Bug 148738

Summary: [PATCH] [KDE3] krfb receives SIGABRT when closing connection
Product: [Applications] krfb Reporter: kavol <kavol>
Component: generalAssignee: Alessandro Praduroux <pradu>
Status: RESOLVED WORKSFORME    
Severity: crash CC: d_salt, grundleborg
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: another backtrace from krfb crash
Don't free XImage data

Description kavol 2007-08-11 12:11:22 UTC 
Version:            (using KDE KDE 3.5.7)
Installed from:    Gentoo Packages
Compiler:          gcc version 4.1.2 (Gentoo 4.1.2) 
OS:                Linux

hello,

I have troubles using krfb:

1) when connecting from non-local network, I get only a blank screen; it may be somehow related to bug 73825 or bug 65645, the xshm problem, however now I am sitting at the machine I am trying to connect to and I have no access to those remote ones, so I cannot verify ...

2) krfb crashes on connection close, here is the backtrace:

Using host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 47453868940928 (LWP 7224)]
[KCrash handler]
#5  0x00002b28b6df6885 in raise () from /lib/libc.so.6
#6  0x00002b28b6df7b3e in abort () from /lib/libc.so.6
#7  0x00002b28b6e2ca27 in __libc_message () from /lib/libc.so.6
#8  0x00002b28b6e31b1d in malloc_printerr () from /lib/libc.so.6
#9  0x00002b28b6e33146 in free () from /lib/libc.so.6
#10 0x00002b28b6057eb2 in _XDestroyImage () from /usr/lib64/libX11.so.6
#11 0x00000000004110f7 in XUpdateScanner::~XUpdateScanner ()
#12 0x0000000000411dd0 in RFBController::stopServer ()
#13 0x0000000000412c41 in RFBController::~RFBController ()
#14 0x0000000000418ad8 in main ()
Comment 1 kavol 2007-08-11 12:12:28 UTC 
??? - why is this marked wishlist while I've chosen "crash"?
Comment 2 Bram Schoenmakers 2007-08-11 12:49:34 UTC 
We need more info. First could you follow the steps described in http://techbase.kde.org/Development/Tutorials/Debugging/How_to_create_useful_crash_reports in order to provide a better backtrace for us?

Second, maybe you have some useful output on the machine where krfb was running? Have you also used other clients?
Comment 3 kavol 2007-08-13 11:09:23 UTC 
thankyou for the link, I'll take a look ... but do not expect me to be quick ;-)

> Have you also used other clients?

I've tried with krdc 3.5.7 and vncviewer ("VNC Viewer Free Edition 4.1.2 for X")
Comment 4 kavol 2007-08-16 10:31:24 UTC 
ok, so I recompiled krfb with -ggdb flag

then I attached with vncviewer to my desktop to invoke krfb

then I attached gdb to the krfb process

then I disconnected vncviewer and krfb received SIGABRT
see below

btw, the black-screen problem magically disappeared - the only relevant thing which comes to my mind is xhost upgrade in the meantime, but I wonder if this can have an effect ... if you can, please modify the bug description so that we deal only with the crash here; I'll open another report if the problem arises again

