https://bugzilla.novell.com/show_bug.cgi?id=358865
User dmueller@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=358865#c16
Dirk Mueller changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dmueller@novell.com
Status|NEEDINFO |ASSIGNED
Info Provider|dmueller@novell.com |
--- Comment #16 from Dirk Mueller 2008-02-06 05:54:09 MST ---
sure,
==2823== Invalid read of size 1
==2823== at 0xFFBB048: memcpy (in
/usr/lib/valgrind/ppc32-linux/vgpreload_memcheck.so)
==2823== by 0x1005DB10: rfbTranslateNone (in /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x10057C74: (within /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x10059548: (within /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x10059C64: rfbSendRectEncodingTight (in
/mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x1004ADC4: rfbSendFramebufferUpdate (in
/mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x1004CBD4: rfbProcessClientMessage (in
/mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x10055578: rfbCheckFds (in /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x10047618: (within /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x100777C4: WakeupHandler (in /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x103A1430: WaitForSomething (in /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x100729F4: Dispatch (in /mounts/mp_0001/usr/bin/Xvnc)
==2823== Address 0x7d38d20 is 0 bytes after a block of size 2,048 alloc'd
==2823== at 0xFFB9C54: malloc (in
/usr/lib/valgrind/ppc32-linux/vgpreload_memcheck.so)
==2823== by 0x1005DAB0: rfbTranslateNone (in /mounts/mp_0001/usr/bin/Xvnc)
means it reads out of bounds.. smells like an off-by-one somewhere
this is where it causes heap corruption:
==2823== Invalid write of size 4
==2823== at 0x102D165C: fbBlt (in /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x102D1918: fbBltStip (in /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x102D4704: fbGetImage (in /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x102F3A38: (within /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x1004F7B8: (within /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x1005DAE0: rfbTranslateNone (in /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x10057C74: (within /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x1005960C: (within /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x10059C64: rfbSendRectEncodingTight (in
/mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x10059D0C: rfbSendRectEncodingTight (in
/mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x1004ADC4: rfbSendFramebufferUpdate (in
/mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x1004CBD4: rfbProcessClientMessage (in
/mounts/mp_0001/usr/bin/Xvnc)
==2823== Address 0x7e2ece8 is 0 bytes after a block of size 1,960 alloc'd
==2823== at 0xFFB9C54: malloc (in
/usr/lib/valgrind/ppc32-linux/vgpreload_memcheck.so)
==2823== by 0x1005DAB0: rfbTranslateNone (in /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x10057C74: (within /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x1005960C: (within /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x10059C64: rfbSendRectEncodingTight (in
/mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x10059D0C: rfbSendRectEncodingTight (in
/mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x1004ADC4: rfbSendFramebufferUpdate (in
/mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x1004CBD4: rfbProcessClientMessage (in
/mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x10055578: rfbCheckFds (in /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x10047618: (within /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x100777C4: WakeupHandler (in /mounts/mp_0001/usr/bin/Xvnc)
==2823== by 0x103A1430: WaitForSomething (in /mounts/mp_0001/usr/bin/Xvnc)
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.