VNC package vnc4server has broken XFIXES extension, breaking GTK apps

Bug #110263 reported by Peter Clifton on 2007-04-26
14
Affects Status Importance Assigned to Milestone
vnc4 (Ubuntu)
Undecided
Kees Cook

Bug Description

Binary package hint: vnc4server

The vnc4server package in Fiesty advertises the XFIXES extension, as evidenced from its xdpyinfo output.

This extension is used by GTK apps, which promptly recieve an XError for their trouble:

/usr/bin/Xvnc :1 -ac

DISPLAY=:1 gnome-terminal
The program 'gnome-terminal' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadRequest (invalid request code or no such operation)'.
  (Details: serial 74 error_code 1 request_code 146 minor_code 2)
  (Note to programmers: normally, X errors are reported asynchronously;
   that is, you will receive the error a while after causing it.
   To debug your program, run it with the --sync command line
   option to change this behavior. You can then get a meaningful
   backtrace from your debugger if you break on the gdk_x_error() function.)

A backtrace breaking on _XError, with syncronous X replies:

DISPLAY=:1 gdb --args gnome-terminal --sync
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(no debugging symbols found)
Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
(gdb) break _XError
Function "_XError" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (_XError) pending.
(gdb) run
Starting program: /usr/bin/gnome-terminal --sync
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1227544896 (LWP 14326)]
Breakpoint 2 at 0xb75e4b37: file ../../src/XlibInt.c, line 2874.
Pending breakpoint "_XError" resolved
[Switching to Thread -1227544896 (LWP 14326)]

Breakpoint 2, _XError (dpy=0x80ac600, rep=0xbfba2860) at ../../src/XlibInt.c:2874
2874 ../../src/XlibInt.c: No such file or directory.
        in ../../src/XlibInt.c
(gdb) bt
#0 _XError (dpy=0x80ac600, rep=0xbfba2860) at ../../src/XlibInt.c:2874
#1 0xb75e6714 in _XReply (dpy=0x80ac600, rep=0xbfba2860, extra=0, discard=1) at ../../src/XlibInt.c:1833
#2 0xb75e05ca in XSync (dpy=0x80ac600, discard=0) at ../../src/Sync.c:48
#3 0xb75e0745 in _XSyncFunction (dpy=0x80ac600) at ../../src/Synchro.c:37
#4 0xb7407c3d in XFixesSelectSelectionInput () from /usr/lib/libXfixes.so.3
#5 0xb7936556 in IA__gdk_display_request_selection_notification (display=0x80ac600, selection=0x47)
    at gdkdisplay-x11.c:1142
#6 0xb793763e in IA__gdk_display_open (display_name=0x0) at gdkdisplay-x11.c:335
#7 0xb7914cff in IA__gdk_display_open_default_libgtk_only () at gdk.c:278
#8 0xb7ac360f in IA__gtk_init_check (argc=0xbfba2b50, argv=0xbfba2a64) at gtkmain.c:918
#9 0xb7ac3644 in IA__gtk_init (argc=0xbfba2b50, argv=0xbfba2a64) at gtkmain.c:953
#10 0x08063d5b in main ()
(gdb)

A workaround is to run Xvnc with -extension FIXES on the commandline.

Peter Clifton (pcjc2) wrote :

I discovered this debugging the vnc server, and have some comments from
RealVNC who I originally contacted:

"""
Firstly, VNC Free Edition 4.1.1 has a serious security issue and should not
be used on any un-trusted network - VNC Free Edition 4.1.2 resolves this
issue.

Secondly, VNC Free Edition does not provide the Xfixes extension. From the
patches filename you have included below, it looks like Ubuntu is using a
custom VNC Free Edition 4.1.1-based package, which is build against a
different version of the X server, and so does provide Xfixes.

The two potential solutions I'd propose are:

1. Upgrade to the standard VNC Free Edition 4.1.2 package, which will not
provide Xfixes and so presumably won't confuse GTK.

OR

2. Find the run-time option to the Ubuntu VNC-based Xvnc to disable Xfixes
support in the X server, again to avoid GTK being confused.

The problem could be in the Ubuntu VNC-based X server build, advertising
Xfixes but not properly supporting it, or in GTK in detecting Xfixes and
then making invalid calls to use it, but it's impossible to say which. In
either case, the packages you're using will have been patched by the Debian
guys, so in the first instance it's worth reporting the issue to them - the
package maintainers can then propagate the report if it turns out to be an
issue with the underlying software.
"""

Eric Lee Green (eric-badtux) wrote :

I have tested upstream Debian Edgy vnc4server_4.1.1+X4.3.0-21_i386.deb vnc4-common_4.1.1+X4.3.0-21_i386.deb and other than the font path issue (solved by a single symlink), they work properly. I also tested upstream vnc-4.1.2 (from realvnc.com) and it worked properly too, though I had to plunk a bunch of symlinks into the system to deal with the differences between how Red Hat does things and how Ubuntu does things (realvnc.com's is compiled against RHEL). This is not a bug in upstream. This is a bug introduced by the Ubuntu packaging team.

Patrick J. LoPresti (lopresti) wrote :

I can confirm this problem with Feisty.

Can anyone suggest a (simple?) workaround, short of downloading and compiling my own copy of the VNC server?

Thanks!

Patrick J. LoPresti (lopresti) wrote :

Aha:

https://bugs.launchpad.net/ubuntu/+source/xfce4-session/+bug/78887

"-extension XFIXES" does the trick. Thanks, Peter!

Mario Limonciello (superm1) wrote :

This extension was added for gutsy
vnc4 (4.1.1+xorg1.0.2-0ubuntu5) gutsy; urgency=low

  * unix/vncserver: add "-extension XFIXES" (LP: #78282).

 -- Kees Cook <email address hidden> Tue, 21 Aug 2007 09:04:53 -0700

Changed in vnc4:
assignee: nobody → keescook
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers