Bug#859213: x11vnc: stack smashing detected: x11vnc terminated

2018-05-04 Thread Alkis Georgopoulos 
I too tested the patch that changes the following 3 lines, and I no 
longer have x11vnc crashes. Please release that! :)



-   if (num > stack_list_len + blackouts) {
-   int n = 2*num;
+   if (num + blackouts > stack_list_len) {
+   int n = 2 * (num + blackouts);



-   for (i=0; ilength; i++) {
+   for (i = 0; i < req->length - sz_xConfigureWindowReq / 4 && i < 4; i++) 
{

Bug#859213: x11vnc: stack smashing detected: x11vnc terminated

2018-04-28 Thread Guillermo Reisch 
I try the patch provided by "Jun Kobayashi (jkbys)" on 2017-07-19: 
x11vnc.debdiff Edit (2.2 KiB, text/plain)

Well... First I change the debdiff to be apply over x11vnc-0.9.13-5 (instead of 
0.9.13-2) : 
after apply the debdiff, generate the package, and install I tested.

After 30min NO STACK SMACHING.. I try make popup menu like crazy and no fail. I 
cannot 
reproduce the fail anymore.

I make a roolback to previus version (only for sanity check) and after 5min 
stack smashing 
detected...

Then YES, the patch fix the problem.
I will continue testing, any problem i will notifi

PS; Adj. debdiff

Guillermo Reisch


El martes, 24 de abril de 2018 04:56:55 -03 Nikita Youshchenko escribió:
> Hi.
> 
> Thank you for the reminder.
> 
> As far as I understand, this issue is patched in ubuntu
> (https://bugs.launchpad.net/ubuntu/+source/x11vnc/+bug/1686084).
> 
> Did you try their patch? Does it fix the issue for you?
> 
> I've adopted x11vnc package recently and I will try to go through list
> of open issues soon.
> 
> Nikita
> 
> > This problem is still present in version: x11vnc 0.9.13-5 (sid)
> > 
> >  
> > 
> > Note: Lots of errors in debian are already fixed in patch in a lots of
> > bugs! But, lots of package are "orphan"... and you can't upload a simple
> > patch without going through a traumatizing "adoption".
> > 
> >  
> > 
> > PS: Sory my bad ingles. :-P
> > 
> >  
> > 
> > Guillermo Reisch
> > 
> > UInf - FENF - UdelaR
> > 
> >  


diff -Nru x11vnc-0.9.13/debian/changelog x11vnc-0.9.13/debian/changelog
--- x11vnc-0.9.13/debian/changelog	2018-04-13 11:09:45.0 -0300
+++ x11vnc-0.9.13/debian/changelog	2018-04-28 01:52:36.0 -0300
@@ -1,3 +1,11 @@
+x11vnc (0.9.13-5ppa1) unstable; urgency=medium
+
+  * Add patches:
+- fix_overflow.patch - Two fixes for buffer overflows committed to
+  https://github.com/LibVNC/x11vnc/pull/25
+
+ -- Jun Kobayashi   Wed, 19 Jul 2017 12:06:45 +0900
+
 x11vnc (0.9.13-5) unstable; urgency=low
 
   * Split build and install into arch and indep parts (Closes: #895591).
diff -Nru x11vnc-0.9.13/debian/patches/fix_overflow.patch x11vnc-0.9.13/debian/patches/fix_overflow.patch
--- x11vnc-0.9.13/debian/patches/fix_overflow.patch	1970-01-01 09:00:00.0 +0900
+++ x11vnc-0.9.13/debian/patches/fix_overflow.patch	2017-07-19 12:06:45.0 +0900
@@ -0,0 +1,28 @@
+Index: x11vnc-0.9.13/x11vnc/win_utils.c
+===
+--- x11vnc-0.9.13.orig/x11vnc/win_utils.c
 x11vnc-0.9.13/x11vnc/win_utils.c
+@@ -262,8 +262,8 @@ void snapshot_stack_list(int free_only,
+ 	}
+ 
+ 	last_snap = now;
+-	if (num > stack_list_len + blackouts) {
+-		int n = 2*num;
++	if (num + blackouts > stack_list_len) {
++		int n = 2 * (num + blackouts);
+ 		free(stack_list);
+ 		stack_list = (winattr_t *) malloc(n*sizeof(winattr_t));
+ 		stack_list_len = n;
+Index: x11vnc-0.9.13/x11vnc/xrecord.c
+===
+--- x11vnc-0.9.13.orig/x11vnc/xrecord.c
 x11vnc-0.9.13/x11vnc/xrecord.c
+@@ -964,7 +964,7 @@ if (db > 1) fprintf(stderr, "record_CW-%
+ 	data = (char *)req;
+ 	data += sz_xConfigureWindowReq;
+ 
+-	for (i=0; ilength; i++) {
++	for (i = 0; i < req->length - sz_xConfigureWindowReq / 4 && i < 4; i++) {
+ 		unsigned int v;
+ 		/*
+ 		 * We use unsigned int for the values.  There were
diff -Nru x11vnc-0.9.13/debian/patches/series x11vnc-0.9.13/debian/patches/series
--- x11vnc-0.9.13/debian/patches/series	2018-04-13 11:09:45.0 -0300
+++ x11vnc-0.9.13/debian/patches/series	2018-04-28 02:02:34.0 -0300
@@ -4,3 +4,4 @@
 do-not-run-dbus-launch.patch
 enforce-bash.patch
 java_target_source.patch
+fix_overflow.patch

Bug#859213: x11vnc: stack smashing detected: x11vnc terminated

2018-04-24 Thread Nikita Youshchenko 
Hi.

Thank you for the reminder.

As far as I understand, this issue is patched in ubuntu
(https://bugs.launchpad.net/ubuntu/+source/x11vnc/+bug/1686084).

Did you try their patch? Does it fix the issue for you?

I've adopted x11vnc package recently and I will try to go through list
of open issues soon.

Nikita

> This problem is still present in version: x11vnc 0.9.13-5 (sid)
> 
>  
> 
> Note: Lots of errors in debian are already fixed in patch in a lots of
> bugs! But, lots of package are "orphan"... and you can't upload a simple
> patch without going through a traumatizing "adoption".
> 
>  
> 
> PS: Sory my bad ingles. :-P
> 
>  
> 
> Guillermo Reisch
> 
> UInf - FENF - UdelaR
> 
>  
> 




signature.asc
Description: OpenPGP digital signature

Bug#859213: x11vnc: stack smashing detected: x11vnc terminated

2018-04-23 Thread Guillermo Reisch 
This problem is still present in version: x11vnc 0.9.13-5 (sid)

Note: Lots of errors in debian are already fixed in patch in a lots 
of bugs! But, lots of package are "orphan"... and you can't upload 
a simple patch without going through a traumatizing "adoption".

PS: Sory my bad ingles. :-P

Guillermo Reisch
UInf - FENF - UdelaR

Bug#859213: x11vnc: stack smashing detected: x11vnc terminated

2018-02-27 Thread Nick Holloway 
As a workaround, I found that adding "--noxrecord" to the options avoids
the bug.

Bug#859213: x11vnc: stack smashing detected: x11vnc terminated

2018-02-27 Thread Tim 
On Tue, 8 Aug 2017 14:30:40 +0200 Bernhard Ehlers  
wrote:
> As the maintainer seems to be inactive, I decided to publish my patched 
> version.
> 
> Please keep in mind, that this is a private build and is not approved by 
> debian. Use it at your own risk!!!
> 
> http://bernhard-ehlers.de/x11vnc/x11vnc_0.9.13-2.0.patch
> http://bernhard-ehlers.de/x11vnc/x11vnc_0.9.13-2.0_amd64.deb
> http://bernhard-ehlers.de/x11vnc/x11vnc-data_0.9.13-2.0_all.deb
> 
Hi, thanks a lot for your grate work on this, but could you provide some signed 
checksums and/or https download (or a full quallified android repository)

Thanks a lot
-- 
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.

