Dual Monitors Not Working - Crashes Too

[war59312]

Hi,

Here is what I am seeing when I try and connected to a computer that has 2 monitors:



This is a laptop I am connecting to which has an external monitor connected.

Both computers are running Windows 7 x64 SP1 with UltraVNC 1.1.9.1 and using UltraVNC Viewer 1.1.9.1 as well.

Been happening for awhile now, just have not had the time to report it.

Even worse.. If I click on the "Select Full Desktop / Switch monitor (driver only)" icon, UltraVNC locks up and crashes (it just exits without warning or any error on screen).

As you can see in the screen-shot, the issue is so bad that UltraVNC is useless. Bummer!

Thanks for the help,

Will

[Rudi De Vos]

possition of the screens ( coordinates of prim+sec) ?

[Rudi De Vos]

Looks like i can repeat it.

mirror driver
multi monitors
ultravnc viewer
resolution viewer PC need to be smaller then the server pc.

testing with a realvnc viewer works, so it's a ultravnc viewer issue.

[Rudi De Vos]

Took a while to find what's actual going on bacause of the strange results.
1) works with a realvnc viewer
2) works when no driver is used
One indicate a server problem, the other a uvnc viewer issue...

After a lot of testing and debugging it seems i just lost time.
The reason the realvnc viewer works is that it doesn't support u2 encoders.
There is something wrong with the u2 encoder that cause this effect.

Still not solved, but weeks lost in debugging the update engine while it's an encoder issue.

[war59312]

Well thanks for looking into it... Hope it can be fixed soon.

[Rudi De Vos]

Please check the updated winvnc.exe (1192)

http://www.uvnc.eu/download/1192/vncserver1192.zip

[war59312]

Same issue with that build.

[Rudi De Vos]

You still have the gray band and it crash ?
Please what the screen position (prim+sec) so i can repeat it.
I tested with (prim+sec) and (sec+prim) using the u2 and hextile encoder.

Need more info to be able to repeat it again as it seems fixed on my own pc's.

[splintercode]

Good evening.

I think that the problem is on the mirror driver video.

I have this problem when the mirror driver video is installed, and I change continuosly the monitor from 1 to 2 and viceversa; after 30 minute, but it also happens after a few minutes, the winvnc.exe is crashing with 0xC0000005 error.

I have compiled from the source 1.1.9.5, repository revision 854.

The computer where I have test is a windows 7 with tha last patch.

On event viewer I have this message.

Code: Select all

Nome registro: Application
Origine:       Application Error
Data:          03/12/2013 16:49:49
ID evento:     1000
Categoria attività:(100)
Livello:       Errore
Parole chiave: Classico
Utente:        N/D
Computer:      test-PCWin7
Descrizione:
Nome dell'applicazione che ha generato l'errore: WinVNC.exe, versione: 1.1.9.5, timestamp: 0x529df8e8
Nome del modulo che ha generato l'errore: WinVNC.exe, versione: 1.1.9.5, timestamp: 0x529df8e8
Codice eccezione: 0xc0000005
Offset errore 0x00133167
ID processo che ha generato l'errore: 0x698
Ora di avvio dell'applicazione che ha generato l'errore: 0x01cef03cfeebc365
Percorso dell'applicazione che ha generato l'errore: C:\Program Files (x86)\uvnc bvba\UltraVNC\WinVNC.exe
Percorso del modulo che ha generato l'errore: C:\Program Files (x86)\uvnc bvba\UltraVNC\WinVNC.exe
ID segnalazione: 8a00aa9a-5c32-11e3-bff3-90e6ba2e7fd0
XML evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2013-12-03T15:49:49.000000000Z" />
    <EventRecordID>1163</EventRecordID>
    <Channel>Application</Channel>
    <Computer>test-PCWin7</Computer>
    <Security />
  </System>
  <EventData>
    <Data>WinVNC.exe</Data>
    <Data>1.1.9.5</Data>
    <Data>529df8e8</Data>
    <Data>WinVNC.exe</Data>
    <Data>1.1.9.5</Data>
    <Data>529df8e8</Data>
    <Data>c0000005</Data>
    <Data>00133167</Data>
    <Data>698</Data>
    <Data>01cef03cfeebc365</Data>
    <Data>C:\Program Files (x86)\uvnc bvba\UltraVNC\WinVNC.exe</Data>
    <Data>C:\Program Files (x86)\uvnc bvba\UltraVNC\WinVNC.exe</Data>
    <Data>8a00aa9a-5c32-11e3-bff3-90e6ba2e7fd0</Data>
  </EventData>
</Event>

