Bug#902893: x11vnc: Error in `x11vnc': corrupted size vs. prev_size: 0x000055f181552530

Bernhard Übelacker Thu, 28 Mar 2019 19:28:36 -0700

Control: fixed 902893 0.9.13-6


Dear Maintainer,
just tried to make a more readable stack out of these
backtraces.

This one points to function snapshot_stack_list,
and this one saw also a fix some time ago.

Therefore marking as fixed.

Kind regards,
Bernhard


https://github.com/LibVNC/x11vnc/pull/25
https://github.com/LibVNC/x11vnc/pull/25/commits/c93aa29ae76a2fbb3e8c8e55a68de5544bd863b5



*** Error in `x11vnc': corrupted size vs. prev_size: 0x000055f181552530 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7fa6d0bcdbfb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76fc6)[0x7fa6d0bd3fc6]
/lib/x86_64-linux-gnu/libc.so.6(+0x780a4)[0x7fa6d0bd50a4]
/usr/lib/x86_64-linux-gnu/libX11.so.6(XFree+0x9)[0x7fa6d1c19699]                
            src/XlibInt.c, line 1553: callq  0x7ffff60c5600 <free@plt>
x11vnc(+0xaceb4)[0x55f17f5b9eb4]                                                
            win_utils.c, line 304: callq  0x555555610da0 <XFree_wr>
x11vnc(+0x41887)[0x55f17f54e887]                                                
            pointer.c, line 552: callq  0x555555600c70 <snapshot_stack_list>
x11vnc(+0x42846)[0x55f17f54f846]                                                
            pointer.c, line 931: callq  0x555555595540 <update_x11_pointer_mask>
/usr/lib/x86_64-linux-gnu/libvncserver.so.1(rfbProcessClientMessage+0x7d6)[0x7fa6d36aaa56]
  rfbserver.c, line 2447: callq  *%rbx
/usr/lib/x86_64-linux-gnu/libvncserver.so.1(rfbCheckFds+0x3a8)[0x7fa6d36b09e8]  
            sockets.c, line 464: callq  0x7ffff7b7fb70 
<rfbProcessClientMessage@plt>
/usr/lib/x86_64-linux-gnu/libvncserver.so.1(rfbProcessEvents+0x1e)[0x7fa6d36a793e]
          main.c, line 1109: callq  0x7ffff7b7f130 <rfbCheckFds@plt>
x11vnc(+0xaa721)[0x55f17f5b7721]                                                
            util.c, line 581: callq  0x55555555d520 <rfbProcessEvents@plt>
x11vnc(+0xa27e5)[0x55f17f5af7e5]                                                
            userinput.c, line 5212: callq  0x5555555fe590 <rfbPE>
x11vnc(+0x6a77c)[0x55f17f57777c]                                                
            screen.c, line 4561: callq  0x5555555f5e90 <check_user_input>
x11vnc(+0x13ae4)[0x55f17f520ae4]                                                
            x11vnc.c, line 5990: callq  0x5555555bdd10 <watch_loop>
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7fa6d0b7d2e1]
x11vnc(+0x1cd7a)[0x55f17f529d7a]

# Stretch amd64 qemu VM 2019-03-29

apt update
apt dist-upgrade

############

approx:
debian-10-buster-snapshot.debian.org              
https://snapshot.debian.org/archive/debian/20180703T000000Z/


sources.list
deb     [check-valid-until=no] 
http://192.168.178.25:9999/debian-10-buster-snapshot.debian.org/ buster main


echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/99disable-translations
echo 'Acquire::Check-Valid-Until "no";' > 
/etc/apt/apt.conf.d/99disable-check-valid-until


apt update
apt dist-upgrade


apt install dpkg-dev devscripts x11vnc gdb mc



wget 
https://snapshot.debian.org/archive/debian-debug/20180508T213823Z/pool/main/x/x11vnc/x11vnc-dbgsym_0.9.13-6_amd64.deb
dpkg -i x11vnc-dbgsym_0.9.13-6_amd64.deb


wget 
https://snapshot.debian.org/archive/debian/20161222T033154Z/pool/main/x/x11vnc/x11vnc_0.9.13-2_amd64.deb
wget 
https://snapshot.debian.org/archive/debian/20161222T033154Z/pool/main/x/x11vnc/x11vnc-data_0.9.13-2_all.deb
wget 
https://snapshot.debian.org/archive/debian-debug/20161222T030857Z/pool/main/x/x11vnc/x11vnc-dbgsym_0.9.13-2_amd64.deb
dpkg -i *0.9.13-2*deb

wget 
https://snapshot.debian.org/archive/debian-security/20180608T202807Z/pool/updates/main/libv/libvncserver/libvncserver1_0.9.11%2Bdfsg-1%2Bdeb9u1_amd64.deb
wget 
https://snapshot.debian.org/archive/debian-security/20180608T202807Z/pool/updates/main/libv/libvncserver/libvncserver1-dbg_0.9.11%2Bdfsg-1%2Bdeb9u1_amd64.deb
dpkg -i *0.9.11+dfsg-1+deb9u1*deb

wget 
https://snapshot.debian.org/archive/debian/20170128T033044Z/pool/main/libx/libx11/libx11-6_1.6.4-3_amd64.deb
wget 
https://snapshot.debian.org/archive/debian-debug/20170128T030650Z/pool/main/libx/libx11/libx11-6-dbgsym_1.6.4-3_amd64.deb
dpkg -i *1.6.4-3*deb



mkdir /home/benutzer/source/x11vnc/orig -p
cd    /home/benutzer/source/x11vnc/orig
dget 
https://snapshot.debian.org/archive/debian-debug/20161222T030857Z/pool/main/x/x11vnc/x11vnc_0.9.13-2.dsc


gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'set backtrace past-main 
on' -ex 'directory /home/benutzer/source/x11vnc/orig/x11vnc-0.9.13/x11vnc' -ex 
'b main' -ex 'run' --args x11vnc


script -c "gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'set backtrace 
past-main on' -ex 'directory 
/home/benutzer/source/x11vnc/orig/x11vnc-0.9.13/x11vnc' -ex 'b main' -ex 'run' 
--args x11vnc" -a x11vnc-gdb_$(date +%Y-%m-%d_%H-%M-%S).log






*** Error in `x11vnc': corrupted size vs. prev_size: 0x000055f181552530 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7fa6d0bcdbfb]
/lib/x86_64-linux-gnu/libc.so.6(+0x76fc6)[0x7fa6d0bd3fc6]
/lib/x86_64-linux-gnu/libc.so.6(+0x780a4)[0x7fa6d0bd50a4]
/usr/lib/x86_64-linux-gnu/libX11.so.6(XFree+0x9)[0x7fa6d1c19699]                
            src/XlibInt.c, line 1553: callq  0x7ffff60c5600 <free@plt>
x11vnc(+0xaceb4)[0x55f17f5b9eb4]                                                
            win_utils.c, line 304: callq  0x555555610da0 <XFree_wr>
x11vnc(+0x41887)[0x55f17f54e887]                                                
            pointer.c, line 552: callq  0x555555600c70 <snapshot_stack_list>
x11vnc(+0x42846)[0x55f17f54f846]                                                
            pointer.c, line 931: callq  0x555555595540 <update_x11_pointer_mask>
/usr/lib/x86_64-linux-gnu/libvncserver.so.1(rfbProcessClientMessage+0x7d6)[0x7fa6d36aaa56]
  rfbserver.c, line 2447: callq  *%rbx
/usr/lib/x86_64-linux-gnu/libvncserver.so.1(rfbCheckFds+0x3a8)[0x7fa6d36b09e8]  
            sockets.c, line 464: callq  0x7ffff7b7fb70 
<rfbProcessClientMessage@plt>
/usr/lib/x86_64-linux-gnu/libvncserver.so.1(rfbProcessEvents+0x1e)[0x7fa6d36a793e]
          main.c, line 1109: callq  0x7ffff7b7f130 <rfbCheckFds@plt>
x11vnc(+0xaa721)[0x55f17f5b7721]                                                
            util.c, line 581: callq  0x55555555d520 <rfbProcessEvents@plt>
x11vnc(+0xa27e5)[0x55f17f5af7e5]                                                
            userinput.c, line 5212: callq  0x5555555fe590 <rfbPE>
x11vnc(+0x6a77c)[0x55f17f57777c]                                                
            screen.c, line 4561: callq  0x5555555f5e90 <check_user_input>
x11vnc(+0x13ae4)[0x55f17f520ae4]                                                
            x11vnc.c, line 5990: callq  0x5555555bdd10 <watch_loop>
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7fa6d0b7d2e1]
x11vnc(+0x1cd7a)[0x55f17f529d7a]





https://github.com/LibVNC/x11vnc/pull/25
https://github.com/LibVNC/x11vnc/pull/25/commits/c93aa29ae76a2fbb3e8c8e55a68de5544bd863b5

Bug#902893: x11vnc: Error in `x11vnc': corrupted size vs. prev_size: 0x000055f181552530

Reply via email to