# ps -ef | grep rfb
kavol    29062  6667 47 11:15 ?        00:00:05 krfb --kinetd 18
root     29067  4529  0 11:15 pts/12   00:00:00 grep --colour=auto rfb
# gdb krfb 29062
GNU gdb 6.6
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu"...
Using host libthread_db library "/lib/libthread_db.so.1".
Attaching to program: /usr/kde/3.5/bin/krfb, process 29062
Reading symbols from /usr/lib64/libXtst.so.6...done.
Loaded symbols for /usr/lib64/libXtst.so.6
Reading symbols from /usr/kde/3.5/lib64/libkio.so.4...done.
Loaded symbols for /usr/kde/3.5/lib64/libkio.so.4
Reading symbols from /usr/kde/3.5/lib64/libkdeui.so.4...done.
Loaded symbols for /usr/kde/3.5/lib64/libkdeui.so.4
Reading symbols from /usr/kde/3.5/lib64/libkdesu.so.4...done.
Loaded symbols for /usr/kde/3.5/lib64/libkdesu.so.4
Reading symbols from /usr/kde/3.5/lib64/libkwalletclient.so.1...done.
Loaded symbols for /usr/kde/3.5/lib64/libkwalletclient.so.1
Reading symbols from /usr/kde/3.5/lib64/libkdecore.so.4...done.
Loaded symbols for /usr/kde/3.5/lib64/libkdecore.so.4
Reading symbols from /usr/kde/3.5/lib64/libDCOP.so.4...done.
Loaded symbols for /usr/kde/3.5/lib64/libDCOP.so.4
Reading symbols from /lib64/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib64/libutil.so.1...done.
Loaded symbols for /lib/libutil.so.1
Reading symbols from /usr/lib64/libart_lgpl_2.so.2...done.
Loaded symbols for /usr/lib64/libart_lgpl_2.so.2
Reading symbols from /usr/lib64/libidn.so.11...done.
Loaded symbols for /usr/lib64/libidn.so.11
Reading symbols from /usr/kde/3.5/lib64/libkdefx.so.4...done.
Loaded symbols for /usr/kde/3.5/lib64/libkdefx.so.4
Reading symbols from /usr/qt/3/lib64/libqt-mt.so.3...done.
Loaded symbols for /usr/qt/3/lib64/libqt-mt.so.3
Reading symbols from /usr/lib64/libmng.so.1...done.
Loaded symbols for /usr/lib64/libmng.so.1
Reading symbols from /usr/lib64/liblcms.so.1...done.
Loaded symbols for /usr/lib64/liblcms.so.1
Reading symbols from /usr/lib64/libjpeg.so.62...done.
Loaded symbols for /usr/lib64/libjpeg.so.62
Reading symbols from /usr/lib64/libXi.so.6...done.
Loaded symbols for /usr/lib64/libXi.so.6
Reading symbols from /usr/lib64/libXrandr.so.2...done.
Loaded symbols for /usr/lib64/libXrandr.so.2
Reading symbols from /usr/lib64/libXcursor.so.1...done.
Loaded symbols for /usr/lib64/libXcursor.so.1
Reading symbols from /usr/lib64/libXfixes.so.3...done.
Loaded symbols for /usr/lib64/libXfixes.so.3
Reading symbols from /usr/lib64/libXft.so.2...done.
Loaded symbols for /usr/lib64/libXft.so.2
Reading symbols from /usr/lib64/libfontconfig.so.1...done.
Loaded symbols for /usr/lib64/libfontconfig.so.1
Reading symbols from /usr/lib64/libfreetype.so.6...done.
Loaded symbols for /usr/lib64/libfreetype.so.6
Reading symbols from /usr/lib64/libxml2.so.2...done.
Loaded symbols for /usr/lib64/libxml2.so.2
Reading symbols from /usr/lib64/libpng12.so.0...done.
Loaded symbols for /usr/lib64/libpng12.so.0
Reading symbols from /usr/lib64/libXext.so.6...done.
Loaded symbols for /usr/lib64/libXext.so.6
Reading symbols from /usr/lib64/libSM.so.6...done.
Loaded symbols for /usr/lib64/libSM.so.6
Reading symbols from /usr/lib64/libICE.so.6...done.
Loaded symbols for /usr/lib64/libICE.so.6
Reading symbols from /lib64/libpthread.so.0...done.
[Thread debugging using libthread_db enabled]
[New Thread 47777897365120 (LWP 29062)]
[New Thread 1098918208 (LWP 29065)]
[New Thread 1090525504 (LWP 29064)]
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib64/libXrender.so.1...done.
Loaded symbols for /usr/lib64/libXrender.so.1
Reading symbols from /usr/lib64/libX11.so.6...done.
Loaded symbols for /usr/lib64/libX11.so.6
Reading symbols from /usr/lib64/libXau.so.6...done.
Loaded symbols for /usr/lib64/libXau.so.6
Reading symbols from /usr/lib64/libXdmcp.so.6...done.
Loaded symbols for /usr/lib64/libXdmcp.so.6
Reading symbols from /lib64/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib64/libz.so.1...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /usr/lib64/libfam.so.0...done.
Loaded symbols for /usr/lib64/libfam.so.0
Reading symbols from /lib64/libacl.so.1...done.
Loaded symbols for /lib/libacl.so.1
Reading symbols from /lib64/libattr.so.1...done.
Loaded symbols for /lib/libattr.so.1
Reading symbols from /usr/lib64/gcc/x86_64-pc-linux-gnu/4.1.2/libstdc++.so.6...done.
Loaded symbols for /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/libstdc++.so.6
Reading symbols from /lib64/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib64/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /lib64/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/kde/3.5/lib64/kde3/plugins/styles/plastik.so...done.
Loaded symbols for /usr/kde/3.5/lib64/kde3/plugins/styles/plastik.so
Reading symbols from /lib64/libnss_compat.so.2...done.
Loaded symbols for /lib/libnss_compat.so.2
Reading symbols from /lib64/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib64/libnss_nis.so.2...done.
Loaded symbols for /lib/libnss_nis.so.2
Reading symbols from /lib64/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib64/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
0x00002b7428815672 in ?? () from /lib/libc.so.6
(gdb) continue
Continuing.
[Thread 1098918208 (LWP 29065) exited]
[Thread 1090525504 (LWP 29064) exited]

