Bug 309954 - Unexpected konsole crash
Summary: Unexpected konsole crash
Status: RESOLVED UNMAINTAINED
Alias: None
Product: konsole
Classification: Applications
Component: general (show other bugs)
Version: 2.9.3
Platform: Ubuntu Linux
: NOR crash
Target Milestone: ---
Assignee: Konsole Developer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-12 11:23 UTC by Nick Leverton
Modified: 2017-02-13 02:00 UTC (History)
1 user (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Nick Leverton 2012-11-12 11:23:33 UTC 
Application: konsole (2.9.3)
KDE Platform Version: 4.9.3
Qt Version: 4.8.3
Operating System: Linux 3.5.0-18-generic i686
Distribution: Ubuntu 12.10

-- Information about the crash:
I had just rebooted after upgrading from 4.9.3 to 4.9.4.  I have a manually saved KDE session which is set to restore at boot.  It includes two konsole sessions each with multiple tabs.

Konsole had loaded but konqui was still reloading its pre-shutdown windows (from the automatic state save, they are not part of the saved session).  as i was in a hurry I started using konsole.

I typed in a password for ssh-agent and then started an apt-get update for anything that had been further changed over the weekend.  konsole crashed whilst this was in progress (note update, not upgrade, so no binaries should have been replaced).

this is the only konsole crash i can recall since starting on kde 2.2 so it's slightly worrying that a simple isspace() appears to have been the call in which it crashed :-(

-- Backtrace:
Application: Konsole (konsole), signal: Segmentation fault
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0xb4868740 (LWP 3734))]

Thread 2 (Thread 0xb104bb40 (LWP 4096)):
#0  0xb564cdcd in __GI_clock_gettime (clock_id=1, tp=0xb104af78) at ../sysdeps/unix/clock_gettime.c:116
#1  0xb6bc2fb5 in do_gettime (frac=0xb104af70, sec=0xb104af68) at tools/qelapsedtimer_unix.cpp:123
#2  qt_gettime () at tools/qelapsedtimer_unix.cpp:140
#3  0xb6caa36e in QTimerInfoList::updateCurrentTime (this=0xb0701974) at kernel/qeventdispatcher_unix.cpp:343
#4  0x7fffffff in ?? ()
#5  0xb6caa6fa in QTimerInfoList::timerWait (this=0xb0701974, tm=...) at kernel/qeventdispatcher_unix.cpp:450
#6  0x7fffffff in ?? ()

