Gedit, gnome-terminal and others crash in rootless mode

[sunweaver]

From X2Go BTS (with patch there):
http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=900

Package: libnx-X11

Version: 2.3.5

Setup:

1. x2goserver in a debian testing machine.
2. x2goclient in a windows machine.
3. Create a session with a virtual desktop.
4. Run gedit in the session created in 3.
5. Create a session in windows launching only xterm.
6. Run gedit from the console created in 5.
7. Create a session in windows launching only gedit.

Results:

1. Steps from Setup 3, 4 and 5 work fine.
2. Steps from Setup 6 and 7 crash (close the session).

A quick look in dmesg shows that libNX_X11.so.6.2 caused a SEGFAULT.

Running x2goagent with a debugger gives the following backtrace:

(gdb) backtrace
#0 _XData32 (dpy=dpy@entry=0xf591b0, data=data@entry=0x163c2c4,

len=len@entry=18652) at XlibInt.c:3775
#1 0x00007f759e34dce1 in XChangeProperty (dpy=0xf591b0, w=<optimized

out>, property=, type=6, format=,
mode=,
data=0x163c2c4
"\377\377\377\377\354\356\356\377\377\377\377\377\354\356\356\377\377\377\377\377\354\356\356\377\377\377\377\377\357\360\360\377\377\377\377\377\364\365\365\377\377\377\377\377\307\312\311\375\377\377\377\377\t\t\t\035",
nelements=4663) at ChProp.c:85
#2 0x00000000004b1e37 in nxagentExportProperty (pWin=0x20,

property=4663, type=23315140, format=4669, mode=32, nUnits=4663,
value=0x15fc2e0) at Rootless.c:763
#3 0x000000000042222a in ProcChangeProperty (client=0xf591b0) at

X/NXproperty.c:331
#4 0x000000000042eea2 in Dispatch () at X/NXdispatch.c:748

Looking at the highlighted values, it seems that gedit is sending a
malformed ChangeProperty request, and rootless is failing to process it.

Specifically the segment between lines 735-780, tries to set a property
that is bigger than the maximum size required, but because it's a
malformed request it ends up writing in memory outside the boundaries of
the output buffer.

Alternatives:

1. Ensure that nxagentExportProperty never writes beyond the boundaries
   of the output buffer.
2. Resize the output buffer to match the required size
   (ProcChangeProperty seems to do something similar).
3. Ignore big requests (see attached patch).

[sunweaver]

Hi Camilo,

On Do 02 Jul 2015 08:21:22 CEST, Camilo Alejandro Arboleda wrote:

Your bug report has just been moved [1] to the new upstream location of nx-libs on Github.

Looking at the highlighted values, it seems that gedit is sending a
malformed ChangeProperty request, and rootless is failing to process it.

Is it really a malformed request or a problem with broken BIG-REQUESTS support [2] in libXcomp3 (aka nxcomp)?

Specifically the segment between lines 735-780, tries to set a property
that is bigger than the maximum size required, but because it's a
malformed request it ends up writing in memory outside the boundaries of
the output buffer.

Alternatives:

1. Ensure that nxagentExportProperty never writes beyond the boundaries
   of the output buffer.
2. Resize the output buffer to match the required size
   (ProcChangeProperty seems to do something similar).
3. Ignore big requests (see attached patch).

Is option 3. really the optimal approach? It feels like option 2. would be the way to go here...

Please continue, if possible for you, this discussion on Github.

Mike

[sunweaver]

Also related: X2Go Bug 878:
http://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=878

Package: nx-libs
Version: 3.5.0.31
Severity: normal

Server OS: Fedora 22 64-bit with latest updates (F22 is still in beta,
but will be released any day now)
x2goserver 4.0.1.19-3.fc22 (Fedora's package)
x2goserver-xsession 4.0.1.19-3.fc22 (Fedora's package)
nxagent 3.5.0.31-1.fc22 (Fedora's package)
x2goagent 3.5.0.31-1.fc22 (Fedora's package)

I've tried multiple different clients (on both Linux and Windows), so
the client details presumably do not matter.

The problem is that gnome-terminal is failing to launch. I have only
tried a single application session. The output from journalctl --user (the equivalent of ~/.xsession-x2go-errors) is attached.

This line stands out:
org.a11y.atspi.Registry[24951]: Xlib: extension "XEVIE" missing on
display ":50".

However, XEvIE was removed from X.org in 2008:
http://cgit.freedesktop.org/xorg/xserver/commit/?id=f4036f6ace5f770f0fe6a6e3dc3749051a81325a
http://freedesktop.org/wiki/Software/XEvIE/

[camiloaa]

Hi Mike,

I haven't look deeper into the problem, since I am not really expert (or even knowledgeable) in X. The first patch was a quick fix as it seemed to me that NXlib doesn't support big requests, and it has worked for me so far.