Program received signal SIGABRT, Aborted.
[Switching to Thread 47777897365120 (LWP 29062)]
0x00002b742878c885 in raise () from /lib/libc.so.6
(gdb) backtrace
#0  0x00002b742878c885 in raise () from /lib/libc.so.6
#1  0x00002b742878db3e in abort () from /lib/libc.so.6
#2  0x00002b74287c2a27 in __libc_message () from /lib/libc.so.6
#3  0x00002b74287c7b1d in malloc_printerr () from /lib/libc.so.6
#4  0x00002b74287c9146 in free () from /lib/libc.so.6
#5  0x00002b74279edeb2 in _XDestroyImage () from /usr/lib64/libX11.so.6
#6  0x00000000004110d7 in ~XUpdateScanner (this=0x846680) at xupdatescanner.cc:203
#7  0x0000000000411db0 in RFBController::stopServer (this=0x7fff8662ca40, xtestUngrab=true) at rfbcontroller.cc:481
#8  0x0000000000412c21 in ~RFBController (this=0x7186) at rfbcontroller.cc:381
#9  0x0000000000418ab8 in main (argc=<value optimized out>, argv=<value optimized out>) at main.cpp:188
(gdb)
Comment 5 kavol 2007-08-16 13:10:31 UTC 
I've recompiled the libraries too (with -ggdb) ... and after reading further documentation, I guess "backtrace full" should be more helpful:

