Package: synergy Version: 1.3.1-2 Severity: serious --- Please enter the report below this line. ---
I am connecting my imac (ubuntu/powerPC) synergy client to my amd64 (sid/amd64) box using synergy server. It seems like synergys is corrupting some malloc data, which causes it to abort. I get this abort everytime I leave my primary screen with my mouse which renders everything pretty much useless. Here are the relevant excerpts from the debug log on the server (-f -d DEBUG): NOTE: CServer.cpp,277: client "imac has connected INFO: CServer.cpp,446: switch from "amd64" to "imac" at 0,501 INFO: CScreen.cpp,116: leaving screen *** glibc detected *** synergys: free(): invalid next size (fast): 0x0000000000615c80 *** I downloaded the source package, and rebuilt it with debug symbols enabled, and got this backtrace: #0 0x00002b21235d26a5 in raise () from /lib/libc.so.6 #1 0x00002b21235d4100 in abort () from /lib/libc.so.6 #2 0x00002b212360b54b in ?? () from /lib/libc.so.6 #3 0x00002b2123612a4a in ?? () from /lib/libc.so.6 #4 0x00002b212361663c in free () from /lib/libc.so.6 #5 0x000000000044d8d8 in std::_Rb_tree<unsigned int, std::pair<unsigned int const, CKeyMap::KeyItem>, std::_Select1st<std::pair<unsigned int const, CKeyMap::KeyItem> >, std::less<unsigned int>, std::allocator<std::pair<unsigned int const, CKeyMap::KeyItem> > >::_M_erase (this=0x6c9798, __x=0x712ee0) at /usr/include/c++/4.2/ext/new_allocator.h:97 #6 0x0000000000452206 in CKeyState::updateKeyState (this=0x6c96b0) at /usr/include/c++/4.2/bits/stl_tree.h:711 #7 0x0000000000453db6 in CPlatformScreen::updateKeyState (this=0x6a6f70) at CPlatformScreen.cpp:36 #8 0x0000000000456298 in CScreen::leave (this=0x6a6f00) at CScreen.cpp:122 #9 0x000000000042695d in CPrimaryClient::leave (this=<value optimized out>) at CPrimaryClient.cpp:149 #10 0x00000000004299ec in CServer::switchScreen (this=0x6d8b10, dst=0x71e180, x=0, y=331, forScreensaver=false) at CServer.cpp:464 #11 0x000000000042bea6 in CServer::onMouseMovePrimary (this=0x6d8b10, x=0, y=331) at CServer.cpp:1654 #12 0x0000000000460bf7 in CEventQueue::dispatchEvent (this=0x7fff88b1dea0, [EMAIL PROTECTED]) at CEventQueue.cpp:190 #13 0x0000000000409693 in mainLoop () at synergys.cpp:685 #14 0x0000000000409a27 in standardStartup (argc=-2001608384, argv=<value optimized out>) at synergys.cpp:735 #15 0x000000000040a2ef in main (argc=4, argv=0x7fff88b1e478) at synergys.cpp :762 Running synergys in valgrind causes it not to crash since malloc is bypassed with valgrinds own malloc and friends, but I get a fairly verbose output when leaving the screen with my mouse: INFO: CServer.cpp,446: switch from "imac" to "amd64" at 0,364 INFO: CScreen.cpp,116: leaving screen ==17883== ==17883== Syscall param write(buf) points to uninitialised byte(s) ==17883== at 0x5F0BE7B: (within /lib/libpthread-2.6.1.so) ==17883== by 0x55A4D7E: (within /usr/lib/libX11.so.6.2.0) ==17883== by 0x55A9A5E: (within /usr/lib/libX11.so.6.2.0) ==17883== by 0x55A9B50: _XReply (in /usr/lib/libX11.so.6.2.0) ==17883== by 0x558CBB6: XGrabKeyboard (in /usr/lib/libX11.so.6.2.0) ==17883== by 0x4347D7: CXWindowsScreen::grabMouseAndKeyboard() ( CXWindowsScreen.cpp:1822) ==17883== by 0x436144: CXWindowsScreen::leave() (CXWindowsScreen.cpp:280) ==17883== by 0x456261: CScreen::leave() (CScreen.cpp:118) ==17883== by 0x42695C: CPrimaryClient::leave() (CPrimaryClient.cpp:149) ==17883== by 0x4299EB: CServer::switchScreen(CBaseClientProxy*, int, int, bool) (CServer.cpp:464) ==17883== by 0x42BEA5: CServer::onMouseMovePrimary(int, int) (CServer.cpp :1654) ==17883== by 0x460BF6: CEventQueue::dispatchEvent(CEvent const&) ( CEventQueue.cpp:190) ==17883== Address 0x6887B9E is 38 bytes inside a block of size 16,384 alloc'd ==17883== at 0x4C20F3F: calloc (vg_replace_malloc.c:279) ==17883== by 0x5595A24: XOpenDisplay (in /usr/lib/libX11.so.6.2.0) ==17883== by 0x4364BF: CXWindowsScreen::openDisplay(char const*) ( CXWindowsScreen.cpp:841) ==17883== by 0x438039: CXWindowsScreen::CXWindowsScreen(char const*, bool) ( CXWindowsScreen.cpp:103) ==17883== by 0x408792: initServer() (synergys.cpp:126) ==17883== by 0x408E52: startServer() (synergys.cpp:481) ==17883== by 0x4095B2: mainLoop() (synergys.cpp:662) ==17883== by 0x409A26: standardStartup(int, char**) (synergys.cpp:735) ==17883== by 0x40A2EE: main (synergys.cpp:762) ==17883== ==17883== Invalid write of size 1 ==17883== at 0x436C0C: CXWindowsScreen::updateButtons() (CXWindowsScreen.cpp :1802) ==17883== by 0x456297: CScreen::leave() (CScreen.cpp:122) ==17883== by 0x42695C: CPrimaryClient::leave() (CPrimaryClient.cpp:149) ==17883== by 0x4299EB: CServer::switchScreen(CBaseClientProxy*, int, int, bool) (CServer.cpp:464) ==17883== by 0x42BEA5: CServer::onMouseMovePrimary(int, int) (CServer.cpp :1654) ==17883== by 0x460BF6: CEventQueue::dispatchEvent(CEvent const&) ( CEventQueue.cpp:190) ==17883== by 0x409692: mainLoop() (synergys.cpp:685) ==17883== by 0x409A26: standardStartup(int, char**) (synergys.cpp:735) ==17883== by 0x40A2EE: main (synergys.cpp:762) ==17883== Address 0x8922AE7 is 1 bytes before a block of size 255 alloc'd ==17883== at 0x4C22425: operator new(unsigned long) (vg_replace_malloc.c:167) ==17883== by 0x4396CE: std::vector<unsigned char, std::allocator<unsigned char> >::_M_fill_insert(__gnu_cxx::__normal_iterator<unsigned char*, std::vector<unsigned char, std::allocator<unsigned char> > >, unsigned long, unsigned char const&) (new_allocator.h:91) ==17883== by 0x436C3A: CXWindowsScreen::updateButtons() (stl_vector.h:653) ==17883== by 0x4563C3: CScreen::enable() (CScreen.cpp:58) ==17883== by 0x42D895: CServer::CServer(CConfig const&, CPrimaryClient*) ( CServer.cpp:156) ==17883== by 0x408F29: startServer() (synergys.cpp:311) ==17883== by 0x4095B2: mainLoop() (synergys.cpp:662) ==17883== by 0x409A26: standardStartup(int, char**) (synergys.cpp:735) ==17883== by 0x40A2EE: main (synergys.cpp:762) DEBUG: CXWindowsClipboard.cpp,313: open clipboard 0 ==17883== ==17883== Conditional jump or move depends on uninitialised value(s) ==17883== at 0x44101C: CXWindowsClipboard::checkCache() const ( CXWindowsClipboard.cpp:444) ==17883== by 0x442178: CXWindowsClipboard::fillCache() const ( CXWindowsClipboard.cpp:470) ==17883== by 0x44221D: CXWindowsClipboard::has(IClipboard::EFormat) const ( CXWindowsClipboard.cpp:371) ==17883== by 0x456D3C: IClipboard::copy(IClipboard*, IClipboard const*, unsigned) (IClipboard.cpp:124) ==17883== by 0x436013: CXWindowsScreen::getClipboard(unsigned char, IClipboard*) const (CXWindowsScreen.cpp:425) ==17883== by 0x455BE1: CScreen::getClipboard(unsigned char, IClipboard*) const (CScreen.cpp:409) ==17883== by 0x426731: CPrimaryClient::getClipboard(unsigned char, IClipboard*) const (CPrimaryClient.cpp:107) ==17883== by 0x429566: CServer::onClipboardChanged(CBaseClientProxy*, unsigned char, unsigned) (CServer.cpp:1429) ==17883== by 0x429BE5: CServer::switchScreen(CBaseClientProxy*, int, int, bool) (CServer.cpp:477) ==17883== by 0x42BEA5: CServer::onMouseMovePrimary(int, int) (CServer.cpp :1654) ==17883== by 0x460BF6: CEventQueue::dispatchEvent(CEvent const&) ( CEventQueue.cpp:190) ==17883== by 0x409692: mainLoop() (synergys.cpp:685) Hope this helps. Cheers Jan Vidar Krey --- System information. --- Architecture: amd64 Kernel: Linux 2.6.22-2-amd64 Debian Release: lenny/sid 500 unstable ftp.no.debian.org --- Package information. --- Depends (Version) | Installed =============================-+-============= libc6 (>= 2.3.5-1) | 2.6.1-6 libgcc1 (>= 1:4.1.0) | 1:4.2.2-3 libice6 | 2:1.0.4-1 libsm6 | 2:1.0.3-1+b1 libstdc++6 (>= 4.1.0) | 4.2.2-3 libx11-6 | 2:1.0.3-7 libxext6 | 1:1.0.3-2 libxinerama1 | 1:1.0.2-1 libxtst6 | 2:1.0.3-1