Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 86145

Summary: VM Crash when running remotely via cygwin/X
Product: [Eclipse Project] Platform Reporter: David Martinez <hackerdude.david>
Component: SWTAssignee: Billy Biggs <billy.biggs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: billy.biggs
Version: 3.0.1   
Target Milestone: 3.1 M6   
Hardware: Sun   
OS: Solaris-Motif   
Whiteboard:
Attachments:
Description Flags
Modified simple Hello program for testing none

Description David Martinez CLA 2005-02-22 11:08:01 EST 
Using Cygwin 1.5.12 (0.116/4/2) and forwarding X from a Solaris 3.0.1 eclipse,
the system fails to start with the following error:

ssh -X eclipse.sun.box

bash-2.05$ ./eclipse 

An unexpected exception has been detected in native code outside the VM.
Unexpected Signal : 11 occurred at PC=0xFF38058C
Function=memcpy+0xB0
Library=/usr/platform/sun4u/lib/libc_psr.so.1

Current Java thread:
        at org.eclipse.swt.internal.motif.OS.memmove(Native Method)
        at org.eclipse.swt.graphics.Image.<init>(Image.java:245)
        at org.eclipse.swt.widgets.Label.setBitmap(Label.java:380)
        at org.eclipse.swt.widgets.Label.setImage(Label.java:462)
        at
org.eclipse.jface.dialogs.TitleAreaDialog.createTitleArea(TitleAreaDialog.java:180)
        at
org.eclipse.jface.dialogs.TitleAreaDialog.createContents(TitleAreaDialog.java:107)
        at org.eclipse.jface.window.Window.create(Window.java:348)
        at org.eclipse.jface.dialogs.Dialog.create(Dialog.java:925)
        at org.eclipse.jface.window.Window.open(Window.java:637)
        at
org.eclipse.ui.internal.ide.ChooseWorkspaceDialog.prompt(ChooseWorkspaceDialog.java:65)
        at
org.eclipse.ui.internal.ide.IDEApplication.promptForWorkspace(IDEApplication.java:314)
        at
org.eclipse.ui.internal.ide.IDEApplication.checkInstanceLocation(IDEApplication.java:219)
        at org.eclipse.ui.internal.ide.IDEApplication.run(IDEApplication.java:83)
        at
org.eclipse.core.internal.runtime.PlatformActivator$1.run(PlatformActivator.java:335)
        at
org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:273)
        at
org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:129)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:324)
        at org.eclipse.core.launcher.Main.basicRun(Main.java:185)
        at org.eclipse.core.launcher.Main.run(Main.java:704)
        at org.eclipse.core.launcher.Main.main(Main.java:688)

Dynamic libraries:
0x10000         /usr/bin/java
0xff360000      /usr/lib/libthread.so.1
0xff39a000      /usr/lib/libdl.so.1
0xff280000      /usr/lib/libc.so.1
0xff380000      /usr/platform/SUNW,Ultra-80/lib/libc_psr.so.1
0xfec00000      /usr/j2se/jre/lib/sparc/client/libjvm.so
0xff240000      /usr/lib/libCrun.so.1
0xff210000      /usr/lib/libsocket.so.1
0xff100000      /usr/lib/libnsl.so.1
0xff1c0000      /usr/lib/libm.so.1
0xff0e0000      /usr/lib/libsched.so.1
0xff0c0000      /usr/lib/libmp.so.2
0xff060000      /usr/j2se/jre/lib/sparc/native_threads/libhpi.so
0xfebd0000      /usr/j2se/jre/lib/sparc/libverify.so
0xfeb90000      /usr/j2se/jre/lib/sparc/libjava.so
0xff030000      /usr/j2se/jre/lib/sparc/libzip.so
0xfe1d0000      /usr/j2se/jre/lib/sparc/libnet.so
0xfc6e0000      /usr/j2se/jre/lib/sparc/libnio.so
0xfc6c0000      /usr/lib/librt.so.1
0xfc6a0000      /usr/lib/libaio.so.1
0xfc5e0000      /usr/lib/libmd5.so.1
0xfc5c0000      /usr/lib/libsendfile.so.1
0xfbe90000     
/export/home/davidm/eclipse/plugins/org.eclipse.swt.motif_3.0.1/os/solaris/sparc/libswt-motif-3063.so
0xf0d00000      /usr/lib/libXm.so.4
0xfbd90000      /usr/openwin/lib/libXt.so.4
0xf0c00000      /usr/openwin/lib/libX11.so.4
0xfbfc0000      /usr/openwin/lib/libXp.so.1
0xfbfa0000      /usr/openwin/lib/libXtst.so.1
0xfbcd0000      /usr/openwin/lib/libXext.so.0
0xfbcb0000      /usr/openwin/lib/libSM.so.6
0xfbc80000      /usr/openwin/lib/libICE.so.6
0xfbc60000      /usr/lib//liblayout.so

