Bug 246484

Summary: Konsole crashed when scrolling up using the scrollbar [Konsole::Screen::fillWithDefaultChar, Konsole::ScreenWindow::fillUnusedArea, Konsole::ScreenWindow::getImage]
Product: [Applications] konsole Reporter: Roger Dahl <rdmisc>
Component: generalAssignee: Konsole Developer <konsole-devel>
Status: RESOLVED FIXED    
Severity: crash CC: abhijeet.linux, adaptee, agander, andresbajotierra, christian.kde, dplater, francesco.cecconi, illumilore, kpet, majca_j, ranju.mathew, spearhead2k3
Priority: NOR    
Version: 2.4.2   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In: 4.9.0
Attachments: New crash information added by DrKonqi
New crash information added by DrKonqi

Description Roger Dahl 2010-08-02 06:31:06 UTC
Application: konsole (2.4.2)
KDE Platform Version: 4.4.2 (KDE 4.4.2)
Qt Version: 4.6.2
Operating System: Linux 2.6.32-24-generic x86_64
Distribution: Ubuntu 10.04.1 LTS

-- Information about the crash:
Konsole crashed when I dragged the scrollbar up to look through previous output.

 -- Backtrace:
Application: Konsole (kdeinit4), signal: Segmentation fault
[Current thread is 1 (Thread 0x7f291edcd760 (LWP 2318))]

Thread 2 (Thread 0x7f290a845710 (LWP 2382)):
#0  0x00007f291bdbdf83 in *__GI___poll (fds=<value optimized out>, nfds=<value optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007f29187824a9 in ?? () from /lib/libglib-2.0.so.0
#2  0x00007f29187828fc in g_main_context_iteration () from /lib/libglib-2.0.so.0
#3  0x00007f291d3c6566 in QEventDispatcherGlib::processEvents (this=0x1530be0, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:414
#4  0x00007f291d39b992 in QEventLoop::processEvents (this=<value optimized out>, flags=) at kernel/qeventloop.cpp:149
#5  0x00007f291d39bd6c in QEventLoop::exec (this=0x7f290a844db0, flags=) at kernel/qeventloop.cpp:201
#6  0x00007f291d2a5d59 in QThread::exec (this=<value optimized out>) at thread/qthread.cpp:487
#7  0x00007f291d37c178 in QInotifyFileSystemWatcherEngine::run (this=0x125e690) at io/qfilesystemwatcher_inotify.cpp:248
#8  0x00007f291d2a8775 in QThreadPrivate::start (arg=0x125e690) at thread/qthread_unix.cpp:248
#9  0x00007f291d0189ca in start_thread (arg=<value optimized out>) at pthread_create.c:300
#10 0x00007f291bdca6fd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#11 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7f291edcd760 (LWP 2318)):
[KCrash Handler]
#5  Konsole::Screen::fillWithDefaultChar (dest=0xfffffffa08b7fb90, count=2137636064) at ../../../../apps/konsole/src/Screen.cpp:1359
#6  0x00007f29121878c2 in Konsole::ScreenWindow::getImage (this=0x1403210) at ../../../../apps/konsole/src/ScreenWindow.cpp:79
#7  0x00007f29121aad23 in Konsole::TerminalDisplay::updateImage (this=0x13bb1f0) at ../../../../apps/konsole/src/TerminalDisplay.cpp:944
#8  0x00007f29121adc3e in Konsole::TerminalDisplay::qt_metacall (this=0x13bb1f0, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0x7fff91e297f0) at ./TerminalDisplay.moc:146
#9  0x00007f291d3afe3f in QMetaObject::activate (sender=0x15666f0, m=<value optimized out>, local_signal_index=<value optimized out>, argv=0x7f69bce0) at kernel/qobject.cpp:3293
#10 0x00007f291cbd4bde in QAbstractSlider::valueChanged (this=0xfffffffa08b7fb90, _t1=2055906) at .moc/release-shared/moc_qabstractslider.cpp:182
#11 0x00007f291c98a19a in QScrollBar::mouseMoveEvent (this=0x15666f0, e=0x7fff91e2a1b0) at widgets/qscrollbar.cpp:655
#12 0x00007f291c58f1df in QWidget::event (this=0x15666f0, event=0x7fff91e2a1b0) at kernel/qwidget.cpp:7983
#13 0x00007f291c53922c in QApplicationPrivate::notify_helper (this=0x1056330, receiver=0x15666f0, e=0x7fff91e2a1b0) at kernel/qapplication.cpp:4300
#14 0x00007f291c53fecb in QApplication::notify (this=0x7fff91e2aeb0, receiver=0x15666f0, e=0x7fff91e2a1b0) at kernel/qapplication.cpp:3865
#15 0x00007f291d8e4526 in KApplication::notify (this=0x7fff91e2aeb0, receiver=0x15666f0, event=0x7fff91e2a1b0) at ../../kdeui/kernel/kapplication.cpp:302
#16 0x00007f291d39d06c in QCoreApplication::notifyInternal (this=0x7fff91e2aeb0, receiver=0x15666f0, event=0x7fff91e2a1b0) at kernel/qcoreapplication.cpp:704
#17 0x00007f291c53f0ae in QCoreApplication::sendEvent (receiver=0x15666f0, event=0x7fff91e2a1b0, alienWidget=0x13bb1f0, nativeWidget=0x11945a0, buttonDown=<value optimized out>, 
    lastMouseReceiver=<value optimized out>, spontaneous=true) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#18 QApplicationPrivate::sendMouseEvent (receiver=0x15666f0, event=0x7fff91e2a1b0, alienWidget=0x13bb1f0, nativeWidget=0x11945a0, buttonDown=<value optimized out>, 
    lastMouseReceiver=<value optimized out>, spontaneous=true) at kernel/qapplication.cpp:2965
#19 0x00007f291c5bef65 in QETWidget::translateMouseEvent (this=0x11945a0, event=<value optimized out>) at kernel/qapplication_x11.cpp:4368
#20 0x00007f291c5bd8ac in QApplication::x11ProcessEvent (this=<value optimized out>, event=0x7fff91e2aad0) at kernel/qapplication_x11.cpp:3501
#21 0x00007f291c5e9882 in x11EventSourceDispatch (s=0x1059b90, callback=<value optimized out>, user_data=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:146
#22 0x00007f291877e8c2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#23 0x00007f2918782748 in ?? () from /lib/libglib-2.0.so.0
#24 0x00007f29187828fc in g_main_context_iteration () from /lib/libglib-2.0.so.0
#25 0x00007f291d3c6513 in QEventDispatcherGlib::processEvents (this=0xfcd140, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:412
#26 0x00007f291c5e946e in QGuiEventDispatcherGlib::processEvents (this=0xfffffffa08b7fb90, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#27 0x00007f291d39b992 in QEventLoop::processEvents (this=<value optimized out>, flags=) at kernel/qeventloop.cpp:149
#28 0x00007f291d39bd6c in QEventLoop::exec (this=0x7fff91e2ae00, flags=) at kernel/qeventloop.cpp:201
#29 0x00007f291d39faab in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#30 0x00007f2912404e16 in kdemain (argc=<value optimized out>, argv=<value optimized out>) at ../../../../apps/konsole/src/main.cpp:77
#31 0x00000000004070f3 in launch (argc=3, _name=<value optimized out>, args=<value optimized out>, cwd=<value optimized out>, envc=24, envs=<value optimized out>, reset_env=false, tty=0x0, 
    avoid_loops=false, startup_id_str=0x40a4f9 "0") at ../../kinit/kinit.cpp:717
#32 0x0000000000407cb0 in handle_launcher_request (sock=8, who=<value optimized out>) at ../../kinit/kinit.cpp:1209
#33 0x000000000040823a in handle_requests (waitForPid=0) at ../../kinit/kinit.cpp:1402
#34 0x0000000000408e22 in main (argc=4, argv=<value optimized out>, envp=<value optimized out>) at ../../kinit/kinit.cpp:1845

