http://bugzilla.opensuse.org/show_bug.cgi?id=1099697 Bug ID: 1099697 Summary: gvncviewer segfaults if it cannot connect due to SUSE firewall Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: GNOME Assignee: bnc-team-gnome@forge.provo.novell.com Reporter: sebastian.parschauer@suse.com QA Contact: qa-bugs@suse.de Found By: L3 Blocker: --- Sometimes I forget to open the VNC server port in the Firewall on the remote SLES server. It is annoying then that gvncviewer crashes with a segfault. I install updates every day. System is on update status of today: * gtk-vnc-tools-0.6.0-3.1.x86_64 * libgtk-vnc-1_0-0-0.6.0-3.1.x86_64 I've collected and analyzed a coredump:

Program terminated with signal SIGSEGV, Segmentation fault. #0 0x00007fa38024bc29 in vnc_connection_open_host_internal (conn=0x148dba0) at vncconnection.c:5404 5404 vnc_connection_set_error(conn, "Unable to connect: %s", [Current thread is 1 (Thread 0x7fa380864a40 (LWP 11701))] (gdb) bt #0 0x00007fa38024bc29 in vnc_connection_open_host_internal (conn=0x148dba0 [VncConnection]) at vncconnection.c:5404 #1 0x00007fa38024bc29 in vnc_connection_coroutine (opaque=<optimized out>) at vncconnection.c:5448 #2 0x00007fa38024f2eb in coroutine_trampoline (cc=0x148a030) at coroutine_ucontext.c:55 #3 0x00007fa37e41eb70 in __start_context () at /lib64/libc.so.6 #4 0x000000000148a3f8 in () #5 0x0000000000000000 in ()

(gdb) info locals enumerator = 0x1376c40 sock = 0x0 priv = 0x148a000 addr = <optimized out> sockaddr = 0x0 conn_error = 0x0 (gdb) info registers rax 0x0 0

Related assembly code:

0x00007fa38024bc1f <+671>: lea 0x7239(%rip),%rsi # 0x7fa380252e5f 0x00007fa38024bc26 <+678>: mov %r14,%rdi => 0x00007fa38024bc29 <+681>: mov 0x8(%rax),%rdx 0x00007fa38024bc2d <+685>: xor %eax,%eax 0x00007fa38024bc2f <+687>: callq 0x7fa380245690

The third argument of vnc_connection_set_error() which gets prepared in RDX is conn_error. You can see that conn_error is NULL and is initialized as NULL. So why is this dereferencing conn_error->message then? Kernel message:

gvncviewer[11701]: segfault at 8 ip 00007fa38024bc29 sp 00007fa36b7fee20 error 4 in libgvnc-1.0.so.0.0.1[7fa380235000+24000]

8 Bytes is exactly the offset of GError::message. Related code from src/vncconnection.c vnc_connection_open_host_internal():

5380 GError *conn_error = NULL; ... 5403 if (!sock) { 5404 vnc_connection_set_error(conn, "Unable to connect: %s", 5405 conn_error->message); 5406 }

Do you need anything else from me? Should I upload the coredump to a SUSE server via SSH? Can you please fix this NULL pointer dereference? TIA -- You are receiving this mail because: You are on the CC list for the bug.