Bug#857498: x11vnc: X11vnc crash during a connection with Remmina
Control: fixed 857498 0.9.13-6 Dear Maintainer, just tried to make a more readable stack out of these backtraces. So that one points to function "record_CW" and a buffer overflow in that function got fixed in [1], like mentioned in last message. Therefore marking as fixed. Kind regards, Bernhard [1] https://github.com/LibVNC/x11vnc/pull/25 https://github.com/LibVNC/x11vnc/pull/25/commits/a3a34ca49c60738cc958096ebb06dc7dbff4660a *** stack smashing detected ***: x11vnc terminated === Backtrace: = /lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7f016a945bcb] /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f016a9ce0b7] /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x0)[0x7f016a9ce080] x11vnc(+0xb8887)[0x55babf222887] xrecord.c, line 1347: callq 0xe3b0 <__stack_chk_fail@plt> x11vnc(+0xb8d3b)[0x55babf222d3b] xrecord.c, line 1387: callq 0x5560bc80 /usr/lib/x86_64-linux-gnu/libXtst.so.6(+0x19d8)[0x7f016c6b59d8] src/XRecord.c, line 856: callq *%rax /usr/lib/x86_64-linux-gnu/libXtst.so.6(+0x1f55)[0x7f016c6b5f55] src/XRecord.c, line 987: callq 0x76e1a910 /usr/lib/x86_64-linux-gnu/libX11.so.6(+0x421dd)[0x7f016b98d1dd] src/xcb_io.c, line 305: callq *0x8(%rax) /usr/lib/x86_64-linux-gnu/libX11.so.6(_XEventsQueued+0x55)[0x7f016b98db15] src/xcb_io.c, line 350: callq 0x760f2190 /usr/lib/x86_64-linux-gnu/libX11.so.6(XPending+0x57)[0x7f016b97f7e7] src/Pending.c, line 55: callq 0x760cc2c0 <_XEventsQueued@plt> x11vnc(+0x97060)[0x55babf201060] userinput.c, line 2988: callq 0xe490 -> jmpq 0x76e1a2e0 x11vnc(+0xa1f95)[0x55babf20bf95] userinput.c, line 5712: callq 0x555eab00 x11vnc(+0x6a77c)[0x55babf1d477c] screen.c, line 4561: callq 0x555f5e90 x11vnc(+0x13ae4)[0x55babf17dae4] x11vnc.c, line 5990: callq 0x555bdd10 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f016a8f52b1] x11vnc(+0x1cd7a)[0x55babf186d7a] # Jessie amd64 qemu VM 2019-03-28 apt update apt dist-upgrade approx: debian-9-stretch-snapshot.debian.org https://snapshot.debian.org/archive/debian/20170311T00Z/ sources.list: deb [check-valid-until=no] http://192.168.178.25:/debian-9-stretch-snapshot.debian.org/ stretch main deb-src [check-valid-until=no] http://192.168.178.25:/debian-9-stretch-snapshot.debian.org/ stretch main echo 'Acquire::Languages "none";' > /etc/apt/apt.conf.d/99disable-translations echo 'Acquire::Check-Valid-Until "no";' > /etc/apt/apt.conf.d/99disable-check-valid-until apt update apt dist-upgrade apt install dpkg-dev devscripts x11vnc gdb wget https://snapshot.debian.org/archive/debian-debug/20161222T030857Z/pool/main/x/x11vnc/x11vnc-dbgsym_0.9.13-2_amd64.deb dpkg -i x11vnc-dbgsym_0.9.13-2_amd64.deb wget https://snapshot.debian.org/archive/debian-debug/20170128T030650Z/pool/main/libx/libx11/libx11-6-dbgsym_1.6.4-3_amd64.deb dpkg -i libx11-6-dbgsym_1.6.4-3_amd64.deb wget https://snapshot.debian.org/archive/debian-debug/20161206T030437Z/pool/main/libx/libxtst/libxtst6-dbgsym_1.2.3-1_amd64.deb dpkg -i libxtst6-dbgsym_1.2.3-1_amd64.deb mkdir /home/benutzer/source/x11vnc/orig -p cd/home/benutzer/source/x11vnc/orig apt source x11vnc gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'set backtrace past-main on' -ex 'directory /home/benutzer/source/x11vnc/orig/x11vnc-0.9.13/x11vnc' -ex 'b main' -ex 'run' --args x11vnc script -c "gdb -q -ex 'set width 0' -ex 'set pagination off' -ex 'set backtrace past-main