Re: [FreeRDP-devel] RemoteApp not working, version 2.0.0+0~20181110024832.587~1.gbpc5c1ba

Tue, 13 Nov 2018 03:32:09 -0800 

Hi,


I've added some hints to https://github.com/FreeRDP/FreeRDP/pull/5003

it is most likely the comment about |rail_string_to_unicode_string:65
size calculation duplicating twice.
|

|Fix is in progress.|

|
|

|best|

|Armin
|

|
|

On 11/13/18 10:13 AM, Željko Puškarić via FreeRDP-devel wrote:
> Hi,
>
> It looks like RemoteApp is broken in freerdp2 after latest Microsoft
> updates. I tried connecting to Windows 7 Enterprise machine with Linux
> freerdp client (freerdp-nightly version
> 2.0.0+0~20181113024836.588~1.gbp097ac0). After passing authenticating
> phase window appears for a second and dissepears and I get following
> messages:
>
> =================================================================
> ==25672==ERROR: AddressSanitizer: heap-buffer-overflow on address
> 0x603000047a56 at pc 0x7f17c6505733 bp 0x7f17a3458050 sp 0x7f17a34577f8
> READ of size 40 at 0x603000047a56 thread T11
>     #0 0x7f17c6505732 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
>     #1 0x7f17c4df2398
> (/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe7398)
>     #2 0x7f17c4df5d54
> (/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xead54)
>     #3 0x7f17c4def96a
> (/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe496a)
>     #4 0x562885c0336d  (/opt/freerdp-nightly/bin/xfreerdp+0x1e36d)
>     #5 0x7f17c4df3cbc
> (/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe8cbc)
>     #6 0x7f17c4def531
> (/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe4531)
>     #7 0x7f17c3ecb599
> (/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x117599)
>     #8 0x7f17c35a76da in start_thread
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
>     #9 0x7f17c3ae488e in __clone
> (/lib/x86_64-linux-gnu/libc.so.6+0x12188e)
>
> 0x603000047a56 is located 0 bytes to the right of 22-byte region
> [0x603000047a40,0x603000047a56)
> allocated by thread T11 here:
>     #0 0x7f17c656ad38 in __interceptor_calloc
> (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded38)
>     #1 0x7f17c3ef267b in ConvertToUnicode
> (/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x13e67b)
>     #2 0x7f17c4df72a1
> (/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xec2a1)
>     #3 0x7f17c4def802
> (/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe4802)
>     #4 0x562885c0336d  (/opt/freerdp-nightly/bin/xfreerdp+0x1e36d)
>     #5 0x7f17c4df3cbc
> (/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe8cbc)
>     #6 0x7f17c4def531
> (/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe4531)
>     #7 0x7f17c3ecb599
> (/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x117599)
>     #8 0x7f17c35a76da in start_thread
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
>
> Thread T11 created by T1 here:
>     #0 0x7f17c64c3d2f in __interceptor_pthread_create
> (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
>     #1 0x7f17c3ecb0d4
> (/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x1170d4)
>     #2 0x7f17c3ecb8df in CreateThread
> (/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x1178df)
>     #3 0x7f17c4df00a8
> (/opt/freerdp-nightly/bin/../lib/libfreerdp-client2.so.2+0xe50a8)
>     #4 0x7f17c48f5967
> (/opt/freerdp-nightly/bin/../lib/libfreerdp2.so.2+0x15e967)
>     #5 0x7f17c48efd38 in freerdp_connect
> (/opt/freerdp-nightly/bin/../lib/libfreerdp2.so.2+0x158d38)
>     #6 0x562885c39beb  (/opt/freerdp-nightly/bin/xfreerdp+0x54beb)
>     #7 0x7f17c3ecb599
> (/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x117599)
>     #8 0x7f17c35a76da in start_thread
> (/lib/x86_64-linux-gnu/libpthread.so.0+0x76da)
>
> Thread T1 created by T0 here:
>     #0 0x7f17c64c3d2f in __interceptor_pthread_create
> (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x37d2f)
>     #1 0x7f17c3ecb0d4
> (/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x1170d4)
>     #2 0x7f17c3ecb8df in CreateThread
> (/opt/freerdp-nightly/bin/../lib/libwinpr2.so.2+0x1178df)
>     #3 0x562885c33b5f  (/opt/freerdp-nightly/bin/xfreerdp+0x4eb5f)
>     #4 0x562885bf4cca  (/opt/freerdp-nightly/bin/xfreerdp+0xfcca)
>     #5 0x7f17c39e4b96 in __libc_start_main
> (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
>
> SUMMARY: AddressSanitizer: heap-buffer-overflow
> (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
> Shadow bytes around the buggy address:
>   0x0c0680000ef0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c0680000f00: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
>   0x0c0680000f10: fa fa fd fd fd fd fa fa fd fd fd fa fa fa fd fd
>   0x0c0680000f20: fd fa fa fa fd fd fd fd fa fa fd fd fd fd fa fa
>   0x0c0680000f30: fd fd fd fd fa fa fd fd fd fd fa fa fd fd fd fd
> =>0x0c0680000f40: fa fa fd fd fd fd fa fa 00 00[06]fa fa fa fa fa
>   0x0c0680000f50: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c0680000f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c0680000f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c0680000f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
>   0x0c0680000f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
> Shadow byte legend (one shadow byte represents 8 application bytes):
>   Addressable:           00
>   Partially addressable: 01 02 03 04 05 06 07
>   Heap left redzone:       fa
>   Freed heap region:       fd
>   Stack left redzone:      f1
>   Stack mid redzone:       f2
>   Stack right redzone:     f3
>   Stack after return:      f5
>   Stack use after scope:   f8
>   Global redzone:          f9
>   Global init order:       f6
>   Poisoned by user:        f7
>   Container overflow:      fc
>   Array cookie:            ac
>   Intra object redzone:    bb
>   ASan internal:           fe
>   Left alloca redzone:     ca
>   Right alloca redzone:    cb
> ==25672==ABORTING
>
>
> Accessing full desktop works OK. I read issue #4972 but I cannot
> relate c5c1bac (version that was supposed to fix the issue) with the
> version from freerdp-nightly.
>


_______________________________________________
FreeRDP-devel mailing list
FreeRDP-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freerdp-devel

Reply via email to