Version: (using KDE KDE 3.4.2) Installed from: Debian testing/unstable Packages Compiler: GCC 4.0.2 OS: Linux After kdesktop_lock --forcelock is started, and the screen is locked, if Japanese UTF-8 characters are entered, it crashes with a segfault and no output message, and unlocks the screen. This is reproducible 100% on my system. I have installed Debian packages scim and scim-canna, and started scim using im-switch, i.e. the following commands are started when logging with kdm: /usr/sbin/cannaserver -u canna /usr/bin/scim -d The following environment variables are set: LANG=fr_FR.UTF-8 LC_CTYPE=ja_JP.UTF-8 XMODIFIERS=@im=SCIM GTK_IM_MODULE=scim This configuration works very fine for typing Japanese in any X applications, including any KDE applications. Except that it makes kdesktop_lock crash. Here is how I can predictably produce the bug: 1- start kdesktop_lock --forcelock (as it is started by KDE's lock button applet) 2- move the mouse to make the dialog appear 3- type CTRL+SPACE, to activate scim: the scim panel appears, and "Canna" (Japanese input system) should be selected as the IM method 4- type a few random characters in the password field (not the user password) 5- type ENTER: kdesktop_lock crashes with a segfault, which unlocks the screen Maybe this bug appears with other UTF-8 CTYPE locales (not only Japanese), and other X Input Method (not only scim), but I have not tested.
Confirmed, but actually it's a KPasswordEdit (or so) bug, because kdialog --password crashes as well. Backtrace indicates an infinite signal/slot recursion somewhere. (Don't try attaching gdb from a remote console to kdesktop_lock btw, that crashed my XOrg afterwards.) piece of kdialog bt: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 46912564185024 (LWP 31168)] 0x00002aaaab582786 in free () from /lib/libc.so.6 (gdb) bt #0 0x00002aaaab582786 in free () from /lib/libc.so.6 #1 0x00002aaaab58421b in malloc () from /lib/libc.so.6 #2 0x00002aaaab140f58 in operator new () from /usr/lib/libstdc++.so.6 #3 0x00002aaaac7ae973 in QGArray::newData () from /usr/lib/libqt-mt.so.3 #4 0x00002aaaac7aea9f in QGArray::QGArray () from /usr/lib/libqt-mt.so.3 #5 0x00002aaaac7a2ead in QMemArray<char>::QMemArray () from /usr/lib/libqt-mt.so.3 #6 0x00002aaaac7a114d in QCString::QCString () from /usr/lib/libqt-mt.so.3 #7 0x00002aaaac8001c5 in QUtf8Codec::fromUnicode () from /usr/lib/libqt-mt.so.3 #8 0x00002aaaac7fa429 in QTextCodec::fromUnicode () from /usr/lib/libqt-mt.so.3 #9 0x00002aaaac7d91bf in QString::local8Bit () from /usr/lib/libqt-mt.so.3 #10 0x00002aaaab9a8cec in KPasswordEdit::insert () from /usr/lib/libkdeui.so.4 #11 0x00002aaaab9a8b42 in KPasswordEdit::event () from /usr/lib/libkdeui.so.4 #12 0x00002aaaac4740b0 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3 #13 0x00002aaaac474e0c in QApplication::notify () from /usr/lib/libqt-mt.so.3 #14 0x00002aaaabdabdbe in KApplication::notify () from /usr/lib/libkdecore.so.4 #15 0x00002aaaac404c9a in QApplication::sendEvent () from /usr/lib/libqt-mt.so.3 #16 0x00002aaaac41c893 in QInputContext::reset () from /usr/lib/libqt-mt.so.3 #17 0x00002aaaac441f5a in QWidget::resetInputContext () from /usr/lib/libqt-mt.so.3 #18 0x00002aaaac5b2969 in QLineEdit::setText () from /usr/lib/libqt-mt.so.3 #19 0x00002aaaab9a897b in KPasswordEdit::showPass () from /usr/lib/libkdeui.so.4 #20 0x00002aaaab9a8d8b in KPasswordEdit::insert () from /usr/lib/libkdeui.so.4 #21 0x00002aaaab9a8b42 in KPasswordEdit::event () from /usr/lib/libkdeui.so.4 #22 0x00002aaaac4740b0 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3 #23 0x00002aaaac474e0c in QApplication::notify () from /usr/lib/libqt-mt.so.3 #24 0x00002aaaabdabdbe in KApplication::notify () from /usr/lib/libkdecore.so.4 #25 0x00002aaaac404c9a in QApplication::sendEvent () from /usr/lib/libqt-mt.so.3 #26 0x00002aaaac41c893 in QInputContext::reset () from /usr/lib/libqt-mt.so.3 #27 0x00002aaaac441f5a in QWidget::resetInputContext () from /usr/lib/libqt-mt.so.3 #28 0x00002aaaac5b2969 in QLineEdit::setText () from /usr/lib/libqt-mt.so.3 #29 0x00002aaaab9a897b in KPasswordEdit::showPass () from /usr/lib/libkdeui.so.4 #30 0x00002aaaab9a8d8b in KPasswordEdit::insert () from /usr/lib/libkdeui.so.4 #31 0x00002aaaab9a8b42 in KPasswordEdit::event () from /usr/lib/libkdeui.so.4 #32 0x00002aaaac4740b0 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3 #33 0x00002aaaac474e0c in QApplication::notify () from /usr/lib/libqt-mt.so.3 and so on. Debian unstable, scimm 1.4.2.
Created attachment 14263 [details] This fix should break the infinite recursion. (patch my maksim orlovich)
Security team: Please peview the attached patch and commit to branches and trunk before 3.5.1.
SVN commit 499214 by mueller: apply infinite recursion prevention CCBUG: 117257 M +2 -1 kpassdlg.cpp --- branches/KDE/3.5/kdelibs/kdeui/kpassdlg.cpp #499213:499214 @@ -233,7 +233,8 @@ case QEvent::IMEnd: { QIMEvent* const ie = (QIMEvent*) e; - insert( ie->text() ); + if (!ie->text().isEmpty()) + insert( ie->text() ); return true; }
SVN commit 499216 by mueller: apply infinite recursion prevention patch BUG: 117257 M +2 -1 kpassdlg.cpp --- branches/KDE/3.4/kdelibs/kdeui/kpassdlg.cpp #499215:499216 @@ -233,7 +233,8 @@ case QEvent::IMEnd: { QIMEvent* const ie = (QIMEvent*) e; - insert( ie->text() ); + if ( !ie->text().isEmpty() ) + insert( ie->text() ); return true; }
hmm, maybe not so quick.. do you have the immodule patch applied in qt? I think this triggers this crash..
I don't think so, I use a selfcompiled Qt from debian sources. According to Jonathan Riddell, they don't apply it (plus, grepping in that dir for immodule finds nothing).
Dirk: I deduced the fix by looking at normal Qt (qt-copy) sources.
ok then, lets bury it.