[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PULL 13/14] ui: fix crash when there are no active_console
From: |
Daniel P . Berrangé |
Subject: |
Re: [PULL 13/14] ui: fix crash when there are no active_console |
Date: |
Tue, 12 Sep 2023 12:15:08 +0100 |
User-agent: |
Mutt/2.2.9 (2022-11-12) |
On Tue, Sep 12, 2023 at 03:09:29PM +0400, Marc-André Lureau wrote:
> Hi
>
> On Tue, Sep 12, 2023 at 3:01 PM Michael Tokarev <mjt@tls.msk.ru> wrote:
> >
> > 12.09.2023 13:46, marcandre.lureau@redhat.com пишет:
> > > From: Marc-André Lureau <marcandre.lureau@redhat.com>
> > >
> > > Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
> > > 0x0000555555888630 in dpy_ui_info_supported (con=0x0) at
> > > ../ui/console.c:812
> > > 812 return con->hw_ops->ui_info != NULL;
> > > (gdb) bt
> > > #0 0x0000555555888630 in dpy_ui_info_supported (con=0x0) at
> > > ../ui/console.c:812
> > > #1 0x00005555558a44b1 in protocol_client_msg (vs=0x5555578c76c0,
> > > data=0x5555581e93f0 <incomplete sequence \373>, len=24) at
> > > ../ui/vnc.c:2585
> > > #2 0x00005555558a19ac in vnc_client_read (vs=0x5555578c76c0) at
> > > ../ui/vnc.c:1607
> > > #3 0x00005555558a1ac2 in vnc_client_io (ioc=0x5555581eb0e0,
> > > condition=G_IO_IN, opaque=0x5555578c76c0) at ../ui/vnc.c:1635
> > >
> > > Fixes:
> > > https://issues.redhat.com/browse/RHEL-2600
> >
> > FWIW, this link does not work for me (requires auth).
>
> hmm, should be ok now.
>
> >
> > Is there a commit which introduced this issue?
>
> It was reported against v6.2 (2021). I think it was introduced with
> commit 763deea7e9 ("vnc: add support for extended desktop resize"),
> but it might have been reproducible earlier.
Since its in a release, this probably ought to be tagged as a (denial
of service) CVE, since it enables a remote VNC client to crash the
whole VM. Fortunately it is only triggerable /after/ authentication
so the severity is relatively low.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- [PULL 06/14] ui/vc: remove kbd_put_keysym() and update function calls, (continued)
- [PULL 06/14] ui/vc: remove kbd_put_keysym() and update function calls, marcandre . lureau, 2023/09/12
- [PULL 07/14] ui/vc: rename kbd_put to qemu_text_console functions, marcandre . lureau, 2023/09/12
- [PULL 08/14] ui/console: remove redundant format field, marcandre . lureau, 2023/09/12
- [PULL 09/14] ui/vc: preliminary QemuTextConsole changes before split, marcandre . lureau, 2023/09/12
- [PULL 10/14] ui/vc: split off the VC part from console.c, marcandre . lureau, 2023/09/12
- [PULL 11/14] ui/console: move DisplaySurface to its own header, marcandre . lureau, 2023/09/12
- [PULL 12/14] virtio-gpu/win32: set the destroy function on load, marcandre . lureau, 2023/09/12
- [PULL 13/14] ui: fix crash when there are no active_console, marcandre . lureau, 2023/09/12
- [PULL 14/14] ui: add precondition for dpy_get_ui_info(), marcandre . lureau, 2023/09/12