Version: (using KDE Devel) Installed from: Compiled sources with CVS HEAD of 20040318. steps to reproduce: 1. open a konsole window 2. let some program display a file with "weird" characters in it - e.g. a *.desktop file: cat $KDEDIR/share/apps/kde/konsole.desktop [ENTER] -> Konsole crashes producing the following bt: --------------------------------------------------------- [New Thread 1024 (LWP 12845)] [KCrash handler] #6 0x08150043 in ?? () #7 0x40ce5abb in QFontEngineLatinXLFD::draw(QPainter*, int, int, QTextEngine const*, QScriptItem const*, int) () from /usr/lib/qt3/lib/libqt-mt.so.3 #8 0x40cd6f39 in QPainter::drawTextItem(int, int, QTextItem const&, int) () from /usr/lib/qt3/lib/libqt-mt.so.3 #9 0x40cd6c73 in QPainter::drawText(int, int, QString const&, int, int, QPainter::TextDirection) () from /usr/lib/qt3/lib/libqt-mt.so.3 #10 0x40cd68aa in QPainter::drawText(int, int, QString const&, int, QPainter::TextDirection) () from /usr/lib/qt3/lib/libqt-mt.so.3 #11 0x40082fe6 in TEWidget::drawAttrStr(QPainter&, QRect, QString&, ca const*, bool, bool) (this=0x811bcf0, paint=@0xbfffe840, rect= {x1 = 3, y1 = 19, x2 = 170, y2 = 34}, str=@0xbfffe800, attr=0x8162198, pm=64, clear=true) at $srcdir/kdebase/konsole/konsole/TEWidget.cpp:532 #12 0x4008416b in TEWidget::setImage(ca const*, int, int) (this=0x811bcf0, newimg=0x8161f40, lines=40, columns=100) at $srcdir/kdebase/konsole/konsole/TEWidget.cpp:699 #13 0x40095927 in TEmulation::showBulk() (this=0x812b178) at $srcdir/kdebase/konsole/konsole/TEmulation.cpp:434 #14 0x4009415e in TEmulation::qt_invoke(int, QUObject*) (this=0x812b178, _id=1074438320, _o=0xbfffeac0) at TEmulation.moc:255 #15 0x4008c11b in TEmuVt102::qt_invoke(int, QUObject*) (this=0x812b178, _id=13, _o=0xbfffeac0) at TEmuVt102.moc:120 #16 0x40d73e4c in QObject::activate_signal(QConnectionList*, QUObject*) () from /usr/lib/qt3/lib/libqt-mt.so.3 #17 0x40d73c94 in QObject::activate_signal(int) () from /usr/lib/qt3/lib/libqt-mt.so.3 #18 0x4108f75b in QTimer::timeout() () from /usr/lib/qt3/lib/libqt-mt.so.3 #19 0x40d94ca0 in QTimer::event(QEvent*) () from /usr/lib/qt3/lib/libqt-mt.so.3 #20 0x40d196cf in QApplication::internalNotify(QObject*, QEvent*) () from /usr/lib/qt3/lib/libqt-mt.so.3 #21 0x40d18d35 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/qt3/lib/libqt-mt.so.3 #22 0x408c5a8e in KApplication::notify(QObject*, QEvent*) (this=0xbffff370, receiver=0x812b1c0, event=0xbfffee80) at $srcdir/kdelibs/kdecore/kapplication.cpp:507 #23 0x40d098b0 in QEventLoop::activateTimers() () from /usr/lib/qt3/lib/libqt-mt.so.3 #24 0x40cc10db in QEventLoop::processEvents(unsigned) () from /usr/lib/qt3/lib/libqt-mt.so.3 #25 0x40d2ce78 in QEventLoop::enterLoop() () from /usr/lib/qt3/lib/libqt-mt.so.3 #26 0x40d2cd28 in QEventLoop::exec() () from /usr/lib/qt3/lib/libqt-mt.so.3 #27 0x40d19901 in QApplication::exec() () from /usr/lib/qt3/lib/libqt-mt.so.3 #28 0x4005995c in kdemain (argc=1084293100, argv=0x40a0ffec) at $srcdir/kdebase/konsole/konsole/main.cpp:496 #29 0x0804869b in main (argc=1084293100, argv=0x40a0ffec) at konsole.la.cpp:2 --------------------------------------------------------- valgrind shows this: --------------------------------------------------------- ==12736== Syscall param write(buf) contains uninitialised or unaddressable byte(s) ==12736== at 0x416FDD34: __libc_write (in /lib/libc.so.6) ==12736== by 0x402B5170: HistoryFile::add(unsigned char const*, int) (TEHistory.cpp:91) ==12736== by 0x402B5844: HistoryScrollFile::addCells(ca*, int) (TEHistory.cpp:190) ==12736== by 0x402B2362: TEScreen::addHistLine() (TEScreen.cpp:1456) ==12736== by 0x402B0BF3: TEScreen::scrollUp(int) (TEScreen.cpp:799) ==12736== by 0x402AF810: TEScreen::index() (TEScreen.cpp:223) ==12736== by 0x402B08F5: TEScreen::NewLine() (TEScreen.cpp:714) ==12736== by 0x402AC495: TEmuVt102::tau(int, int, int) (TEmuVt102.cpp:442) ==12736== by 0x402AB8A7: TEmuVt102::onRcvChar(int) (TEmuVt102.cpp:314) ==12736== by 0x402B4243: TEmulation::onRcvBlock(char const*, int) (TEmulation.cpp:310) ==12736== by 0x4029F318: TESession::onRcvBlock(char const*, int) (session.cpp:666) ==12736== by 