Bug#862824: xserver-xorg-core: tigervncserver crash in WriteToClient shortly after VNC client connecs
No, this is not the case. The problem more subtle. Client connection is
closed
but the entry is not marked as deleted in ospoll, so any cleanup of deleted
entries will not help. The problem is that entries in ospoll are
searched by fd
(file descriptor). These descriptors are unique for all open files, but the
descriptor may be reused when some file is closed (and usually it is
reused). I
have attached a patch, but, as I see, it may be easily overlooked. I
have added
this bug report using reportbug program and it has added a lot of stuff
which is
completely useless. It contains traces for display :0 since I have
started the
server on display :1... It is possible to edit the message?
I'm adding my patch again, inline:
--- io.c.org 2017-05-17 14:45:36.613384569 +0200
+++ io.c 2017-05-17 14:45:52.847923103 +0200
@@ -710,7 +710,9 @@
else if (!(oco = AllocateOutputBuffer())) {
if (oc->trans_conn) {
_XSERVTransDisconnect(oc->trans_conn);
+ ospoll_remove(server_poll, oc->fd);
_XSERVTransClose(oc->trans_conn);
+ oc->fd = -1;
oc->trans_conn = NULL;
}
MarkClientException(who);
@@ -894,7 +896,9 @@
}
if (!obuf) {
_XSERVTransDisconnect(oc->trans_conn);
+ ospoll_remove(server_poll, oc->fd);
_XSERVTransClose(oc->trans_conn);
+ oc->fd = -1;
oc->trans_conn = NULL;
MarkClientException(who);
oco->count = 0;
@@ -924,8 +928,10 @@
else {
if (oc->trans_conn) {
_XSERVTransDisconnect(oc->trans_conn);
+ ospoll_remove(server_poll, oc->fd);
_XSERVTransClose(oc->trans_conn);
oc->trans_conn = NULL;
+ oc->fd = -1;
}
MarkClientException(who);
oco->count = 0;
Reply to: