If using vncviewer you highlight a section of text, then hit <F8>, then
click on "local->remote" it can cause vncveiwer to segfault.
gdb) bt
#0 0x4036f3a3 in strlen () from /lib/libc.so.6
#1 0x0805329e in ConvertSelection (w=0x0, selection=0x0,
target=0xbffff128, type=0xbffff0f4, value=0xbffff0f8, length=0xbffff0fc,
format=0xbffff100) at selection.c:299
#2 0x40101d1e in GetConversion () from /usr/X11R6/lib/libXt.so.6
#3 0x400fcea9 in HandleSelectionEvents () from
/usr/X11R6/lib/libXt.so.6
#4 0x400e95df in XtDispatchEventToWidget () from
/usr/X11R6/lib/libXt.so.6
#5 0x400eb371 in _XtDefaultDispatcher () from
/usr/X11R6/lib/libXt.so.6
#6 0x400e9d6f in XtDispatchEvent () from /usr/X11R6/lib/libXt.so.6
#7 0x400f6cc7 in XtAppProcessEvent () from /usr/X11R6/lib/libXt.so.6
#8 0x08054357 in ProcessXtEvents () at sockets.cxx:66
#9 0x08057d18 in rdr::FdInStream::readWithTimeoutOrCallback(void*,
int) (this=0x80e7250, buf=0x80f2478, len=8192) at Exception.h:53
#10 0x080576ed in rdr::FdInStream::overrun(int, int) (this=0x80e7250,
itemSize=1, nItems=1) at FdInStream.cxx:115
#11 0x080575e0 in rdr::FdInStream::readBytes(void*, int)
(this=0x80e7250, data=0x0, length=135164496) at InStream.h:46
#12 0x08053c05 in ReadFromRFBServer (out=0x0, n=0) at sockets.cxx:135
#13 0x080503a0 in HandleRFBServerMessage () at rfbproto.c:502
#14 0x080539a5 in main (argc=1, argv=0xbffff5a4) at vncviewer.c:129
As seen above, vncviewer segfaults on strlen().
static Boolean
ConvertSelection(Widget w, Atom* selection, Atom* target, Atom* type,
XtPointer* value, unsigned long* length, int* format)
{
if (*target == XA_STRING) {
*type = XA_STRING;
*length = strlen(serverCutText);
*value = (XtPointer)XtMalloc(*length);
memcpy((char*)*value, serverCutText, *length);
*format = 8;
return True;
}
The above seems to be the problem. strlen() does not check for NULL.
So, the below seems to work.
static Boolean
ConvertSelection(Widget w, Atom* selection, Atom* target, Atom* type,
XtPointer* value, unsigned long* length, int* format)
{
if( !serverCutText ){
return False;
}
if (*target == XA_STRING) {
*type = XA_STRING;
*length = strlen(serverCutText);
*value = (XtPointer)XtMalloc(*length);
memcpy((char*)*value, serverCutText, *length);
*format = 8;
return True;
}
This problem is in the src for vnc 3.3.7 that I download from the
realvnc site yesterday.
I hope that helps,
Dennis
--
emerge -p world
Louisiana State University
Biological and Agricultural Department (www.bae.lsu.edu)
Computer Systems Administrator
Ph: 225.578.1072, E-Mail: [EMAIL PROTECTED]
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
