Bug 436916

Summary: Konsole Crashes When Zooming in Amp Editor
Product: [Applications] konsole Reporter: Mosin <rando7>
Component: generalAssignee: Konsole Developer <konsole-devel>
Status: RESOLVED FIXED    
Severity: normal CC: a.samirh78, cbc.alves, me, micraft.b, nate, ninjalj
Priority: NOR    
Version: 21.04.0   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
See Also: https://bugs.kde.org/show_bug.cgi?id=436676
Latest Commit: https://invent.kde.org/utilities/konsole/commit/2a78bb6ef3b81d1b381c0f48d4141597a4c953fa Version Fixed In:
Attachments: Backtrace on latest ArchLinux

Description Mosin 2021-05-11 09:37:53 UTC 
SUMMARY
In amp (https://amp.rs) editor, zooming causes a crash. This is reproducible on two Manjaro systems and on Arch Linux by another user, see this issue:https://github.com/jmacdonald/amp/issues/224

STEPS TO REPRODUCE
1. Open amp in Konsole
2. Use Ctrl+Scroll to Zoom in and out

OBSERVED RESULT
Konsole crashes

EXPECTED RESULT
Konsole does not crash

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Manjaro 21.0.3
(available in About System)
KDE Plasma Version: 5.21.5
KDE Frameworks Version: 5.82.0
Qt Version: 5.15.2

ADDITIONAL INFORMATION
Zooming does work, it just that it crashes after zooming in too far/zooming in and out.
Comment 1 Mosin 2021-05-11 10:01:59 UTC 
Created attachment 138335 [details]
Backtrace on latest ArchLinux

from another user
Comment 2 ninjalj 2021-05-25 20:47:08 UTC 

*** This bug has been marked as a duplicate of bug 436676 ***
Comment 3 ninjalj 2021-05-27 20:10:40 UTC 
Reopening, as apparently amp.rs crashes the new reflow code in more than one way. 

Repeatedly zooming in/out:

#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#1  0x00007ffff54b4557 in __GI_abort () at abort.c:79
#2  0x00007ffff5a26c27 in QMessageLogger::fatal(char const*, ...) const () from /usr/lib64/libQt5Core.so.5
#3  0x00007ffff5a26016 in qt_assert_x(char const*, char const*, char const*, int) () from /usr/lib64/libQt5Core.so.5
#4  0x00007ffff7ddcdf5 in QVector<QVector<Konsole::Character> >::operator[] (this=0x555555b05090, i=0) at /usr/include/qt5/QtCore/qvector.h:462
#5  0x00007ffff7ddadcb in Konsole::Screen::fastAddHistLine (this=0x555555b05080) at /home/lj/src/term/konsole/src/Screen.cpp:1594
#6  0x00007ffff7dd68bd in Konsole::Screen::resizeImage (this=0x555555b05080, new_lines=13, new_columns=73) at /home/lj/src/term/konsole/src/Screen.cpp:445
#7  0x00007ffff7dbce4a in Konsole::Emulation::setImageSize (this=0x555555def980, lines=13, columns=73) at /home/lj/src/term/konsole/src/Emulation.cpp:314
#8  0x00007ffff7e8aeb5 in Konsole::Session::updateTerminalSize (this=0x555555a6c640) at /home/lj/src/term/konsole/src/session/Session.cpp:753
[...]
(gdb) frame 6
#6  0x00007ffff7dd68bd in Konsole::Screen::resizeImage (this=0x555555b05080, new_lines=13, new_columns=73) at /home/lj/src/term/konsole/src/Screen.cpp:445
445                 fastAddHistLine();
(gdb) p cursorLine
$12 = -16
Comment 4 ninjalj 2021-06-22 11:42:43 UTC 
Another crash:

ASSERT failure in QList<T>::at: "index out of range", file /usr/include/qt5/QtCore/qlist.h, line 571

Thread 1 "konsole" received signal SIGABRT, Aborted.
__GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
49      ../sysdeps/unix/sysv/linux/raise.c: No existe el fichero o el directorio.
(gdb) bt
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#1  0x00007ffff54ab557 in __GI_abort () at abort.c:79
#2  0x00007ffff5a1dc27 in QMessageLogger::fatal(char const*, ...) const () from /usr/lib64/libQt5Core.so.5
#3  0x00007ffff5a1d016 in qt_assert_x(char const*, char const*, char const*, int) () from /usr/lib64/libQt5Core.so.5
#4  0x00007ffff7e11d5b in QList<int>::at (this=0x555555857cc0, i=258) at /usr/include/qt5/QtCore/qlist.h:571
#5  0x00007ffff7e11cb3 in Konsole::CompactHistoryScroll::startOfLine (this=0x555555857ca0, line=259) at /home/lj/src/term/konsole/src/history/compact/CompactHistoryScroll.h:57
#6  0x00007ffff7e11a49 in Konsole::CompactHistoryScroll::reflowLines (this=0x555555857ca0, columns=105) at /home/lj/src/term/konsole/src/history/compact/CompactHistoryScroll.cpp:155
#7  0x00007ffff7dcf998 in Konsole::Screen::resizeImage (this=0x5555559bacd0, new_lines=25, new_columns=105) at /home/lj/src/term/konsole/src/Screen.cpp:448
#8  0x00007ffff7db5f18 in Konsole::Emulation::setImageSize (this=0x555555dbf570, lines=25, columns=105) at /home/lj/src/term/konsole/src/Emulation.cpp:314
#9  0x00007ffff7e88953 in Konsole::Session::updateTerminalSize (this=0x555555996b30) at /home/lj/src/term/konsole/src/session/Session.cpp:757
#10 0x00007ffff7e8879a in Konsole::Session::onViewSizeChange (this=0x555555996b30) at /home/lj/src/term/konsole/src/session/Session.cpp:730
[...]