Reported using DrKonqi
Comment 1 Dario Andres 2010-11-19 13:20:40 UTC
[Comment from a bug triager]
From bug 257300:
- What I was doing when the application crashed:
Konsole crashed suddenly when I started looking through the long scrollback
history, using the scrollbars. Some custom settings of the application include:
Transparent BG
Unlimited scrollback

Other instance variables:
Had 2-3 tabs opened all connected to an ssh session.

- Updated backtrace (KDE SC 4.5.1):

Thread 1 (Thread 0xb776a710 (LWP 1759)):
[KCrash Handler]
#7  Konsole::Screen::fillWithDefaultChar (dest=0x10e57148, count=2137837446) at
../../../../apps/konsole/src/Screen.cpp:1359
#8  0x00470433 in Konsole::ScreenWindow::fillUnusedArea (this=0x9b74898) at
../../../../apps/konsole/src/ScreenWindow.cpp:93
#9  0x00470520 in Konsole::ScreenWindow::getImage (this=0x9b74898) at
../../../../apps/konsole/src/ScreenWindow.cpp:79
#10 0x00498a5e in Konsole::TerminalDisplay::updateImage (this=0x9b59d10) at
../../../../apps/konsole/src/TerminalDisplay.cpp:945
#11 0x0049969e in Konsole::TerminalDisplay::scrollBarPositionChanged
(this=0x9b59d10) at ../../../../apps/konsole/src/TerminalDisplay.cpp:1642
Comment 2 Dario Andres 2010-11-19 13:20:47 UTC
*** Bug 257300 has been marked as a duplicate of this bug. ***
Comment 3 Pino Toscano 2010-12-12 10:50:31 UTC
*** Bug 259580 has been marked as a duplicate of this bug. ***
Comment 4 Dario Andres 2010-12-17 18:52:34 UTC
[Comment from a bug triager]
From bug 260238:
-- Information about the crash:
I had a PHP script putting out millions of lines of data. I think it might have
been at 6 billion or something when I tried to scroll up, and Konsole crashed.
Comment 5 Dario Andres 2010-12-17 18:52:40 UTC
*** Bug 260238 has been marked as a duplicate of this bug. ***
Comment 6 Dave Plater 2010-12-17 20:55:37 UTC
I've also got my konsoles set on unlimited scrollback so maybe this is related to an overflow. I had a couple of very large > 200M konsole temp files when I was looking for disk space.
Comment 7 Ranju Mathew 2011-05-20 14:35:54 UTC
Created attachment 60184 [details]
New crash information added by DrKonqi

konsole (2.5.4) on KDE Platform 4.5.5 (KDE 4.5.5) using Qt 4.7.0

- What I was doing when the application crashed:
Using the scrollbar to scroll back for a very large buffer

