-1.1.0~git20140921.1.440916e+dfsg1/client/common/cmdline.c:393
> #2 0x00007ffff6ce8252 in freerdp_client_old_process_plugin
> (settings=settings@entry=0x65ac10, args=args@entry=0x666b40) at
> /build/freerdp-oDMFQO/freerdp-1.1.0~git20140921.1.440916e+dfsg1/client/common/compatibility.c:176
> #3 0x00007ffff6ce863c in freerdp_client_old_command_line_pre_filter
> (context=context@entry=0x65ac10, index=5, index@entry=1, argc=argc@entry=8,
> argv=argv@entry=0x7fffffffe018) at
> /build/freerdp-oDMFQO/freerdp-1.1.0~git20140921.1.440916e+dfsg1/client/common/compatibility.c:292
> #4 0x00007ffff3baed6e in CommandLineParseArgumentsA
> (argc=argc@entry=8, argv=argv@entry=0x7fffffffe018,
> options=options@entry=0x7ffff6efd1c0 <old_args>, flags=flags@entry=1036,
> context=context@entry=0x65ac10, preFilter=preFilter@entry=0x7ffff6ce83e0
> <freerdp_client_old_command_line_pre_filter>, postFilter=0x0) at
> /build/freerdp-oDMFQO/freerdp-1.1.0~git20140921.1.440916e+dfsg1/winpr/libwinpr/utils/cmdline.c:88
> #5 0x00007ffff6ce884b in freerdp_detect_old_command_line_syntax
> (argc=argc@entry=8, argv=argv@entry=0x7fffffffe018,
> count=count@entry=0x7fffffffddcc) at
> /build/freerdp-oDMFQO/freerdp-1.1.0~git20140921.1.440916e+dfsg1/client/common/compatibility.c:346
> #6 0x00007ffff6ce5ff2 in freerdp_client_detect_command_line (argc=8,
> argv=0x7fffffffe018, flags=0x7fffffffde30) at
> /build/freerdp-oDMFQO/freerdp-1.1.0~git20140921.1.440916e+dfsg1/client/common/cmdline.c:911
> #7 0x00007ffff6ce62b3 in freerdp_client_parse_command_line_arguments
> (argc=8, argv=0x7fffffffe018, settings=0x60e8e0) at
> /build/freerdp-oDMFQO/freerdp-1.1.0~git20140921.1.440916e+dfsg1/client/common/cmdline.c:1014
> #8 0x00007ffff6ce4d56 in freerdp_client_parse_command_line
> (context=context@entry=0x609420, argc=argc@entry=8,
> argv=argv@entry=0x7fffffffe018) at
> /build/freerdp-oDMFQO/freerdp-1.1.0~git20140921.1.440916e+dfsg1/client/common/client.c:111
> #9 0x0000000000401be8 in main (argc=8, argv=0x7fffffffe018) at
> /build/freerdp-oDMFQO/freerdp-1.1.0~git20140921.1.440916e+dfsg1/client/X11/cli/xfreerdp.c:56
>
> (gdb) print settings->StaticChannelArray
> $1 = (ADDIN_ARGV **) 0x0
> (gdb) print settings->StaticChannelCount
> $2 = 2
> (gdb) print channel
> $3 = (ADDIN_ARGV *) 0x666bb0
> (gdb) print settings->StaticChannelArraySize
> $4 = 0
>
> ---------------
>
> In my opinion the problem lies in the initialization of the "settings"
> structure.
>
> In "freerdp_detect_old_command_line_syntax" the "settings" are only allocated
> and
> the whole memory set to 0. Therefore StaticChannelArraySize is 0.
>
> Later when we get into this function we enter the if block. But because
> StaticChannelArraySize equals still 0 the "*= 2" has no effect and it stays 0.
> Therefore the realloc is done with size 0. Therefore a null pointer is
> returned.
>
>
> void freerdp_static_channel_collection_add(rdpSettings* settings, ADDIN_ARGV*
> channel)
> {
> if (settings->StaticChannelArraySize < (settings->StaticChannelCount +
> 1))
> {
> settings->StaticChannelArraySize *= 2;
> settings->StaticChannelArray = (ADDIN_ARGV**)
> realloc(settings->StaticChannelArray,
> settings->StaticChannelArraySize);
> }
>
> settings->StaticChannelArray[settings->StaticChannelCount++] = channel;
> }
>
> ---------------
>
> Another example were a "settings" object is generated is in function
> "freerdp_settings_new".
> There are also some default values set e.g. "settings->StaticChannelArraySize
> = 16;".
>
> ---------------
>
> Attached patch does only make sure that StaticChannelArraySize is bigger than
> 0.
> A local build with this patch applied does not crash anymore.
>
> There are more of these "*= 2" constructs without checking the initial value
> is bigger than 0.
>
> Kind regards,
> Bernhard
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