Heap at VM Abort:
Heap
 def new generation   total 2112K, used 1429K [0xf1800000, 0xf1a20000, 0xf1f10000)
  eden space 2048K,  66% used [0xf1800000, 0xf19555f0, 0xf1a00000)
  from space 64K, 100% used [0xf1a10000, 0xf1a20000, 0xf1a20000)
  to   space 64K,   0% used [0xf1a00000, 0xf1a00000, 0xf1a10000)
 tenured generation   total 4680K, used 3521K [0xf1f10000, 0xf23a2000, 0xf5800000)
   the space 4680K,  75% used [0xf1f10000, 0xf22806f0, 0xf2280800, 0xf23a2000)
 compacting perm gen  total 5120K, used 4994K [0xf5800000, 0xf5d00000, 0xf9800000)
   the space 5120K,  97% used [0xf5800000, 0xf5ce0b08, 0xf5ce0c00, 0xf5d00000)

Local Time = Tue Feb 22 08:01:34 2005
Elapsed Time = 11
#
# The exception above was detected in native code outside the VM
#
# Java VM: Java HotSpot(TM) Client VM (1.4.2_05-b04 mixed mode)
#
# An error report file has been saved as hs_err_pid5146.log.
# Please refer to the file for further information.
#

Running a Linux X server against it works OK, however.

If this is a cygwin/X problem, I would like some information on what
specifically is going wrong here so I can report it to the X folks. It seems to
be having trouble copying the memory for an image..?
Comment 1 Billy Biggs CLA 2005-02-22 11:13:22 EST 
Does your version of ssh have a -Y option for forwarding with different
authentication?  I have heard of some versions of ssh being too picky
about security, and breaking applications.
Comment 2 David Martinez CLA 2005-02-22 13:03:58 EST 
Turning on the -Y version does the following: 

1) Show a "Warning: No xauth data; using fake authentication data for X11
forwarding" message upon successful ssh negotiation.
2) Provide me with the select workbench screen
3) Fail to respond to events (keyboard, mouse, etc). Resizing also seems to not
respond in the way resizing in X manages to not respond :-) (i.e. you can resize
the window, but the bounds recalculation never takes place). Close events are
also ignored, making you press Control-C on the console as the only way to exit.

Both Netscape and SwingSet demo seem to work fine under both -X and -X -Y.
Comment 3 Billy Biggs CLA 2005-02-22 14:26:46 EST 
To be clear, you get further when using -Y than with -X?  I heard
this before but was never clear on what exactly is being blocked
with -X that is not with -Y.

Bug 82020 describes some problems with the cygwin window
manager and eclipse.  Is this similar to what you are seeing?
Comment 4 David Martinez CLA 2005-02-22 16:19:07 EST 
Created attachment 18217 [details]
Modified simple Hello program for testing

Test I am using to limit to SWT.
Comment 5 David Martinez CLA 2005-02-22 16:32:25 EST 
I copied the test from Bug 82020 and tried it on my configuration. What I get is
that the screen shows up ok, no infinite loop (The "Iteration" loop never prints
anything). But there are no events being dispatched that I can see.

