Xpra: Ticket #1739: server crash on dock tray request

Reproducible using the modified tray test app as of r17984.

It seems that we end up processing the dock request with a gdk window containing invalid values (geometry returns random junk). Simply accessing the visual's "depth" attribute causes the crash.

Typical output:

ClientMessage event 0x8dd : <X11:ClientMessage {'delivered_to': '0x400024', 'send_event': 1, 'format': 32, 'data': (85239074, 0, 8388612, 0, 0), 'window': '0x400024', 'type': 33, 'serial': '0x8dd', 'message_type': '_NET_SYSTEM_TRAY_OPCODE', 'display': ':10'}>
  delivering event to window itself: 0x400024  (signal=xpra-client-message-event)
  forwarding event to a SystemTray window 0x400024 handler's xpra-client-message-event signal
tray docking request from 0x800004
dock_tray(0x800004)
dock_tray: root=<gtk.gdk.Window object at 0x7fb318168e10 (GdkWindow at 0x560a52d9c360)>, \
    window=<gtk.gdk.Window object at 0x7fb305b570a0 (GdkWindow at 0x560a53588b40)>
dock_tray: geometry=(0, 0)
Segmentation fault (core dumped)

With gdb:

(gdb) bt
#0  0x00007fffe6865af5 in gdk_window_impl_x11_get_colormap (drawable=<optimized out>) at gdkwindow-x11.c:380
#1  0x00007fffe682ee82 in gdk_window_real_get_visual (drawable=<optimized out>) at gdkwindow.c:5045
#2  0x00007fffe72f05cd in _wrap_gdk_drawable_get_visual (self=0x7fffadfd8820) at gdk.c:6538
#3  0x00007ffff7afe421 in call_function (oparg=<optimized out>, pp_stack=0x7fffffffb448) at /usr/src/debug/python2-2.7.14-4.fc27.x86_64/Python/ceval.c:4418
#4  0x00007ffff7afe421 in PyEval_EvalFrameEx (f=f@entry=0x55555674abd0, throwflag=throwflag@entry=0) at /usr/src/debug/python2-2.7.14-4.fc27.x86_64/Python/ceval.c:3068
#5  0x00007ffff7afcf59 in fast_function (nk=<optimized out>, na=<optimized out>, n=2, pp_stack=0x7fffffffb568, func=0x7fffe0d03050)
    at /usr/src/debug/python2-2.7.14-4.fc27.x86_64/Python/ceval.c:4519
#6  0x00007ffff7afcf59 in call_function (oparg=<optimized out>, pp_stack=0x7fffffffb568) at /usr/src/debug/python2-2.7.14-4.fc27.x86_64/Python/ceval.c:4454
#7  0x00007ffff7afcf59 in PyEval_EvalFrameEx (f=f@entry=0x555556582a20, throwflag=throwflag@entry=0) at /usr/src/debug/python2-2.7.14-4.fc27.x86_64/Python/ceval.c:3068
#8  0x00007ffff7aff5d8 in PyEval_EvalCodeEx (co=<optimized out>, globals=<optimized out>, locals=<optimized out>, args=<optimized out>, argcount=<optimized out>, kws=0x0, kwcount=0, defs=0x0, defcount=0, closure=0x0) at /usr/src/debug/python2-2.7.14-4.fc27.x86_64/Python/ceval.c:3666
#9  0x00007ffff7a4d94e in function_call (func=0x7fffe0cdaf50, arg=0x7fffc407c6c8, kw=0x0) at /usr/src/debug/python2-2.7.14-4.fc27.x86_64/Objects/funcobject.c:523
#10 0x00007ffff7a38973 in PyObject_Call (func=0x7fffe0cdaf50, arg=<optimized out>, kw=<optimized out>) at /usr/src/debug/python2-2.7.14-4.fc27.x86_64/Objects/abstract.c:2547
#11 0x00007ffff7a411ae in instancemethod_call (func=0x7fffe0cdaf50, arg=0x7fffc407c6c8, kw=0x0) at /usr/src/debug/python2-2.7.14-4.fc27.x86_64/Objects/classobject.c:2602
#12 0x00007ffff7a38973 in PyObject_Call (func=0x7fffcc03a410, arg=<optimized out>, kw=<optimized out>) at /usr/src/debug/python2-2.7.14-4.fc27.x86_64/Objects/abstract.c:2547
#13 0x00007ffff7af5c07 in PyEval_CallObjectWithKeywords (func=func@entry=0x7fffcc03a410, arg=arg@entry=0x7fffc6142910, kw=kw@entry=0x0)
    at /usr/src/debug/python2-2.7.14-4.fc27.x86_64/Python/ceval.c:4303
#14 0x00007ffff7a39c77 in PyObject_CallObject (o=o@entry=0x7fffcc03a410, a=a@entry=0x7fffc6142910) at /usr/src/debug/python2-2.7.14-4.fc27.x86_64/Objects/abstract.c:2535
#15 0x00007fffe75fa41b in pyg_signal_class_closure_marshal (closure=<optimized out>, return_value=0x7fffffffbd10, n_param_values=<optimized out>, param_values=<optimized out>, invocation_hint=<optimized out>, marshal_data=<optimized out>) at pygtype.c:1377
#16 0x00007fffe7f9e73d in g_closure_invoke () at /lib64/libgobject-2.0.so.0
#17 0x00007fffe7fb0f30 in signal_emit_unlocked_R () at /lib64/libgobject-2.0.so.0
#18 0x00007fffe7fb9270 in g_signal_emitv () at /lib64/libgobject-2.0.so.0
#19 0x00007fffe75f2fe4 in pygobject_emit (self=<optimized out>, args=0x7fffc4084f80) at pygobject.c:1845
#20 0x00007fffdf7a6098 in __Pyx_PyObject_Call (kw=0x0, arg=0x7fffc4084f80, func=<optimized out>) at xpra/x11/gtk2/gdk_bindings.c:21510
#21 0x00007fffdf7a6098 in __pyx_f_4xpra_3x11_4gtk2_12gdk_bindings__maybe_send_event (__pyx_v_DEBUG=__pyx_v_DEBUG@entry=1, __pyx_v_handlers=__pyx_v_handlers@entry=0x7fffcc11ade8, __pyx_v_signal=__pyx_v_signal@entry=0x7fffdfbf1df0, __pyx_v_event=__pyx_v_event@entry=0x7fffcc0cce90, __pyx_optional_args=__pyx_optional_args@entry=0x7fffffffbf30)
    at xpra/x11/gtk2/gdk_bindings.c:11664
#22 0x00007fffdf7b5109 in __pyx_f_4xpra_3x11_4gtk2_12gdk_bindings__route_event (__pyx_v_etype=__pyx_v_etype@entry=33, __pyx_v_event=__pyx_v_event@entry=0x7fffcc0cce90, __pyx_v_signal=__pyx_v_signal@entry=0x7fffdfbf1df0, __pyx_v_parent_signal=__pyx_v_parent_signal@entry=0x7ffff7d8cdc0 <_Py_NoneStruct>) at xpra/x11/gtk2/gdk_bindings.c:12409
#23 0x00007fffdf7b8915 in __pyx_f_4xpra_3x11_4gtk2_12gdk_bindings_x_event_filter (__pyx_v_e_gdk=<optimized out>, __pyx_v_gdk_event=<optimized out>, __pyx_v_userdata=<optimized out>) at xpra/x11/gtk2/gdk_bindings.c:14201
#24 0x00007fffe684f39f in gdk_event_apply_filters (xevent=xevent@entry=0x7fffffffc2f0, event=event@entry=0x55555690bb50, window=window@entry=0x0) at gdkevents-x11.c:371
#25 0x00007fffe6850988 in gdk_event_translate (display=display@entry=0x555555eec1f0, event=event@entry=0x55555690bb50, xevent=xevent@entry=0x7fffffffc2f0, return_exposes=return_exposes@entry=0) at gdkevents-x11.c:969
#26 0x00007fffe6852d05 in _gdk_events_queue (display=display@entry=0x555555eec1f0) at gdkevents-x11.c:2358
#27 0x00007fffe6852dae in gdk_event_dispatch (source=<optimized out>, callback=<optimized out>, user_data=<optimized out>) at gdkevents-x11.c:2419
#28 0x00007fffe7ac3bb7 in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#29 0x00007fffe7ac3f60 in g_main_context_iterate.isra () at /lib64/libglib-2.0.so.0
#30 0x00007fffe7ac4272 in g_main_loop_run () at /lib64/libglib-2.0.so.0
#31 0x00007fffe6bf8567 in IA__gtk_main () at gtkmain.c:1268
(...)


Thu, 11 Jan 2018 12:33:43 GMT - Antoine Martin: status changed; resolution set

r17986 fixes the crash, backport in r17987.

It seems that we can just ignore the requests with invalid tray geometry, a correct one comes through afterwards!?


Sat, 23 Jan 2021 05:32:31 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/1739