VNC package vnc4server has broken XFIXES extension, breaking GTK apps
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vnc4 (Ubuntu) |
Fix Released
|
Undecided
|
Kees Cook |
Bug Description
Binary package hint: vnc4server
The vnc4server package in Fiesty advertises the XFIXES extension, as evidenced from its xdpyinfo output.
This extension is used by GTK apps, which promptly recieve an XError for their trouble:
/usr/bin/Xvnc :1 -ac
DISPLAY=:1 gnome-terminal
The program 'gnome-terminal' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadRequest (invalid request code or no such operation)'.
(Details: serial 74 error_code 1 request_code 146 minor_code 2)
(Note to programmers: normally, X errors are reported asynchronously;
that is, you will receive the error a while after causing it.
To debug your program, run it with the --sync command line
option to change this behavior. You can then get a meaningful
backtrace from your debugger if you break on the gdk_x_error() function.)
A backtrace breaking on _XError, with syncronous X replies:
DISPLAY=:1 gdb --args gnome-terminal --sync
GNU gdb 6.6-debian
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i486-linux-gnu"...
(no debugging symbols found)
Using host libthread_db library "/lib/tls/
(gdb) break _XError
Function "_XError" not defined.
Make breakpoint pending on future shared library load? (y or [n]) y
Breakpoint 1 (_XError) pending.
(gdb) run
Starting program: /usr/bin/
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1227544896 (LWP 14326)]
Breakpoint 2 at 0xb75e4b37: file ../../src/
Pending breakpoint "_XError" resolved
[Switching to Thread -1227544896 (LWP 14326)]
Breakpoint 2, _XError (dpy=0x80ac600, rep=0xbfba2860) at ../../src/
2874 ../../src/
in ../../src/XlibInt.c
(gdb) bt
#0 _XError (dpy=0x80ac600, rep=0xbfba2860) at ../../src/
#1 0xb75e6714 in _XReply (dpy=0x80ac600, rep=0xbfba2860, extra=0, discard=1) at ../../src/
#2 0xb75e05ca in XSync (dpy=0x80ac600, discard=0) at ../../src/Sync.c:48
#3 0xb75e0745 in _XSyncFunction (dpy=0x80ac600) at ../../src/
#4 0xb7407c3d in XFixesSelectSel
#5 0xb7936556 in IA__gdk_
at gdkdisplay-
#6 0xb793763e in IA__gdk_
#7 0xb7914cff in IA__gdk_
#8 0xb7ac360f in IA__gtk_init_check (argc=0xbfba2b50, argv=0xbfba2a64) at gtkmain.c:918
#9 0xb7ac3644 in IA__gtk_init (argc=0xbfba2b50, argv=0xbfba2a64) at gtkmain.c:953
#10 0x08063d5b in main ()
(gdb)
A workaround is to run Xvnc with -extension FIXES on the commandline.
I discovered this debugging the vnc server, and have some comments from
RealVNC who I originally contacted:
"""
Firstly, VNC Free Edition 4.1.1 has a serious security issue and should not
be used on any un-trusted network - VNC Free Edition 4.1.2 resolves this
issue.
Secondly, VNC Free Edition does not provide the Xfixes extension. From the
patches filename you have included below, it looks like Ubuntu is using a
custom VNC Free Edition 4.1.1-based package, which is build against a
different version of the X server, and so does provide Xfixes.
The two potential solutions I'd propose are:
1. Upgrade to the standard VNC Free Edition 4.1.2 package, which will not
provide Xfixes and so presumably won't confuse GTK.
OR
2. Find the run-time option to the Ubuntu VNC-based Xvnc to disable Xfixes
support in the X server, again to avoid GTK being confused.
The problem could be in the Ubuntu VNC-based X server build, advertising
Xfixes but not properly supporting it, or in GTK in detecting Xfixes and
then making invalid calls to use it, but it's impossible to say which. In
either case, the packages you're using will have been patched by the Debian
guys, so in the first instance it's worth reporting the issue to them - the
package maintainers can then propagate the report if it turns out to be an
issue with the underlying software.
"""