Bug#859213: x11vnc: stack smashing detected: x11vnc terminated

2017-10-08 Thread Samuele Bulloni 
Thanks Bernhard Ehlers, looks like your patched version solved the 
problems for me. I hope the Debian manteiners correct the bug soon.



--
ZE-Light e ZE-Pro: servizi zimbra per caselle con dominio email.it, per tutti i dettagli 
Clicca qui http://posta.email.it/caselle-di-posta-z-email-it.php?utm_campaign=email_Zimbra_102014=main_footer/f


Sponsor:
Soluzioni di email hosting per tutte le esigenze: dalle caselle gratuite a 
quelle professionali su piattaforma Zimbra, da quelle su proprio dominio a 
quelle certificate PEC. Confronta le soluzioni
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=13325=9-10

Bug#859213: x11vnc: stack smashing detected: x11vnc terminated

2017-09-24 Thread Julien ROBIN 
Considering that on x11vnc 
 -> You can't maintain a key for repetition
 -> Copy/Paste often doesn't work between client/server
 -> When the connection is lost, server keep feeling connected, and you cannot 
reconnect
 -> problem of setting between qwerty and azerty during few first key hits, 
sometimes
 -> if num lock is activated on the server, then somebody must physically go 
the the server to disable it (if not you cannot use numeric pad)
 -> unable to set a more than 8 characters password, unable to set symbols like 
'$' into it
 -> no encryption
 -> a completely impossible to learn default launch line : x11vnc -forever 
-rfbport 5900 -auth guess -rfbauth /var/vnc/x11vnc.pass -o /var/vnc/x11vnc.log 
-bg -display :0
 -> crashes every few seconds
 -> I probably forgot a lot of others bugs

I propose to have x11vnc retrograded as "unstable" and, at least, removed from 
any stable repository.
It's absolutely not fair, to find such shameful buggy crap available into 
operating systems like Debian, while some really good software "not tested 
enough" still aren't available trough apt-get.

I understand this second point, because that's in order to make such situations 
like x11vnc impossible anymore : such misfiring package really decrease the 
quality of users experience with Linux operating systems and those package have 
nothing to do into a "stable" operating system.


-
I successfully used "Vino" as replacement of x11vnc, to help those who want to 
use Vino, here is some way to succeed in it (may be not the best, you can 
probably customize - but working with lxde) 
apt install vino dconf-editor

The only way to change settings for vino is to use some kind of dconf-editor. 
Inside of dconf settings :

/org/gnome/desktop/remote-access/
 -> require-encryption : false if your Viewer doesn't connect
 -> prompt-enabled : false if your desktop doesn't make you appear the prompt, 
or if you don't want it

/org/gnome/desktop/input-sources/
 -> sources : [('xkb', 'fr')] if you want azerty

/usr/share/application/vino-server.desktop should be put into your 
/home/user/.config/autostart/ directory (it works on any desktop)
In order to get the server auto-available, you should auto-login (with 
lightdm.conf or other, depending on your desktop manager)

Still haven't successfully put a password... but I'm using local and SSH 
tunnel. At least, for the first time since several month, I have a usable VNC 
system.
For virtual/punctual screen sharing, tightvncserver is working fine and easy.

