[Spice-devel] spice-gtk core dump

Yaniv Kaul ykaul at redhat.com
Tue Mar 20 01:22:57 PDT 2012 

Using spice-gtk b9b658f6ea41a2473853149b41fef2cb808ec4f2
spice 914e50814f151a9a5680018e2f264fd900885af9
qemu 33cf629a3754b58a1e2dbbe01d91d97e712b7c06

[ykaul at ykaul spice-gtk]$ gtk/spicy &
[1] 29428
[ykaul at ykaul spice-gtk]$ GSpice-Message: main channel: failed to connect
GSpice-Message: main channel: opened
*** buffer overflow detected ***: 
/home/ykaul/spice-gtk/gtk/.libs/lt-spicy terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x3016308af7]
/lib64/libc.so.6[0x3016306a70]
/home/ykaul/spice-gtk/gtk/.libs/libspice-client-glib-2.0.so.1(+0xcc565)[0x7fab05146565]
/home/ykaul/spice-gtk/gtk/.libs/libspice-client-glib-2.0.so.1(+0x194ac)[0x7fab050934ac]
/home/ykaul/spice-gtk/gtk/.libs/libspice-client-glib-2.0.so.1(+0x1a3a9)[0x7fab050943a9]
/home/ykaul/spice-gtk/gtk/.libs/libspice-client-glib-2.0.so.1(+0x176b4)[0x7fab050916b4]
/home/ykaul/spice-gtk/gtk/.libs/libspice-client-glib-2.0.so.1(+0xc6d1f)[0x7fab05140d1f]
/home/ykaul/spice-gtk/gtk/.libs/libspice-client-glib-2.0.so.1(+0xc6ab6)[0x7fab05140ab6]
/lib64/libc.so.6[0x30162470d0]



Running with gdb:

(gdb) bt
#0  0x0000003016236285 in raise () from /lib64/libc.so.6
#1  0x0000003016237b9b in abort () from /lib64/libc.so.6
#2  0x0000003016277a7e in __libc_message () from /lib64/libc.so.6
#3  0x0000003016308af7 in __fortify_fail () from /lib64/libc.so.6
#4  0x0000003016306a70 in __chk_fail () from /lib64/libc.so.6
#5  0x00007fc24a3b4565 in memcpy (__len=9, __src=<optimized out>, 
__dest=0x1dfd6a4) at /usr/include/bits/string3.h:52
#6  parse_msg_main_name (message_start=<optimized out>, 
message_end=0x1dbbe7d "", minor=<optimized out>, size=0x1e68500,
     free_message=0x1e68508) at generated_demarshallers.c:1155
#7  0x00007fc24a3014ac in spice_channel_recv_msg (channel=0x1e32860, 
msg_handler=0x7fc24a30f850 <spice_main_handle_msg>, data=0x0)
     at spice-channel.c:1827
#8  0x00007fc24a3023a9 in spice_channel_iterate_read (channel=0x1e32860) 
at spice-channel.c:2000
#9  spice_channel_iterate_read (channel=0x1e32860) at spice-channel.c:1984
#10 0x00007fc24a2ff6b4 in spice_channel_iterate (channel=0x1e32860) at 
spice-channel.c:2058
#11 spice_channel_coroutine (data=0x1e32860) at spice-channel.c:2211
#12 0x00007fc24a3aed1f in coroutine_trampoline (cc=0x1e32918) at 
coroutine_ucontext.c:56
#13 0x00007fc24a3aeab6 in continuation_trampoline (i0=<optimized out>, 
i1=<optimized out>) at continuation.c:49
#14 0x00000030162470d0 in ?? () from /lib64/libc.so.6


trace hints it's the name that is being sent - the name (from wireshark 
capture) seems like
len = 9  (uint32)
name = TinyCore\0  (ASCII?!)


qemu command line:./x86_64-softmmu/qemu-system-x86_64 -spice 
port=6901,disable-ticketing,jpeg-wan-compression=always,zlib-glz-wan-compression=always,playback-compression=on 
-k en-us -name Tinycore -boot d -drive 
file=~/tc.qcow2,if=ide,cache=writethrough,media=disk,format=qcow2 -drive 
file=~/Downloads/TinyCore-current.iso,if=ide,media=cdrom -soundhw pcspk 
-m 1024 -cpu core2duo,+x2apic -smp 2 -balloon none -bios 
/usr/share/seabios/bios.bin -monitor stdio --parallel none -vga qxl


Y.

More information about the Spice-devel mailing list