ssh x11 forwarding precise to oneiric causes glibc malloc(): memory corruption
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libxi (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Lucid |
Won't Fix
|
High
|
Unassigned | ||
Oneiric |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
High
|
Unassigned |
Bug Description
[Problem]
SSHing (with X11 forwarding enabled) from a Precise machine to an Oneiric machine and running certain X11 forwarded programs causes a crash of the program, either immediately or on the first mouse click on that program's window.
[Impact]
I have seen this on two client machines (a laptop and a desktop) running the latest precise release, connecting to either the oneiric desktop release or oneiric server release on the server side. I have also reproduced this with two VirtualBox VMs, connected together with host-only networking and with desktop releases of Oneiric and Precise installed.
[Development Fix]
Bug is a recognized upstream bug. When the xserver sends an unknown device class, pointers to incorrect chunks of memory are set up. The upstream patch fixes this by automatically skipping any unknown classes.
This is fixed in Precise already.
Debian also picked up the patch: http://
[Stable Fix]
A backport of the above patch is provided in the following debdiff:
https:/
Backport from upstream commit 22e9ace88d on the 1.4 branch to not corrupt memory when the server sends unknown device classes. Minor changes were needed because of the XI2.1 ubuntu specific patch.
[Text Case]
- On client machine, install Precise with all updates as of 2012-03-29.
- On server machine, install Oneiric with all updates as of 2012-03-29.
- Set up host-only networking so that machines can ssh to each other.
- On client machine, "ssh -X" to the server machine. Then run an X11 application. Some applications will crash immediately or on the first mouse click on that application.
On my test VirtualBox setup, applications that always crash on first click:
- gnome-terminal
- nautilus
- aisleriot solitaire
- gnome-control-
- file-roller
- brasero
- gcalctool
- palimpsest
Applications that do not crash:
- Libre Office
- gimp
- banshee
- firefox
- thunderbird
Obviously, this isn't an exhaustive list. When applications crash, they spew out a large error message. On my desktop machine, sshing in to an Oneiric Server install on a physical machine, the programs crash immediately without showing a window, but on my test setup with two VirtualBox VMs, you first have to click on the window to cause it to crash. Sample crash output is attched to this bug report in the crash_output.txt file.
[Regression Potential]
None known, after several months testing and usage in Precise as well as upstream. The patch does change how pointers and memory initialization is done, so bears the usual risks associated with any such change; notably one arg to copy_classes() changes type from int to pointer, but it's an internal function and all callers have been properly adjusted. The patch proposed for oneiric is a slightly modified version of what went into precise, but those changes were merely to make it apply against our patched xserver.
Things to look for in spotting potential regressions would be software or xserver crashes, with backtraces that pass through libxi functions. So, regressions would be fairly obvious with even light testing.
[Original Report]
SSHing (with X11 forwarding enabled) from a Precise machine to an Oneiric machine and running certain X11 forwarded programs causes a crash of the program, either immediately or on the first mouse click on that program's window.
I have seen this on two client machines (a laptop and a desktop) running the latest precise release, connecting to either the oneiric desktop release or oneiric server release on the server side. I have also reproduced this with two VirtualBox VMs, connected together with host-only networking and with desktop releases of Oneiric and Precise installed.
To reproduce:
- On client machine, install Precise with all updates as of 2012-03-29.
- On server machine, install Oneiric with all updates as of 2012-03-29.
- Set up host-only networking so that machines can ssh to each other.
- On client machine, "ssh -X" to the server machine. Then run an X11 application. Some applications will crash immediately or on the first mouse click on that application.
On my test VirtualBox setup, applications that always crash on first click:
- gnome-terminal
- nautilus
- aisleriot solitaire
- gnome-control-
- file-roller
- brasero
- gcalctool
- palimpsest
Applications that do not crash:
- Libre Office
- gimp
- banshee
- firefox
- thunderbird
Obviously, this isn't an exhaustive list. When applications crash, they spew out a large error message. On my desktop machine, sshing in to an Oneiric Server install on a physical machine, the programs crash immediately without showing a window, but on my test setup with two VirtualBox VMs, you first have to click on the window to cause it to crash. Sample crash output is attched to this bug report in the crash_output.txt file.
OS and Software Versions:
Client:
=====
lsb_release -rd:
Description: Ubuntu precise (development branch)
Release: 12.04
apt-cache policy xorg:
xorg:
Installed: 1:7.6+12ubuntu1
Candidate: 1:7.6+12ubuntu1
Version table:
*** 1:7.6+12ubuntu1 0
500 http://
100 /var/lib/
Server:
======
lsb_release -rd:
Description: Ubuntu 11.10
Release: 11.10
apt-cache policy xorg:
xorg:
Installed: 1:7.6+7ubuntu7.1
Candidate: 1:7.6+7ubuntu7.1
Version table:
*** 1:7.6+7ubuntu7.1 0
500 http://
500 http://
100 /var/lib/
1:7.6+7ubuntu7 0
500 http://
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: xorg 1:7.6+12ubuntu1
ProcVersionSign
Uname: Linux 3.2.0-20-generic x86_64
.tmp.unity.
ApportVersion: 1.95-0ubuntu1
Architecture: amd64
CompizPlugins: [core,composite
CompositorRunning: compiz
Date: Thu Mar 29 13:32:19 2012
DistUpgraded: Fresh install
DistroCodename: precise
DistroVariant: ubuntu
DkmsStatus: virtualbox, 4.1.10, 3.2.0-20-generic, x86_64: installed
ExtraDebuggingI
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Beta amd64+mac (20120327.1)
MachineType: Dell Inc. OptiPlex 960
ProcEnviron:
LANGUAGE=en_GB:en
TERM=xterm
LANG=en_GB.UTF-8
SHELL=/bin/bash
ProcKernelCmdLine: BOOT_IMAGE=
SourcePackage: xorg
Symptom: display
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 07/31/2009
dmi.bios.vendor: Dell Inc.
dmi.bios.version: A05
dmi.board.name: 0F428D
dmi.board.vendor: Dell Inc.
dmi.board.version: A00
dmi.chassis.type: 3
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.
dmi.product.name: OptiPlex 960
dmi.sys.vendor: Dell Inc.
version.compiz: compiz 1:0.9.7.2-0ubuntu4
version.ia32-libs: ia32-libs N/A
version.libdrm2: libdrm2 2.4.32-1ubuntu1
version.
version.
version.
version.
version.
version.
version.
version.
affects: | xorg-server (Ubuntu) → libxi (Ubuntu) |
Changed in libxi (Ubuntu): | |
status: | Incomplete → Triaged |
description: | updated |
tags: | added: verification-done-oneiric |
I've just tested SSHing from Precise to Natty and everything seems to work fine. So perhaps this is more truthfully a bug in Oneiric.