# gdb krfb 8605
GNU gdb 6.6
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu"...
Using host libthread_db library "/lib/libthread_db.so.1".
Attaching to program: /usr/kde/3.5/bin/krfb, process 8605
Reading symbols from /usr/lib64/libXtst.so.6...done.
Loaded symbols for /usr/lib64/libXtst.so.6
Reading symbols from /usr/kde/3.5/lib64/libkio.so.4...done.
Loaded symbols for /usr/kde/3.5/lib64/libkio.so.4
Reading symbols from /usr/kde/3.5/lib64/libkdeui.so.4...done.
Loaded symbols for /usr/kde/3.5/lib64/libkdeui.so.4
Reading symbols from /usr/kde/3.5/lib64/libkdesu.so.4...done.
Loaded symbols for /usr/kde/3.5/lib64/libkdesu.so.4
Reading symbols from /usr/kde/3.5/lib64/libkwalletclient.so.1...done.
Loaded symbols for /usr/kde/3.5/lib64/libkwalletclient.so.1
Reading symbols from /usr/kde/3.5/lib64/libkdecore.so.4...done.
Loaded symbols for /usr/kde/3.5/lib64/libkdecore.so.4
Reading symbols from /usr/kde/3.5/lib64/libDCOP.so.4...done.
Loaded symbols for /usr/kde/3.5/lib64/libDCOP.so.4
Reading symbols from /lib64/libresolv.so.2...done.
Loaded symbols for /lib/libresolv.so.2
Reading symbols from /lib64/libutil.so.1...done.
Loaded symbols for /lib/libutil.so.1
Reading symbols from /usr/lib64/libart_lgpl_2.so.2...done.
Loaded symbols for /usr/lib64/libart_lgpl_2.so.2
Reading symbols from /usr/lib64/libidn.so.11...done.
Loaded symbols for /usr/lib64/libidn.so.11
Reading symbols from /usr/kde/3.5/lib64/libkdefx.so.4...done.
Loaded symbols for /usr/kde/3.5/lib64/libkdefx.so.4
Reading symbols from /usr/qt/3/lib64/libqt-mt.so.3...done.
Loaded symbols for /usr/qt/3/lib64/libqt-mt.so.3
Reading symbols from /usr/lib64/libmng.so.1...done.
Loaded symbols for /usr/lib64/libmng.so.1
Reading symbols from /usr/lib64/liblcms.so.1...done.
Loaded symbols for /usr/lib64/liblcms.so.1
Reading symbols from /usr/lib64/libjpeg.so.62...done.
Loaded symbols for /usr/lib64/libjpeg.so.62
Reading symbols from /usr/lib64/libXi.so.6...done.
Loaded symbols for /usr/lib64/libXi.so.6
Reading symbols from /usr/lib64/libXrandr.so.2...done.
Loaded symbols for /usr/lib64/libXrandr.so.2
Reading symbols from /usr/lib64/libXcursor.so.1...done.
Loaded symbols for /usr/lib64/libXcursor.so.1
Reading symbols from /usr/lib64/libXfixes.so.3...done.
Loaded symbols for /usr/lib64/libXfixes.so.3
Reading symbols from /usr/lib64/libXft.so.2...done.
Loaded symbols for /usr/lib64/libXft.so.2
Reading symbols from /usr/lib64/libfontconfig.so.1...done.
Loaded symbols for /usr/lib64/libfontconfig.so.1
Reading symbols from /usr/lib64/libfreetype.so.6...done.
Loaded symbols for /usr/lib64/libfreetype.so.6
Reading symbols from /usr/lib64/libxml2.so.2...done.
Loaded symbols for /usr/lib64/libxml2.so.2
Reading symbols from /usr/lib64/libpng12.so.0...done.
Loaded symbols for /usr/lib64/libpng12.so.0
Reading symbols from /usr/lib64/libXext.so.6...done.
Loaded symbols for /usr/lib64/libXext.so.6
Reading symbols from /usr/lib64/libSM.so.6...done.
Loaded symbols for /usr/lib64/libSM.so.6
Reading symbols from /usr/lib64/libICE.so.6...done.
Loaded symbols for /usr/lib64/libICE.so.6
Reading symbols from /lib64/libpthread.so.0...done.
[Thread debugging using libthread_db enabled]
[New Thread 47629995507328 (LWP 8605)]
[New Thread 1098918208 (LWP 8608)]
[New Thread 1090525504 (LWP 8607)]
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib64/libXrender.so.1...done.
Loaded symbols for /usr/lib64/libXrender.so.1
Reading symbols from /usr/lib64/libX11.so.6...done.
Loaded symbols for /usr/lib64/libX11.so.6
Reading symbols from /usr/lib64/libXau.so.6...done.
Loaded symbols for /usr/lib64/libXau.so.6
Reading symbols from /usr/lib64/libXdmcp.so.6...done.
Loaded symbols for /usr/lib64/libXdmcp.so.6
Reading symbols from /lib64/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib64/libz.so.1...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /usr/lib64/libfam.so.0...done.
Loaded symbols for /usr/lib64/libfam.so.0
Reading symbols from /lib64/libacl.so.1...done.
Loaded symbols for /lib/libacl.so.1
Reading symbols from /lib64/libattr.so.1...done.
Loaded symbols for /lib/libattr.so.1
Reading symbols from /usr/lib64/gcc/x86_64-pc-linux-gnu/4.1.2/libstdc++.so.6...done.
Loaded symbols for /usr/lib/gcc/x86_64-pc-linux-gnu/4.1.2/libstdc++.so.6
Reading symbols from /lib64/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /lib64/libgcc_s.so.1...done.
Loaded symbols for /lib/libgcc_s.so.1
Reading symbols from /lib64/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/kde/3.5/lib64/kde3/plugins/styles/plastik.so...done.
Loaded symbols for /usr/kde/3.5/lib64/kde3/plugins/styles/plastik.so
Reading symbols from /lib64/libnss_compat.so.2...done.
Loaded symbols for /lib/libnss_compat.so.2
Reading symbols from /lib64/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /lib64/libnss_nis.so.2...done.
Loaded symbols for /lib/libnss_nis.so.2
Reading symbols from /lib64/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
Reading symbols from /lib64/libnss_dns.so.2...done.
Loaded symbols for /lib/libnss_dns.so.2
0x00002b51b8de1672 in ?? () from /lib/libc.so.6
(gdb) continue
Continuing.
[Thread 1098918208 (LWP 8608) exited]
[Thread 1090525504 (LWP 8607) exited]

