| Summary: | Out-of-bounds access in Screen::setSelectionEnd when selecting last line of scrolling text | ||
|---|---|---|---|
| Product: | [Applications] konsole | Reporter: | Alexander Burnett <aburnett> |
| Component: | general | Assignee: | Konsole Developer <konsole-devel> |
| Status: | RESOLVED FIXED | ||
| Severity: | crash | CC: | ninjalj |
| Priority: | NOR | ||
| Version: | 23.04.1 | ||
| Target Milestone: | --- | ||
| Platform: | Arch Linux | ||
| OS: | Linux | ||
| Latest Commit: | https://invent.kde.org/utilities/konsole/-/commit/28931090bcbcd577932f293c6e32cc5935f2bda5 | Version Fixed In: | v23.08.0 |
| Sentry Crash Report: | |||
| Attachments: | causes the window to scroll by printing lines of text | ||
A possibly relevant merge request was started @ https://invent.kde.org/utilities/konsole/-/merge_requests/856 Git commit 28931090bcbcd577932f293c6e32cc5935f2bda5 by Tomaz Canabrava, on behalf of Luis Javier Merino MorĂ¡n. Committed on 01/06/2023 at 06:24. Pushed by tcanabrava into branch 'master'. Adjust selection point coords when scrollback shrinks The selection point coordinates are relative to the start of the scrollback, so when the scrollback shrinks, either because it is limited to some amount of lines, or because it is cleared, we could end up with stale coordinates which could cause a crash on a subsequent selection extend operation. M +2 -0 src/Screen.cpp M +7 -0 src/terminalDisplay/TerminalDisplay.cpp M +1 -0 src/terminalDisplay/TerminalDisplay.h https://invent.kde.org/utilities/konsole/-/commit/28931090bcbcd577932f293c6e32cc5935f2bda5 |
Created attachment 159286 [details] causes the window to scroll by printing lines of text SUMMARY #0 0x00007ffff4a9f26c in ?? () from /usr/lib/libc.so.6 #1 0x00007ffff4a4fa08 in raise () from /usr/lib/libc.so.6 #2 0x00007ffff4a38538 in abort () from /usr/lib/libc.so.6 #3 0x00007ffff4c9ca6f in __gnu_cxx::__verbose_terminate_handler () at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/vterminate.cc:95 #4 0x00007ffff4cb011c in __cxxabiv1::__terminate (handler=<optimized out>) at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:48 #5 0x00007ffff4cb0189 in std::terminate () at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_terminate.cc:58 #6 0x00007ffff4cb03ed in __cxxabiv1::__cxa_throw (obj=<optimized out>, tinfo=0x7ffff4e6c0e8 <typeinfo for std::out_of_range>, dest=0x7ffff4cc85c0 <std::out_of_range::~out_of_range()>) at /usr/src/debug/gcc/gcc/libstdc++-v3/libsupc++/eh_throw.cc:98 #7 0x00007ffff4ca0269 in std::__throw_out_of_range_fmt (__fmt=<optimized out>) at /usr/src/debug/gcc/gcc/libstdc++-v3/src/c++11/functexcept.cc:101 #8 0x00007ffff7ac30dd in std::vector<QVector<Konsole::Character>, std::allocator<QVector<Konsole::Character> > >::_M_range_check (this=0x555555af8000, __n=36) at /usr/include/c++/13.1.1/bits/stl_vector.h:1155 #9 0x00007ffff7abf859 in std::vector<QVector<Konsole::Character>, std::allocator<QVector<Konsole::Character> > >::at (this=0x555555af8000, __n=36) at /usr/include/c++/13.1.1/bits/stl_vector.h:1177 #10 0x00007ffff7ab97a5 in Konsole::Screen::setSelectionEnd (this=0x555555af7ff0, x=0, y=38, trimTrailingWhitespace=false) at /home/alex/source/konsole/src/Screen.cpp:1821 #11 0x00007ffff7acca88 in Konsole::ScreenWindow::setSelectionEnd (this=0x555555c5e4a0, column=0, line=34, trimTrailingWhitespace=false) at /home/alex/source/konsole/src/ScreenWindow.cpp:145 #12 0x00007ffff7b616bf in Konsole::TerminalDisplay::extendSelection (this=0x555555c130d0, position=...) at /home/alex/source/konsole/src/terminalDisplay/TerminalDisplay.cpp:1491 #13 0x00007ffff7b60931 in Konsole::TerminalDisplay::mouseMoveEvent (this=0x555555c130d0, ev=0x7fffffffda20) at /home/alex/source/konsole/src/terminalDisplay/TerminalDisplay.cpp:1328 #14 0x00007ffff5faef57 in QWidget::event(QEvent*) () from /usr/lib/libQt5Widgets.so.5 #15 0x00007ffff7b68be3 in Konsole::TerminalDisplay::event (this=0x555555c130d0, event=0x7fffffffda20) at /home/alex/source/konsole/src/terminalDisplay/TerminalDisplay.cpp:2918 #16 0x00007ffff5f7893f in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5 #17 0x00007ffff5f7ddef in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5 #18 0x00007ffff529ab18 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5 #19 0x00007ffff5f7c12a in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool) () from /usr/lib/libQt5Widgets.so.5 #20 0x00007ffff5fcced5 in ?? () from /usr/lib/libQt5Widgets.so.5 #21 0x00007ffff5fcec27 in ?? () from /usr/lib/libQt5Widgets.so.5 #22 0x00007ffff5f7893f in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5 #23 0x00007ffff529ab18 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5 #24 0x00007ffff574121c in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) () from /usr/lib/libQt5Gui.so.5 #25 0x00007ffff572a955 in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Gui.so.5 #26 0x00007ffff435e8d5 in ?? () from /usr/lib/libQt5WaylandClient.so.5 #27 0x00007ffff15d0981 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #28 0x00007ffff162db39 in ?? () from /usr/lib/libglib-2.0.so.0 #29 0x00007ffff15ce032 in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #30 0x00007ffff52e9f0c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5 #31 0x00007ffff5299824 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5 #32 0x00007ffff529acc3 in QCoreApplication::exec() () from /usr/lib/libQt5Core.so.5 #33 0x000055555555aaf1 in main (argc=1, argv=0x7fffffffe438) at /home/alex/source/konsole/src/main.cpp:271 STEPS TO REPRODUCE 1. run scroll.py 2. wait for the cursor to reach the bottom 3. select the last line with the mouse ADDITIONAL INFORMATION Issue does not occur when the scrollback option is set to None.