Ubuntu
freerdp package

xfreerdp crashes with SIGSEGV on copying images via clipboard

Bug #1070681 reported by Stefan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
freerdp (Ubuntu)
New
Undecided
Unassigned

Bug Description

I copied an embedded picture from Libreoffice Writer to Powerpoint on our terminal server via xfreerdp.
The other direction is not crashing, but nothing is copied.

ProblemType: Crash
Architecture: amd64
CrashCounter: 1
Date: Wed Oct 24 07:54:45 2012
DistroRelease: Ubuntu 12.04
ExecutablePath: /usr/bin/xfreerdp
ExecutableTimestamp: 1338333339
ProcCmdline: xfreerdp -u emp000621 -p ***** -d BESI-EU -g 1024x768 -a 16 --ignore-certificate -s c:\\Program\ Files\ (x86)\\Microsoft\ Office\\Office12\\powerpnt.exe\ --plugin cliprdr --plugin rdpdr --data disk local / -- ATRATS02.eu.besi.corp

SegvAnalysis:
 Segfault happened at: 0x7f67363c4b7b <raise+43>: cmp $0xfffffffffffff000,%rax
 PC (0x7f67363c4b7b) ok
 source "$0xfffffffffffff000" ok
 destination "%rax" ok
 Stack memory exhausted (SP below stack segment)
 SP (0x7f6734519288) ok
 Reason could not be automatically determined.
SourcePackage: freerdp
Stacktrace:
 #0 0x00007f67363c4b7b in raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/pt-raise.c:42
         resultvar = 0
         pid = <optimized out>
 #1 0x00007f6736d22441 in ?? () from /usr/lib/libfreerdp-utils.so.1.0
 No symbol table info available.
 #2 <signal handler called>
 No symbol table info available.
 #3 __memcpy_ssse3_back () at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:199
 No locals.
 #4 0x000000000040b0ad in ?? ()
 No symbol table info available.
 #5 0x000000000040c5f7 in xf_cliprdr_process_property_notify ()
 No symbol table info available.
 #6 0x000000000040a5ce in xf_event_PropertyNotify ()
 No symbol table info available.
 #7 0x000000000040f7d1 in xf_check_fds ()
 No symbol table info available.
 #8 0x000000000041054c in xfreerdp_run ()
 No symbol table info available.
 #9 0x000000000041062c in thread_func ()
 No symbol table info available.
 #10 0x00007f67363bce9a in start_thread (arg=0x7f673451a700) at pthread_create.c:308
         __res = <optimized out>
         pd = 0x7f673451a700
         now = <optimized out>
         unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -833890205071865953, 140081268287616, 140081236126144, 0, 3, 766462846663100319, 766457672852801439}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}}
         not_first_call = 0
         pagesize_m1 = <optimized out>
         sp = <optimized out>
         freesize = <optimized out>
         __PRETTY_FUNCTION__ = "start_thread"
 #11 0x00007f67360ea4bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
 No locals.
 #12 0x0000000000000000 in ?? ()
 No symbol table info available.
StacktraceAddressSignature: /usr/bin/xfreerdp:11:x86_64:/lib/x86_64-linux-gnu/libpthread-2.15.so+fb7b:/usr/lib/libfreerdp-utils.so.1.0.1+7441:/usr/bin/xfreerdp+b0ad:/usr/bin/xfreerdp+c5f7:/usr/bin/xfreerdp+a5ce:/usr/bin/xfreerdp+f7d1:/usr/bin/xfreerdp+1054c:/usr/bin/xfreerdp+1062c:/lib/x86_64-linux-gnu/libpthread-2.15.so+7e9a:/lib/x86_64-linux-gnu/libc-2.15.so+f24bd
StacktraceTop:
 ?? ()
 xf_cliprdr_process_property_notify ()
 xf_event_PropertyNotify ()
 xf_check_fds ()
 xfreerdp_run ()
Tags: precise

Revision history for this message
Stefan (steffel) wrote :
Revision history for this message
Stefan (steffel) wrote :

I forgot to mention that it is reproducible.

Attached to process with gdb:

(gdb) run
Starting program: /usr/bin/xfreerdp -u emp000621 -p ***** -d BESI-EU -g 1024x768 -a 16 --ignore-certificate -s c:\\Program\ Files\ \(x86\)\\Microsoft\ Office\\Office12\\winword.exe\ --plugin cliprdr --plugin rdpdr --data disk:local:/ -- ATRATS02.eu.besi.corp
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff412f700 (LWP 750)]
[New Thread 0x7ffff2cf2700 (LWP 751)]
[New Thread 0x7ffff24f1700 (LWP 752)]
199 ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S: No such file or directory.
[New Thread 0x7ffff1ae9700 (LWP 753)]