0x4029FCAE: TESession::qt_invoke(int, QUObject*) (session.moc:302) ==12736== by 0x40F92E4B: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x4027421D: TEPty::block_in(char const*, int) (TEPty.moc:134) ==12736== by 0x40273F7C: TEPty::dataReceived(KProcess*, char*, int) (TEPty.cpp:212) ==12736== by 0x402743A4: TEPty::qt_invoke(int, QUObject*) (TEPty.moc:148) ==12736== by 0x40F92E4B: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40B28A79: KProcess::receivedStdout(KProcess*, char*, int) (kprocess.moc:152) ==12736== by 0x40B279FC: KProcess::childOutput(int) (kprocess.cpp:807) ==12736== by 0x40B275A8: KProcess::slotChildOutput(int) (kprocess.cpp:707) ==12736== by 0x40B28E30: KProcess::qt_invoke(int, QUObject*) (kprocess.moc:201) ==12736== by 0x402743E2: TEPty::qt_invoke(int, QUObject*) (TEPty.moc:152) ==12736== by 0x40F92E4B: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F92FAC: QObject::activate_signal(int, int) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x412AD361: QSocketNotifier::activated(int) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40FAEDDD: QSocketNotifier::event(QEvent*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F386CE: QApplication::internalNotify(QObject*, QEvent*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F37D34: QApplication::notify(QObject*, QEvent*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40AE4A8D: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:507) ==12736== by 0x40F28ADD: QEventLoop::activateSocketNotifiers() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== Address 0x46E1B83D is 5 bytes inside a block of size 24600 alloc'd ==12736== at 0x4002B13E: operator new[](unsigned) (vg_replace_malloc.c:168) ==12736== by 0x402AFCE5: TEScreen::resizeImage(int, int) (TEScreen.cpp:423) ==12736== by 0x402B4AD5: TEmulation::onImageSizeChange(int, int) (TEmulation.cpp:480) ==12736== by 0x4029D756: TESession::onContentSizeChange(int, int) (session.cpp:196) ==12736== by 0x4029FD2F: TESession::qt_invoke(int, QUObject*) (session.moc:305) ==12736== by 0x40F92E4B: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x402A8B5C: TEWidget::changedContentSizeSignal(int, int) (TEWidget.moc:239) ==12736== by 0x402A4148: TEWidget::updateImageSize() (TEWidget.cpp:955) ==12736== by 0x402A3F4E: TEWidget::resizeEvent(QResizeEvent*) (TEWidget.cpp:917) ==12736== by 0x40FC78B8: QWidget::event(QEvent*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x402A72D8: TEWidget::event(QEvent*) (TEWidget.cpp:1747) ==12736== by 0x40F386CE: QApplication::internalNotify(QObject*, QEvent*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F37D34: QApplication::notify(QObject*, QEvent*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40AE4A8D: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:507) ==12736== by 0x40F39435: QApplication::sendPostedEvents(QObject*, int) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40FC65E4: QWidget::show() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40FC6D86: QWidget::showChildren(bool) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40FC66DE: QWidget::show() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x4107EF9B: QMainWindow::show() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x408CAAC1: KMainWindow::show() (kmainwindow.cpp:376) ==12736== by 0x40278CEB: kdemain (main.cpp:489) ==12736== by 0x804869A: main (konsole.la.cpp:2) ==12736== ==12736== Use of uninitialised value of size 4 ==12736== at 0x40F04A80: QFontEngineLatinXLFD::draw(QPainter*, int, int, QTextEngine const*, QScriptItem const*, int) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40EF5F38: QPainter::drawTextItem(int, int, QTextItem const&, int) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40EF5C72: QPainter::drawText(int, int, QString const&, int, int, QPainter::TextDirection) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40EF58A9: QPainter::drawText(int, int, QString const&, int, QPainter::TextDirection) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x402A1FE5: TEWidget::drawAttrStr(QPainter&, QRect, QString&, ca