search

ArcticaProject / nx-libs

nx-libs
Other
121 stars 39 forks source link

Gedit, gnome-terminal and others crash in rootless mode #82

Closed sunweaver closed 7 years ago

sunweaver commented 8 years ago

From X2Go BTS (with patch there): http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=900

Package: libnx-X11

Version: 2.3.5

Setup:

  1. x2goserver in a debian testing machine.
  2. x2goclient in a windows machine.
  3. Create a session with a virtual desktop.
  4. Run gedit in the session created in 3.
  5. Create a session in windows launching only xterm.
  6. Run gedit from the console created in 5.
  7. Create a session in windows launching only gedit.

Results:

  1. Steps from Setup 3, 4 and 5 work fine.
  2. Steps from Setup 6 and 7 crash (close the session).

A quick look in dmesg shows that _libNXX11.so.6.2 caused a SEGFAULT.

Running x2goagent with a debugger gives the following backtrace:

(gdb) backtrace

0 _XData32 (dpy=dpy@entry=0xf591b0, data=data@entry=0x163c2c4,

len=len@entry=18652) at XlibInt.c:3775

1 0x00007f759e34dce1 in XChangeProperty (dpy=0xf591b0, w=<optimized

out>, property=, type=6, format=, mode=, data=0x163c2c4 "\377\377\377\377\354\356\356\377\377\377\377\377\354\356\356\377\377\377\377\377\354\356\356\377\377\377\377\377\357\360\360\377\377\377\377\377\364\365\365\377\377\377\377\377\307\312\311\375\377\377\377\377\t\t\t\035", nelements=4663) at ChProp.c:85

2 0x00000000004b1e37 in nxagentExportProperty (pWin=0x20,

property=4663, type=23315140, format=4669, mode=32, nUnits=4663, value=0x15fc2e0) at Rootless.c:763

3 0x000000000042222a in ProcChangeProperty (client=0xf591b0) at

X/NXproperty.c:331

4 0x000000000042eea2 in Dispatch () at X/NXdispatch.c:748

Looking at the highlighted values, it seems that gedit is sending a malformed ChangeProperty request, and rootless is failing to process it.

Specifically the segment between lines 735-780, tries to set a property that is bigger than the maximum size required, but because it's a malformed request it ends up writing in memory outside the boundaries of the output buffer.

Alternatives:

  1. Ensure that nxagentExportProperty never writes beyond the boundaries of the output buffer.
  2. Resize the output buffer to match the required size (ProcChangeProperty seems to do something similar).
  3. Ignore big requests (see attached patch).
sunweaver commented 8 years ago

Hi Camilo,

On Do 02 Jul 2015 08:21:22 CEST, Camilo Alejandro Arboleda wrote:

Your bug report has just been moved [1] to the new upstream location of nx-libs on Github.

Looking at the highlighted values, it seems that gedit is sending a malformed ChangeProperty request, and rootless is failing to process it.

Is it really a malformed request or a problem with broken BIG-REQUESTS support [2] in libXcomp3 (aka nxcomp)?

Specifically the segment between lines 735-780, tries to set a property that is bigger than the maximum size required, but because it's a malformed request it ends up writing in memory outside the boundaries of the output buffer.

Alternatives:

  1. Ensure that nxagentExportProperty never writes beyond the boundaries of the output buffer.
  2. Resize the output buffer to match the required size (ProcChangeProperty seems to do something similar).
  3. Ignore big requests (see attached patch).

Is option 3. really the optimal approach? It feels like option 2. would be the way to go here...

Please continue, if possible for you, this discussion on Github.

Mike

sunweaver commented 8 years ago

Also related: X2Go Bug 878: http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=878

Package: nx-libs Version: 3.5.0.31 Severity: normal

Server OS: Fedora 22 64-bit with latest updates (F22 is still in beta, but will be released any day now) x2goserver 4.0.1.19-3.fc22 (Fedora's package) x2goserver-xsession 4.0.1.19-3.fc22 (Fedora's package) nxagent 3.5.0.31-1.fc22 (Fedora's package) x2goagent 3.5.0.31-1.fc22 (Fedora's package)

I've tried multiple different clients (on both Linux and Windows), so the client details presumably do not matter.

The problem is that gnome-terminal is failing to launch. I have only tried a single application session. The output from journalctl --user (the equivalent of ~/.xsession-x2go-errors) is attached.

This line stands out: org.a11y.atspi.Registry[24951]: Xlib: extension "XEVIE" missing on display ":50".

However, XEvIE was removed from X.org in 2008: http://cgit.freedesktop.org/xorg/xserver/commit/?id=f4036f6ace5f770f0fe6a6e3dc3749051a81325a http://freedesktop.org/wiki/Software/XEvIE/

camiloaa commented 8 years ago

Hi Mike,

I haven't look deeper into the problem, since I am not really expert (or even knowledgeable) in X. The first patch was a quick fix as it seemed to me that NXlib doesn't support big requests, and it has worked for me so far.

I am sorry to not being able to help to come up with a better solution, but I don't have the knowledge to do it. I can help with testing and debugging if you have any pointers I can follow.

wolkym commented 8 years ago

Ubuntu 16.04.1 and stable ppa are affected by the same bug. Application: rootless Eclipse Kepler. On Ubuntu 14.04 everything works fine with the same versions of x2go from stable ppa.

bt Core was generated by `/usr/lib/nx/../x2go/bin/x2goagent -extension XFIXES -nolisten tcp -nolisten tcp'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  _XData32 (dpy=dpy@entry=0x1461cf0, data=<optimized out>, data@entry=0x1b548b4, len=20596, len@entry=28756) at XlibInt.c:3792

ubuntu 16.04 (bug)

Package libnx-x11-6:                                 
i A 2:3.5.0.32-0~668~ubuntu16.04.1                                                xenial                                                     500 

Package x2goserver:                                   
i   4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500 

Package x2goserver-compat:
i   4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500 

Package x2goserver-extensions:
i A 4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500 

Package x2goserver-fmbindings:
i   4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500 

Package x2goserver-printing:
i   4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500 

Package x2goserver-pyhoca:
i   4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500 

Package x2goserver-xsession:
i A 4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500

ubuntu 14.04 (no bug)

Package libnx-x11:                                   
i   2:3.5.0.32-0~668~ubuntu14.04.1                                      trusty                                          500 

Package x2goserver:                                   
i   4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500 

Package x2goserver-compat:
i   4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500 

Package x2goserver-extensions:
i A 4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500 

Package x2goserver-fmbindings:
i   4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500 

Package x2goserver-printing:
i   4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500 

Package x2goserver-pyhoca:
i   4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500 

Package x2goserver-xsession:
i   4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500

Package libnx-x11-6:
i A 2:3.5.0.32-0~668~ubuntu14.04.1                                      trusty                                          500
ColinFinck commented 8 years ago

I'm suffering from the same bug on Ubuntu 16.04 while it previously worked in 14.04. Binary patching out "BIG-REQUESTS" with "_IG-REQUESTS" in libxcb.so.1 as described in https://github.com/atom/atom/issues/4360 fixes the problem for me. However, this is the worst possible solution for a production system..

uli42 commented 8 years ago

On Sat, Sep 10, 2016 at 1:03 PM, Colin Finck notifications@github.com wrote:

I'm suffering from the same bug on Ubuntu 16.04 while it previously worked in 14.04. Binary patching out "BIG-REQUESTS" with "_IG-REQUESTS" in libxcb.so.1 as described in atom/atom#4360 fixes the problem for me. However, this is the worst possible solution for a production system..

Have you tried using the latest nightly builds of nx-libs? (https://sunweavers.net/blog/node/20)

Uli

sunweaver commented 8 years ago

Hi Uli, hi Colin,

On So 11 Sep 2016 12:19:27 CEST, Ulrich Sibiller wrote:

On Sat, Sep 10, 2016 at 1:03 PM, Colin Finck
notifications@github.com wrote:

I'm suffering from the same bug on Ubuntu 16.04 while it previously
worked in 14.04. Binary patching out "BIG-REQUESTS" with "_IG-REQUESTS" in
libxcb.so.1 as described in atom/atom#4360 fixes the problem for me. However, this is the worst possible solution for a production system..

Have you tried using the latest nightly builds of nx-libs? (https://sunweavers.net/blog/node/20)

Uli

Unfortunately, BIG-REQUESTS are broken-by-design in nxcomp. See: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766299

Do thinks work better when disabling BIG-REQUESTS in x2goagent/nxagent?

From the command line (although, this does not use nxcomp):

nxagent -R -ac -extension BIG-REQUESTS :1

Or via /etc/x2go/x2goagent.options.

Mike

DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

ColinFinck commented 8 years ago

Yep, adding "-extension BIG-REQUESTS" to the X2GO_NXAGENT_DEFAULT_OPTIONS variable in /etc/x2go/x2goagent.options fixes the problem as well!

sunweaver commented 7 years ago

This is a multi-topic bug. Basically, GNOME applications run (again) on nx-libs 3.5.99.3 and above. This has been tested with gedit and gnome-terminal from Debian jessie and Debian stretch. So that issues seems to be settled.

Evolution (not sure if it was mentioned above, but it also is a problematic application) fails to launch on jessie due to missing recent-enough GLX support. The stretch version of evolution comes up, but reports thrillions of issues about permission denied to some shared memory location. However, that may also be related to my test setup (schroot based chroots).

The BIGREQUESTS stuff is tracked by another issue on this tracker: #301.

Regarding Eclipse, the eclipse version from Debian stretch starts fine in rootless and desktop session mode.

So really closing this issue now.