I have the minidump file and via visual studio I see that the error, that is on the vncbuffer::ScaleRect() function;
the line number is number 800, memcpy(&pScaled[0], &pMain[0], nBytesPerPixel*(ScaledRect.br.x - ScaledRect.tl.x));

Code: Select all

		UINT nBytesPerPixel = (m_scrinfo.format.bitsPerPixel / 8);
		for (int y = ScaledRect.tl.y; y < ScaledRect.br.y; y++)
		{
			/*for (int x = 0; x < (ScaledRect.br.x - ScaledRect.tl.x); x++)
			{
				memcpy(&pScaled[x * nBytesPerPixel], &pMain[x * m_nScale * nBytesPerPixel], nBytesPerPixel);
			}*/
			memcpy(&pScaled[0], &pMain[0], nBytesPerPixel*(ScaledRect.br.x - ScaledRect.tl.x));
			// Move the buffers' pointers to their next "line"
			pMain   += (m_bytesPerRow * m_nScale); // Skip m_nScale lines of the mainbuffer's Rect
			pScaled += m_bytesPerRow;
		}
	}
}

I have dump the value of these values

Code: Select all

vncbuffer::ScaleRect; pScaled 0x04940040 pMain 0x032E4AC4 nBytesPerPixel 4 
m_ScaledBuff 0x04940040 m_ScaledSize 10588160 m_desktop->ScreenBuffSize() 10588160
m_mainbuff 0x032FDAC4 &pMain[0] = 0x032E4AC4
ScaledRect.br.x 2560 ScaledRect.tl.x 0
y 0 m_bytesPerRow 10240 m_nScale 1, size to copy 10240

This is my ultravnc.ini

Code: Select all

[UltraVNC]
passwd=EBF15650A3856F3A53
passwd2=51534133433874757C
[Permissions]
[admin]
UseRegistry=0
MSLogonRequired=0
NewMSLogon=0
DebugMode=0
Avilog=0
path=C:\Program Files (x86)\uvnc bvba\UltraVNC
accept_reject_mesg=
DebugLevel=0
DisableTrayIcon=0
LoopbackOnly=0
UseDSMPlugin=0
AllowLoopback=0
AuthRequired=1
ConnectPriority=0
DSMPlugin=
AuthHosts=
DSMPluginConfig=
AllowShutdown=1
AllowProperties=1
AllowEditClients=1
FileTransferEnabled=1
FTUserImpersonation=1
BlankMonitorEnabled=1
BlankInputsOnly=0
DefaultScale=1
CaptureAlphaBlending=1
BlackAlphaBlending=0
primary=1
secondary=1
SocketConnect=1
HTTPConnect=0
XDMCPConnect=0
AutoPortSelect=0
PortNumber=5900
HTTPPortNumber=5800
IdleTimeout=0
RemoveWallpaper=0
RemoveAero=0
QuerySetting=2
QueryTimeout=10
QueryAccept=0
QueryIfNoLogon=1
InputsEnabled=1
LockSetting=0
LocalInputsDisabled=0
EnableJapInput=0
kickrdp=0
clearconsole=0
[admin_auth]
group1=
group2=
group3=
locdom1=0
locdom2=0
locdom3=0
[poll]
TurboMode=1
PollUnderCursor=0
PollForeground=0
PollFullScreen=1
OnlyPollConsole=0
OnlyPollOnEvent=0
MaxCpu=40
EnableDriver=1
EnableHook=1
EnableVirtual=0
SingleWindow=0
SingleWindowName=

I hope that this information may help you;

If you need some other information, please ask.