I am sorry to not being able to help to come up with a better solution, but I don't have the knowledge to do it. I can help with testing and debugging if you have any pointers I can follow.

[wolkym]

Ubuntu 16.04.1 and stable ppa are affected by the same bug. Application: rootless Eclipse Kepler. On Ubuntu 14.04 everything works fine with the same versions of x2go from stable ppa.

bt Core was generated by `/usr/lib/nx/../x2go/bin/x2goagent -extension XFIXES -nolisten tcp -nolisten tcp'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  _XData32 (dpy=dpy@entry=0x1461cf0, data=<optimized out>, data@entry=0x1b548b4, len=20596, len@entry=28756) at XlibInt.c:3792

ubuntu 16.04 (bug)

Package libnx-x11-6:                                 
i A 2:3.5.0.32-0~668~ubuntu16.04.1                                                xenial                                                     500 

Package x2goserver:                                   
i   4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500 

Package x2goserver-compat:
i   4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500 

Package x2goserver-extensions:
i A 4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500 

Package x2goserver-fmbindings:
i   4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500 

Package x2goserver-printing:
i   4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500 

Package x2goserver-pyhoca:
i   4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500 

Package x2goserver-xsession:
i A 4.0.1.19-0~1064~ubuntu16.04.1                                xenial                                    500

ubuntu 14.04 (no bug)

Package libnx-x11:                                   
i   2:3.5.0.32-0~668~ubuntu14.04.1                                      trusty                                          500 

Package x2goserver:                                   
i   4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500 

Package x2goserver-compat:
i   4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500 

Package x2goserver-extensions:
i A 4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500 

Package x2goserver-fmbindings:
i   4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500 

Package x2goserver-printing:
i   4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500 

Package x2goserver-pyhoca:
i   4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500 

Package x2goserver-xsession:
i   4.0.1.19-0~1064~ubuntu14.04.1                                       trusty                                          500

Package libnx-x11-6:
i A 2:3.5.0.32-0~668~ubuntu14.04.1                                      trusty                                          500

[ColinFinck]

I'm suffering from the same bug on Ubuntu 16.04 while it previously worked in 14.04.
Binary patching out "BIG-REQUESTS" with "_IG-REQUESTS" in libxcb.so.1 as described in atom/atom#4360 fixes the problem for me.
However, this is the worst possible solution for a production system..

[uli42]

On Sat, Sep 10, 2016 at 1:03 PM, Colin Finck notifications@github.com wrote:

I'm suffering from the same bug on Ubuntu 16.04 while it previously worked in 14.04.
Binary patching out "BIG-REQUESTS" with "_IG-REQUESTS" in libxcb.so.1 as described in atom/atom#4360 fixes the problem for me.
However, this is the worst possible solution for a production system..

Have you tried using the latest nightly builds of nx-libs?
(https://sunweavers.net/blog/node/20)

Uli

[sunweaver]

Hi Uli, hi Colin,

On So 11 Sep 2016 12:19:27 CEST, Ulrich Sibiller wrote:

On Sat, Sep 10, 2016 at 1:03 PM, Colin Finck
notifications@github.com wrote:

I'm suffering from the same bug on Ubuntu 16.04 while it previously
worked in 14.04.
Binary patching out "BIG-REQUESTS" with "_IG-REQUESTS" in
libxcb.so.1 as described in atom/atom#4360 fixes the problem for me.
However, this is the worst possible solution for a production system..

Have you tried using the latest nightly builds of nx-libs?
(https://sunweavers.net/blog/node/20)

Uli

Unfortunately, BIG-REQUESTS are broken-by-design in nxcomp. See:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766299

Do thinks work better when disabling BIG-REQUESTS in x2goagent/nxagent?

From the command line (although, this does not use nxcomp):

nxagent -R -ac -extension BIG-REQUESTS :1

Or via /etc/x2go/x2goagent.options.

Mike

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
mobile: +49 (1520) 1976 148
landline: +49 (4354) 8390 139

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

[ColinFinck]

Yep, adding "-extension BIG-REQUESTS" to the X2GO_NXAGENT_DEFAULT_OPTIONS variable in /etc/x2go/x2goagent.options fixes the problem as well!

[sunweaver]

This is a multi-topic bug. Basically, GNOME applications run (again) on nx-libs 3.5.99.3 and above. This has been tested with gedit and gnome-terminal from Debian jessie and Debian stretch. So that issues seems to be settled.

Evolution (not sure if it was mentioned above, but it also is a problematic application) fails to launch on jessie due to missing recent-enough GLX support. The stretch version of evolution comes up, but reports thrillions of issues about permission denied to some shared memory location. However, that may also be related to my test setup (schroot based chroots).

The BIGREQUESTS stuff is tracked by another issue on this tracker: #301.

Regarding Eclipse, the eclipse version from Debian stretch starts fine in rootless and desktop session mode.

So really closing this issue now.