Segfault in Xvnc when modifier key is used with Xdmx as a client

Attached is a patch fixing the problem.

Package: vnc4
Severity: normal
Tags: patch

Hi

Thanks for the report. I'm creating a Debian bug now.

Regards,

// Ola

On Tue, May 01, 2007 at 01:09:32PM -0000, Peter Clifton wrote:
> Public bug reported:
>
> When using Xdmx as a client for Xvnc, when typing $, (as an example of symbol which requires a modifier key to type, Shift + 4 on a UK keyboard),
> the VNC server segfaults.
>
> Its a null-pointer de-reference, so probably not security critical.
>
> I worked up a fix, and it was accepted in SuSE (where I originally
> discovered the bug). Its reproducable on Ubuntu.
>
>
> https://bugzilla.novell.com/show_bug.cgi?id=268074
>
> ** Affects: vnc4 (Ubuntu)
> Importance: Undecided
> Status: Unconfirmed
>
> ** Affects: vnc4 (Suse)
> Importance: Unknown
> Status: Unknown
>
> --
> Segfault in Xvnc when modifier key is used with Xdmx as a client
> https://bugs.launchpad.net/bugs/111491
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
 --- Ola Lundqvist systemkonsult --- M Sc in IT Engineering ----
/ <email address hidden> Annebergsslingan 37 \
| <email address hidden> 654 65 KARLSTAD |
| http://opalsys.net/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------

Does this still apply to Hardy? If so, it'd be nice to udpate the patch.

Also to get your fix included in Ubuntu, it would help if you tried transforming it into a debdiff (http://wiki.ubuntu.com/PackagingGuide/Recipes/Debdiff) and submit it for review (http://wiki.ubuntu.com/SponsorshipProcess). If you prefer somebody else to do that, that's fine - please just indicate if you're available to do that.

Hi Daniel

Is this a clone for the Debian bug report or something?
I'm the Debian maintainer (and there it is applicable) but the
ubuntu version of the Xvnc package is quite different.

So I do not know whether this is applicable for hardy or not.

Best regards,

// Ola

On Fri, Feb 15, 2008 at 03:17:34PM -0000, Daniel Holbach wrote:
> Does this still apply to Hardy? If so, it'd be nice to udpate the patch.
>
> Also to get your fix included in Ubuntu, it would help if you tried
> transforming it into a debdiff
> (http://wiki.ubuntu.com/PackagingGuide/Recipes/Debdiff) and submit it
> for review (http://wiki.ubuntu.com/SponsorshipProcess). If you prefer
> somebody else to do that, that's fine - please just indicate if you're
> available to do that.
>
> --
> Segfault in Xvnc when modifier key is used with Xdmx as a client
> https://bugs.launchpad.net/bugs/111491
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
 --- Ola Lundqvist systemkonsult --- M Sc in IT Engineering ----
/ <email address hidden> Annebergsslingan 37 \
| <email address hidden> 654 65 KARLSTAD |
| http://opalsys.net/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------

Thanks Ola for joining in the conversation.

Since the patch was submitted in May last year, I wondered if it is still necessary for the recent version.

Ola: was it or is it included in Debian right now?

Hi again

I now realize that I remember wrong TR from Debian. I thought of
#444697: vnc4server: segfaults on key press with newer X.org

I assume that it is not the same problem. #444697 is still very valid.

So the answer is that I do not know. :)

Best regards,

// Ola

On Mon, Feb 18, 2008 at 08:51:37AM -0000, Daniel Holbach wrote:
> Thanks Ola for joining in the conversation.
>
> Since the patch was submitted in May last year, I wondered if it is
> still necessary for the recent version.
>
> Ola: was it or is it included in Debian right now?
>
> --
> Segfault in Xvnc when modifier key is used with Xdmx as a client
> https://bugs.launchpad.net/bugs/111491
> You received this bug notification because you are a direct subscriber
> of the bug.
>

--
 --- Ola Lundqvist systemkonsult --- M Sc in IT Engineering ----
/ <email address hidden> Annebergsslingan 37 \
| <email address hidden> 654 65 KARLSTAD |
| http://opalsys.net/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------

Thanks Ola.

Peter: it'd be great if we found out, if this still is problematic in Hardy.

When I've got some free time, I'll endevour to download a Hardy beta and see if this is still reproducible.

I have an old laptop HDD, so ought to be able to install Hardy on it once I've copied data off.

According to this page: https://edge.launchpad.net/ubuntu/+source/vnc4/

It looks like Gutsy and Hardy have the same VNC version. Would it be similarly interetsing to see whether the bug still manifests in Gutsy?

I can confirm on Gutsy.

Can I give you steps to test on Hardy.. saves me a reinstall:

(Note for brevity, auth is disabled on all these)

Xvnc -ac -depth 24 SecurityTypes=none :1
vncviewer :1
Xdmx :2 -display :1 -ac
DISPLAY=:2 gnome-terminal

Type $ in that terminal window.(Or probably other "Shift"+.... keys.

The bug is coming from something Xdmx does to the keymaps, although the Xvnc server obviously shouldn't be crashable from a client.

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!