Ubuntu
vnc4 package

xvnc4viewer assert failure: *** stack smashing detected ***: vncviewer terminated

Bug #845855 reported by Rodney Lorrimar
160
This bug affects 29 people
Affects Status Importance Assigned to Milestone
vnc4 (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

xvnc4viewer crashes at startup when run like this:

vncviewer :1

ProblemType: Crash
DistroRelease: Ubuntu 11.10
Package: xvnc4viewer 4.1.1+xorg4.3.0-37ubuntu3
ProcVersionSignature: Ubuntu 3.0.0-10.16-generic 3.0.4
Uname: Linux 3.0.0-10-generic x86_64
Architecture: amd64
AssertionMessage: *** stack smashing detected ***: vncviewer terminated
Date: Fri Sep 9 19:39:50 2011
ExecutablePath: /usr/bin/xvnc4viewer
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
ProcCmdline: vncviewer :1
Signal: 6
SourcePackage: vnc4
StacktraceTop:
 raise () from /lib/x86_64-linux-gnu/libc.so.6
 abort () from /lib/x86_64-linux-gnu/libc.so.6
 ?? () from /lib/x86_64-linux-gnu/libc.so.6
 __fortify_fail () from /lib/x86_64-linux-gnu/libc.so.6
 __stack_chk_fail () from /lib/x86_64-linux-gnu/libc.so.6
Title: xvnc4viewer assert failure: *** stack smashing detected ***: vncviewer terminated
UpgradeStatus: Upgraded to oneiric on 2011-09-05 (4 days ago)
UserGroups: adm admin cdrom dialout lpadmin plugdev sambashare
XsessionErrors:
 (nautilus:3413): Gdk-CRITICAL **: gdk_window_get_window_type: assertion `GDK_IS_WINDOW (window)' failed
 (nautilus:3413): GLib-CRITICAL **: g_main_loop_is_running: assertion `g_atomic_int_get (&loop->ref_count) > 0' failed
 (nautilus:3413): GLib-CRITICAL **: g_main_loop_is_running: assertion `g_atomic_int_get (&loop->ref_count) > 0' failed
 (gedit:8263): Gtk-WARNING **: Unable to retrieve the file info for `file:///home/vicki/.local/share/applications/ankivnc.desktop': Error stating file '/home/vicki/.local/share/applications/ankivnc.desktop': No such file or directory

Related branches

lp:ubuntu/precise/vnc4
Revision history for this message
Rodney Lorrimar (rodney-rodney) wrote :
visibility: private → public
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 __libc_message (do_abort=2, fmt=0x7f00c35d961e "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
 __GI___fortify_fail (msg=0x7f00c35d9606 "stack smashing detected") at fortify_fail.c:32
 __stack_chk_fail () at stack_chk_fail.c:29
 network::TcpSocket::sameMachine (this=0x25fd4d0) at TcpSocket.cxx:266
 CConn::CConn (this=0x7fff333da1f0, dpy_=0x25e55f0, argc_=2, argv_=0x7fff333dccf8, sock_=0x0, vncServerName=0x7fff333de528 ":1", reverse=false, ipVersion=0) at CConn.cxx:119

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in vnc4 (Ubuntu):
importance: Undecided → Medium
tags: removed: need-amd64-retrace
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in vnc4 (Ubuntu):
status: New → Confirmed
Revision history for this message
knorr (a-sokolov) wrote :

On x86 too

Revision history for this message
knorr (a-sokolov) wrote :

with -listen option

Revision history for this message
Kazuhiro NISHIYAMA (znz) wrote :

I met same bug with "xvnc4viewer -via target localhost:1".

I tried with DEB_BUILD_OPTIONS=nostrip,debug and get backtrace.

(gdb) bt
#0 0x00130416 in __kernel_vsyscall ()
#1 0x003c5c8f in raise () from /lib/i386-linux-gnu/libc.so.6
#2 0x003c92b5 in abort () from /lib/i386-linux-gnu/libc.so.6
#3 0x003fbdfc in ?? () from /lib/i386-linux-gnu/libc.so.6
#4 0x0047f8d5 in __fortify_fail () from /lib/i386-linux-gnu/libc.so.6
#5 0x0047f887 in __stack_chk_fail () from /lib/i386-linux-gnu/libc.so.6
#6 0x08082f91 in __stack_chk_fail_local ()
#7 0x0807e534 in network::TcpSocket::sameMachine (this=0x80b0e20)
    at TcpSocket.cxx:266
#8 0x0805064b in CConn::CConn (this=0xbfffd7e8, dpy_=0x809d648, argc_=4,
    argv_=0xbffff314, sock_=0x0, vncServerName=0x809d320 "localhost::5599",
    reverse=false, ipVersion=0) at CConn.cxx:119
#9 0x0805a056 in main (argc=4, argv=0xbffff314) at vncviewer.cxx:325

I add
  addrlen = sizeof(struct sockaddr_in);
before
  getsockname(getFd(), (struct sockaddr *)&myaddr, &addrlen);
in common/network/TcpSocket.cxx, and then
  xvnc4viewer -via target localhost:1
works for me.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "TcpSocket.cxx.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-sponsors please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Revision history for this message
ftoperso (ftoperso) wrote :

same problem with
xvncviewer -listen
vncviewer -listen

Revision history for this message
diablo75 (dave-davestechsupport) wrote :
Download full text (5.6 KiB)

I believe I'm experiencing the same bug. On a fresh install of Ubuntu 11.10 on a Dell Dimension 2400, using xvnc4viewer (in listen mode) I got the following output when accepting a reverse connection from another PC:

vncviewer -listen

VNC Viewer Free Edition 4.1.1 for X - built Sep 7 2011 11:20:11
Copyright (C) 2002-2005 RealVNC Ltd.
See http://www.realvnc.com for information on VNC.

