qemu-system-x86 crashes when VNC connection is established
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qemu (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Medium
|
Unassigned |
Bug Description
[Impact]
* some more uncommon vnc configurations (e.g. very long names, but also
potentially various other cases that make
vnc_
(after alloc) in a struct that will then be used on calls (e.g to free)
* The fix would avoid hard crashes (due to freeing random or null
pointers) in qemu of xenial
[Test Case]
* To trigger the issue you can use e.g. a very long vnc string.
Console 1
$ mkdir /tmp/service
$ qemu-system-x86_64 -enable-kvm -vnc unix:/tmp/
Console 2
$ socat - UNIX:/tmp/
[Regression Potential]
* I'd consider the regression potential very low for the following
reasons:
- small change (easier to review)
- changing alloc to zeroing alloc (to avoid random data in struct)
- the change is from upstream and quite old without being reverted or
post-fixed
* What could happen?
Overall due to the change now just initializing memory the only
regression I could think of would be something that required !=0
content and worked all the time by accident (since random has so many
changes to be !=0 but only one to be =0, but TBH I can't think
of such an issue in that area of the code
[Other Info]
* pre testable in ppa https:/
Following minimal test case crashes qemu-system-i386 on amd64 host:
qemu-system-i386 -name test -nodefconfig -no-user-config -nodefaults -sandbox off -machine none -m 256 -balloon none -no-acpi -parallel none -vga virtio -display "vnc=unix:
and open the connection (not even real VNC client needed):
socat - UNIX:vnc.socket
Result:
*** Error in `qemu-system-i386': free(): invalid pointer: 0x00007fbad024eb78 ***
======= Backtrace: =========
/lib/x86_
/lib/x86_
/lib/x86_
qemu-system-
qemu-system-
qemu-system-
qemu-system-
qemu-system-
qemu-system-
qemu-system-
qemu-system-
/lib/x86_
...
$ lsb_release -rd
Description: Ubuntu 16.04.2 LTS
Release: 16.04
$ apt-cache policy qemu-system-x86
qemu-system-x86:
Installed: 1:2.5+dfsg-
Candidate: 1:2.5+dfsg-
Version table:
*** 1:2.5+dfsg-
500 http://
500 http://
100 /var/lib/
1:
500 http://
affects: | qemu-kvm (Ubuntu) → qemu (Ubuntu) |
Changed in qemu (Ubuntu): | |
status: | Expired → New |
description: | updated |
description: | updated |
Hi, thanks for taking the time to report the issue!
Can you verify that you have a fully updated system? Also, is this running on bare-metal, in a container, or in a VM?
I tried reproducing in a lxc container, a uvt image, and on baremetal. I launched the qemu cli you have, then in another terminal ran the socat command, however I saw no crashes.