on' -ex 'directory /home/benutzer/source/x11vnc/orig/x11vnc-0.9.13/x11vnc' -ex 'b main' -ex 'run' --args x11vnc" -a x11vnc-gdb_$(date +%Y-%m-%d_%H-%M-%S).log disassemble main benutzer@debian:~$ grep "ae4 " x11vnc-gdb_2019-03-29_01-45-59.log -B1 0x55567adf <+19871>: callq 0x555bdd10 0x55567ae4 <+19876>: xor%eax,%eax *** stack smashing detected ***: x11vnc terminated === Backtrace: = /lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7f016a945bcb] /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f016a9ce0b7] /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x0)[0x7f016a9ce080] x11vnc(+0xb8887)[0x55babf222887] xrecord.c, line 1347: callq 0xe3b0 <__stack_chk_fail@plt> x11vnc(+0xb8d3b)[0x55babf222d3b] xrecord.c, line 1387: callq 0x5560bc80 /usr/lib/x86_64-linux-gnu/libXtst.so.6(+0x19d8)[0x7f016c6b59d8] src/XRecord.c, line 856: callq *%rax /usr/lib/x86_64-linux-gnu/libXtst.so.6(+0x1f55)[0x7f016c6b5f55] src/XRecord.c, line 987: callq 0x76e1a910 /usr/lib/x86_64-linux-gnu/libX11.so.6(
Bug#857498: x11vnc: X11vnc crash during a connection with Remmina
El sábado 11 de marzo del 2017 a las 19:49:48 -0300,
Daniel Bareiro escribió:
> I'm attaching some logs on the host running x11vnc.
>
> Let me know if this helps. If I can give you more information, please
> let me know.
Here I attach the mentioned logs.
Thanks in advance.
Kind regards,
--
Ing. Daniel Bareiro
Opción Libre - Soberanía tecnológica para su empresa
WWW: http://www.opcion-libre.com.ar
Tel: +54 11 5235-3090
Correo-e: conta...@opcion-libre.com.ar
viper@defiant:~$ x11vnc -passwd
11/03/2017 10:55:37 passing arg to libvncserver: -passwd
11/03/2017 10:55:37 x11vnc version: 0.9.13 lastmod: 2011-08-10 pid: 12024
11/03/2017 10:55:37 XOpenDisplay("") failed.
11/03/2017 10:55:37 Trying again with XAUTHLOCALHOSTNAME=localhost ...
11/03/2017 10:55:37
11/03/2017 10:55:37 *** XOpenDisplay failed. No -display or DISPLAY.
11/03/2017 10:55:37 *** Trying ":0" in 4 seconds. Press Ctrl-C to abort.
11/03/2017 10:55:37 *** 1 2 3 4
11/03/2017 10:55:41 *** XOpenDisplay of ":0" successful.
11/03/2017 10:55:41
11/03/2017 10:55:41 Using X display :0
11/03/2017 10:55:41 rootwin: 0x138 reswin: 0x381 dpy: 0x7debf460
11/03/2017 10:55:41
11/03/2017 10:55:41 -- USEFUL INFORMATION --
11/03/2017 10:55:41 X DAMAGE available on display, using it for polling hints.
11/03/2017 10:55:41 To disable this behavior use: '-noxdamage'
11/03/2017 10:55:41
11/03/2017 10:55:41 Most compositing window managers like 'compiz' or 'beryl'
11/03/2017 10:55:41 cause X DAMAGE to fail, and so you may not see any screen
11/03/2017 10:55:41 updates via VNC. Either disable 'compiz' (recommended) or
11/03/2017 10:55:41 supply the x11vnc '-noxdamage' command line option.
11/03/2017 10:55:41
11/03/2017 10:55:41 Wireframing: -wireframe mode is in effect for window moves.
11/03/2017 10:55:41 If this yields undesired behavior (poor response, painting
11/03/2017 10:55:41 errors, etc) it may be disabled:
11/03/2017 10:55:41- use '-nowf' to disable wireframing completely.
11/03/2017 10:55:41- use '-nowcr' to disable the Copy Rectangle after the
11/03/2017 10:55:41 moved window is released in the new position.
11/03/2017 10:55:41 Also see the -help entry for tuning parameters.
11/03/2017 10:55:41 You can press 3 Alt_L's (Left "Alt" key) in a row to
11/03/2017 10:55:41 repaint the screen, also see the -fixscreen option for
11/03/2017 10:55:41 periodic repaints.
