[
https://issues.apache.org/jira/browse/GUACAMOLE-1900?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17806113#comment-17806113
]
Jimmy commented on GUACAMOLE-1900:
----------------------------------
[~mjumper] and [~vnick], I've found the root cause.
That's because *surface->heat_map* buffer isn't initialized in
*guac_common_surface_resize()* function.
It seems that the dev team made a mistake in processing the conversion of
*calloc()* function when working on GUACAMOLE-1867.
[https://github.com/apache/guacamole-server/commit/e4057c218994591c9e35c189ea4fc886d0e509ce#diff-5c4235162342d6ee018199c5b9636a26dd546425e6c3f28575eccfd6084d5012L1324-L1327]
I've fixed this issue and created a pull request:
[https://github.com/apache/guacamole-server/pull/477]
Please check it. Thanks.
> Resizing an RDP connection produces segfault
> --------------------------------------------
>
> Key: GUACAMOLE-1900
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1900
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-server
> Affects Versions: 1.5.4
> Environment: Apache Guacamole: Ubuntu 22.04.3 (64 bit), Tomcat 9.0.58
> RDP Server: Windows Server 2019 Datacenter Version 1809 (OS Build 17763.1817)
> Browser: Google Chrome 120.0.6099.130 (Official Build) (64-bit) (cohort:
> Stable)
> Reporter: Jimmy
> Priority: Critical
> Fix For: 1.5.5
>
> Attachments: image-2023-12-29-07-27-47-520.png
>
>
> Hello,
> When resizing the browser window after connecting to an RDP server (Windows
> Server 2019), I see a disconnect with segfault.
> !image-2023-12-29-07-27-47-520.png!
> I can see the following backtrace from the gdb:
> {code:java}
> Thread 4.5 "guacd" received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7fffe85fd640 (LWP 94749)]
> 0x00007ffff67e5ca7 in __guac_common_surface_touch_rect
> (surface=0x7fffe000f940, rect=0x7fffe85fc8d0, surface=0x7fffe000f940,
> rect=0x7fffe85fc8d0, time=21636686) at surface.c:643
> 643 heat_cell->history[heat_cell->oldest_entry] = time;
> (gdb) bt
> #0 0x00007ffff67e5ca7 in __guac_common_surface_touch_rect
> (surface=<optimized out>, rect=<optimized out>, surface=0x7fffe000f940,
> rect=0x7fffe85fc8d0, time=21636686) at surface.c:643
> #1 guac_common_surface_draw (surface=0x7fffe000f940, x=<optimized out>,
> y=<optimized out>, src=src@entry=0x7fffe04e7f40) at surface.c:1374
> #2 0x00007ffff67cfeec in guac_rdp_bitmap_paint (context=<optimized out>,
> bitmap=0x7fffe00b55a0) at bitmap.c:106
> #3 0x00007ffff661d4a2 in gdi_bitmap_update () at
> /usr/local/lib/libfreerdp2.so.2
> #4 0x00007ffff667b433 in fastpath_recv_update () at
> /usr/local/lib/libfreerdp2.so.2
> #5 0x00007ffff667b7a8 in fastpath_recv_updates () at
> /usr/local/lib/libfreerdp2.so.2
> #6 0x00007ffff6673dfa in rdp_recv_pdu () at /usr/local/lib/libfreerdp2.so.2
> #7 0x00007ffff6674f2b in rdp_recv_callback () at
> /usr/local/lib/libfreerdp2.so.2
> #8 0x00007ffff667ff74 in transport_check_fds () at
> /usr/local/lib/libfreerdp2.so.2
> #9 0x00007ffff6675967 in rdp_check_fds () at /usr/local/lib/libfreerdp2.so.2
> #10 0x00007ffff66599a3 in freerdp_check_fds () at
> /usr/local/lib/libfreerdp2.so.2
> #11 0x00007ffff665aad7 in freerdp_check_event_handles () at
> /usr/local/lib/libfreerdp2.so.2
> #12 0x00007ffff67df07e in guac_rdp_handle_connection (client=0x7ffff000b350)
> at rdp.c:559
> #13 guac_rdp_client_thread (data=0x7ffff000b350) at rdp.c:822
> #14 0x00007ffff7c94ac3 in start_thread (arg=<optimized out>) at
> ./nptl/pthread_create.c:442
> #15 0x00007ffff7d26660 in clone3 () at
> ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 {code}
> The test case follows as below:
> # Start the guacd. (guacd -L debug -f)
> # Connect to a RDP server.
> # Resize the browser window.
> If we repeat the step 3 more than 1 time, we can see this segfault issue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
