Adding a task for Lucid as per jcristau's recommendation: <jcristau> it's still somewhere on my to-do list to fix it in squeeze... (http://bugs.debian.org/661652) <ubottu> Debian bug 661652 in release.debian.org "pu: package libxi/2:1.3-7" [Normal,Open] <jcristau> it affects squeeze so presumably also lucid
** Description changed: [Problem] SSHing (with X11 forwarding enabled) from a Precise machine to an Oneiric machine and running certain X11 forwarded programs causes a crash of the program, either immediately or on the first mouse click on that program's window. [Impact] I have seen this on two client machines (a laptop and a desktop) running the latest precise release, connecting to either the oneiric desktop release or oneiric server release on the server side. I have also reproduced this with two VirtualBox VMs, connected together with host-only networking and with desktop releases of Oneiric and Precise installed. [Development Fix] - <fill me in with an explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix. > + Bug is a recognized upstream bug. When the xserver sends an unknown device class, pointers to incorrect chunks of memory are set up. The upstream patch fixes this by automatically skipping any unknown classes. + + http://cgit.freedesktop.org/xorg/lib/libXi/commit/?h=libXi-1.4-branch&id=22e9ace88d57803ecda95db7c9355a614db1902a + + This is fixed in Precise already. + Debian also picked up the patch: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660411 [Stable Fix] - <fill me in by pointing out a minimal patch applicable to the stable version of the package.> + A backport of the above patch is provided in the following debdiff: + https://bugs.launchpad.net/ubuntu/+source/libxi/+bug/968218/+attachment/3053962/+files/libxi_1.4.3-3ubuntu1.1.debdiff + + Backport from upstream commit 22e9ace88d on the 1.4 branch to not + corrupt memory when the server sends unknown device classes. Minor + changes were needed because of the XI2.1 ubuntu specific patch. [Text Case] - On client machine, install Precise with all updates as of 2012-03-29. - On server machine, install Oneiric with all updates as of 2012-03-29. - Set up host-only networking so that machines can ssh to each other. - On client machine, "ssh -X" to the server machine. Then run an X11 application. Some applications will crash immediately or on the first mouse click on that application. On my test VirtualBox setup, applications that always crash on first click: - gnome-terminal - nautilus - aisleriot solitaire - gnome-control-center - file-roller - brasero - gcalctool - palimpsest Applications that do not crash: - Libre Office - gimp - banshee - firefox - thunderbird Obviously, this isn't an exhaustive list. When applications crash, they spew out a large error message. On my desktop machine, sshing in to an Oneiric Server install on a physical machine, the programs crash immediately without showing a window, but on my test setup with two VirtualBox VMs, you first have to click on the window to cause it to crash. Sample crash output is attched to this bug report in the crash_output.txt file. + [Regression Potential] + None known, after several months testing and usage in Precise as well as upstream. The patch does change how pointers and memory initialization is done, so bears the usual risks associated with any such change; notably one arg to copy_classes() changes type from int to pointer, but it's an internal function and all callers have been properly adjusted. The patch proposed for oneiric is a slightly modified version of what went into precise, but those changes were merely to make it apply against our patched xserver. - [Regression Potential] - <fill me in with a discussion of likelihood and potential severity of regressions and how users could get inadvertently affected.> + Things to look for in spotting potential regressions would be software + or xserver crashes, with backtraces that pass through libxi functions. + So, regressions would be fairly obvious with even light testing. [Original Report] SSHing (with X11 forwarding enabled) from a Precise machine to an Oneiric machine and running certain X11 forwarded programs causes a crash of the program, either immediately or on the first mouse click on that program's window. I have seen this on two client machines (a laptop and a desktop) running the latest precise release, connecting to either the oneiric desktop release or oneiric server release on the server side. I have also reproduced this with two VirtualBox VMs, connected together with host- only networking and with desktop releases of Oneiric and Precise installed. To reproduce: - On client machine, install Precise with all updates as of 2012-03-29. - On server machine, install Oneiric with