diff --git a/0001-fix-crash-when-connection-fails-early.patch b/0001-fix-crash-when-connection-fails-early.patch new file mode 100644 index 0000000..c3694cc --- /dev/null +++ b/0001-fix-crash-when-connection-fails-early.patch @@ -0,0 +1,88 @@ +From 06a27a4fb52653b4cbf67b75b8116cf6692b435d Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Fri, 24 Aug 2018 17:18:04 +0100 +Subject: [PATCH] fix crash when connection fails early +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When reading the initial greeting a timer is set in the background. If +the connection fails early, we can jump to cleanup code before the timer +is disable. The timer will later fire, read a coroutine context from +freed memory, and likely jump to somewhere awful with predictably crashy +results. + + https://bugzilla.redhat.com/show_bug.cgi?id=1620203 + +Signed-off-by: Daniel P. Berrangé +--- + src/vncconnection.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/src/vncconnection.c b/src/vncconnection.c +index b6e13d5..afc1418 100644 +--- a/src/vncconnection.c ++++ b/src/vncconnection.c +@@ -319,7 +319,9 @@ static gboolean vnc_connection_timeout(gpointer data) + { + struct wait_queue *wait = data; + ++ VNC_DEBUG("Connection timeout wakeup start %p", data); + g_io_wakeup(wait); ++ VNC_DEBUG("Connection timeout wakeup done %p", data); + + return FALSE; + } +@@ -5318,6 +5320,7 @@ static gboolean vnc_connection_initialize(VncConnection *conn) + + priv->absPointer = TRUE; + ++ VNC_DEBUG("Schedule greeting timeout %p", &priv->wait); + timeout = g_timeout_add_seconds(2, vnc_connection_timeout, &priv->wait); + want = 12; + while (want > 0) { +@@ -5369,7 +5372,9 @@ static gboolean vnc_connection_initialize(VncConnection *conn) + } + + if (timeout != 0) { ++ VNC_DEBUG("Remove timeout %p", &priv->wait); + g_source_remove(timeout); ++ timeout = 0; + } + + version[12] = 0; +@@ -5449,6 +5454,11 @@ static gboolean vnc_connection_initialize(VncConnection *conn) + return !vnc_connection_has_error(conn); + + fail: ++ if (timeout != 0) { ++ VNC_DEBUG("Remove timeout %p", &priv->wait); ++ g_source_remove(timeout); ++ timeout = 0; ++ } + return !vnc_connection_has_error(conn); + } + +@@ -5481,6 +5491,7 @@ static GSocket *vnc_connection_connect_socket(struct wait_queue *wait, + if (!sock) + return NULL; + ++ VNC_DEBUG("Schedule socket timeout %p", wait); + guint timeout = g_timeout_add_seconds(10, vnc_connection_timeout, wait); + + g_socket_set_blocking(sock, FALSE); +@@ -5513,8 +5524,10 @@ timeout: + sock = NULL; + + end: +- if (timeout != 0) ++ if (timeout != 0) { ++ VNC_DEBUG("Remove timeout %p", wait); + g_source_remove(timeout); ++ } + + return sock; + } +-- +2.17.1 + diff --git a/gtk-vnc.spec b/gtk-vnc.spec index a27968b..be803f9 100644 --- a/gtk-vnc.spec +++ b/gtk-vnc.spec @@ -32,9 +32,10 @@ Summary: A GTK2 widget for VNC clients Name: gtk-vnc Version: 0.9.0 -Release: 1%{?dist}%{?extra_release} +Release: 2%{?dist}%{?extra_release} License: LGPLv2+ Source: http://ftp.gnome.org/pub/GNOME/sources/%{name}/0.5/%{name}-%{version}.tar.xz +Patch1: 0001-fix-crash-when-connection-fails-early.patch URL: https://wiki.gnome.org/Projects/gtk-vnc Requires: gvnc = %{version}-%{release} %if %{with_gtk2} @@ -154,6 +155,10 @@ Libraries, includes, etc. to compile with the gtk-vnc library %prep %setup -q -n gtk-vnc-%{version} -c +cd gtk-vnc-%{version} +%patch1 -p1 +cd .. + %if %{with_gtk3} cp -a gtk-vnc-%{version} gtk-vnc2-%{version} %endif @@ -315,6 +320,9 @@ rm -f %{buildroot}%{_libdir}/*.la %endif %changelog +* Fri Aug 24 2018 Daniel P. Berrangé - 0.9.0-2 +- Fix crash if connection fails early (rhbz #1620203) + * Fri Aug 17 2018 Daniel P. Berrangé - 0.9.0-1 - Update to 0.9.0 release