Bug 461478 - Crash when entering RTL text ended with an RLM.
Summary: Crash when entering RTL text ended with an RLM.
Status: RESOLVED FIXED
Alias: None
Product: konsole
Classification: Applications
Component: general (show other bugs)
Version: master
Platform: Other Linux
: NOR crash
Target Milestone: ---
Assignee: Konsole Developer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-11-06 00:43 UTC by ninjalj
Modified: 2022-11-09 23:32 UTC (History)
0 users

See Also:
Latest Commit: https://invent.kde.org/utilities/konsole/commit/da3b7b1d0e7dc5d3894b7c111f88627b308a24d6
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description ninjalj 2022-11-06 00:43:46 UTC 
SUMMARY

konsole with BiDi enabled crashes when pasting the following word taken from bug #450219 :

שלום.‏

that has a RLM at the end:

$ printf 'שלום.‏' | iconv -f utf-8 -t utf16le | od -tx2
0000000 05e9 05dc 05d5 05dd 002e 200f
0000014

ADDITIONAL INFORMATION


Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fa8931439dc in Konsole::TerminalPainter::drawBelowText (this=this@entry=0x5591e7e0c5a0, painter=..., rect=..., style=style@entry=0x5591e8195d90, startX=startX@entry=0, 
    width=width@entry=1, fontWidth=8, colorTable=0x5591e7f3371c, invertedRendition=false, vis2line=0x7ffec559e6b0, line2log=0x7ffec559d6b0, bidiEnabled=true, background=...)
    at /home/lj/src/term/konsole/src/terminalDisplay/TerminalPainter.cpp:706
706                 if (style[x].rendition.f.selected && invertedRendition) {


(gdb) p x
$1 = 16712130
(gdb) p/x x
$2 = 0xff01c2
(gdb) p i
$3 = 0
(gdb) p startX
$4 = 0
(gdb) p bidiEnabled
$5 = true
(gdb) x/1024xd vis2line
0x7ffec559e6b0: 5       4       3       2
0x7ffec559e6c0: 1       6       7       8
0x7ffec559e6d0: 9       10      11      12
0x7ffec559e6e0: 13      14      15      16
0x7ffec559e6f0: 17      18      19      20
0x7ffec559e700: 21      22      23      24
0x7ffec559e710: 25      26      27      28
0x7ffec559e720: 29      30      31      32
0x7ffec559e730: 33      34      35      36
0x7ffec559e740: 37      38      39      40
0x7ffec559e750: 41      42      43      44
0x7ffec559e760: 45      46      47      48
0x7ffec559e770: 49      50      51      52
0x7ffec559e780: 53      54      55      56
0x7ffec559e790: 57      58      59      60
0x7ffec559e7a0: 61      62      63      64
0x7ffec559e7b0: 65      66      67      68
0x7ffec559e7c0: 69      70      71      72
0x7ffec559e7d0: 73      74      75      76
0x7ffec559e7e0: 77      78      79      80
0x7ffec559e7f0: 81      82      83      84
0x7ffec559e800: 85      86      87      88
0x7ffec559e810: 89      90      91      92
0x7ffec559e820: 93      94      95      96
0x7ffec559e830: 97      98      99      100
0x7ffec559e840: 101     102     103     104
0x7ffec559e850: 105     106     107     108
0x7ffec559e860: 109     110     -406961920      21905
0x7ffec559e870: -1868842496     0       1       0
0x7ffec559e880: -406961968      21905   28357120        905982809
0x7ffec559e890: 1       -1720404812     -272    -1
0x7ffec559e8a0: 11      0       -406961920      21905
0x7ffec559e8b0: -1862329504     32680   1       0
0x7ffec559e8c0: -406961968      21905   -1877029758     32680
0x7ffec559e8d0: -406961920      21905   -405334992      21905
0x7ffec559e8e0: -406961920      21905   1       0
0x7ffec559e8f0: -406961968      21905   -1862297769     32680
0x7ffec559e900: 1       -57826  -406961944      21905
0x7ffec559e910: -403519632      21905   -983963312      32766
0x7ffec559e920: -403519520      21905   28357120        905982809
0x7ffec559e930: -410690400      21905   -272    -1
0x7ffec559e940: 11      0       -983963224      32766
0x7ffec559e950: -403519520      21905   -403519520      21905
0x7ffec559e960: -983962400      32766   -1877029758     32680
0x7ffec559e970: -403519520      21905   -1862295728     32680
0x7ffec559e980: -403519520      21905   -403519632      21905
--Type <RET> for more, q to quit, c to continue without paging--q
Quit
(gdb) x/120xd line2log
0x7ffec559d6b0: 0       1       2       3
0x7ffec559d6c0: 4       16712130        5       6
0x7ffec559d6d0: 7       8       9       10
0x7ffec559d6e0: 11      12      13      14
0x7ffec559d6f0: 15      16      17      18
0x7ffec559d700: 19      20      21      22
0x7ffec559d710: 23      24      25      26
0x7ffec559d720: 27      28      29      30
0x7ffec559d730: 31      32      33      34
0x7ffec559d740: 35      36      37      38
0x7ffec559d750: 39      40      41      42
0x7ffec559d760: 43      44      45      46
0x7ffec559d770: 47      48      49      50
0x7ffec559d780: 51      52      53      54
0x7ffec559d790: 55      56      57      58
0x7ffec559d7a0: 59      60      61      62
0x7ffec559d7b0: 63      64      65      66
0x7ffec559d7c0: 67      68      69      70
0x7ffec559d7d0: 71      72      73      74
0x7ffec559d7e0: 75      76      77      78
0x7ffec559d7f0: 79      80      81      82
0x7ffec559d800: 83      84      85      86
0x7ffec559d810: 87      88      89      90
0x7ffec559d820: 91      92      93      94
0x7ffec559d830: 95      96      97      98
0x7ffec559d840: 99      100     101     102
0x7ffec559d850: 103     104     105     106
0x7ffec559d860: 107     108     109     0
0x7ffec559d870: -1860788480     32680   -1860792992     32680
0x7ffec559d880: -1862745440     32680   -1862745152     32680
Comment 1 Bug Janitor Service 2022-11-08 20:03:10 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/utilities/konsole/-/merge_requests/769
Comment 2 Matan Ziv-Av 2022-11-09 23:32:09 UTC 
Git commit da3b7b1d0e7dc5d3894b7c111f88627b308a24d6 by Matan Ziv-Av.
Committed on 09/11/2022 at 11:30.
Pushed by hindenburg into branch 'master'.

Fix bug in Bidi mapping visual to logical positions

There are three positions for each character:
- Logical (where it is in the text, extended characters count as one)
- Visual (where it is on the screen)
- Line (where it is in the text, extended characters are expanded).

In TerminalDisplay::bidiMap, the calculation of visual to line map, used
logical instead of visual in one place. This causes using an uninitialized
memory as an index to an array, as well as other issues.

When no extended characters are used, line and logical are the same. When
no bidi characters (Arabic or Hebrew) are used, visual and logical are the
same.

M  +5    -4    src/terminalDisplay/TerminalDisplay.cpp
M  +9    -23   src/terminalDisplay/TerminalPainter.cpp
M  +2    -0    src/terminalDisplay/TerminalPainter.h

https://invent.kde.org/utilities/konsole/commit/da3b7b1d0e7dc5d3894b7c111f88627b308a24d6