Bug#859213: x11vnc: stack smashing detected: x11vnc terminated

2017-08-19 Thread manu 
On Tue, 8 Aug 2017 14:30:40 +0200 Bernhard Ehlers
 wrote:
> As the maintainer seems to be inactive, I decided to publish my patched 
> version.
> 
> Please keep in mind, that this is a private build and is not approved by 
> debian. Use it at your own risk!!!
> 
> http://bernhard-ehlers.de/x11vnc/x11vnc_0.9.13-2.0.patch
> http://bernhard-ehlers.de/x11vnc/x11vnc_0.9.13-2.0_amd64.deb
> http://bernhard-ehlers.de/x11vnc/x11vnc-data_0.9.13-2.0_all.deb
> 

Hello,
I confirm :
- the bug in the version available in Stretch
- the Bernhard's package correct this bug (thanks for your publication)
I would suggest to do a NMU (
https://www.debian.org/doc/manuals/developers-reference/pkgs.html#nmu )

Bug#859213: x11vnc: stack smashing detected: x11vnc terminated

2017-08-08 Thread Bernhard Ehlers 
As the maintainer seems to be inactive, I decided to publish my patched version.

Please keep in mind, that this is a private build and is not approved by 
debian. Use it at your own risk!!!

http://bernhard-ehlers.de/x11vnc/x11vnc_0.9.13-2.0.patch
http://bernhard-ehlers.de/x11vnc/x11vnc_0.9.13-2.0_amd64.deb
http://bernhard-ehlers.de/x11vnc/x11vnc-data_0.9.13-2.0_all.deb

Bug#859213: x11vnc: stack smashing detected: x11vnc terminated

2017-07-29 Thread Octocrobe Pigloo 
I just had the problem at least 20 times today.


If the problem is corrected upstream since middle of 2016 I'm not sure to 
understand why it's still waiting for something before entering into debian 9. 
Some validation ? Obviously, the current one does not work, it cannot be worst.


Thank you !

Bug#859213: x11vnc: stack smashing detected: x11vnc terminated

2017-05-17 Thread Celelibi 
Package: x11vnc
Version: 0.9.13-2
Followup-For: Bug #859213

I confirm this bug. Here is the stacktrace I just got:

#0  0xf7ffb425 in __kernel_vsyscall ()
#1  0xf782ddc0 in __libc_signal_restore_set (set=0x9390) at 
../sysdeps/unix/sysv/linux/nptl-signals.h:79
#2  __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:48
#3  0xf782f287 in __GI_abort () at abort.c:89
#4  0xf786937f in __libc_message (do_abort=, fmt=) at ../sysdeps/posix/libc_fatal.c:175
#5  0xf78f9d77 in __GI___fortify_fail (msg=0xf79614f5 "stack smashing 
detected") at fortify_fail.c:30
#6  0xf78f9d38 in __stack_chk_fail () at stack_chk_fail.c:28
#7  0x5661a3d4 in __stack_chk_fail_local ()
#8  0x56614b79 in record_CW (ptr=ptr@entry=0x1 , rec_data=rec_data@entry=0x569e0ec0) at xrecord.c:1347
#9  0x56615041 in record_switch (ptr=0x1 , rec_data=0x569e0ec0) at xrecord.c:1387
#10 0xf7c2458a in ?? () from /usr/lib/i386-linux-gnu/libXtst.so.6
#11 0xf7c24a36 in ?? () from /usr/lib/i386-linux-gnu/libXtst.so.6
#12 0xf7adb7ff in ?? () from /usr/lib/i386-linux-gnu/libX11.so.6
#13 0xf7adc24b in _XEventsQueued () from /usr/lib/i386-linux-gnu/libX11.so.6
#14 0xf7acd762 in XPending () from /usr/lib/i386-linux-gnu/libX11.so.6
#15 0xf7c259d8 in XRecordProcessReplies () from 
/usr/lib/i386-linux-gnu/libXtst.so.6
#16 0x565f2706 in check_xrecord_mouse () at userinput.c:2988
#17 check_xrecord () at userinput.c:3164
#18 0x565fdd9d in check_user_input (dt=0.00043401506263762712, 
dtr=0.014273106004111469, tile_diffs=0, cnt=0x9e8c) at userinput.c:5712
#19 0x565c44b0 in watch_loop () at screen.c:4561
#20 0x5656537f in main (argc=, argv=) at 
x11vnc.c:5990


This seems to match perfectly with the patch you linked.

