Bug 402452

Summary: Crash in Konsole::TerminalDisplay::extendSelection after 4e09f089f940335bdd628139e870ba99721fddfa
Product: [Applications] konsole Reporter: Martin Sandsmark <martin.sandsmark>
Component: generalAssignee: Konsole Developer <konsole-devel>
Status: RESOLVED WORKSFORME    
Severity: normal CC: cfeck, justin.zobel, khindenburg, nate
Priority: NOR    
Version: master   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Martin Sandsmark 2018-12-22 10:29:09 UTC
4e09f089f940335bdd628139e870ba99721fddfa tries to read out of bounds when you double click to select a whole empty line, and hold down the mouse button and drag to the right.

ASSERT: "x >= 0 && x < _columns" in file ../src/TerminalDisplay.cpp, line 87
Thread 1 "konsole" received signal SIGABRT, Aborted.
0x00007ffff577dd7f in raise () from /usr/lib/libc.so.6
(gdb) bt
#0  0x00007ffff577dd7f in raise () from /usr/lib/libc.so.6
#1  0x00007ffff5768672 in abort () from /usr/lib/libc.so.6
#2  0x00007ffff5cbe7fc in QMessageLogger::fatal(char const*, ...) const () from /usr/lib/libQt5Core.so.5
#3  0x00007ffff5cbdc28 in qt_assert(char const*, char const*, int) () from /usr/lib/libQt5Core.so.5
#4  0x00007ffff7eae748 in Konsole::TerminalDisplay::loc (this=0x5555558494f0, x=116, y=17) at ../src/TerminalDisplay.cpp:87
#5  0x00007ffff7ea8b20 in Konsole::TerminalDisplay::findWordEnd (this=0x5555558494f0, pnt=...) at ../src/TerminalDisplay.cpp:3021
#6  0x00007ffff7ea6c06 in Konsole::TerminalDisplay::extendSelection (this=0x5555558494f0, position=...) at ../src/TerminalDisplay.cpp:2555
#7  0x00007ffff7ea65bb in Konsole::TerminalDisplay::mouseMoveEvent (this=0x5555558494f0, ev=0x7fffffffd830) at ../src/TerminalDisplay.cpp:2477
[...]
(gdb) f 4
#4  0x00007ffff7eae748 in Konsole::TerminalDisplay::loc (this=0x5555558494f0, x=116, y=17) at ../src/TerminalDisplay.cpp:87
87          Q_ASSERT(x >= 0 && x < _columns);
(gdb) p _columns
$1 = 116
Comment 1 Martin Sandsmark 2018-12-22 10:37:50 UTC
this is a minimal diff that fixes it, but someone who's familiar with this code should verify that everything that calls getCharacterPosition() is correct.

diff --git src/TerminalDisplay.cpp src/TerminalDisplay.cpp
index 5b437937..a2d5ad17 100644
--- src/TerminalDisplay.cpp
+++ src/TerminalDisplay.cpp
@@ -2528,7 +2528,7 @@ void TerminalDisplay::extendSelection(const QPoint& position)
int charColumn = 0;
int charLine = 0;
-    getCharacterPosition(pos, charLine, charColumn, true);
+    getCharacterPosition(pos, charLine, charColumn, false);
QPoint here = QPoint(charColumn, charLine);
QPoint ohere;
Comment 2 Kurt Hindenburg 2018-12-22 15:33:41 UTC
thanks
Comment 3 Martin Sandsmark 2018-12-22 18:36:15 UTC
I think this is the most correct fix (I'd feel better if I refactored everything, but that's for another day): https://phabricator.kde.org/D17740
Comment 4 Kurt Hindenburg 2018-12-29 14:04:44 UTC
Git commit b85bbaa8c8807ab3619cddc35b634c2bb43e09fb by Kurt Hindenburg, on behalf of Pavel Khlebovich.
Committed on 29/12/2018 at 14:04.
Pushed by hindenburg into branch 'master'.

Fix crash in extendSelection

Summary:
Fix crash when doing word selection or line selection
and moving the cursor to the end of the screen.
After 4e09f089f940335bdd628139e870ba99721fddfa
Konsole tries to read out of bounds when you double
click to select a whole empty line, and hold down the
mouse button and drag to the right.

Note: still crashes with on some extendSelections
such when y=-1

Test Plan:
Doesn't crash anymore, selecting the last column works,
both in normal selection, line selection and word selection.

Reviewers: #konsole, hindenburg

Reviewed By: #konsole, hindenburg

Differential Revision: https://phabricator.kde.org/D17757

M  +7    -1    src/TerminalDisplay.cpp

https://commits.kde.org/konsole/b85bbaa8c8807ab3619cddc35b634c2bb43e09fb
Comment 5 Kurt Hindenburg 2018-12-30 04:02:33 UTC
Git commit ef3773b8753b7553fc09c8cb020925388b05bc73 by Kurt Hindenburg, on behalf of Pavel Khlebovich.
Committed on 30/12/2018 at 04:00.
Pushed by hindenburg into branch 'Applications/18.12'.

Fix crash in extendSelection

Summary:
Fix crash when doing word selection or line selection
and moving the cursor to the end of the screen.
After 4e09f089f940335bdd628139e870ba99721fddfa
Konsole tries to read out of bounds when you double
click to select a whole empty line, and hold down the
mouse button and drag to the right.

Note: still crashes with on some extendSelections
such when y=-1

Test Plan:
Doesn't crash anymore, selecting the last column works,
both in normal selection, line selection and word selection.

Reviewers: #konsole, hindenburg

Reviewed By: #konsole, hindenburg

Differential Revision: https://phabricator.kde.org/D17757

(cherry picked from commit b85bbaa8c8807ab3619cddc35b634c2bb43e09fb)

M  +7    -1    src/TerminalDisplay.cpp

https://commits.kde.org/konsole/ef3773b8753b7553fc09c8cb020925388b05bc73
Comment 6 Nate Graham 2019-01-21 20:24:23 UTC
We had to revert https://commits.kde.org/konsole/ef3773b8753b7553fc09c8cb020925388b05bc73because it caused a critical regression in the stable branch: Bug 403117.

Re-opening.
Comment 7 Justin Zobel 2020-11-03 06:37:19 UTC
I can't seem to replicate the crash on the latest konsole from git master.

I've highlighted a whole blank line and then tried to drag it to the right.

Can you please confirm if this is still an issue, thanks.
Comment 8 Bug Janitor Service 2020-11-18 04:33:51 UTC
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 9 Bug Janitor Service 2020-12-03 04:34:07 UTC
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!