Program received signal SIGABRT, Aborted.
[Switching to Thread 47629995507328 (LWP 8605)]
0x00002b51b8d58885 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
64      ../nptl/sysdeps/unix/sysv/linux/raise.c: No such file or directory.
        in ../nptl/sysdeps/unix/sysv/linux/raise.c
Current language:  auto; currently c
(gdb) bt full
#0  0x00002b51b8d58885 in *__GI_raise (sig=<value optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
        pid = <value optimized out>
        selftid = <value optimized out>
#1  0x00002b51b8d59b3e in *__GI_abort () at abort.c:88
        act = {__sigaction_handler = {sa_handler = 0x7ffff605fd80, sa_sigaction = 0x7ffff605fd80}, sa_mask = {__val = {140737320975600, 140737320975792,
      140737320975776, 8589934592, 140737320975792, 140737320988978, 4, 47629994227464, 1, 4226843, 37, 47629994223199, 3, 140737320975790, 2,
      47629994222421}}, sa_flags = 1, sa_restorer = 0x2b51b8e2f71c <_fini+36408868>}
        sigs = {__val = {32, 0 <repeats 15 times>}}
#2  0x00002b51b8d8ea27 in __libc_message (do_abort=2, fmt=0x2b51b8e31498 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
        ap = {{gp_offset = 40, fp_offset = 48, overflow_arg_area = 0x7ffff6060710, reg_save_area = 0x7ffff6060620}}
        ap_copy = {{gp_offset = 16, fp_offset = 48, overflow_arg_area = 0x7ffff6060710, reg_save_area = 0x7ffff6060620}}
        fd = 2
        list = (struct str_list *) 0x7ffff605fe80
        nlist = -167378976
        cp = 0x9 <Address 0x9 out of bounds>
        written = false
#3  0x00002b51b8d93b1d in malloc_printerr (action=2, str=0x2b51b8e315a0 "double free or corruption (!prev)", ptr=<value optimized out>) at malloc.c:5758
        buf = "0000000000849d90"
        cp = 0x9 <Address 0x9 out of bounds>
#4  0x00002b51b8d95146 in *__GI___libc_free (mem=0x6) at malloc.c:3541
        ar_ptr = (mstate) 0x2b51b8f5f960
        p = <value optimized out>
        hook = <value optimized out>
#5  0x00002b51b7fb9ef2 in _XDestroyImage (ximage=0x84b6a0) at ImUtil.c:442
No locals.
#6  0x00000000004110d7 in ~XUpdateScanner (this=0x846700) at xupdatescanner.cc:203
No locals.
#7  0x0000000000411db0 in RFBController::stopServer (this=0x7ffff60607e0, xtestUngrab=true) at rfbcontroller.cc:481
No locals.
#8  0x0000000000412c21 in ~RFBController (this=0x219d) at rfbcontroller.cc:381
No locals.
#9  0x0000000000418ab8 in main (argc=<value optimized out>, argv=<value optimized out>) at main.cpp:188
        aboutData = {mAppName = 0x43a267 "krfb", mProgramName = 0x438c8d "Desktop Sharing", mVersion = 0x43e258 "1.0",
  mShortDescription = 0x4395c0 "VNC-compatible server to share KDE desktops", mLicenseKey = 1,
  mCopyrightStatement = 0x439170 "(c) 2001-2003, Tim Jansen\n(c) 2001, Johannes E. Schindelin\n(c) 2000, heXoNet Support GmbH, D-66424 Homburg\n(c) 2000-2001, Const Kaplinsky\n(c) 2000, Tridia Corporation\n(c) 1999, AT&T Laboratories Cambr"..., mOtherText = 0x0, mHomepageAddress = 0x43e21c "",
  mBugEmailAddress = 0x438d97 "tim@tjansen.de"
, mAuthorList = {sh = 0x56cfa0}, mCreditList = {sh = 0x56d000}, mLicenseText = 0x0, d = 0x56d060}
        app = {<> = {<No data fields>}, <KInstance> = {_vptr.KInstance = 0x2b51b5ae5a88, _dirs = 0x5ee7f0, _config = 0x5ee4c0, _iconLoader = 0x63ae20,
    _name = <incomplete type>, _aboutData = 0x7ffff6060fb0, d = 0x5800a0}, static metaObj = 0x5b3990, display = 0x573790, kipcCommAtom = 308,
  kipcEventMask = 511, static KApp = 0x7ffff6060d20, pArgc = 0, pSessionConfig = 0x0, static s_DCOPClient = 0x5cb9c0,
  static s_dcopClientNeedsPostInit = false, aCaption = {static null = {static null = <same as static member of an already seen type>, d = 0x561da0,
      static shared_null = 0x561da0}, d = 0x561da0, static shared_null = 0x561da0}, bSessionManagement = true, aIconPixmap = {pm = {icon = 0x726d30,
      miniIcon = 0x8321a0},
    unused = "0mr\000\000\000\000\000�!\203\000\000\000\000\000\200\017\006��\177\000\000\230\017\006��\177\000\000h� �Q+", '\0' <repeats 19 times>, "�\036�Q+\000\000Pd@\000\000\000\000\000�h(�Q+\000\000\230+@\000\000\000\000\000\000\000\000\000\001\000\000"}, aIconName = {static null = {