It just locks up tight on shell.open(). If I change shell.open and put:

        System.out.println("About to make visible " );
        shell.setVisible(true);
        System.out.println("now it's visible " );

Then I only get the first println. Same problem as Comment #6 in that bug.
https://bugs.eclipse.org/bugs/show_bug.cgi?id=82020#c6
Comment 6 David Martinez CLA 2005-02-22 16:35:39 EST 
Sorry, never answered to your question above:
To be clear, you get further when using -Y than with -X? 

Yes. :-) The memmove problem goes away with -Y, and now I'm presented with the
workspace selection dialog. But it doesn't do anything.
Comment 7 Billy Biggs CLA 2005-02-22 17:32:32 EST 
I would like to keep these two bugs separate.  If we're crashing with -Y and not
with -X, then this is interesting.  I am very curious to know what is causing
this crash.  Do you know what the change in policy is between -Y and -X?  The
last time I looked this up, there was no documentation describing what X calls
might be restricted.

The other bug with the blocking on open() is that we're waiting for the window
to be mapped, and not getting any map event (even though the window is clearly
mapped).  This sounds like a window manager problem, although maybe one we
should be protecting against.  Alexander Gottwald is a developer on the Xming
project and tells me he will look at the problem, but has been busy with school
lately.  Please add a comment and your test case for this issue to bug 82020.
Comment 8 David Martinez CLA 2005-02-22 19:42:45 EST 
I went digging through for this, and apparently the Image init constructor is
obtaining an untrusted .Xauthority cookie. The -X option by default no longer
assumes that the cookies of the children of the SSH connection are trusted, so
an untrusted cookie is generated. Could it be that the Solaris image class is
trying to get a trusted cookie for the image and receiving null (hence memmove
issue)?

Here is what prompted the -Y flag and default cookie handling change:

http://www.securityfocus.com/bid/1006/discussion/

The new SSH assumes all clients are untrusted, and denies access to the X client.

So basically, the -X option now means that all cookies you ask for are untrusted
(i.e, don't give you access to the client machine), while -Y allows for the
cookies to be trusted.

I know very little about X. Is there a programmatic way of explicitly requesting
a cookie to be trusted? I am also unable to find a discussion on the specific
policies and permissions anywhere, but from the likes of this image display must
be about manipulating data that "belongs to the client".

from the xauth (1) man page (cygwin)

"..If  the trusted option is used, clients that connect using this
 authorization will have full run of the display, as usual. If untrusted  is 
used, clients that connect using this authorization will be considered untrusted
and prevented  from  stealing or  tampering  with data belonging to trusted
clients.  See the SECURITY  extension  specification  for  full  details  on 
the restrictions  imposed  on  untrusted  clients.   The default is untrusted."

The question is, does the image display belong to the client or the server?

As for the other bug, I'll go ahead and add my testcase/comment. Thanks!
Comment 9 Billy Biggs CLA 2005-02-23 11:02:00 EST 
It's not really like that, X applications do not deal directly with cookies.

I did some research into what ssh does and what caused this crash.  ssh -X marks
the X application as "untrusted", limiting the application's ability to access
resources such as the root window, keyboard events, and focus events.  The
specifics of what is restricted is defined by your X server (in this case,
cygwin), which makes it difficult to know exactly what will be disallowed.

This crash is caused because in our Image creation code, we are using XGetImage
on the root window (effectively a mini screenshot) to initialize a buffer at the
same depth as the screen.  This is being restricted by cygwin, we don't notice,
and so we crash.  By my reading of the SECURITY extension draft on the web, 

I can fix this, but I bet we will just crash somewhere else.  It is too easy to
write code that inadvertently relies on resources that are now restricted.  I
think if the ssh project intended to increase security by changing this
behaviour, all they have really done is confused both users and developers by
not providing information on how to fix applications, or what security is
achieved by these options.  For example:

  http://www.linuxquestions.org/questions/history/240073
  http://hea-www.harvard.edu/RD/ds9/issue.html
  http://lists.freebsd.org/pipermail/freebsd-stable/2004-October/008979.html
Comment 10 Billy Biggs CLA 2005-02-23 11:38:06 EST 
Crash should be fixed > 20050223

Please re-open if you still see this particular crash.  If it crashes in another
place when doing ssh -X, please open a new bug.