[ https://issues.apache.org/jira/browse/GUACAMOLE-614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17003764#comment-17003764 ]
Nick Couchman commented on GUACAMOLE-614: ----------------------------------------- [~aiden0z]: Can you retry with 1.0.0 and see if you still have the issue? > Infinite loop caused by guac_iconv > ---------------------------------- > > Key: GUACAMOLE-614 > URL: https://issues.apache.org/jira/browse/GUACAMOLE-614 > Project: Guacamole > Issue Type: Bug > Components: guacamole-server > Affects Versions: 0.9.14 > Environment: Guacd 0.9.14 with docker > Reporter: Aiden Luo > Priority: Minor > > The encoding reader/writer may return zero, but the caller did not check zero > value. That may cause the infinite loop when handle incorrect bytes. > See the line starts with {color:#FF0000}/*** {color}. > {code:java} > int guac_iconv(guac_iconv_read* reader, const char** input, int in_remaining, > guac_iconv_write* writer, char** output, int out_remaining) { > while (in_remaining > 0 && out_remaining > 0) { > int value; > const char* read_start; > char* write_start; > /* Read character */ > read_start = *input; > /*** reader may return value and not change input ***/ > value = reader(input, in_remaining); > in_remaining -= *input - read_start; > /* Write character */ > write_start = *output; > /*** writer may return value and not change output ***/ > writer(output, out_remaining, value); > out_remaining -= *output - write_start; > /* Stop if null terminator reached */ > if (value == 0) > return 1; > } > /* Null terminator not reached */ > return 0; > } > {code} > > *Analysis procedure* > *1. Find problem thread* > {code:java} > [root@jettydocker2 /]# ps -ef > UID PID PPID C STIME TTY TIME CMD > root 1 0 0 01:35 ? 00:00:40 /usr/local/sbin/guacd -b 0.0.0.0 -f > root 464 1 0 02:51 ? 00:00:17 /usr/local/sbin/guacd -b 0.0.0.0 -f > root 615 1 96 03:12 ? 01:23:39 /usr/local/sbin/guacd -b 0.0.0.0 -f > root 703 1 0 03:38 ? 00:00:00 /usr/local/sbin/guacd -b 0.0.0.0 -f > root 712 1 0 03:45 ? 00:00:15 /usr/local/sbin/guacd -b 0.0.0.0 -f > root 728 1 0 04:01 ? 00:00:02 /usr/local/sbin/guacd -b 0.0.0.0 -f > root 735 0 0 04:39 ? 00:00:00 bash > root 747 735 0 04:39 ? 00:00:00 ps -ef > [root@jettydocker2 /]# top -b -H -p 615 > top - 04:40:08 up 48 days, 2:56, 0 users, load average: 1.01, 1.11, 1.19 > Threads: 3 total, 1 running, 2 sleeping, 0 stopped, 0 zombie > %Cpu(s): 25.4 us, 0.0 sy, 0.0 ni, 74.6 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st > KiB Mem : 8175596 total, 2269700 free, 1883596 used, 4022300 buff/cache > KiB Swap: 0 total, 0 free, 0 used. 5914664 avail Mem > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 619 root 20 0 1861008 23848 3444 R 99.9 0.3 83:56.87 guacd > 615 root 20 0 1861008 23848 3444 S 0.0 0.3 0:00.00 guacd > 621 root 20 0 1861008 23848 3444 S 0.0 0.3 0:00.02 guacd > {code} > > *2. GDB anaylsis* > {code:java} > [root@jettydocker2 /]# gdb /usr/local/sbin/guacd 615 > GNU gdb (GDB) Red Hat Enterprise Linux 7.6.1-110.el7 > Copyright (C) 2013 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > This is free software: you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. Type "show copying" > and "show > .... > (gdb) info threads > Id Target Id Frame > 3 Thread 0x7efffeffd700 (LWP 619) "guacd" guac_iconv (reader=0x7f00683e22fa > <GUAC_READ_UTF8>, input=0x7efffefbc638, in_remaining=2, > writer=0x7f00683e240f <GUAC_WRITE_UTF8>, output=0x7efffefbc630, > out_remaining=1) at iconv.c:74 > 2 Thread 0x7f0059ffb700 (LWP 621) "guacd" 0x00007f00721f9f3d in nanosleep () > from /lib64/libpthread.so.0 > * 1 Thread 0x7f0043fff700 (LWP 615) "guacd" 0x00007f00721f3f97 in > pthread_join () from /lib64/libpthread.so.0 > (gdb) t 3 > [Switching to thread 3 (Thread 0x7efffeffd700 (LWP 619))] > #0 guac_iconv (reader=0x7f00683e22fa <GUAC_READ_UTF8>, input=0x7efffefbc638, > in_remaining=2, writer=0x7f00683e240f <GUAC_WRITE_UTF8>, > output=0x7efffefbc630, out_remaining=1) at iconv.c:74 > 74 read_start = *input; > (gdb) bt > #0 guac_iconv (reader=0x7f00683e22fa <GUAC_READ_UTF8>, input=0x7efffefbc638, > in_remaining=2, writer=0x7f00683e240f <GUAC_WRITE_UTF8>, > output=0x7efffefbc630, out_remaining=1) at iconv.c:74 > #1 0x00007f00683df11d in guac_vnc_cut_text (client=0x7f007302e010, > text=0x7f00600019d0 " #", <incomplete sequence \345\255>, textlen=5) at > clipboard.c:135 > #2 0x00007f00681c97c7 in HandleRFBServerMessage () from > /lib64/libvncclient.so.0 > #3 0x00007f00683e0c97 in guac_vnc_client_thread (data=0x7f005c00aee0) at > vnc.c:350 > #4 0x00007f00721f2e25 in start_thread () from /lib64/libpthread.so.0 > #5 0x00007f0070aeabad in clone () from /lib64/libc.so.6 > (gdb) f 0 > #0 guac_iconv (reader=0x7f00683e22fa <GUAC_READ_UTF8>, input=0x7efffefbc638, > in_remaining=2, writer=0x7f00683e240f <GUAC_WRITE_UTF8>, > output=0x7efffefbc630, out_remaining=1) at iconv.c:79 > 79 write_start = *output; > (gdb) n [18/1979] > 80 writer(output, out_remaining, value); > (gdb) n > 81 out_remaining -= *output - write_start; > (gdb) n > 84 if (value == 0) > (gdb) n > 67 while (in_remaining > 0 && out_remaining > 0) { > (gdb) n > 74 read_start = *input; > (gdb) n > 75 value = reader(input, in_remaining); > (gdb) step > GUAC_READ_UTF8 (input=0x7efffefbc638, remaining=2) at iconv.c:98 > 98 *input += guac_utf8_read(*input, remaining, &value); > (gdb) step > guac_utf8_read (utf8=0x7f00600019d3 <incomplete sequence \345\255>, length=2, > codepoint=0x7efffefbc58c) at unicode.c:133 > 133 if (length <= 0) > (gdb) n > 137 initial = (unsigned char) *(utf8++); > (gdb) n > 140 if ((initial | 0x7F) == 0x7F) { > (gdb) n > 146 else if ((initial | 0x1F) == 0xDF) { > (gdb) n > 152 else if ((initial | 0x0F) == 0xEF) { > (gdb) n > 153 result = initial & 0x0F; > (gdb) n > 154 bytes = 3; > (gdb) n > 170 if (bytes > length) > (gdb) n > 171 return 0; > (gdb) n > 182 } > GUAC_READ_UTF8 (input=0x7efffefbc638, remaining=2) at iconv.c:99 > 99 return value; > (gdb) n > 101 } > (gdb) > guac_iconv (reader=0x7f00683e22fa <GUAC_READ_UTF8>, input=0x7efffefbc638, > in_remaining=2, writer=0x7f00683e240f <GUAC_WRITE_UTF8>, > output=0x7efffefbc630, > out_remaining=1) at iconv.c:76 > 76 in_remaining -= *input - read_start; > (gdb) p *input - read_start > $15 = 0 > {code} > -- This message was sent by Atlassian Jira (v8.3.4#803005)