Bug 37269 - computerroom segfault due to libqjpeg.so
computerroom segfault due to libqjpeg.so
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: UMC - Computer room
UCS@school 3.2 R2
Other Linux
: P5 normal (vote)
: UCS@school 4.0 Errata
Assigned To: Florian Best
Sönke Schwardt-Krummrich
:
Depends on:
Blocks: 37768
  Show dependency treegraph
 
Reported: 2014-12-09 16:49 CET by Janis Meybohm
Modified: 2016-11-25 12:02 CET (History)
5 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:
best: Patch_Available+


Attachments
coredump (9.55 MB, application/gzip)
2014-12-09 16:49 CET, Janis Meybohm
Details
dpkg-query (51.37 KB, text/plain)
2014-12-17 11:58 CET, Janis Meybohm
Details
patch: fix_computerroom_segfault_due_to_libqjpeg (1.65 KB, patch)
2015-01-13 16:01 CET, Alexander Kramer
Details | Diff
patch: fix_computerroom_segfault_due_to_libqjpeg (768 bytes, patch)
2015-01-13 16:33 CET, Alexander Kramer
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2014-12-09 16:49:37 CET
Created attachment 6517 [details]
coredump

2014082621000327

09.12.14 08:10:07.464  PROTOCOL    ( INFO    ) : Sending UMCP RESPONSE 141810900738998-13371
09.12.14 08:10:07.464  PARSER      ( INFO    ) : UMCP REQUEST 141810900739237-13372 parsed successfully
09.12.14 08:10:07.464  MODULE      ( INFO    ) : Received request 141810900739237-13372
09.12.14 08:10:07.464  PROTOCOL    ( INFO    ) : Received UMCP COMMAND REQUEST 141810900739237-13372
09.12.14 08:10:07.464  MODULE      ( INFO    ) : Executing ['computerroom/screenshot']
09.12.14 08:10:07.465  PROTOCOL    ( INFO    ) : Sending UMCP RESPONSE 141810900739237-13372
09.12.14 08:10:07.465  PARSER      ( INFO    ) : UMCP REQUEST 141810900739405-13373 parsed successfully
09.12.14 08:10:07.465  MODULE      ( INFO    ) : Received request 141810900739405-13373
09.12.14 08:10:07.465  PROTOCOL    ( INFO    ) : Received UMCP COMMAND REQUEST 141810900739405-13373
09.12.14 08:10:07.465  MODULE      ( INFO    ) : Executing ['computerroom/screenshot']
09.12.14 08:10:10.042  DEBUG_INIT
...


Dec  9 08:10:07 ieu04-sr12 kernel: [644830.953203] univention-mana[9143]: segfault at 7fb0dca48012 ip 00007fb0b5deaa10 sp 00007fffc89ac0a0 error 4 in libqjpeg.so[7fb0b5de6000+8000]

ucs-school-umc-computerroom 5.0.8-3.151.201411061732
libqtgui4 4:4.6.3-4.43.201107140905

Linux ieu04-sr12 3.10.0-ucs81-amd64 #1 SMP Debian 3.10.11-1.81.201409041448 (2014-09-04) x86_64 GNU/Linux
Univention DC Slave 3.2-3



No steps on how to reproduce this but it leads to an unusable UMC until UMC-web-server and UMC-server are restarted.
Comment 1 Janis Meybohm univentionstaff 2014-12-17 11:58:33 CET
Created attachment 6548 [details]
dpkg-query
Comment 2 Alexander Kramer univentionstaff 2015-01-13 16:01:48 CET
Created attachment 6597 [details]
patch: fix_computerroom_segfault_due_to_libqjpeg
Comment 3 Alexander Kramer univentionstaff 2015-01-13 16:33:14 CET
Created attachment 6598 [details]
patch: fix_computerroom_segfault_due_to_libqjpeg
Comment 4 Florian Best univentionstaff 2015-01-27 11:39:57 CET
Patch applied in svn r57579.
Comment 5 Florian Best univentionstaff 2015-01-27 12:24:26 CET
merged to UCS@school 3.2
Comment 6 Alexander Kramer univentionstaff 2015-02-09 14:46:36 CET
fyi some background information:

Alex Kläser debugged the core-file and came up with the following hypothesis:
During a picture is written to /tmp the file pointer becomes invalid cause of a connection-error. Alex found this hint width gdb:

print *image.d
$1 = { [...] data = 0x7fb0dca48010 <Address 0x7fb0dca48010 out of
bounds>, [...] }

Sönke helped me to reproduced the error. We added the following code to ./usr/share/pyshared/univention/management/console/modules/computerroom/italc2.py:

    def screenshot2(self):
        MODULE.process('### QA: End of sleep 60.')
        tmpfile = tempfile.NamedTemporaryFile( delete = False )
        tmpfile.close()
        writer = QImageWriter( tmpfile.name, 'JPG' )
        writer.write( self._screenshot )

    # iTalc: screenshots
    @property
    def screenshot( self ):
        image = self._vnc.image()
        if not image.byteCount():
            return None
        MODULE.process('### QImage: %s' % (image,));
        MODULE.process('### QA: Restart the win-Client.')
        self._screenshot = image
        self._timer_screenshot = notifier.timer_add(60000, self.screenshot2)
    
        tmpfile = tempfile.NamedTemporaryFile( delete = False )
        tmpfile.close()
        #writer = QImageWriter( tmpfile.name, 'JPG' )
        #writer.write( image )
        return tmpfile

With this debug helper we set a ucs@school vm with a joined windows-client and did the following test:

- change the resolution of the windows client
- restart the windows-client
- stop the italc process
- disconnect the windows-client 

	
» Übersetzung(en) tabellarisch anzeigen | immer
» Übersetzungen mit gleichem Wortanfang
» unfortunate | unfortunately
 
	SYNO  	alas | regrettably | unfortunately ... 
	

Unfortunately I wasn't able to reproduce the error because of the rare timing. So we decided to fix this bug anyway. See the attached patch.
Comment 7 Sönke Schwardt-Krummrich univentionstaff 2015-02-20 18:04:18 CET
Patch has been used during build:

sschwardt@omar:/var/univention/buildsystem2/apt/ucs_4.0-0-ucs-school-4.0/source$ gunzip < italc_2.0.22-3.71.201501271147.tar.gz | grep -Fa 'if(t->m_image.width() != cl->width && t->m_image.height() != cl->height)'
        if(t->m_image.width() != cl->width && t->m_image.height() != cl->height)
+       if(t->m_image.width() != cl->width && t->m_image.height() != cl->height)

OK: patch applied
OK: iTALC still works
??: was still unable to trigger the segfault
OK: XML changelog
OK: debian changelog
OK: package built
Comment 8 Sönke Schwardt-Krummrich univentionstaff 2015-02-27 15:19:36 CET
UCS@school 4.0 v2 has been released:
http://docs.univention.de/release-notes-ucsschool-4.0v2-de.html

If this error occurs again, please use "Clone This Bug".
Comment 9 Florian Best univentionstaff 2016-01-19 14:33:15 CET
Maybe this patch would have been a alternative if the theory in comment 6 is correct?:

diff --git a/ucs-school-umc-computerroom/umc/python/computerroom/italc2.py b/ucs-school-umc-computerroom/umc/python/computerroom/italc2.py
index b45a33c..e882540 100644
--- a/ucs-school-umc-computerroom/umc/python/computerroom/italc2.py
+++ b/ucs-school-umc-computerroom/umc/python/computerroom/italc2.py
@@ -461,6 +461,8 @@ class ITALC_Computer( notifier.signals.Provider, QObject ):
        # iTalc: screenshots
        @property
        def screenshot( self ):
+               if self._state.current != 'connected':
+                       return
                image = self._vnc.image()
                if not image.byteCount():
                        return None