What | Removed | Added |
---|---|---|
Status | NEW | IN_PROGRESS |
You are right, I kinda confused the update to 1.7.1 (which was just for factory) with recent security update (which was for all distributions). I was able to reproduce it with tigervnc 1.6.0. Easy steps to reproduce it: 1) Start Xvnc (either using xserver or directly), connect to it. 2) Start xterm in the session, move the window to be partially out of screen. 3) Keep pressing enter in the xterm until it starts scrolling. 4) As soon as the xterm start scrolling Xvnc terminates the connection. Xterm uses ProcCopyArea to scroll the content of its window, this copy rectangle is propagated to the damage handling in Xvnc and then it is incorrectly evaluated as broken because it attempts to copy rectangle that is partially exceeding the framebuffer. It happens in `ModifiablePixelBuffer` class which is used both by client and server. In case of client it is correct corrent to terminate, because it would mean something broken came over network, but in case of server it should just trim the rectangle and keep going. Apparently it is fixed in newer version, not sure if intentionally. I will backport or recreate the fix.