Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.

Bug 235160

Summary: SEGV when entering unicode from keyboard.
Product: [Fedora] Fedora Reporter: David Woodhouse <dwmw2>
Component: gnome-terminalAssignee: Behdad Esfahbod <behdad>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-04 15:42:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 150226    

Description David Woodhouse 2007-04-04 04:22:27 UTC
Description of problem:
gnome-terminal segfaults when entering unicode codes directly from the keyboard 

How reproducible:
100%

Steps to Reproduce:
1. Start gnome-terminal
2. Hit Ctrl-Shift-u-2-6-6-5

  
Actual results:
SEGV

Expected results:
♥

Additional info:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 805515824 (LWP 29448)]
_XftLockFile (f=0x10217cf8) at xftfreetype.c:113
113             if (f->face && !f->lock)
(gdb) bt
#0  _XftLockFile (f=0x10217cf8) at xftfreetype.c:113
#1  0x0ee7d5e8 in XftLockFace (public=0x31f55008) at xftfreetype.c:355
#2  0x00a72f74 in _vte_xft_open_font_for_char (font=0x100d2980, c=0,
locked_fonts=0x1020c6d0) at vtexft.c:232
#3  0x00a74a24 in _vte_xft_draw_text (draw=0x100f9140, requests=0x105b5198,
n_requests=1, color=0x7fef4654, alpha=255 '�') at vtexft.c:294
#4  0x00a6477c in _vte_draw_text (draw=0x0, requests=0x10685b28, n_requests=12,
color=0x10685b30, alpha=6 '\006') at vtedraw.c:329
#5  0x00a54dfc in vte_terminal_draw_cells (terminal=0x100fc5a8,
items=0x105b5198, n=1, fore=<value optimized out>, back=<value optimized out>,
clear=275273784, 
    draw_default_bg=<value optimized out>, bold=0, underline=0, strikethrough=0,
hilite=0, boxed=0, column_width=6, row_height=13) at vte.c:8947
#6  0x00a5daf4 in vte_terminal_expose (widget=<value optimized out>,
event=<value optimized out>) at vte.c:10109
#7  0x0e508ce4 in _gtk_marshal_BOOLEAN__BOXED (closure=0x100cf390,
return_value=0x7fef4c90, n_param_values=<value optimized out>,
param_values=0x7fef4d28, 
    invocation_hint=<value optimized out>, marshal_data=0xa5cda0) at
gtkmarshalers.c:84
#8  0x0edbbbcc in g_type_class_meta_marshal (closure=0x0,
return_value=0x10685b28, n_param_values=12, param_values=0x10685b30,
invocation_hint=0x6, marshal_data=0xc8)
    at gclosure.c:567
#9  0x0edbd7fc in IA__g_closure_invoke (closure=0x100cf390,
return_value=0x7fef4c90, n_param_values=2, param_values=0x7fef4d28,
invocation_hint=0x7fef4c7c) at gclosure.c:490
#10 0x0edd1d70 in signal_emit_unlocked_R (node=0x100cf4a8, detail=0,
instance=0x100fc5a8, emission_return=0x7fef4f28, instance_and_params=0x7fef4d28)
at gsignal.c:2478
#11 0x0edd2d04 in IA__g_signal_emit_valist (instance=0x100fc5a8,
signal_id=<value optimized out>, detail=0, var_args=0x7fef5004) at gsignal.c:2209
#12 0x0edd3148 in IA__g_signal_emit (instance=0x0, signal_id=275274536,
detail=12) at gsignal.c:2243
#13 0x0e64de60 in gtk_widget_event_internal (widget=0x100fc5a8,
event=0x7fef50d0) at gtkwidget.c:3915
#14 0x0e501fec in IA__gtk_main_do_event (event=0x7fef50d0) at gtkmain.c:1533
#15 0x0e2e3a60 in gdk_window_process_updates_internal (window=0x10094b70) at
gdkwindow.c:2338
#16 0x0e2e3d3c in IA__gdk_window_process_all_updates () at gdkwindow.c:2401