Dear maintainer, please apply this patch soon. Some instances of the bug
are 100% reproducible to me, makeing me unable to open some popup-menus
without crashing x11vnc.

Best regards,
Celelibi


-- System Information:
Debian Release: 9.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 
'testing-debug'), (500, 'unstable')
Architecture: i386 (x86_64)

Kernel: Linux 3.10.11 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

Versions of packages x11vnc depends on:
ii  libavahi-client3  0.6.32-2
ii  libavahi-common3  0.6.32-2
ii  libc6 2.24-10
ii  libjpeg62-turbo   1:1.5.1-2
ii  libssl1.1 1.1.0e-1
ii  libvncclient1 0.9.11+dfsg-1
ii  libvncserver1 0.9.11+dfsg-1
ii  libx11-6  2:1.6.4-3
ii  libxdamage1   1:1.1.4-2+b3
ii  libxext6  2:1.3.3-1+b2
ii  libxfixes31:5.0.3-1
ii  libxinerama1  2:1.1.3-1+b3
ii  libxrandr22:1.5.1-1
ii  libxtst6  2:1.2.3-1
ii  openssl   1.1.0e-1
ii  tk8.6.0+9
ii  x11vnc-data   0.9.13-2
ii  zlib1g1:1.2.8.dfsg-5

x11vnc recommends no packages.

x11vnc suggests no packages.

-- no debconf information

Bug#859213: x11vnc: stack smashing detected: x11vnc terminated

2017-03-31 Thread Bernhard Ehlers 
Package: x11vnc
Version: 0.9.13-2
Severity: important

Mostly when a popup is shown, x11vnc crashes. As a workaround I installed
the jessie version 0.9.13-1.2 (together with libvncclient0, libvncserver0,
libhogweed2, libnettle4 and libssl1.0.0). Seems to work much better.

The error output:

*** stack smashing detected ***: x11vnc terminated
=== Backtrace: =
/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7f9c5dfc6bcb]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f9c5e04f0b7]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x0)[0x7f9c5e04f080]
x11vnc(+0xb8887)[0x5612949aa887]
x11vnc(+0xb8d3b)[0x5612949aad3b]
/usr/lib/x86_64-linux-gnu/libXtst.so.6(+0x19d8)[0x7f9c5fd369d8]
/usr/lib/x86_64-linux-gnu/libXtst.so.6(+0x1f55)[0x7f9c5fd36f55]
/usr/lib/x86_64-linux-gnu/libX11.so.6(+0x421dd)[0x7f9c5f00e1dd]
/usr/lib/x86_64-linux-gnu/libX11.so.6(_XEventsQueued+0x55)[0x7f9c5f00eb15]
/usr/lib/x86_64-linux-gnu/libX11.so.6(XPending+0x57)[0x7f9c5f0007e7]
x11vnc(+0x97060)[0x561294989060]
x11vnc(+0xa1f95)[0x561294993f95]
x11vnc(+0x6a77c)[0x56129495c77c]
x11vnc(+0x13ae4)[0x561294905ae4]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f9c5df762b1]
x11vnc(+0x1cd7a)[0x56129490ed7a]
=== Memory map: 
5612948f2000-561294a43000 r-xp  08:01 11633  
/usr/bin/x11vnc
561294c42000-561294c43000 r--p 0015 08:01 11633  
/usr/bin/x11vnc
561294c43000-561294c89000 rw-p 00151000 08:01 11633  
/usr/bin/x11vnc
561294c89000-561294eca000 rw-p  00:00 0
561295aeb000-561295dbe000 rw-p  00:00 0  [heap]
7f9c59d1c000-7f9c59d32000 r-xp  08:01 5057   
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f9c59d32000-7f9c59f31000 ---p 00016000 08:01 5057   
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f9c59f31000-7f9c59f32000 r--p 00015000 08:01 5057   
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f9c59f32000-7f9c59f33000 rw-p 00016000 08:01 5057   
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f9c59f33000-7f9c59f38000 r-xp  08:01 10879  
/lib/x86_64-linux-gnu/libnss_dns-2.24.so
7f9c59f38000-7f9c5a137000 ---p 5000 08:01 10879  
/lib/x86_64-linux-gnu/libnss_dns-2.24.so
7f9c5a137000-7f9c5a138000 r--p 4000 08:01 10879  
/lib/x86_64-linux-gnu/libnss_dns-2.24.so
7f9c5a138000-7f9c5a139000 rw-p 5000 08:01 10879  
/lib/x86_64-linux-gnu/libnss_dns-2.24.so
7f9c5a139000-7f9c5a143000 r-xp  08:01 10880  
/lib/x86_64-linux-gnu/libnss_files-2.24.so
7f9c5a143000-7f9c5a343000 ---p a000 08:01 10880  
/lib/x86_64-linux-gnu/libnss_files-2.24.so
7f9c5a343000-7f9c5a344000 r--p a000 08:01 10880  
/lib/x86_64-linux-gnu/libnss_files-2.24.so
7f9c5a344000-7f9c5a345000 rw-p b000 08:01 10880  
/lib/x86_64-linux-gnu/libnss_files-2.24.so
7f9c5a345000-7f9c5a4cc000 rw-p  00:00 0
7f9c5a4cd000-7f9c5a64d000 rw-s  00:05 4489217
/SYSV (deleted)
7f9c5a64d000-7f9c5a94e000 rw-p  00:00 0
7f9c5a94e000-7f9c5a9c r-xp  08:01 2404   
/lib/x86_64-linux-gnu/libpcre.so.3.13.3
7f9c5a9c-7f9c5abbf000 ---p 00072000 08:01 2404   
/lib/x86_64-linux-gnu/libpcre.so.3.13.3
7f9c5abbf000-7f9c5abc r--p 00071000 08:01 2404   
/lib/x86_64-linux-gnu/libpcre.so.3.13.3
7f9c5abc-7f9c5abc1000 rw-p 00072000 08:01 2404   
/lib/x86_64-linux-gnu/libpcre.so.3.13.3
7f9c5abc1000-7f9c5abd2000 r-xp  08:01 3039   
/usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1
7f9c5abd2000-7f9c5add1000 ---p 00011000 08:01 3039   
/usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1
7f9c5add1000-7f9c5add2000 r--p 0001 08:01 3039   
/usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1
7f9c5add2000-7f9c5add3000 rw-p 00011000 08:01 3039   
/usr/lib/x86_64-linux-gnu/liblz4.so.1.7.1
7f9c5add3000-7f9c5adf8000 r-xp  08:01 2740   
/lib/x86_64-linux-gnu/liblzma.so.5.2.2
7f9c5adf8000-7f9c5aff7000 ---p 00025000 08:01 2740   
/lib/x86_64-linux-gnu/liblzma.so.5.2.2
7f9c5aff7000-7f9c5aff8000 r--p 00024000 08:01 2740   
/lib/x86_64-linux-gnu/liblzma.so.5.2.2
7f9c5aff8000-7f9c5aff9000 rw-p 00025000 08:01 2740   
/lib/x86_64-linux-gnu/liblzma.so.5.2.2
7f9c5aff9000-7f9c5b00 r-xp  08:01 10890  
/lib/x86_64-linux-gnu/librt-2.24.so
7f9c5b00-7f9c5b1ff000 ---p 7000 08:01 10890  
/lib/x86_64-linux-gnu/librt-2.24.so
7f9c5b1ff000-7f9c5b20 r--p 6000 08:01 10890  
/lib/x86_64-linux-gnu/librt-2.24.so
7f9c5b20-7f9c5b201000 rw-p 7000 08:01 10890