Ubuntu
rdesktop package

rdesktop crashes on large paste and kills the program from which the text was copied

Bug #365284 reported by Alan Jenkins
24
This bug affects 3 people
Affects Status Importance Assigned to Milestone
rdesktop
Unknown
Unknown
rdesktop (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: rdesktop

When trying to paste a large chunk of text from gedit or gnome-terminal to a program on a windows machine using rdesktop rdesktop crashes with this error and kills the program that the text was copied out of. (This caused me to lose some work I was doing earlier). I have managed to reproduce this via copying the contents of a large random file I have made into rdesktop.

*** glibc detected *** rdesktop: double free or corruption (fasttop): 0x000000000203a950 ***
======= Backtrace: =========
/lib/libc.so.6[0x7f89e2bc7cb8]
/lib/libc.so.6(cfree+0x76)[0x7f89e2bca276]
/usr/lib/libX11.so.6(XFree+0x9)[0x7f89e2f03999]
rdesktop[0x41822c]
rdesktop[0x4132e3]
rdesktop[0x41bf6d]
rdesktop[0x41c4f5]
rdesktop[0x41c68a]
rdesktop[0x41ce44]
rdesktop[0x41d6bf]
rdesktop[0x41f15a]
rdesktop[0x420101]
rdesktop[0x420c0b]
rdesktop[0x4084de]
/lib/libc.so.6(__libc_start_main+0xe6)[0x7f89e2b6e5a6]
rdesktop[0x406549]
======= Memory map: ========
00400000-00439000 r-xp 00000000 08:21 7212 /usr/bin/rdesktop
00638000-00639000 r--p 00038000 08:21 7212 /usr/bin/rdesktop
00639000-0063b000 rw-p 00039000 08:21 7212 /usr/bin/rdesktop
0063b000-009e6000 rw-p 0063b000 00:00 0
01ffa000-02137000 rw-p 01ffa000 00:00 0 [heap]
7f89dc000000-7f89dc021000 rw-p 7f89dc000000 00:00 0
7f89dc021000-7f89e0000000 ---p 7f89dc021000 00:00 0
7f89e0a7c000-7f89e0a92000 r-xp 00000000 08:21 2586 /lib/libgcc_s.so.1
7f89e0a92000-7f89e0c92000 ---p 00016000 08:21 2586 /lib/libgcc_s.so.1
7f89e0c92000-7f89e0c93000 r--p 00016000 08:21 2586 /lib/libgcc_s.so.1
7f89e0c93000-7f89e0c94000 rw-p 00017000 08:21 2586 /lib/libgcc_s.so.1
7f89e0c94000-7f89e0c99000 r-xp 00000000 08:21 9087 /usr/lib/libXfixes.so.3.1.0
7f89e0c99000-7f89e0e98000 ---p 00005000 08:21 9087 /usr/lib/libXfixes.so.3.1.0
7f89e0e98000-7f89e0e99000 rw-p 00004000 08:21 9087 /usr/lib/libXfixes.so.3.1.0
7f89e0e99000-7f89e0ea2000 r-xp 00000000 08:21 9107 /usr/lib/libXrender.so.1.3.0
7f89e0ea2000-7f89e10a1000 ---p 00009000 08:21 9107 /usr/lib/libXrender.so.1.3.0
7f89e10a1000-7f89e10a2000 r--p 00008000 08:21 9107 /usr/lib/libXrender.so.1.3.0
7f89e10a2000-7f89e10a3000 rw-p 00009000 08:21 9107 /usr/lib/libXrender.so.1.3.0
7f89e10a3000-7f89e10ac000 r-xp 00000000 08:21 9079 /usr/lib/libXcursor.so.1.0.2