Fri Nov 18 04:09:13 2011
 main: Listening on port 5500

Fri Nov 18 04:09:17 2011
 CConn: Accepted connection from 0.0.0.0::55083
*** stack smashing detected ***: vncviewer terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x45)[0x32b8d5]
/lib/i386-linux-gnu/libc.so.6(+0xe7887)[0x32b887]
vncviewer[0x8082f91]
vncviewer[0x807e534]
vncviewer[0x805064b]
vncviewer[0x805a056]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf3)[0x25d113]
vncviewer[0x804c6b1]
======= Memory map: ========
00110000-00121000 r-xp 00000000 08:01 1444223 /usr/lib/i386-linux-gnu/libXext.so.6.4.0
00121000-00122000 r--p 00010000 08:01 1444223 /usr/lib/i386-linux-gnu/libXext.so.6.4.0
00122000-00123000 rw-p 00011000 08:01 1444223 /usr/lib/i386-linux-gnu/libXext.so.6.4.0
00123000-00126000 r-xp 00000000 08:01 655025 /lib/i386-linux-gnu/libdl-2.13.so
00126000-00127000 r--p 00002000 08:01 655025 /lib/i386-linux-gnu/libdl-2.13.so
00127000-00128000 rw-p 00003000 08:01 655025 /lib/i386-linux-gnu/libdl-2.13.so
00128000-0012a000 r-xp 00000000 08:01 1444213 /usr/lib/i386-linux-gnu/libXau.so.6.0.0
0012a000-0012b000 r--p 00001000 08:01 1444213 /usr/lib/i386-linux-gnu/libXau.so.6.0.0
0012b000-0012c000 rw-p 00002000 08:01 1444213 /usr/lib/i386-linux-gnu/libXau.so.6.0.0
0012c000-00135000 r-xp 00000000 08:01 1444235 /usr/lib/i386-linux-gnu/libXrender.so.1.3.0
00135000-00136000 r--p 00008000 08:01 1444235 /usr/lib/i386-linux-gnu/libXrender.so.1.3.0
00136000-00137000 rw-p 00009000 08:01 1444235 /usr/lib/i386-linux-gnu/libXrender.so.1.3.0
00226000-00242000 r-xp 00000000 08:01 655035 /lib/i386-linux-gnu/libgcc_s.so.1
00242000-00243000 r--p 0001b000 08:01 655035 /lib/i386-linux-gnu/libgcc_s.so.1
00243000-00244000 rw-p 0001c000 08:01 655035 /lib/i386-linux-gnu/libgcc_s.so.1
00244000-003ba000 r-xp 00000000 08:01 655014 /lib/i386-linux-gnu/libc-2.13.so
003ba000-003bc000 r--p 00176000 08:01 655014 /lib/i386-linux-gnu/libc-2.13.so
003bc000-003bd000 rw-p 00178000 08:01 655014 /lib/i386-linux-gnu/libc-2.13.so
003bd000-003c0000 rw-p 00000000 00:00 0
00421000-0043f000 r-xp 00000000 08:01 655001 /lib/i386-linux-gnu/ld-2.13.so
0043f000-00440000 r--p 0001d000 08:01 655001 /lib/i386-linux-gnu/ld-2.13.so
00440000-00441000 rw-p 0001e000 08:01 655001 /lib/i386-linux-gnu/ld-2.13.so
004b0000-004b4000 r-xp 00000000 08:01 1444225 /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0
004b4000-004b5000 r--p 00003000 08:01 1444225 /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0
004b5000-004b6000 rw-p 00004000 08:01 1444225 /usr/lib/i386-linux-gnu/libXfixes.so.3.1.0
004e4000-0050c000 r-xp 00000000 08:01 655044 /lib/i386-linux-gnu/libm-2.13.so
0050c000-0050d000 r--p 00028000...

Read more...

Revision history for this message
jp.fox (jp.fox) wrote :

Is someone having a temporary solution to get incoming VNC connection on 5500 port ?

Revision history for this message
Andrzej (ndrwrdck) wrote :

@jp.fox, apparently recompiling vncviewer with a gcc option -fno-stack-protector should "fix" that. Unfortunately the vncviewer build system is rather unusual. Let me know if you have any success with compilation.

Revision history for this message
Raúl Porcel (armin76) wrote :

Hi, for those in need of a working VNC, may want to have a look at tigervnc while this bug gets fixed... http://www.tigervnc.com/ Tigervnc is simply a fork of RealVNC.

In fact if you google, you may even find a debian/ubuntu repository, anyway on their webpage there are binaries available...

Revision history for this message
dargaud (dargaud) wrote :

As an alternative, install xtightvncviewer from the standard repository and run "xtightvncviewer localhost:0" instead of "vncviewer localhost:0"

Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

Same problem with `xvnc4viewer -listen` on Precise/amd64.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vnc4 - 4.1.1+xorg4.3.0-37ubuntu4

---------------
vnc4 (4.1.1+xorg4.3.0-37ubuntu4) precise; urgency=low

  * Reinitialize addrlen to avoid stack smashing (LP: #845855).
    Patch by Kazuhiro NISHIYAMA.
 -- Alkis Georgopoulos <email address hidden> Sun, 05 Feb 2012 19:08:14 +0200

Changed in vnc4 (Ubuntu):
status: Confirmed → Fix Released
Revision history for this message
Alkis Georgopoulos (alkisg) wrote :

Users looking for a backport may find one in the Epoptes stable PPA:
https://code.launchpad.net/~epoptes/+archive/ppa/

If some of the persons that commented on this bug discovers that his symptoms were caused by something else, please file separate bug reports.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.