Bug 489268 - krfb sigsegv in libqt in QImage::sizeInBytes()
Summary: krfb sigsegv in libqt in QImage::sizeInBytes()
Status: REPORTED
Alias: None
Product: krfb
Classification: Applications
Component: general (show other bugs)
Version: unspecified
Platform: Fedora RPMs Linux
: NOR crash
Target Milestone: ---
Assignee: George Goldberg
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-06-27 00:10 UTC by LC
Modified: 2024-09-18 15:05 UTC (History)
4 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description LC 2024-06-27 00:10:42 UTC 
Fedora 40 Workstation

krfb - 24.05.0-2.fc40

SUMMARY
```
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `krfb'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007f793017319f in QImage::sizeInBytes() const () from /lib64/libQt6Gui.so.6
[Current thread is 1 (Thread 0x7f7929a49d00 (LWP 9239))]
(gdb) bt
#0  0x00007f793017319f in QImage::sizeInBytes() const () from /lib64/libQt6Gui.so.6
#1  0x00007f791895f3eb in QtPrivate::QCallableObject<PWFrameBuffer::Private::Private(PWFrameBuffer*)::{lambda(PipeWireFrame const&)#1}, QtPrivate::List<PipeWireFrame const&>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) () from /usr/lib64/qt6/plugins/krfb/framebuffer/pw.so
#2  0x00007f792f9fa752 in void doActivate<false>(QObject*, int, void**) () from /lib64/libQt6Core.so.6
#3  0x00007f791885d74c in PipeWireSourceStream::frameReceived(PipeWireFrame const&) () from /lib64/libKPipeWire.so.6
#4  0x00007f7918863883 in PipeWireSourceStream::handleFrame(pw_buffer*) () from /lib64/libKPipeWire.so.6
#5  0x00007f79188645af in PipeWireSourceStream::process() () from /lib64/libKPipeWire.so.6
#6  0x00007f79186e9488 in do_call_process () from /lib64/libpipewire-0.3.so.0
#7  0x00007f791864152a in flush_items () from /usr/lib64/spa-0.2/support/libspa-support.so
#8  0x00007f7918640445 in source_event_func () from /usr/lib64/spa-0.2/support/libspa-support.so
#9  0x00007f7918642246 in loop_iterate () from /usr/lib64/spa-0.2/support/libspa-support.so
#10 0x00007f7918852409 in QtPrivate::QCallableObject<PipeWireCore::init(int)::{lambda()#1}, QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) () from /lib64/libKPipeWire.so.6
#11 0x00007f792f9fa752 in void doActivate<false>(QObject*, int, void**) () from /lib64/libQt6Core.so.6
#12 0x00007f792fa0802d in QSocketNotifier::activated(QSocketDescriptor, QSocketNotifier::Type, QSocketNotifier::QPrivateSignal) () from /lib64/libQt6Core.so.6
#13 0x00007f792fa0883b in QSocketNotifier::event(QEvent*) () from /lib64/libQt6Core.so.6
#14 0x00007f7930b8b168 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /lib64/libQt6Widgets.so.6
#15 0x00007f792f995b18 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /lib64/libQt6Core.so.6
#16 0x00007f792fc7dd0f in socketNotifierSourceDispatch(_GSource*, int (*)(void*), void*) () from /lib64/libQt6Core.so.6
#17 0x00007f792e516e8c in g_main_context_dispatch_unlocked.lto_priv () from /lib64/libglib-2.0.so.0
#18 0x00007f792e578c98 in g_main_context_iterate_unlocked.isra () from /lib64/libglib-2.0.so.0
#19 0x00007f792e518383 in g_main_context_iteration () from /lib64/libglib-2.0.so.0
#20 0x00007f792fc7cb53 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt6Core.so.6
#21 0x00007f792f9a2713 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /lib64/libQt6Core.so.6
#22 0x00007f792f99e69c in QCoreApplication::exec() () from /lib64/libQt6Core.so.6
#23 0x0000558736254912 in main ()
```

STEPS TO REPRODUCE
1. launch krfb in fedora 40
2. "Remote Control Requested" Dialog is presented with buttons Share/Cancel
3. Click share

OBSERVED RESULT
```
$ krfb
libEGL warning: pci id for fd 9: 1b36:0100, driver (null)

libEGL warning: MESA-LOADER: failed to open qxl: /usr/lib64/dri/qxl_dri.so: cannot open shared object file: No such file or directory (search paths /usr/lib64/dri, suffix _dri)

MESA: error: ZINK: failed to choose pdev
libEGL warning: egl: failed to create dri2 screen
Initializing D-Bus connectivity with XDG Desktop Portal
DBus session created:  "/org/freedesktop/portal/desktop/request/1_113/krfb4080005267"
kpipewire_logging: Failed to query DMA-BUF formats.
Segmentation fault (core dumped)
```



EXPECTED RESULT
No Crash


SOFTWARE/OS VERSIONS
Linux/KDE Plasma: 6.1.0-3.fc40
(available in About System)
KDE Plasma Version: 6.1.0-3.fc40
KDE Frameworks Version: 6.3.0
Qt Version: 6.7.1

ADDITIONAL INFORMATION
Operating System: Fedora Linux 40
KDE Plasma Version: 6.1.0
KDE Frameworks Version: 6.3.0
Qt Version: 6.7.1
Kernel Version: 6.9.5-200.fc40.x86_64 (64-bit)
Graphics Platform: Wayland
Processors: 64 × QEMU Virtual CPU version 2.5+
Memory: 31.3 GiB of RAM
Graphics Processor: llvmpipe
Manufacturer: QEMU
Product Name: Standard PC (i440FX + PIIX, 1996)
System Version: pc-i440fx-9.0
Comment 1 LC 2024-06-27 00:32:14 UTC 
if you click cancel on that initial dialog where I get the crash, then you can connect via vnc, unfortunately the VNC viewer reports an RFB Protocol Error: Bad Desktop Size 0x0, and the console prints:
```
kf.notifications: No event config could be found for event id "NewConnectionOnHold" under notifyrc file for app "krfb"
kf.notifications: No event config could be found for event id "UserAcceptsConnection" under notifyrc file for app "krfb"
kf.notifications: No event config could be found for event id "ConnectionClosed" under notifyrc file for app "krfb"
```
but it doesn't crash / stays running.

The baremetal server does not have a very powerful graphics card, the Fedora 40 is a VM running in proxmox.