(gdb) frame 6
#6  0x00007ffff7e11a49 in Konsole::CompactHistoryScroll::reflowLines (this=0x555555857ca0, columns=105) at /home/lj/src/term/konsole/src/history/compact/CompactHistoryScroll.cpp:155
155                 endLine = startOfLine(currentPos + 1);
(gdb) print getLines()
$1 = 258
Comment 5 ninjalj 2021-06-22 11:43:14 UTC 
A warning:

(gdb) b HistoryFile.cpp:164
Breakpoint 2 at 0x7ffff7e0e9ec: file /home/lj/src/term/konsole/src/history/HistoryFile.cpp, line 164.
(gdb) c
Continuing.
getHist(...,1,3630): invalid args.

Thread 1 "konsole" hit Breakpoint 2, Konsole::HistoryFile::get (this=0x555556184218, buffer=0x7fffffffc557 "", size=1, loc=3630) at /home/lj/src/term/konsole/src/history/HistoryFile.cpp:164
164             return;
(gdb) bt
#0  Konsole::HistoryFile::get (this=0x555556184218, buffer=0x7fffffffc557 "", size=1, loc=3630) at /home/lj/src/term/konsole/src/history/HistoryFile.cpp:164
#1  0x00007ffff7e0f590 in Konsole::HistoryScrollFile::getLineProperty (this=0x5555561841a0, lineno=3630) at /home/lj/src/term/konsole/src/history/HistoryScrollFile.cpp:55
#2  0x00007ffff7e0f50d in Konsole::HistoryScrollFile::isWrappedLine (this=0x5555561841a0, lineno=3630) at /home/lj/src/term/konsole/src/history/HistoryScrollFile.cpp:48
#3  0x00007ffff7e0fa0f in Konsole::HistoryScrollFile::reflowLines (this=0x5555561841a0, columns=110) at /home/lj/src/term/konsole/src/history/HistoryScrollFile.cpp:130
#4  0x00007ffff7dcf998 in Konsole::Screen::resizeImage (this=0x5555559bb110, new_lines=19, new_columns=110) at /home/lj/src/term/konsole/src/Screen.cpp:448
#5  0x00007ffff7db5f18 in Konsole::Emulation::setImageSize (this=0x555555dbfbc0, lines=19, columns=110) at /home/lj/src/term/konsole/src/Emulation.cpp:314
#6  0x00007ffff7e88983 in Konsole::Session::updateTerminalSize (this=0x55555591f550) at /home/lj/src/term/konsole/src/session/Session.cpp:757
#7  0x00007ffff7e887ca in Konsole::Session::onViewSizeChange (this=0x55555591f550) at /home/lj/src/term/konsole/src/session/Session.cpp:730
[...]

(gdb) p size
$6 = 1
(gdb) p loc
$7 = 3630
(gdb) p _length
$8 = 3630
Comment 6 Bug Janitor Service 2021-06-22 11:44:21 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/utilities/konsole/-/merge_requests/417
Comment 7 tcanabrava 2021-06-24 08:32:34 UTC 
Git commit 2a78bb6ef3b81d1b381c0f48d4141597a4c953fa by Tomaz  Canabrava, on behalf of Luis Javier Merino MorĂ¡n.
Committed on 24/06/2021 at 08:32.
Pushed by tcanabrava into branch 'master'.

Fix crash/warn on history reflow

When the last line in history was marked as wrapped, the history reflow
algorithm could try to make an out-of-bound access.

These were found via repeteadly zooming-in and out in the amp.rs editor
(available through Rust's cargo tool).  amp.rs writes in the normal
buffer (not in the alternate buffer).

While at it, add a Q_ASSERT in HistoryScrollFile::startOfLine() to
ensure parameters are in range.  Note that after an addCells()/addLine()
pair, HistoryScrollFile::startOfLine(getLines) always has the same value
as _cells.len().

M  +5    -3    src/history/HistoryScrollFile.cpp
M  +1    -1    src/history/compact/CompactHistoryScroll.cpp

https://invent.kde.org/utilities/konsole/commit/2a78bb6ef3b81d1b381c0f48d4141597a4c953fa