Bug ID 1099697
Summary gvncviewer segfaults if it cannot connect due to SUSE firewall
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.3
Hardware x86-64
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component GNOME
Assignee bnc-team-gnome@forge.provo.novell.com
Reporter sebastian.parschauer@suse.com
QA Contact qa-bugs@suse.de
Found By L3
Blocker --- 

Sometimes I forget to open the VNC server port in the Firewall on the remote
SLES server. It is annoying then that gvncviewer crashes with a segfault.

I install updates every day. System is on update status of today:
* gtk-vnc-tools-0.6.0-3.1.x86_64
* libgtk-vnc-1_0-0-0.6.0-3.1.x86_64

I've collected and analyzed a coredump:

> Program terminated with signal SIGSEGV, Segmentation fault.
> #0  0x00007fa38024bc29 in vnc_connection_open_host_internal (conn=0x148dba0) at vncconnection.c:5404
> 5404	        vnc_connection_set_error(conn, "Unable to connect: %s",
> [Current thread is 1 (Thread 0x7fa380864a40 (LWP 11701))]
> (gdb) bt
> #0  0x00007fa38024bc29 in vnc_connection_open_host_internal (conn=0x148dba0 [VncConnection])
>     at vncconnection.c:5404
> #1  0x00007fa38024bc29 in vnc_connection_coroutine (opaque=<optimized out>) at vncconnection.c:5448
> #2  0x00007fa38024f2eb in coroutine_trampoline (cc=0x148a030) at coroutine_ucontext.c:55
> #3  0x00007fa37e41eb70 in __start_context () at /lib64/libc.so.6
> #4  0x000000000148a3f8 in  ()
> #5  0x0000000000000000 in  ()

> (gdb) info locals 
> enumerator = 0x1376c40
> sock = 0x0
> priv = 0x148a000
> addr = <optimized out>
> sockaddr = 0x0
> conn_error = 0x0
> (gdb) info registers 
> rax            0x0	0

Related assembly code:
>    0x00007fa38024bc1f <+671>:	lea    0x7239(%rip),%rsi        # 0x7fa380252e5f
>    0x00007fa38024bc26 <+678>:	mov    %r14,%rdi
> => 0x00007fa38024bc29 <+681>:	mov    0x8(%rax),%rdx
>    0x00007fa38024bc2d <+685>:	xor    %eax,%eax
>    0x00007fa38024bc2f <+687>:	callq  0x7fa380245690 <vnc_connection_set_error>

The third argument of vnc_connection_set_error() which gets prepared in RDX is
conn_error. You can see that conn_error is NULL and is initialized as NULL.
So why is this dereferencing conn_error->message then?

Kernel message:
> gvncviewer[11701]: segfault at 8 ip 00007fa38024bc29 sp 00007fa36b7fee20 error 4 in libgvnc-1.0.so.0.0.1[7fa380235000+24000]

8 Bytes is exactly the offset of GError::message.

Related code from src/vncconnection.c vnc_connection_open_host_internal():
> 5380     GError *conn_error = NULL;
...
> 5403     if (!sock) {
> 5404         vnc_connection_set_error(conn, "Unable to connect: %s",
> 5405                                  conn_error->message);
> 5406     }

Do you need anything else from me?
Should I upload the coredump to a SUSE server via SSH?

Can you please fix this NULL pointer dereference? TIA

You are receiving this mail because: