Xpra: Ticket #364: invalid window dimensions crash the client

Split from #336:

managed to crash client by opening menu in kcalc and dragging kcalc while its menu is visible. This is not very easy to reproduce but I hope that the crash log may reveal some details:

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/xpra/client.py", line 1367, in _process_configure_override_redirect
    window.move_resize(x, y, w, h)
  File "/usr/lib/python2.7/dist-packages/xpra/client_window.py", line 583, in move_resize
    self.new_backing(w, h)
  File "/usr/lib/python2.7/dist-packages/xpra/client_window.py", line 308, in new_backing
    self._backing = new_backing(self._id, w, h, self._backing, self._client.supports_mmap, self._client.mmap)
  File "/usr/lib/python2.7/dist-packages/xpra/window_backing.py", line 497, in new_backing
    return make_new_backing(backing_class, wid, w, h, backing, mmap_enabled, mmap)
  File "/usr/lib/python2.7/dist-packages/xpra/window_backing.py", line 510, in make_new_backing
    backing.init(w, h)
  File "/usr/lib/python2.7/dist-packages/xpra/window_backing.py", line 345, in init
    assert w<32768 and h<32768, "dimensions too big: %sx%s" % (w, h)
AssertionError: dimensions too big: 165898320x110598880
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/xpra/client_window.py", line 464, in do_expose_event
    context = self.window.cairo_create()
cairo.Error: invalid value (typically too big) for the size of the input (surface, pattern, etc.)
The program 'Xpra' received an X Window System error.
This probably reflects a bug in the program.
The error was 'BadAlloc (insufficient resources for operation)'.
  (Details: serial 48161 error_code 11 request_code 12 minor_code 0)

We should not be sending those invalid dimensions to the client! (dimensions too big: 165898320x110598880)

And ideally, we should detect this problem before we store the dimensions in our data structures as this may well cause other problems.



Mon, 01 Jul 2013 13:47:40 GMT - Antoine Martin: owner changed

Can you please try both and confirm that the crash is prevented? (even so, I will keep this ticket open so I can find a proper solution - this is more of a temporary workaround)


Tue, 16 Jul 2013 06:21:25 GMT - Antoine Martin: status changed; resolution set

Not heard back, closing. Feel free to re-open.


Tue, 16 Jul 2013 10:30:24 GMT - onlyjob:

Sorry for not being able to test your fix. I'll try to reproduce with 0.10 to make sure if it was fixed. Thanks.


Sat, 23 Jan 2021 04:52:50 GMT - migration script:

this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/364