[
https://issues.apache.org/jira/browse/GUACAMOLE-1140?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Jumper updated GUACAMOLE-1140:
-----------------------------------
Description:
If a user joins an RDP connection leveraging Guacamole's session sharing
functionality, but the underlying connection to the RDP server has not yet been
established, a segfault may occur while handling the join operation:
{code:none}
#1 0x000055da270e5de9 in guac_common_list_lock (list=<optimized out>) at
list.c:75
#2 0x00007f8bb956c5cb in guac_rdp_pipe_svc_send_pipes
(user=user@entry=0x7f8bac00d5e0) at channels/pipe-svc.c:49
#3 0x00007f8bb957a0cb in guac_rdp_user_join_handler (user=0x7f8bac00d5e0,
argc=<optimized out>, argv=<optimized out>) at user.c:92
#4 0x00007f8bbb1d134a in guac_client_add_user
(client=client@entry=0x7f8b280060e0, user=user@entry=0x7f8bac00d5e0,
argc=argc@entry=76,
argv=<optimized out>) at client.c:286
#5 0x00007f8bbb1d8bea in guac_user_handle_connection
(user=user@entry=0x7f8bac00d5e0, usec_timeout=usec_timeout@entry=15000000)
at user-handshake.c:337
#6 0x000055da270e5a96 in guacd_user_thread (data=0x7f8b280ad010) at proc.c:98
#7 0x00007f8bbade2fa3 in start_thread (arg=<optimized out>) at
pthread_create.c:486
#8 0x00007f8bba71f4cf in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:95
{code}
This is because the relevant structure ({{rdp_client->available_svc}}) is not
actually allocated until later in the RDP-specific connection initialization
process, which occurs in its own thread spawned by the connection owner. If
that allocation has not yet occurred, the attempt to synchronize the
newly-joined user with the current session state will result in a segfault.
Original context:
{quote}
I am running guacd from docker on an Ubuntu 20.04 host. Connections to guacd
are from a custom backend using the official guacamole-common 1.1.0 maven
artifact with a websocket.
To demonstrate stuff (teaching) multiple connections (10-12) are opened as
shared sessions with the read-only property set after a leading session is
opened and the connection id is propagated. The shared connections are all
opened simultaneously - and closed (more or less) simultaneously, often
together with the leading session.
Shared drive is disabled.
Most of the time it works flawlessly, until guacd segfaults.
{quote}
was:
I am running guacd from docker on an Ubuntu 20.04 host.
Connections to guacd are from a custom backend using the official
guacamole-common 1.1.0 maven artifact with a websocket.
To demonstrate stuff (teaching) multiple connections (10-12) are opened as
shared sessions with the read-only property set after a leading session is
opened and the connection id is propagated.
The shared connections are all opened simultaneously - and closed (more or
less) simultaneously, often together with the leading session.
Shared drive is disabled.
Most of the time it works flawlessly, until guacd segfaults.
{code:java}
[499569.970852] guacd[13354]: segfault at 0 ip 00007f8bbb1d5810 sp
00007f8b42483bc0 error 4 in libguac.so.17.1.0[7f8bbb1d0000+a000]
[504671.630985] guacd[5546]: segfault at 0 ip 00007f8bb957eb1a sp
00007f8bb37fdbe0 error 4 in libguac-client-rdp.so.0.0.0[7f8bb9569000+18000]
[504791.134857] guacd[6317]: segfault at 18 ip 00007f8bbade56c0 sp
00007f8b91ffac18 error 4 in libpthread-2.28.so[7f8bbade1000+f000] {code}
After guacd restart everything works again like a charm. The crash happens
about once per 2 hours while connections are opened/closed multiple times
(approx. every 6-7 minutes).
I read the "it is probably not a bug" section of the FAQ, I believe this is
indeed a bug, though.
> Joining an RDP connection may segfault if underlying RDP connection is not
> yet established
> ------------------------------------------------------------------------------------------
>
> Key: GUACAMOLE-1140
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1140
> Project: Guacamole
> Issue Type: Bug
> Components: RDP
> Affects Versions: 1.2.0
> Reporter: Thomas Kruse
> Priority: Major
> Attachments: core.lzma
>
>
> If a user joins an RDP connection leveraging Guacamole's session sharing
> functionality, but the underlying connection to the RDP server has not yet
> been established, a segfault may occur while handling the join operation:
> {code:none}
> #1 0x000055da270e5de9 in guac_common_list_lock (list=<optimized out>) at
> list.c:75
> #2 0x00007f8bb956c5cb in guac_rdp_pipe_svc_send_pipes
> (user=user@entry=0x7f8bac00d5e0) at channels/pipe-svc.c:49
> #3 0x00007f8bb957a0cb in guac_rdp_user_join_handler (user=0x7f8bac00d5e0,
> argc=<optimized out>, argv=<optimized out>) at user.c:92
> #4 0x00007f8bbb1d134a in guac_client_add_user
> (client=client@entry=0x7f8b280060e0, user=user@entry=0x7f8bac00d5e0,
> argc=argc@entry=76,
> argv=<optimized out>) at client.c:286
> #5 0x00007f8bbb1d8bea in guac_user_handle_connection
> (user=user@entry=0x7f8bac00d5e0, usec_timeout=usec_timeout@entry=15000000)
> at user-handshake.c:337
> #6 0x000055da270e5a96 in guacd_user_thread (data=0x7f8b280ad010) at proc.c:98
> #7 0x00007f8bbade2fa3 in start_thread (arg=<optimized out>) at
> pthread_create.c:486
> #8 0x00007f8bba71f4cf in clone () at
> ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
> {code}
> This is because the relevant structure ({{rdp_client->available_svc}}) is not
> actually allocated until later in the RDP-specific connection initialization
> process, which occurs in its own thread spawned by the connection owner. If
> that allocation has not yet occurred, the attempt to synchronize the
> newly-joined user with the current session state will result in a segfault.
> Original context:
> {quote}
> I am running guacd from docker on an Ubuntu 20.04 host. Connections to guacd
> are from a custom backend using the official guacamole-common 1.1.0 maven
> artifact with a websocket.
> To demonstrate stuff (teaching) multiple connections (10-12) are opened as
> shared sessions with the read-only property set after a leading session is
> opened and the connection id is propagated. The shared connections are all
> opened simultaneously - and closed (more or less) simultaneously, often
> together with the leading session.
> Shared drive is disabled.
> Most of the time it works flawlessly, until guacd segfaults.
> {quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