      static null = <same as static member of an already seen type>, d = 0x561da0, static shared_null = 0x561da0}, d = 0x561da0,
    static shared_null = 0x561da0}, aMiniIconName = {static null = {static null = <same as static member of an already seen type>, d = 0x561da0,
      static shared_null = 0x561da0}, d = 0x561da0, static shared_null = 0x561da0}, useStyles = true, smw = 0x5ca070, static loadedByKdeinit = false,
  captionLayout = -167374976, d = 0x580450}
        config = (class Configuration *) 0x5ca680
        args = <value optimized out>
        fdString = {static null = {static null = <same as static member of an already seen type>, d = 0x561da0, static shared_null = 0x561da0},
  d = 0x5c5190, static shared_null = 0x561da0}
        trayicon = {<KSystemTray> = {<> = {<No data fields>}, static metaObj = 0x830200, menu = 0x831000, minimizeRestoreId = -1191808248, hasQuit = 1,
    d = 0x77f6b0}, static metaObj = 0x7410e0, trayIconOpen = {<> = {<No data fields>}, d = 0x779f80}, trayIconClosed = {<> = {<No data fields>},
    d = 0x778f40}, configuration = 0x5ca680, aboutDialog = 0x739220, actionCollection = {<> = {<No data fields>}, static metaObj = 0x73fc10,
    d = 0x740cf0}, manageInvitationsAction = 0x8336a0, aboutAction = 0x835b00, enableControlAction = 0x8344c0, quitting = false}
        controller = {<> = {<No data fields>}, static metaObj = 0x841930, state = RFB_STOPPED, remoteIp = {static null = {
      static null = <same as static member of an already seen type>, d = 0x561da0, static shared_null = 0x561da0}, d = 0x85c070,
    static shared_null = 0x561da0}, allowDesktopControl = true, initIdleTimer = <incomplete type>, idleTimer = <incomplete type>,
---Type <return> to continue, or q <return> to quit---
  lastClipboardDirection = LAST_SYNC_TO_SERVER, lastClipboardText = {static null = {static null = <same as static member of an already seen type>,
      d = 0x561da0, static shared_null = 0x561da0}, d = 0x561da0, static shared_null = 0x561da0}, clipboard = 0x5cba90, configuration = 0x5ca680,
  scanner = 0x846700, dialog = {<KDialogBase> = {<KDialog> = {<> = {<No data fields>}, static metaObj = 0x638ab0, static mMarginSize = 11,
        static mSpacingSize = 6, d = 0x0}, static metaObj = 0x638c60, mTopLayout = 0x839ef0, mMainWidget = 0x83a0c0, mUrlHelp = 0x0, mJanus = 0x0,
      mActionSep = 0x836ab0, mIsActivated = true, mAnchor = {static null = {static null = <same as static member of an already seen type>, d = 0x561da0,
          static shared_null = 0x561da0}, d = 0x561da0, static shared_null = 0x561da0}, mHelpApp = {static null = {
          static null = <same as static member of an already seen type>, d = 0x561da0, static shared_null = 0x561da0}, d = 0x561da0,
        static shared_null = 0x561da0}, mHelpLinkText = {static null = {static null = <same as static member of an already seen type>, d = 0x561da0,
          static shared_null = 0x561da0}, d = 0x561da0, static shared_null = 0x561da0}, static mTile = 0x636e30, mShowTile = false,
      mMessageBoxMode = false, mButtonOrientation = 0, mEscapeButton = KDialogBase::Cancel, d = 0x79d030}, static metaObj = 0x841480,
    m_connectWidget = 0x83a0c0}, desktopName = {static null = {static null = <same as static member of an already seen type>, d = 0x561da0,
      static shared_null = 0x561da0}, d = 0x845750, static shared_null = 0x561da0}, server = 0x846300, framebufferImage = 0x845630,
  asyncMutex = <incomplete type>, asyncQueue = {<QGList> = {<> = {<No data fields>}, firstNode = 0x0, lastNode = 0x0, curNode = 0x0, curIndex = -1,
      numNodes = 0, iterators = 0x0}, <No data fields>}, disableBackgroundPending = false, disableBackgroundState = false, closePending = false,
  forcedClose = false}
        dcopiface = {<> = {<No data fields>}, <krfbIface> = {<error reading variable>
        sigs = {__val = {4096, 0 <repeats 15 times>}}
        ok = true
        fdNum = <value optimized out>
(gdb)
Comment 6 kavol 2007-08-29 09:55:52 UTC 
yet another interesting case - running vncserver, connecting to it using vncviewer, then connecting to krfb of that session, closing the second vncviewer and watching drkonqui appearing in the first vncviewer