const*, bool, bool) (TEWidget.cpp:532) ==12736== by 0x402A316A: TEWidget::setImage(ca const*, int, int) (TEWidget.cpp:699) ==12736== by 0x402B4926: TEmulation::showBulk() (TEmulation.cpp:434) ==12736== by 0x402B315D: TEmulation::qt_invoke(int, QUObject*) (TEmulation.moc:255) ==12736== by 0x402AB11A: TEmuVt102::qt_invoke(int, QUObject*) (TEmuVt102.moc:120) ==12736== by 0x40F92E4B: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F92C93: QObject::activate_signal(int) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x412AE75A: QTimer::timeout() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40FB3C9F: QTimer::event(QEvent*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F386CE: QApplication::internalNotify(QObject*, QEvent*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F37D34: QApplication::notify(QObject*, QEvent*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40AE4A8D: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:507) ==12736== by 0x40F288AF: QEventLoop::activateTimers() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40EE00DA: QEventLoop::processEvents(unsigned) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F4BE77: QEventLoop::enterLoop() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F4BD27: QEventLoop::exec() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F38900: QApplication::exec() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x4027895B: kdemain (main.cpp:496) ==12736== by 0x804869A: main (konsole.la.cpp:2) ==12736== ==12736== Invalid read of size 4 ==12736== at 0x40F04A80: QFontEngineLatinXLFD::draw(QPainter*, int, int, QTextEngine const*, QScriptItem const*, int) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40EF5F38: QPainter::drawTextItem(int, int, QTextItem const&, int) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40EF5C72: QPainter::drawText(int, int, QString const&, int, int, QPainter::TextDirection) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40EF58A9: QPainter::drawText(int, int, QString const&, int, QPainter::TextDirection) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x402A1FE5: TEWidget::drawAttrStr(QPainter&, QRect, QString&, ca const*, bool, bool) (TEWidget.cpp:532) ==12736== by 0x402A316A: TEWidget::setImage(ca const*, int, int) (TEWidget.cpp:699) ==12736== by 0x402B4926: TEmulation::showBulk() (TEmulation.cpp:434) ==12736== by 0x402B315D: TEmulation::qt_invoke(int, QUObject*) (TEmulation.moc:255) ==12736== by 0x402AB11A: TEmuVt102::qt_invoke(int, QUObject*) (TEmuVt102.moc:120) ==12736== by 0x40F92E4B: QObject::activate_signal(QConnectionList*, QUObject*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F92C93: QObject::activate_signal(int) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x412AE75A: QTimer::timeout() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40FB3C9F: QTimer::event(QEvent*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F386CE: QApplication::internalNotify(QObject*, QEvent*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F37D34: QApplication::notify(QObject*, QEvent*) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40AE4A8D: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:507) ==12736== by 0x40F288AF: QEventLoop::activateTimers() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40EE00DA: QEventLoop::processEvents(unsigned) (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F4BE77: QEventLoop::enterLoop() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F4BD27: QEventLoop::exec() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x40F38900: QApplication::exec() (in /usr/lib/qt-x11-free-3.2.1/lib/libqt-mt.so.3.2.1) ==12736== by 0x4027895B: kdemain (main.cpp:496) ==12736== by 0x804869A: main (konsole.la.cpp:2) ==12736== Address 0x0 is not stack'd, malloc'd or free'd ----------------------------------------------------- This didn't happen with CVS HEAD of 2-3 weeks ago.
BTW. This seems to be font-specific, i.e. if I use Settings->Font->Linux, the crash will happen, while Settings->Font->Unicode works.
This is still valid with CVS HEAD of 20040524.
*** This bug has been marked as a duplicate of 65537 ***