#17 0x0e2e3dfc in gdk_window_update_idle (data=0x0) at gdkwindow.c:2259
#18 0x0f9256f8 in g_idle_dispatch (source=<value optimized out>,
callback=0xb0a88, user_data=0x0) at gmain.c:3928
#19 0x0f927eb4 in IA__g_main_context_dispatch (context=0x10096f38) at gmain.c:2045
#20 0x0f92bbbc in g_main_context_iterate (context=0x10096f38, block=1,
dispatch=1, self=<value optimized out>) at gmain.c:2677
#21 0x0f92c024 in IA__g_main_loop_run (loop=0x10098868) at gmain.c:2881
#22 0x0e502344 in IA__gtk_main () at gtkmain.c:1154
#23 0x1001b3c4 in main (argc=2, argv=0x7fef5684) at terminal.c:1773
(gdb) x/i $pc
0xee7ca10 <_XftLockFile+240>:   lwz     r0,44(r9)
(gdb) p/x $r9
$21 = 0xb0a06
(gdb) list *0x0ee7ca10
0xee7ca10 is in _XftLockFile (xftfreetype.c:113).
108     _XftNumFiles (void)
109     {
110         XftFtFile   *f;
111         int         count = 0;
112         for (f = _XftFtFiles; f; f = f->next)
113             if (f->face && !f->lock)
114                 ++count;
115         return count;
116     }
117
(gdb) p _XftFtFiles
$6 = (XftFtFile *) 0x102315b8
(gdb) p _XftFtFiles->next
$7 = (struct _XftFtFile *) 0x1028b5d8
(gdb) p _XftFtFiles->next->next
$8 = (struct _XftFtFile *) 0x1059b258
(gdb) p _XftFtFiles->next->next->next
$9 = (struct _XftFtFile *) 0x10233328
(gdb) p _XftFtFiles->next->next->next->next
$10 = (struct _XftFtFile *) 0x10242258
(gdb) p _XftFtFiles->next->next->next->next->next
$11 = (struct _XftFtFile *) 0x1059b200
(gdb) p _XftFtFiles->next->next->next->next->next->next
$12 = (struct _XftFtFile *) 0x102332c0
(gdb) p _XftFtFiles->next->next->next->next->next->next->next
$13 = (struct _XftFtFile *) 0x102421f8
(gdb) p _XftFtFiles->next->next->next->next->next->next->next->next
$14 = (struct _XftFtFile *) 0x10242300
(gdb) p _XftFtFiles->next->next->next->next->next->next->next->next->next
$16 = (struct _XftFtFile *) 0x10257a58
(gdb) p _XftFtFiles->next->next->next->next->next->next->next->next->next->next
$17 = (struct _XftFtFile *) 0x1028b4e8
(gdb) p
_XftFtFiles->next->next->next->next->next->next->next->next->next->next->next
$18 = (struct _XftFtFile *) 0x105b5858
(gdb) p
_XftFtFiles->next->next->next->next->next->next->next->next->next->next->next->next
$19 = (struct _XftFtFile *) 0xb0a06
(gdb) p
_XftFtFiles->next->next->next->next->next->next->next->next->next->next->next->next
$20 = (struct _XftFtFile *) 0xb0a06
(gdb) p
_XftFtFiles->next->next->next->next->next->next->next->next->next->next->next->next->next
Cannot access memory at address 0xb0a06

Comment 1 David Woodhouse 2007-04-04 04:24:13 UTC
This doesn't happen with other GTK+ programs (tested gedit, xchat, evolution,
firefox) -- only gnome-terminal. 

Note that you must unset GTK_IM_MODULE for unicode input to work -- cf. bug #235147

Comment 2 Matthias Clasen 2007-04-04 13:26:00 UTC
This is the same as http://bugzilla.gnome.org/show_bug.cgi?id=418588
which is fixed upstream. We should get Chris to do a vte release in time for
test4...

Comment 3 Ray Strode [halfline] 2007-04-04 15:42:05 UTC
On the other hand, if we build the patch now, we can close the bug now, and make
the open bug list a little shorter, which sounds good to me.

Should be fixed in tomorrow's rawhide.