Thread 1 (Thread 0xb4868740 (LWP 3734)):
[KCrash Handler]
#7  isSpace (this=<optimized out>) at ../../src/Character.h:162
#8  Konsole::TerminalDisplay::paintFilters (this=this@entry=0x9792a80, painter=...) at ../../src/TerminalDisplay.cpp:1206
#9  0xb75946f1 in Konsole::TerminalDisplay::paintEvent (this=0x9792a80, pe=0xbfebd31c) at ../../src/TerminalDisplay.cpp:1134
#10 0xb61c07b7 in QWidget::event (this=0x9792a80, event=0xbfebd31c) at kernel/qwidget.cpp:8517
#11 0xb758fcec in event (event={bool (QEvent *, Konsole::TerminalDisplay * const)} 0xb758fce0 <Konsole::TerminalDisplay::event(QEvent*)+48>, this=0x9792a80) at ../../src/TerminalDisplay.cpp:2795
#12 Konsole::TerminalDisplay::event (this=0x9792a80, event=0xbfebd31c) at ../../src/TerminalDisplay.cpp:2781
#13 0xb616739c in QApplicationPrivate::notify_helper (this=0x95dab60, receiver=0x9792a80, e=0xbfebd31c) at kernel/qapplication.cpp:4562
#14 0xb616be54 in QApplication::notify (this=0x95dab60, receiver=0x9792a80, e=0xbfebd31c) at kernel/qapplication.cpp:4423
#15 0xb7287e91 in KApplication::notify (this=0xbfebeadc, receiver=0x9792a80, event=0xbfebd31c) at ../../kdeui/kernel/kapplication.cpp:311
#16 0xb6c7778e in QCoreApplication::notifyInternal (this=0xbfebeadc, receiver=0x9792a80, event=0xbfebd31c) at kernel/qcoreapplication.cpp:915
#17 0xb61bbec3 in sendSpontaneousEvent (event=<optimized out>, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#18 QWidgetPrivate::drawWidget (this=0x97b3420, pdev=0x973f260, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9644600) at kernel/qwidget.cpp:5594
#19 0xb61bc9f2 in QWidgetPrivate::paintSiblingsRecursive (this=0x975f0d8, pdev=0x973f260, siblings=..., index=<optimized out>, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9644600) at kernel/qwidget.cpp:5803
#20 0xb61bb9fd in QWidgetPrivate::drawWidget (this=0x975f0d8, pdev=0x973f260, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9644600) at kernel/qwidget.cpp:5647
#21 0xb61bc9f2 in QWidgetPrivate::paintSiblingsRecursive (this=0x975ef90, pdev=0x973f260, siblings=..., index=<optimized out>, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9644600) at kernel/qwidget.cpp:5803
#22 0xb61bb9fd in QWidgetPrivate::drawWidget (this=0x975ef90, pdev=0x973f260, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9644600) at kernel/qwidget.cpp:5647
#23 0xb61bc9f2 in QWidgetPrivate::paintSiblingsRecursive (this=0x96be508, pdev=0x973f260, siblings=..., index=<optimized out>, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9644600) at kernel/qwidget.cpp:5803
#24 0xb61bb9fd in QWidgetPrivate::drawWidget (this=0x96be508, pdev=0x973f260, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9644600) at kernel/qwidget.cpp:5647
#25 0xb61bc9f2 in QWidgetPrivate::paintSiblingsRecursive (this=0x96da220, pdev=0x973f260, siblings=..., index=<optimized out>, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9644600) at kernel/qwidget.cpp:5803
#26 0xb61bb9fd in QWidgetPrivate::drawWidget (this=0x96da220, pdev=0x973f260, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9644600) at kernel/qwidget.cpp:5647
#27 0xb61bc9f2 in QWidgetPrivate::paintSiblingsRecursive (this=0x96c91c0, pdev=0x973f260, siblings=..., index=<optimized out>, rgn=..., offset=..., flags=4, sharedPainter=0x0, backingStore=0x9644600) at kernel/qwidget.cpp:5803
#28 0xb61bb9fd in QWidgetPrivate::drawWidget (this=0x96c91c0, pdev=0x973f260, rgn=..., offset=..., flags=5, sharedPainter=0x0, backingStore=0x9644600) at kernel/qwidget.cpp:5647
#29 0xb63b3474 in QWidgetBackingStore::sync (this=0x9644600) at painting/qbackingstore.cpp:1373
#30 0xb61afa4b in QWidgetPrivate::syncBackingStore (this=0x96c91c0) at kernel/qwidget.cpp:1892
#31 0xb61e0a44 in QETWidget::translateConfigEvent (this=0x96c78e0, event=0xbfebe71c) at kernel/qapplication_x11.cpp:5780
#32 0xb61f2349 in QApplication::x11ProcessEvent (this=0xbfebeadc, event=0xbfebe71c) at kernel/qapplication_x11.cpp:3642
#33 0xb621ddc4 in x11EventSourceDispatch (s=s@entry=0x96118a8, callback=0x0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#34 0xb55949e3 in g_main_dispatch (context=0x9594e90) at /build/buildd/glib2.0-2.34.0/./glib/gmain.c:2715
#35 g_main_context_dispatch (context=context@entry=0x9594e90) at /build/buildd/glib2.0-2.34.0/./glib/gmain.c:3219
#36 0xb5594d80 in g_main_context_iterate (context=context@entry=0x9594e90, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at /build/buildd/glib2.0-2.34.0/./glib/gmain.c:3290
#37 0xb5594e61 in g_main_context_iteration (context=0x9594e90, may_block=1) at /build/buildd/glib2.0-2.34.0/./glib/gmain.c:3351
#38 0xb6ca9981 in QEventDispatcherGlib::processEvents (this=0x960af40, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#39 0xb621d9aa in QGuiEventDispatcherGlib::processEvents (this=0x960af40, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#40 0xb6c7626c in QEventLoop::processEvents (this=this@entry=0xbfebea18, flags=...) at kernel/qeventloop.cpp:149
#41 0xb6c76561 in QEventLoop::exec (this=0xbfebea18, flags=...) at kernel/qeventloop.cpp:204
#42 0xb6c7bcba in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1187
#43 0xb6164fc4 in QApplication::exec () at kernel/qapplication.cpp:3823
#44 0xb77c3360 in kdemain (argc=3, argv=0xbfebebc4) at ../../src/main.cpp:85
#45 0x0804854b in main (argc=3, argv=0xbfebebc4) at konsole_dummy.cpp:3

Reported using DrKonqi
Comment 1 Jekyll Wu 2012-11-12 12:03:40 UTC 
Thanks for reporting the crash.

The backtrace really look strange.  Here is the complete code of isSpace()

161    inline bool isSpace() const {
162        if (rendition & RE_EXTENDED_CHAR) {
163            return false;
164        } else {
165            return QChar(character).isSpace();
166        }
167    }

[Note, rendition is just a quint8 and RE_EXTENDED_CHAR is a constant int of value 32]

So a simple bitwise operation causes a crash ... That is beyond my knowledge. who should I blame on :)
Comment 2 Christoph Feck 2012-11-13 00:28:40 UTC 
"Character" is a class, and "rendition" is a member of that class. If the Character object is invalid, accessing rendition will cause a seg fault.

Check the caller, not the inline function :)
Comment 3 Kurt Hindenburg 2013-03-16 23:09:43 UTC 
Git commit a88f9cb417a2c56e224273bee12663a013c28485 by Kurt Hindenburg.
Committed on 17/03/2013 at 00:06.
Pushed by hindenburg into branch 'master'.

Check boundary of image to get valid Character

This crash in isSpace() is due to invalid Character; check for valid
array size before grabbing it.  No one can reproduce the crash but this
can't hurt hopefully.

M  +4    -0    src/TerminalDisplay.cpp

http://commits.kde.org/konsole/a88f9cb417a2c56e224273bee12663a013c28485