- Custom settings of the application:
Unlimited scrollback buffer

-- Backtrace (Reduced):
#7  Konsole::Screen::fillWithDefaultChar (dest=0xb25e7dd8, count=1910861213) at ../../../../apps/konsole/src/Screen.cpp:1359
#8  0x0081c4a3 in Konsole::ScreenWindow::fillUnusedArea (this=0x8c487c8) at ../../../../apps/konsole/src/ScreenWindow.cpp:93
#9  0x0081c590 in Konsole::ScreenWindow::getImage (this=0x8c487c8) at ../../../../apps/konsole/src/ScreenWindow.cpp:79
#10 0x00844ace in Konsole::TerminalDisplay::updateImage (this=0x8cbf940) at ../../../../apps/konsole/src/TerminalDisplay.cpp:945
#11 0x0084570e in Konsole::TerminalDisplay::scrollBarPositionChanged (this=0x8cbf940) at ../../../../apps/konsole/src/TerminalDisplay.cpp:1642
Comment 8 Christian Damkjer George 2011-08-02 06:50:31 UTC
Created attachment 62453 [details]
New crash information added by DrKonqi

konsole (2.6.2) on KDE Platform 4.6.2 (4.6.2) using Qt 4.7.2

- What I was doing when the application crashed:

I was scrolling up using the scroll bar.

Before the crash there was a lot of lines and there were coming new lines at the bottom all the time. Then I scrolled up and then it crashed.

-- Backtrace (Reduced):
#6  Konsole::Screen::fillWithDefaultChar (dest=<value optimized out>, count=2094621236) at ../../../konsole/src/Screen.cpp:1359
#7  0x00007fab9766176e in Konsole::ScreenWindow::getImage (this=0x22c4400) at ../../../konsole/src/ScreenWindow.cpp:79
#8  0x00007fab976862c1 in Konsole::TerminalDisplay::updateImage (this=0x227fb50) at ../../../konsole/src/TerminalDisplay.cpp:951
#9  0x00007fab97686dde in Konsole::TerminalDisplay::qt_metacall (this=0x227fb50, _c=QMetaObject::InvokeMetaMethod, _id=21, _a=0x7fff19819bd0) at ./TerminalDisplay.moc:146
[...]
#11 0x00007fab95f9fe0e in QAbstractSlider::valueChanged (this=<value optimized out>, _t1=87830348) at .moc/release-shared/moc_qabstractslider.cpp:182
Comment 9 Dario Andres 2011-08-07 15:57:53 UTC
[Comment from a bug triager]
From bug 272878 (KDE SC 4.4.5):
-- Information about the crash:
Unlimited history was activated (the computer wasn't OOM).

I noticed a little bug a few minutes before the crash. I couln't paste text
using middle-click or right-click->paste : it was always pasting "1" regardless
of the selected text.
Comment 10 Dario Andres 2011-08-07 15:57:56 UTC
*** Bug 272878 has been marked as a duplicate of this bug. ***
Comment 11 Jekyll Wu 2011-08-15 08:42:42 UTC
*** Bug 278903 has been marked as a duplicate of this bug. ***
Comment 12 Jekyll Wu 2012-02-02 15:39:39 UTC
*** Bug 293149 has been marked as a duplicate of this bug. ***
Comment 13 Kurt Hindenburg 2012-02-02 16:43:34 UTC
Has anyone reproduced this using KDE 4.8 or a recent master?  I couldn't get it to crash.
Comment 14 Francesco Cecconi 2012-02-02 17:06:34 UTC
Tested with a ruby script and one million of lines, no crash with KDE sc 4.8 and konsole 2.8.
Comment 15 Jekyll Wu 2012-06-08 12:59:13 UTC
*** Bug 301442 has been marked as a duplicate of this bug. ***
Comment 16 Kurt Hindenburg 2012-06-09 19:50:05 UTC
Git commit af20d278710c142646fa82a494a8312fdbfdac08 by Kurt Hindenburg.
Committed on 09/06/2012 at 21:49.
Pushed by hindenburg into branch 'master'.

check to handle issue w/ fillWithDefaultChar given huge -count

    Previously, the count could be a huge negative number which could
    exceed what an int can handle.  Also, there's no reason to calculate
    this number if it will be negative.

M  +6    -0    src/ScreenWindow.cpp

http://commits.kde.org/konsole/af20d278710c142646fa82a494a8312fdbfdac08