guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Jumper (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (GUACAMOLE-149) Potential busy loop in guac_terminal_display_set_columns()
Date Wed, 01 Feb 2017 07:19:51 GMT

     [ https://issues.apache.org/jira/browse/GUACAMOLE-149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Michael Jumper reassigned GUACAMOLE-149:
----------------------------------------

    Assignee: Michael Jumper

> Potential busy loop in guac_terminal_display_set_columns()
> ----------------------------------------------------------
>
>                 Key: GUACAMOLE-149
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-149
>             Project: Guacamole
>          Issue Type: Bug
>          Components: guacamole-server, SSH, Telnet
>    Affects Versions: 0.9.9, 0.9.10-incubating
>            Reporter: Aiden Luo
>            Assignee: Michael Jumper
>            Priority: Critical
>
> The Guacamole terminal emulator can get caught in an endless busy loop if a character
in the buffer ends up being set with zero width. The loop within {{guac_terminal_display_set_columns()}}
advances through columns by the width of the current character, and will never advance if
that width is somehow unset.
> {code:none}
> (gdb) bt
> #0  guac_terminal_display_set_columns (display=0x30f5480, row=11, start_column=22, end_column=22,
character=0x2cf3b18)
>     at display.c:458
> #1  0x00007f8b3fa68374 in guac_terminal_commit_cursor (term=term@entry=0x2c0b5b0) at
terminal.c:649
> #2  0x00007f8b3fa69329 in guac_terminal_flush (terminal=terminal@entry=0x2c0b5b0) at
terminal.c:1339
> #3  0x00007f8b3fa69440 in guac_terminal_render_frame (terminal=0x2c0b5b0) at terminal.c:489
> #4  0x000000000040312d in __guacd_client_output_thread (data=0x2bea930) at client.c:73
> #5  0x00007f8b43469184 in start_thread (arg=0x7f8b3c326700) at pthread_create.c:312
> #6  0x00007f8b4319637d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
> (gdb) f 0
> #0  guac_terminal_display_set_columns (display=0x30f5480, row=11, start_column=22, end_column=22,
character=0x2cf3b18)
>     at display.c:458
> 458             current->type      = GUAC_CHAR_SET;
> (gdb) list
> 453
> 454         /* For each column in range */
> 455         for (i = start_column; i <= end_column; i += character->width) {
> 456
> 457             /* Set operation */
> 458             current->type      = GUAC_CHAR_SET;
> 459             current->character = *character;
> 460
> 461             /* Next character */
> 462             current += character->width;
> (gdb) p character->width
> $113 = 0
> (gdb)
> {code}
> From {{__guac_terminal_set()}}, it's clear that having zero width is a legitimate value:
> {code:none}
>     /* Calculate width in columns */
>     width = wcwidth(codepoint);
>     if (width < 0)
>         width = 1;
>     /* Do nothing if glyph is empty */
>     if (width == 0)
>         return 0;
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message