all updates as of 2012-03-29. - Set up host-only networking so that machines can ssh to each other. - On client machine, "ssh -X" to the server machine. Then run an X11 application. Some applications will crash immediately or on the first mouse click on that application. On my test VirtualBox setup, applications that always crash on first click: - gnome-terminal - nautilus - aisleriot solitaire - gnome-control-center - file-roller - brasero - gcalctool - palimpsest Applications that do not crash: - Libre Office - gimp - banshee - firefox - thunderbird Obviously, this isn't an exhaustive list. When applications crash, they spew out a large error message. On my desktop machine, sshing in to an Oneiric Server install on a physical machine, the programs crash immediately without showing a window, but on my test setup with two VirtualBox VMs, you first have to click on the window to cause it to crash. Sample crash output is attched to this bug report in the crash_output.txt file. OS and Software Versions: Client: ===== lsb_release -rd: Description: Ubuntu precise (development branch) Release: 12.04 apt-cache policy xorg: xorg: Installed: 1:7.6+12ubuntu1 Candidate: 1:7.6+12ubuntu1 Version table: *** 1:7.6+12ubuntu1 0 500 http://gb.archive.ubuntu.com/ubuntu/ precise/main amd64 Packages 100 /var/lib/dpkg/status Server: ====== lsb_release -rd: Description: Ubuntu 11.10 Release: 11.10 apt-cache policy xorg: xorg: Installed: 1:7.6+7ubuntu7.1 Candidate: 1:7.6+7ubuntu7.1 Version table: *** 1:7.6+7ubuntu7.1 0 500 http://mirror.ox.ac.uk/sites/archive.ubuntu.com/ubuntu/ oneiric-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu/ oneiric-security/main amd64 Packages 100 /var/lib/dpkg/status 1:7.6+7ubuntu7 0 500 http://mirror.ox.ac.uk/sites/archive.ubuntu.com/ubuntu/ oneiric/main amd64 Packages ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: xorg 1:7.6+12ubuntu1 ProcVersionSignature: Ubuntu 3.2.0-20.33-generic 3.2.12 Uname: Linux 3.2.0-20-generic x86_64 .tmp.unity.support.test.0: ApportVersion: 1.95-0ubuntu1 Architecture: amd64 CompizPlugins: [core,composite,opengl,compiztoolbox,decor,vpswitch,snap,mousepoll,resize,place,move,wall,grid,regex,imgpng,session,gnomecompat,animation,fade,unitymtgrabhandles,workarounds,scale,expo,ezoom,unityshell] CompositorRunning: compiz Date: Thu Mar 29 13:32:19 2012 DistUpgraded: Fresh install DistroCodename: precise DistroVariant: ubuntu DkmsStatus: virtualbox, 4.1.10, 3.2.0-20-generic, x86_64: installed ExtraDebuggingInterest: Yes, whatever it takes to get this fixed in Ubuntu InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64+mac (20120327.1) MachineType: Dell Inc. OptiPlex 960 ProcEnviron: LANGUAGE=en_GB:en TERM=xterm LANG=en_GB.UTF-8 SHELL=/bin/bash ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.2.0-20-generic root=UUID=587e726d-6c02-4c7f-aec3-843dbfd68f4c ro quiet splash vt.handoff=7 SourcePackage: xorg Symptom: display UpgradeStatus: No upgrade log present (probably fresh install) dmi.bios.date: 07/31/2009 dmi.bios.vendor: Dell Inc. dmi.bios.version: A05 dmi.board.name: 0F428D dmi.board.vendor: Dell Inc. dmi.board.version: A00 dmi.chassis.type: 3 dmi.chassis.vendor: Dell Inc. dmi.modalias: dmi:bvnDellInc.:bvrA05:bd07/31/2009:svnDellInc.:pnOptiPlex960:pvr:rvnDellInc.:rn0F428D:rvrA00:cvnDellInc.:ct3:cvr: dmi.product.name: OptiPlex 960 dmi.sys.vendor: Dell Inc. version.compiz: compiz 1:0.9.7.2-0ubuntu4 version.ia32-libs: ia32-libs N/A version.libdrm2: libdrm2 2.4.32-1ubuntu1 version.libgl1-mesa-dri: libgl1-mesa-dri 8.0.2-0ubuntu2 version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A version.libgl1-mesa-glx: libgl1-mesa-glx 8.0.2-0ubuntu2 version.xserver-xorg-core: xserver-xorg-core 2:1.11.4-0ubuntu7 version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.7.0-0ubuntu1 version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:6.14.99~git20111219.aacbd629-0ubuntu2 version.xserver-xorg-video-intel: xserver-xorg-video-intel 2:2.17.0-1ubuntu4 version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 1:0.0.16+git20111201+b5534a1-1build2 ** Also affects: libxi (Ubuntu Lucid) Importance: Undecided Status: New ** Bug watch added: Debian Bug tracker #661652 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661652 -- You received this bug notification because you are a member of Ubuntu-X, which is subscribed to libxi in Ubuntu. https://bugs.launchpad.net/bugs/968218 Title: ssh x11 forwarding precise to oneiric causes glibc malloc(): memory corruption To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxi/+bug/968218/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~ubuntu-x-swat Post to : ubuntu-x-swat@lists.launchpad.net Unsubscribe : https://launchpad.net/~ubuntu-x-swat More help : https://help.launchpad.net/ListHelp