7f89e10ac000-7f89e12ac000 ---p 00009000 08:21 9079 /usr/lib/libXcursor.so.1.0.2
7f89e12ac000-7f89e12ad000 rw-p 00009000 08:21 9079 /usr/lib/libXcursor.so.1.0.2
7f89e12ad000-7f89e12b0000 r-xp 00000000 08:21 11669 /usr/lib/gconv/UTF-16.so
7f89e12b0000-7f89e14af000 ---p 00003000 08:21 11669 /usr/lib/gconv/UTF-16.so
7f89e14af000-7f89e14b0000 r--p 00002000 08:21 11669 /usr/lib/gconv/UTF-16.so
7f89e14b0000-7f89e14b1000 rw-p 00003000 08:21 11669 /usr/lib/gconv/UTF-16.so
7f89e14b1000-7f89e14bd000 r-xp 00000000 08:21 2610 /lib/libnss_files-2.9.so
7f89e14bd000-7f89e16bc000 ---p 0000c000 08:21 2610 /lib/libnss_files-2.9.so
7f89e16bc000-7f89e16bd000 r--p 0000b000 08:21 2610 /lib/libnss_files-2.9.so
7f89e16bd000-7f89e16be000 rw-p 0000c000 08:21 2610 /lib/libnss_files-2.9.so
7f89e16be000-7f89e16c8000 r-xp 00000000 08:21 2620 /lib/libnss_nis-2.9.so
7f89e16c8000-7f89e18c7000 ---p 0000a000 08:21 2620 /lib/libnss_nis-2.9.so
7f89e18c7000-7f89e18c8000 r--p 00009000 08:21 2620 /lib/libnss_nis-2.9.so
7f89e18c8000-7f89e18c9000 rw-p 0000a000 08:21 2620 /lib/libnss_nis-2.9.so
7f89e18c9000-7f89e18df000 r-xp 00000000 08:21 2604 /lib/libnsl-2.9.so
7f89e18df000-7f89e1adf000 ---p 00016000 08:21 2604 /lib/libnsl-2.9.so
7f89e1adf000-7f89e1ae0000 r--p 00016000 08:21 2604 /lib/libnsl-2.9.so
7f89e1ae0000-7f89e1ae1000 rw-p 00017000 08:21 2604 /lib/libnsl-2.9.so
7f89e1ae1000-7f89e1ae3000 rw-p 7f89e1ae1000 00:00 0
7f89e1ae3000-7f89e1aeb000 r-xp 00000000 08:21 2606 /lib/libnss_compat-2.9.so
7f89e1aeb000-7f89e1cea000 ---p 00008000 08:21 2606 /lib/libnss_compat-2.9.so
7f89e1cea000-7f89e1ceb000 r--p 00007000 08:21 2606 /lib/libnss_compat-2.9.so
7f89e1ceb000-7f89e1cec000 rw-p 00008000 08:21 2606 /lib/libnss_compat-2.9.so
7f89e1cec000-7f89e1cf1000 r-xp 00000000 08:21 9083 /usr/lib/libXdmcp.so.6.0.0
7f89e1cf1000-7f89e1ef0000 ---p 00005000 08:21 9083 /usr/lib/libXdmcp.so.6.0.0
7f89e1ef0000-7f89e1ef1000 rw-p 00004000 08:21 9083 /usr/lib/libXdmcp.so.6.0.0
7f89e1ef1000-7f89e1ef3000 r-xp 00000000 08:21 9072 /usr/lib/libXau.so.6.0.0
7f89e1ef3000-7f89e20f2000 ---p 00002000 08:21 9072 /usr/lib/libXau.so.6.0.0
7f89e20f2000-7f89e20f3000 r--p 00001000 08:21 9072 /usr/lib/libXau.so.6.0.0
7f89e20f3000-7f89e20f4000 rw-p 00002000 08:21 9072 /usr/lib/libXau.so.6.0.0
7f89e20f4000-7f89e210f000 r-xp 00000000 08:21 10039 /usr/lib/libxcb.so.1.1.0
7f89e210f000-7f89e230e000 ---p 0001b000 08:21 10039 /usr/lib/libxcb.so.1.1.0
7f89e230e000-7f89e230f000 r--p 0001a000 08:21 10039 /usr/lib/libxcb.so.1.1.0
7f89e230f000-7f89e2310000 rw-p 0001b000 08:21 10039 /usr/lib/libxcb.so.1.1.0
7f89e2310000-7f89e2317000 r-xp 00000000 08:21 2648 /lib/librt-2.9.so
7f89e2317000-7f89e2516000 ---p 00007000 08:21 2648 /lib/librt-2.9.so
7f89e2516000-7f89e2517000 r--p 00006000 08:21 2648 /lib/librt-2.9.so
7f89e2517000-7f89e2518000 rw-p 00007000 08:21 2648 /lib/librt-2.9.so
7f89e2518000-7f89e252f000 r-xp 00000000 08:21 2642 /lib/libpthread-2.9.so
7f89e252f000-7f89e272e000 ---p 00017000 08:21 2642 /lib/libpthread-2.9.so
7f89e272e000-7f89e272f000 r--p 00016000 08:21 2642 /lib/libpthread-2.9.so
7f89e272f000-7f89e2730000 rw-p 00017000 08:21 2642 /lib/libpthread-2.9.so
7f89e2730000-7f89e2734000 rw-p 7f89e2730000 00:00 0
7f89e2734000-7f89e274b000 r-xp 00000000 08:21 2682 /lib/libz.so.1.2.3.3
7f89e274b000-7f89e294a000 ---p 00017000 08:21 2682 /lib/libz.so.1.2.3.3
7f89e294a000-7f89e294b000 r--p 00016000 08:21 2682 /lib/libz.so.1.2.3.3
7f89e294b000-7f89e294c000 rw-p 00017000 08:21 2682 /lib/libz.so.1.2.3.3
7f89e294c000-7f89e294e000 r-xp 00000000 08:21 2578 /lib/libdl-2.9.so
7f89e294e000-7f89e2b4e000 ---p 00002000 08:21 2578 /lib/libdl-2.9.so
7f89e2b4e000-7f89e2b4f000 r--p 00002000 08:21 2578 /lib/libdl-2.9.so
7f89e2b4f000-7f89e2b50000 rw-p 00003000 08:21 2578 /lib/libdl-2.9.so
7f89e2b50000-7f89e2cb8000 r-xp 00000000 08:21 2564 /lib/libc-2.9.so
7f89e2cb8000-7f89e2eb8000 ---p 00168000 08:21 2564 /lib/libc-2.9.so
7f89e2eb8000-7f89e2ebc000 r--p 00168000 08:21 2564 /lib/libc-2.9.so
7f89e2ebc000-7f89e2ebd000 rw-p 0016c000 08:21 2564 /lib/libc-2.9.so
7f89e2ebd000-7f89e2ec2000 rw-p 7f89e2ebd000 00:00 0
7f89e2ec2000-7f89e2fc4000 r-xp 00000000 08:21 9066 /usr/lib/libX11.so.6.2.0
7f89e2fc4000-7f89e31c4000 ---p 00102000 08:21 9066 /usr/lib/libX11.so.6.2.0
7f89e31c4000-7f89e31c5000 r--p 00102000 08:21 9066 /usr/lib/libX11.so.6.2.0
7f89e31c5000-7f89e31c9000 rw-p 00103000 08:21 9066 /usr/lib/libX11.so.6.2.0
7f89e31c9000-7f89e32a2000 r-xp 00000000 08:21 9146 /usr/lib/libasound.so.2.0.0
7f89e32a2000-7f89e34a2000 ---p 000d9000 08:21 9146 /usr/lib/libasound.so.2.0.0
7f89e34a2000-7f89e34a5000 r--p 000d9000 08:21 9146 /usr/lib/libasound.so.2.0.0
7f89e34a5000-7f89e34a9000 rw-p 000dc000 08:21 9146 /usr/lib/libasound.so.2.0.0
7f89e34a9000-7f89e352d000 r-xp 00000000 08:21 2597 /lib/libm-2.9.so
7f89e352d000-7f89e372c000 ---p 00084000 08:21 2597 /lib/libm-2.9.so
7f89e372c000-7f89e372d000 r--p 00083000 08:21 2597 /lib/libm-2.9.so
7f89e372d000-7f89e372e000 rw-p 00084000 08:21 2597 /lib/libm-2.9.so
7f89e372e000-7f89e3897000 r-xp 00000000 08:21 9894 /usr/lib/liAborted

Revision history for this message
Alan Jenkins (alan-james-jenkins) wrote :
Revision history for this message
Alan Jenkins (alan-james-jenkins) wrote :

Forgot to mention that the version of rdesktop I am using is 1.6.0-2ubuntu1

Revision history for this message
Alan Jenkins (alan-james-jenkins) wrote :

Anyone able to chase this up? This is a rather serious bug that seems to effect more than just Ubuntu's version of rdesktop (it has been recreated on Arch's version of rdesktop).

Revision history for this message
Alan Jenkins (alan-james-jenkins) wrote :

This bug causes data loss by killing the program from which the text was copied from (does not happen every time but it does happen frequently (may take a few attempts to get this result while testing (also try make your own test text if you are unable to recreate it with my uploaded file)).

Revision history for this message
Jonty (lists-jontyhewlett) wrote :
Download full text (5.5 KiB)

I also have reproduced this bug, it also occurs when I download the 1.6.0 source and compile that.

I'm new to this, but below is the output when running with strace.

writev(5, [{"*** glibc detected *** "..., 23}, {"./rdesktop"..., 10}, {": "..., 2}, {"double free or corruption (fastto"..., 35}, {": 0x"..., 4}, {"08f7b560"..., 8}, {" ***\n"..., 5}], 7*** glibc detected *** ./rdesktop: double free or corruption (fasttop): 0x08f7b560 ***
) = 87
open("/etc/ld.so.cache", O_RDONLY) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=89683, ...}) = 0
mmap2(NULL, 89683, PROT_READ, MAP_PRIVATE, 6, 0) = 0xb79b7000
close(6) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libgcc_s.so.1", O_RDONLY) = 6
read(6, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\260\34\0\0004\0\0\0\234"..., 512) = 512
mmap2(NULL, 2097152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0xb7746000
munmap(0xb7746000, 761856) = 0
munmap(0xb7900000, 286720) = 0
mprotect(0xb7800000, 135168, PROT_READ|PROT_WRITE) = 0
fstat64(6, {st_mode=S_IFREG|0644, st_size=54740, ...}) = 0
mmap2(NULL, 57864, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 6, 0) = 0xb7937000
mmap2(0xb7944000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 6, 0xc) = 0xb7944000
close(6) = 0
mprotect(0xb7944000, 4096, PROT_READ) = 0
munmap(0xb79b7000, 89683) = 0
write(5, "======= Backtrace: =========\n"..., 29======= Backtrace: =========
) = 29
writev(5, [{"/lib/tls/i686/cmov/libc.so.6"..., 28}, {"[0x"..., 3}, {"b7ba5604"..., 8}, {"]\n"..., 2}], 4/lib/tls/i686/cmov/libc.so.6[0xb7ba5604]
) = 41
writev(5, [{"/lib/tls/i686/cmov/libc.so.6"..., 28}, {"("..., 1}, {"cfree"..., 5}, {"+0x"..., 3}, {"96"..., 2}, {")"..., 1}, {"[0x"..., 3}, {"b7ba75b6"..., 8}, {"]\n"..., 2}], 9/lib/tls/i686/cmov/libc.so.6(cfree+0x96)[0xb7ba75b6]
) = 53
writev(5, [{"/usr/lib/libX11.so.6"..., 20}, {"("..., 1}, {"XFree"..., 5}, {"+0x"..., 3}, {"1d"..., 2}, {")"..., 1}, {"[0x"..., 3}, {"b7cd2e9d"..., 8}, {"]\n"..., 2}], 9/usr/lib/libX11.so.6(XFree+0x1d)[0xb7cd2e9d]
) = 45
writev(5, [{"./rdesktop"..., 10}, {"[0x"..., 3}, {"805dfaf"..., 7}, {"]\n"..., 2}], 4./rdesktop[0x805dfaf]
) = 22
writev(5, [{"./rdesktop"..., 10}, {"[0x"..., 3}, {"80594ce"..., 7}, {"]\n"..., 2}], 4./rdesktop[0x80594ce]
) = 22
writev(5, [{"./rdesktop"..., 10}, {"[0x"..., 3}, {"80611cf"..., 7}, {"]\n"..., 2}], 4./rdesktop[0x80611cf]
) = 22
writev(5, [{"./rdesktop"..., 10}, {"[0x"..., 3}, {"8061548"..., 7}, {"]\n"..., 2}], 4./rdesktop[0x8061548]
) = 22
writev(5, [{"./rdesktop"..., 10}, {"[0x"..., 3}, {"80616b8"..., 7}, {"]\n"..., 2}], 4./rdesktop[0x80616b8]
) = 22
writev(5, [{"./rdesktop"..., 10}, {"[0x"..., 3}, {"8061e83"..., 7}, {"]\n"..., 2}], 4./rdesktop[0x8061e83]
) = 22
writev(5, [{"./rdesktop"..., 10}, {"[0x"..., 3}, {"80626bb"..., 7}, {"]\n"..., 2}], 4./rdesktop[0x80626bb]
) = 22
writev(5, [{"./rdesktop"..., 10}, {"[0x"..., 3}, {"8064253"..., 7}, {"]\n"..., 2}], 4./rdesktop[0x8064253]
) = 22
writev(5, [{"./rdesktop"..., 10}, {"[0x"..., 3}, {"8065159"..., 7}, {"]\n"..., 2}], 4./rdesktop[0x806...

Read more...

Revision history for this message
jpeg729 (jpeg729) wrote :

Seven years on I'm getting bitten by the same bug.

rdesktop version 1.7.1-1ubuntu0 running on Ubuntu 14.04 connecting to Windows server 2012.

Yet another reason to quit using Microsoft's software.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.