Best regards

---------------
splintercode
---------------

[splintercode]

Hello,

I'm still investigating on the crash problem of winvnc when mirror driver is installed and active, and changing continuosely monitor 1 to 2 and viceversa on Control Panel->All Control Panel Items->Display->Screen Resolution->Change the appearance of your display

the machine where I am testing is a window 7 64bit, two monitors, each monitor has the same resolution of with 1280x1024.

the line where winvnc go in crash is the number 800 of vncbuffer.cpp,

Code: Select all

memcpy(&pScaled[0], &pMain[0], nBytesPerPixel*(ScaledRect.br.x - ScaledRect.tl.x));

with 0xC0000005 error.

It seems that the size to copy oversize the destination buffer, that is pMain.

But what is pMain?

Looking on the source code, pMain is mypVideoMemory+sizeof(CHANGES_BUF);

in fact, pMain is a pointer of m_mainbuff variabile, that is a pointer of m_DIBbits, as confirmed by the log file

Code: Select all

fast blits detected - using DIBsection buffer

but m_DIBbits is a pointer of m_videodriver->myframebuffer, that is

Code: Select all

myframebuffer=mypVideoMemory+sizeof(CHANGES_BUF);

; see videodriver.cpp.

myframebuffer is a pointer of char

Code: Select all

PCHAR myframebuffer

but I dont' know the size of the area memory;

so, pMain is a pointer of mypVideoMemory+sizeof(CHANGES_BUF);

when winvnc will crash, the local buffer
vnclog.Print(LL_INTINFO, VNCLOG("local buffer=%d\n"), m_backbuffsize);
that is m_backfuffsize, grow up from 10588160 to 10690560 value.

memcpy will crash winvnc, probably because the len to copy oversize the destination buffer, that is pMain;

May be myframebuffer (pMain) too low to get 10690560 bytes?

I hope that these information can help the programmers.

Thank you again.

[Rudi De Vos]

I will take a look at it but will take at least a few days, fixing other stuff.

When you use a mirror driver, the mirror driver has the size (1280x1024+1280x1024).
You always need to mirror both desktops.
If you want to see screen 1 offset =0,0 and size 1280x1024
if you want to see screen 2 offset=1280 ans size 1280x1024
This is independed of the desktop coordinates

Monitor 1 always have (0,0) as corner.
switching 1 and 2 cause the coordinates to change.
Now we have a mirror driver with left corner (0,0) and a desktop with a left corner that can be -1280 or 0.
Vnc is getting confused, it was never tested like this, but it would be a good hardening test.

[splintercode]

Uhm, it is very interesting.

So I will wait for a correction?

I have another question: how many monitor VNC can handle? Only two? If I use on system with four monitor?

Thank you.

[Rudi De Vos]

the mirror driver is limited by the available kernel memory.
And it need to be a single block.

Vnc can handle 4 monitors if you share them all, you can not switch between each monitor.

What are you actual trying to do.. ?

[splintercode]

Oh, I would like to use UltraVnc to access remotely on a computer that has 2 video cards and each video cards has 2 monitors;

so there are 4 monitors

all the monitors has the same screen size resolution.

And I have discovered that if I swich continuosely the monitors, sometimes winvnc will crash.

I would like to correct this errors, but it is very hard for me to understand the code, and the problem is not about the language, but on the architecture used.

I think I was lucky to discover where winvnc will crash,
I believed that it could serve to solve the problem.

So, what do you suggest? Try to understand the code of vncbuffer.cpp, videodriver.cpp and so on?
If the problem is on the mirror driver, I can do nothing, because there is no source available.

Bye.

