Mir

A Mir client can crash the server by setting an invalid display configuration

Bug #1643446 reported by Daniel van Vugt on 2016-11-21
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical System Image
High
Unassigned
Mir
Fix Released
High
Alan Griffiths
0.26
Triaged
High
Unassigned

Bug Description

Calling mir_output_enable() from a client can easily crash the server.

If that server happens to be mir_demo* then you will get a reason:

ERROR: ../src/platforms/mesa/server/kms/display.cpp(153): Throw in function virtual void mir::graphics::mesa::Display::configure(const mir::graphics::DisplayConfiguration&)
Dynamic exception type: boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<std::logic_error> >
std::exception::what: Invalid or inconsistent display configuration

Related branches

description: updated
Daniel van Vugt (vanvugt) wrote :

I guess we don't bother to default all possibly "inconsistent" fields to something that's consistent.

summary: - mir_output_enable() crashes the server
+ Calling mir_output_enable() from a client crashes the server

Test case (using the latest lp:mir):

  mirout output 45 enable

where 45 is the ID of an existing but disconnected output on my machine.

summary: - Calling mir_output_enable() from a client crashes the server
+ Calling mir_output_enable() from a client can easily crash the server
description: updated
summary: - Calling mir_output_enable() from a client can easily crash the server
+ A client can crash the server by setting an invalid display
+ configuration
tags: added: multimonitor
Changed in mir:
milestone: none → 1.0.0
Changed in canonical-devices-system-image:
importance: Undecided → High
milestone: none → u8c-1
tags: added: unity8-desktop
summary: - A client can crash the server by setting an invalid display
+ A Mir client can crash the server by setting an invalid display
configuration
Changed in canonical-devices-system-image:
assignee: nobody → Stephen M. Webb (bregma)
Changed in canonical-devices-system-image:
status: New → Triaged
information type: Public → Public Security
information type: Public Security → Public
Changed in canonical-devices-system-image:
milestone: u8c-1 → u8c-2
Changed in mir:
milestone: 0.27.0 → 0.28.0
Alan Griffiths (alan-griffiths) wrote :

Hmm on trunk we now get a segfault.

Changed in canonical-devices-system-image:
assignee: Stephen M. Webb (bregma) → nobody
Changed in mir:
status: Triaged → In Progress
assignee: nobody → Alan Griffiths (alan-griffiths)
milestone: none → 1.0.0
Mir CI Bot (mir-ci-bot) wrote :

Fix committed into lp:mir at revision None, scheduled for release in mir, milestone 1.0.0

Changed in mir:
status: In Progress → Fix Committed
Changed in mir:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers