422 – krfb: Double free in xupdatescanner.cc

By default, Bugzilla does not search the list of RESOLVED bugs.
You can force it to do so by putting the upper-case word ALL in front of your search query, e.g.: ALL tdelibs
We recommend searching for bugs this way, as you may discover that your bug has already been resolved and fixed in a later release.

Bug 422 - krfb: Double free in xupdatescanner.cc

Summary: krfb: Double free in xupdatescanner.cc

Status:	RESOLVED FIXED

Alias:	None

Product:	TDE
Classification:	Unclassified
Component:	tdenetwork (show other bugs)
Version:	3.5.12 [Trinity]
Hardware:	i386 Debian Lenny

Importance:	P5 normal
Assignee:	Timothy Pearson

URL:

Depends on:
Blocks:

Reported:	2011-01-26 04:42 CST by Ignaz Forster
Modified:	2012-10-19 15:16 CDT (History)
CC List:	3 users (show)

See Also:	http://bugs.debian.org/518511
Compiler Version:
TDE Version String:
Application Version:
Application Name:

Attachments
Fix SIGABRT when closing connection (453 bytes, patch) 2011-01-26 04:43 CST, Ignaz Forster	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ignaz Forster 2011-01-26 04:42:10 CST

When using a graphics card driver without shared memory support, krfb will crash with a SIGABRT when closing the connection. This is caused by a double free (once by calling free directly, once two lines later by XDestroyImage).

The original bug description and patch can also be found on https://bugs.kde.org/show_bug.cgi?id=148738, a success report is on http://lists.debian.org/debian-qt-kde/2009/08/msg00260.html.

Comment 1 Ignaz Forster 2011-01-26 04:43:38 CST

Created attachment 53 [details]
Fix SIGABRT when closing connection

Comment 2 Nick Leverton 2011-10-22 02:39:02 CDT

Confirming this problem is still in Trinity.  It means one cannot reconnect to a desktop via RDC protocol after disconnecting, because krdc will have crashed.  Just attempting to connect and then cancelling without entering the password will cause the crash, which means that non-authorised connectors can DOS you (as well as making it regrettably easy to DOS yourself).

I can confirm the OP's patch fixes it as I've been running a patched 3.5.10 for a while.  Can it be applied before 3.5.13, please ?

Comment 3 Timothy Pearson 2011-10-22 13:31:01 CDT

Fixed in SVN revision 1260223.

Thanks for reporting, and to Ignaz for posting the patch!