11/03/2017 10:55:41
11/03/2017 10:55:41 XFIXES available on display, resetting cursor mode
11/03/2017 10:55:41 to: '-cursor most'.
11/03/2017 10:55:41 to disable this behavior use: '-cursor arrow'
11/03/2017 10:55:41 or '-noxfixes'.
11/03/2017 10:55:41 using XFIXES for cursor drawing.
11/03/2017 10:55:41 GrabServer control via XTEST.
11/03/2017 10:55:41
11/03/2017 10:55:41 Scroll Detection: -scrollcopyrect mode is in effect to
11/03/2017 10:55:41 use RECORD extension to try to detect scrolling windows
11/03/2017 10:55:41 (induced by either user keystroke or mouse input).
11/03/2017 10:55:41 If this yields undesired behavior (poor response, painting
11/03/2017 10:55:41 errors, etc) it may be disabled via: '-noscr'
11/03/2017 10:55:41 Also see the -help entry for tuning parameters.
11/03/2017 10:55:41 You can press 3 Alt_L's (Left "Alt" key) in a row to
11/03/2017 10:55:41 repaint the screen, also see the -fixscreen option for
11/03/2017 10:55:41 periodic repaints.
11/03/2017 10:55:41
11/03/2017 10:55:41 XKEYBOARD:
11/03/2017 10:55:41 Switching to -xkb mode to recover these keysyms:
11/03/2017 10:55:41xkb noxkb Keysym ("X" means present)
11/03/2017 10:55:41--- - -
11/03/2017 10:55:41 X 0x40 at
11/03/2017 10:55:41 X 0x5c backslash
11/03/2017 10:55:41
11/03/2017 10:55:41 If this makes the key mapping worse you can
11/03/2017 10:55:41 disable it with the "-noxkb" option.
11/03/2017 10:55:41
11/03/2017 10:55:41
11/03/2017 10:55:41 X FBPM extension not supported.
11/03/2017 10:55:41 X display is capable of DPMS.
11/03/2017 10:55:41
11/03/2017 10:55:41
11/03/2017 10:55:41 Default visual ID: 0x21
11/03/2017 10:55:42 Read initial data from X display into framebuffer.
11/03/2017 10:55:42 initialize_screen: fb_depth/fb_bpp/fb_Bpl 24/32/5120
11/03/2017 10:55:42
11/03/2017 10:55:42 X display :0 is 32bpp depth=24 true color
11/03/2017 10:55:42
11/03/2017 10:55:42 Autoprobing TCP port
11/03/2017 10:55:42 Autoprobing selected TCP port 5900
11/03/2017 10:55:42 Autoprobing TCP6 port
11/03/2017 10:55:42 Autoprobing selected TCP6 port 5900
11/03/2017 10:55:42 listen6: bind: Address already in use
11/03/2017 10:55:42 Not listening on IPv6 interface.
11/03/2017 10:55:42
11/03/2017 10:55:42 Xinerama is present and active (e.g. multi-head).
11/03/2017 10:55:42 Xinerama: number of sub-screens: 1
11/03/2017 10:55:42 Xinerama: no blackouts needed (only one sub-screen)
11/03/201
Bug#857498: x11vnc: X11vnc crash during a connection with Remmina
Package: x11vnc Version: 0.9.13-2 Severity: important Dear Maintainer, When establishing a VNC connection with Remmina in Debian Jessie, after some time, the connection goes down. It seems that, for some reason, the process dies. I'm attaching some logs on the host running x11vnc. Let me know if this helps. If I can give you more information, please let me know. Thanks in advance. Kind regards, -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/2 CPU cores) Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages x11vnc depends on: ii libavahi-client3 0.6.32-2 ii libavahi-common3 0.6.32-2 ii libc6 2.24-9 ii libjpeg62-turbo 1:1.5.1-2 ii libssl1.1 1.1.0e-1 ii libvncclient1 0.9.11+dfsg-1 ii libvncserver1 0.9.11+dfsg-1 ii libx11-6 2:1.6.4-3 ii libxdamage1 1:1.1.4-2+b1 ii libxext6 2:1.3.3-1 ii libxfixes31:5.0.3-1 ii libxinerama1 2:1.1.3-1+b1 ii libxrandr22:1.5.1-1 ii libxtst6 2:1.2.3-1 ii openssl 1.1.0e-1 ii tk8.6.0+9 ii x11vnc-data 0.9.13-2 ii zlib1g1:1.2.8.dfsg-5 x11vnc recommends no packages. x11vnc suggests no packages. -- no debconf information