 [?1034hUsing host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 47127865826944 (LWP 14633)]
[KCrash handler]
#5  0x00002adccf92a885 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6  0x00002adccf92bb3e in *__GI_abort () at abort.c:88
#7  0x00002adccf960a27 in __libc_message (do_abort=2, 
    fmt=0x2adccfa03498 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#8  0x00002adccf965b1d in malloc_printerr (action=2, 
    str=0x2adccfa035a0 "double free or corruption (!prev)", 
    ptr=<value optimized out>) at malloc.c:5758
#9  0x00002adccf967146 in *__GI___libc_free (mem=0x6) at malloc.c:3541
#10 0x00002adcceb8bef2 in _XDestroyImage (ximage=0x848080) at ImUtil.c:442
#11 0x00000000004110d7 in ~XUpdateScanner (this=0x845400)
    at xupdatescanner.cc:203
#12 0x0000000000411db0 in RFBController::stopServer (this=0x7fffdf490700, 
    xtestUngrab=true) at rfbcontroller.cc:481
#13 0x0000000000412c21 in ~RFBController (this=0x3929) at rfbcontroller.cc:381
#14 0x0000000000418ab8 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at main.cpp:188
Current language:  auto; currently c
 [?1034hUsing host libthread_db library "/lib/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 47127865826944 (LWP 14633)]
[KCrash handler]
#5  0x00002adccf92a885 in *__GI_raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6  0x00002adccf92bb3e in *__GI_abort () at abort.c:88
#7  0x00002adccf960a27 in __libc_message (do_abort=2, 
    fmt=0x2adccfa03498 "*** glibc detected *** %s: %s: 0x%s ***\n")
    at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#8  0x00002adccf965b1d in malloc_printerr (action=2, 
    str=0x2adccfa035a0 "double free or corruption (!prev)", 
    ptr=<value optimized out>) at malloc.c:5758
#9  0x00002adccf967146 in *__GI___libc_free (mem=0x6) at malloc.c:3541
#10 0x00002adcceb8bef2 in _XDestroyImage (ximage=0x848080) at ImUtil.c:442
#11 0x00000000004110d7 in ~XUpdateScanner (this=0x845400)
    at xupdatescanner.cc:203
#12 0x0000000000411db0 in RFBController::stopServer (this=0x7fffdf490700, 
    xtestUngrab=true) at rfbcontroller.cc:481
#13 0x0000000000412c21 in ~RFBController (this=0x3929) at rfbcontroller.cc:381
#14 0x0000000000418ab8 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at main.cpp:188
Current language:  auto; currently c


p.s. can somebody please modify the bug summary so that we do not mess with the "black screen problem"? - originally, I thought this may be related, but now I know there is other cause and I will open new report as soon as I can verify my suspections
Comment 7 kavol 2008-02-18 10:21:19 UTC 
Created attachment 23612 [details]
another backtrace from krfb crash

I experience the same problem on my Fedora box too

$ krfb --version
Qt: 3.3.8
KDE: 3.5.8-19.fc8 Fedora
Desktop Sharing: 1.0
Comment 8 Dmitry 2009-04-20 11:36:18 UTC 
Qt: 3.3.8b
KDE: 3.5.10
Desktop Sharing: 1.0

Protokol:
[Thread debugging using libthread_db enabled]
[New Thread 0xb689b6c0 (LWP 6777)]

[KCrash handler]
#6  0xb7fad410 in __kernel_vsyscall ()
#7  0xb6946085 in raise () from /lib/tls/i686/cmov/libc.so.6
#8  0xb6947a01 in abort () from /lib/tls/i686/cmov/libc.so.6
#9  0xb697eb7c in ?? () from /lib/tls/i686/cmov/libc.so.6
#10 0xb6986a85 in ?? () from /lib/tls/i686/cmov/libc.so.6
#11 0xb698a4f0 in free () from /lib/tls/i686/cmov/libc.so.6
#12 0xb725dda9 in ?? () from /usr/lib/libX11.so.6
#13 0x08056cfc in ?? ()
#14 0x08057b0d in ?? ()
#15 0x0805ade7 in ?? ()
#16 0x0805f420 in ?? ()
#17 0xb6931450 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#18 0x08055701 in ?? ()
Comment 9 kavol 2009-04-20 11:58:48 UTC 
still experiencing the same, and not just on connection close ...

Qt: 3.3.8b
KDE: 3.5.10
Desktop Sharing: 1.0


 [?1034h[Thread debugging using libthread_db enabled]
[New Thread 0x7fef74361760 (LWP 11827)]
[KCrash handler]
#5  0x00000031b80321e5 in raise (sig=<value optimized out>)
    at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#6  0x00000031b8033703 in abort () at abort.c:88
#7  0x00000031b806d998 in __libc_message (do_abort=<value optimized out>, 
    fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:170
#8  0x00000031b8073138 in malloc_printerr (action=<value optimized out>, 
    str=<value optimized out>, ptr=<value optimized out>) at malloc.c:5994
#9  0x00000031b8074c76 in __libc_free (mem=<value optimized out>)
    at malloc.c:3625
#10 0x00000031ba02f932 in _XDestroyImage (ximage=<value optimized out>)
    at ImUtil.c:438
#11 0x0000000000415757 in ~XUpdateScanner (this=0x1bbe590)
    at xupdatescanner.cc:203
#12 0x0000000000411b20 in RFBController::stopServer (this=0x7fff7c3a42b0, 
    xtestUngrab=true) at rfbcontroller.cc:481
#13 0x0000000000412c01 in ~RFBController (this=0x2e33) at rfbcontroller.cc:381
#14 0x0000000000416748 in main (argc=<value optimized out>, 
    argv=<value optimized out>) at main.cpp:189
Current language:  auto; currently c
Comment 10 Jan-Marek Glogowski 2009-08-10 15:31:50 UTC 
Created attachment 36042 [details]
Don't free XImage data

From XCreateImage / XDestroyImage manpage:

"Note that when the image is created using XCreateImage, XGetImage, or XSubImage, the destroy procedure that the XDestroyImage function calls frees both the image structure and the data pointed to by the image structure."

This fixes the crash for me.
Comment 11 George Goldberg 2009-09-11 12:20:47 UTC 
From looking at the code, I'm pretty certain this bug was fixed in the KDE 4 port of krfb.