[Rudi De Vos]

Normal, you press the switch monitor button ( viewer) so vnc change the monitor view.
But you seems to play with the control panel monitor settings...
The question was actual what are you trying to do special by online changing the monitor settings
In the first case you have a fix video buffer and it is just changing the view, in the second case all need to be
deallocated and reallocated. All buffers are destroyed video driver is stopped and then restarted and reallocated, a hell to debug.

m_mainbuff is a fix size when the driver is used. It's (1280*1024*32) * number of active monitors.
VIDEODRIVER_start(int x,int y,int w,int h) set the size

void vncBuffer::ScaleRect(rfb::Rect &rect)
The rect should be insite the videodriver rect
if you select monitor 1 all rects are in(0,0,1280,1024)
if you select monitor 2 all rects are in(1280,0,2560,1024)
if you select both all rects are in(0,0,2560,1024)
Check rect value on crash

[splintercode]

here the value of rect on crash:

rect.tl.x = -1280
rect.tl.y = -20
rect.br.x = 2560
rect.br.y = 1044

Yes, I am playing with the control panel monitor settings, changing the order of the monitors.

I did not know, but with the mouse via drag and drop it is possible to change the order of the monitor;
it is possibile to change the screen resolution also, but I change only the order of the monitor continuosely.

If you need some other information....

[Rudi De Vos]

Then it isn't natural it crash
The rect need to be positive and within the boundaries of the screen.
The error seems to be in the following

Code: Select all

rfb::Rect ScaledRect;
	 ScaledRect.tl.y = ((rect.tl.y < 0)?0:rect.tl.y) / m_nScale;
	 ScaledRect.br.y = ((rect.br.y < 0)?0:rect.br.y) / m_nScale;
	 ScaledRect.tl.x = ((rect.tl.x < 0)?0:rect.tl.x) / m_nScale;
	 ScaledRect.br.x = ((rect.br.x < 0)?0:rect.br.x) / m_nScale;

This is ok, -1280=0,-20=0
scaledrect=(0,0,2560,1044)

Code: Select all

BYTE *pMain   =	m_mainbuff + (rect.tl.y * m_bytesPerRow) +
					(rect.tl.x * m_scrinfo.format.bitsPerPixel / 8);
	BYTE *pScaled = m_ScaledBuff + (ScaledRect.tl.y * m_bytesPerRow) +
					(ScaledRect.tl.x * m_scrinfo.format.bitsPerPixel / 8);

rect.tl.y = -20
rect.tl.x=-1280
This should also be 0, else you get a memory allocation error
possible a fix would be to add, this is not realy fixing the actual cause.. but it could work.

Code: Select all

rect.tl.y = ((rect.tl.y < 0)?0:rect.tl.y);
rect.br.y = ((rect.br.y < 0)?0:rect.br.y);
rect.tl.x = ((rect.tl.x < 0)?0:rect.tl.x);
rect.br.x = ((rect.br.x < 0)?0:rect.br.x);

[splintercode]

Excuse me,

in which function can I add your fixe codes?

Code: Select all

rect.tl.y = ((rect.tl.y < 0)?0:rect.tl.y);
rect.br.y = ((rect.br.y < 0)?0:rect.br.y);
rect.tl.x = ((rect.tl.x < 0)?0:rect.tl.x);
rect.br.x = ((rect.br.x < 0)?0:rect.br.x);

on the start of the function ScaledRect? So it correct it's value?

Thank you.

[Rudi De Vos]

void vncBuffer::ScaleRect(rfb::Rect &rect)
{
//check if rect is not a negative rect and correct
rect.tl.y = ((rect.tl.y < 0)?0:rect.tl.y);
rect.br.y = ((rect.br.y < 0)?0:rect.br.y);
rect.tl.x = ((rect.tl.x < 0)?0:rect.tl.x);
rect.br.x = ((rect.br.x < 0)?0:rect.br.x);
//ideal we also should add a check to see if
//rect.br.x > screenwidth and rect.br.y>screenhight
...
}

The only isssue could be that the rect is also used at another code spot and perhaps the crash n ow move to another function