[Bug 47574] New: spice-gtk crash (parsing new VM name message)
bugzilla-daemon at freedesktop.org
bugzilla-daemon at freedesktop.org
Tue Mar 20 05:29:20 PDT 2012
https://bugs.freedesktop.org/show_bug.cgi?id=47574
Bug #: 47574
Summary: spice-gtk crash (parsing new VM name message)
Classification: Unclassified
Product: Spice
Version: unspecified
Platform: x86-64 (AMD64)
OS/Version: Linux (All)
Status: NEW
Severity: major
Priority: medium
Component: gtk-client
AssignedTo: spice-bugs at lists.freedesktop.org
ReportedBy: ykaul at redhat.com
Using spice-gtk b9b658f6ea41a2473853149b41fef2cb808ec4f2
spice 914e50814f151a9a5680018e2f264fd900885af9
qemu 33cf629a3754b58a1e2dbbe01d91d97e712b7c06
[ykaul at ykaul spice-gtk]$ gtk/spicy &
[1] 29428
[ykaul at ykaul spice-gtk]$ GSpice-Message: main channel: failed to connect
GSpice-Message: main channel: opened
*** buffer overflow detected ***: /home/ykaul/spice-gtk/gtk/.libs/lt-spicy
terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x3016308af7]
/lib64/libc.so.6[0x3016306a70]
/home/ykaul/spice-gtk/gtk/.libs/libspice-client-glib-2.0.so.1(+0xcc565)[0x7fab05146565]
/home/ykaul/spice-gtk/gtk/.libs/libspice-client-glib-2.0.so.1(+0x194ac)[0x7fab050934ac]
/home/ykaul/spice-gtk/gtk/.libs/libspice-client-glib-2.0.so.1(+0x1a3a9)[0x7fab050943a9]
/home/ykaul/spice-gtk/gtk/.libs/libspice-client-glib-2.0.so.1(+0x176b4)[0x7fab050916b4]
/home/ykaul/spice-gtk/gtk/.libs/libspice-client-glib-2.0.so.1(+0xc6d1f)[0x7fab05140d1f]
/home/ykaul/spice-gtk/gtk/.libs/libspice-client-glib-2.0.so.1(+0xc6ab6)[0x7fab05140ab6]
/lib64/libc.so.6[0x30162470d0]
Running with gdb:
(gdb) bt
#0 0x0000003016236285 in raise () from /lib64/libc.so.6
#1 0x0000003016237b9b in abort () from /lib64/libc.so.6
#2 0x0000003016277a7e in __libc_message () from /lib64/libc.so.6
#3 0x0000003016308af7 in __fortify_fail () from /lib64/libc.so.6
#4 0x0000003016306a70 in __chk_fail () from /lib64/libc.so.6
#5 0x00007fc24a3b4565 in memcpy (__len=9, __src=<optimized out>,
__dest=0x1dfd6a4) at /usr/include/bits/string3.h:52
#6 parse_msg_main_name (message_start=<optimized out>, message_end=0x1dbbe7d
"", minor=<optimized out>, size=0x1e68500,
free_message=0x1e68508) at generated_demarshallers.c:1155
#7 0x00007fc24a3014ac in spice_channel_recv_msg (channel=0x1e32860,
msg_handler=0x7fc24a30f850 <spice_main_handle_msg>, data=0x0)
at spice-channel.c:1827
#8 0x00007fc24a3023a9 in spice_channel_iterate_read (channel=0x1e32860) at
spice-channel.c:2000
#9 spice_channel_iterate_read (channel=0x1e32860) at spice-channel.c:1984
#10 0x00007fc24a2ff6b4 in spice_channel_iterate (channel=0x1e32860) at
spice-channel.c:2058
#11 spice_channel_coroutine (data=0x1e32860) at spice-channel.c:2211
#12 0x00007fc24a3aed1f in coroutine_trampoline (cc=0x1e32918) at
coroutine_ucontext.c:56
#13 0x00007fc24a3aeab6 in continuation_trampoline (i0=<optimized out>,
i1=<optimized out>) at continuation.c:49
#14 0x00000030162470d0 in ?? () from /lib64/libc.so.6
trace hints it's the name that is being sent - the name (from wireshark
capture) seems like
len = 9 (uint32)
name = TinyCore\0 (ASCII?!)
qemu command line:./x86_64-softmmu/qemu-system-x86_64 -spice
port=6901,disable-ticketing,jpeg-wan-compression=always,zlib-glz-wan-compression=always,playback-compression=on
-k en-us -name Tinycore -boot d -drive
file=~/tc.qcow2,if=ide,cache=writethrough,media=disk,format=qcow2 -drive
file=~/Downloads/TinyCore-current.iso,if=ide,media=cdrom -soundhw pcspk -m 1024
-cpu core2duo,+x2apic -smp 2 -balloon none -bios /usr/share/seabios/bios.bin
-monitor stdio --parallel none -vga qxl
--
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the spice-bugs
mailing list