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff412f700 (LWP 750)]
__memcpy_ssse3_back () at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:199
(gdb) bt
#0 __memcpy_ssse3_back () at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:199
#1 0x000000000040b0ad in xf_cliprdr_get_requested_data (xfi=0x7fffec0008c0, target=672)
    at /usr/include/x86_64-linux-gnu/bits/string3.h:52
#2 0x000000000040c5f7 in xf_cliprdr_process_property_notify (xfi=<optimized out>, xevent=<optimized out>)
    at /build/buildd/freerdp-1.0.1/client/X11/xf_cliprdr.c:1212
#3 0x000000000040a5ce in xf_event_PropertyNotify (xfi=<optimized out>, event=<optimized out>, app=<optimized out>)
    at /build/buildd/freerdp-1.0.1/client/X11/xf_event.c:564
#4 0x000000000040f7d1 in xf_check_fds (instance=0x696070, set=<optimized out>)
    at /build/buildd/freerdp-1.0.1/client/X11/xfreerdp.c:270
#5 0x000000000041054c in xfreerdp_run (instance=0x696070) at /build/buildd/freerdp-1.0.1/client/X11/xfreerdp.c:1020
#6 0x000000000041062c in thread_func (param=0x6baaa0) at /build/buildd/freerdp-1.0.1/client/X11/xfreerdp.c:1052
#7 0x00007ffff5fd1e9a in start_thread (arg=0x7ffff412f700) at pthread_create.c:308
#8 0x00007ffff5cff4bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#9 0x0000000000000000 in ?? ()
(gdb) frame 0
#0 __memcpy_ssse3_back () at ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S:199
199 in ../sysdeps/x86_64/multiarch/memcpy-ssse3-back.S
(gdb) info locals
No locals.
(gdb) frame 1
#1 0x000000000040b0ad in xf_cliprdr_get_requested_data (xfi=0x7fffec0008c0, target=672)
    at /usr/include/x86_64-linux-gnu/bits/string3.h:52
52 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
(gdb) info locals
type = 672
format = 8
data = 0x7fffec10cca0 "BM6\304m\001"
has_data = 0
length = 64511
bytes_left = 64511
dummy = 0
cb = 0x7fffec075460
(gdb)

Revision history for this message
Stefan (steffel) wrote :

Valgrind output of this situation:

==8375== Memcheck, a memory error detector
==8375== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==8375== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==8375== Command: xfreerdp -u emp000621 -p ***** -d BESI-EU -g 1024x768 -a 16 --ignore-certificate -s c:\\Program\ Files\ (x86)\\Microsoft\ Office\\Office12\\winword.exe\ --plugin cliprdr --plugin rdpdr --data disk:local:/ -- ATRATS02.eu.besi.corp
==8375==
==8375== Warning: ignored attempt to set SIGKILL handler in sigaction();
==8375== the SIGKILL signal is uncatchable
==8375== Warning: ignored attempt to set SIGSTOP handler in sigaction();
==8375== the SIGSTOP signal is uncatchable
==8375== Thread 2:
==8375== Invalid write of size 8
==8375== at 0x4C2D004: memcpy@@GLIBC_2.14 (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==8375== by 0x40B0AC: xf_cliprdr_get_requested_data (string3.h:52)
==8375== by 0x40C5F6: xf_cliprdr_process_property_notify (xf_cliprdr.c:1212)
==8375== by 0x40A5CD: xf_event_PropertyNotify (xf_event.c:564)
==8375== by 0x40F7D0: xf_check_fds (xfreerdp.c:270)
==8375== by 0x41054B: xfreerdp_run (xfreerdp.c:1020)
==8375== by 0x41062B: thread_func (xfreerdp.c:1052)
==8375== by 0x6A2CE99: start_thread (pthread_create.c:308)
==8375== Address 0x0 is not stack'd, malloc'd or (recently) free'd
==8375==
loading plugin cliprdr
loading plugin rdpdr
connected to ATRATS02.eu.besi.corp:3389
registered device #1: local (type=8 id=1)
xrealloc: null pointer given
==8375==
==8375== HEAP SUMMARY:
==8375== in use at exit: 1,276,903 bytes in 4,597 blocks
==8375== total heap usage: 14,319 allocs, 9,722 frees, 15,776,591 bytes allocated
==8375==
==8375== LEAK SUMMARY:
==8375== definitely lost: 26 bytes in 1 blocks
==8375== indirectly lost: 0 bytes in 0 blocks
==8375== possibly lost: 1,088 bytes in 4 blocks
==8375== still reachable: 1,275,789 bytes in 4,592 blocks
==8375== suppressed: 0 bytes in 0 blocks

Revision history for this message
Divya (divyas15) wrote :

https://github.com/FreeRDP/FreeRDP/pull/414/commits/4720596d610e5406d0445433f1a079fc84858fa7

^^ Above patch fixes this issue

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.