Bug 235160

Summary: SEGV when entering unicode from keyboard.
Product: [Fedora] Fedora Reporter: David Woodhouse <dwmw2>
Component: gnome-terminalAssignee: Behdad Esfahbod <behdad>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-04-04 11:42:05 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 150226    

Description David Woodhouse 2007-04-04 00:22:27 EDT
Description of problem:
gnome-terminal segfaults when entering unicode codes directly from the keyboard 

How reproducible:

Steps to Reproduce:
1. Start gnome-terminal
2. Hit Ctrl-Shift-u-2-6-6-5

Actual results:

Expected results:

Additional info:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 805515824 (LWP 29448)]
_XftLockFile (f=0x10217cf8) at xftfreetype.c:113
113             if (f->face && !f->lock)
(gdb) bt
#0  _XftLockFile (f=0x10217cf8) at xftfreetype.c:113
#1  0x0ee7d5e8 in XftLockFace (public=0x31f55008) at xftfreetype.c:355
#2  0x00a72f74 in _vte_xft_open_font_for_char (font=0x100d2980, c=0,
locked_fonts=0x1020c6d0) at vtexft.c:232
#3  0x00a74a24 in _vte_xft_draw_text (draw=0x100f9140, requests=0x105b5198,
n_requests=1, color=0x7fef4654, alpha=255 '�') at vtexft.c:294
#4  0x00a6477c in _vte_draw_text (draw=0x0, requests=0x10685b28, n_requests=12,
color=0x10685b30, alpha=6 '\006') at vtedraw.c:329
#5  0x00a54dfc in vte_terminal_draw_cells (terminal=0x100fc5a8,
items=0x105b5198, n=1, fore=<value optimized out>, back=<value optimized out>,
    draw_default_bg=<value optimized out>, bold=0, underline=0, strikethrough=0,
hilite=0, boxed=0, column_width=6, row_height=13) at vte.c:8947
#6  0x00a5daf4 in vte_terminal_expose (widget=<value optimized out>,
event=<value optimized out>) at vte.c:10109
#7  0x0e508ce4 in _gtk_marshal_BOOLEAN__BOXED (closure=0x100cf390,
return_value=0x7fef4c90, n_param_values=<value optimized out>,
    invocation_hint=<value optimized out>, marshal_data=0xa5cda0) at
#8  0x0edbbbcc in g_type_class_meta_marshal (closure=0x0,
return_value=0x10685b28, n_param_values=12, param_values=0x10685b30,
invocation_hint=0x6, marshal_data=0xc8)
    at gclosure.c:567
#9  0x0edbd7fc in IA__g_closure_invoke (closure=0x100cf390,
return_value=0x7fef4c90, n_param_values=2, param_values=0x7fef4d28,
invocation_hint=0x7fef4c7c) at gclosure.c:490
#10 0x0edd1d70 in signal_emit_unlocked_R (node=0x100cf4a8, detail=0,
instance=0x100fc5a8, emission_return=0x7fef4f28, instance_and_params=0x7fef4d28)
at gsignal.c:2478
#11 0x0edd2d04 in IA__g_signal_emit_valist (instance=0x100fc5a8,
signal_id=<value optimized out>, detail=0, var_args=0x7fef5004) at gsignal.c:2209
#12 0x0edd3148 in IA__g_signal_emit (instance=0x0, signal_id=275274536,
detail=12) at gsignal.c:2243
#13 0x0e64de60 in gtk_widget_event_internal (widget=0x100fc5a8,
event=0x7fef50d0) at gtkwidget.c:3915
#14 0x0e501fec in IA__gtk_main_do_event (event=0x7fef50d0) at gtkmain.c:1533
#15 0x0e2e3a60 in gdk_window_process_updates_internal (window=0x10094b70) at
#16 0x0e2e3d3c in IA__gdk_window_process_all_updates () at gdkwindow.c:2401
#17 0x0e2e3dfc in gdk_window_update_idle (data=0x0) at gdkwindow.c:2259
#18 0x0f9256f8 in g_idle_dispatch (source=<value optimized out>,
callback=0xb0a88, user_data=0x0) at gmain.c:3928
#19 0x0f927eb4 in IA__g_main_context_dispatch (context=0x10096f38) at gmain.c:2045
#20 0x0f92bbbc in g_main_context_iterate (context=0x10096f38, block=1,
dispatch=1, self=<value optimized out>) at gmain.c:2677
#21 0x0f92c024 in IA__g_main_loop_run (loop=0x10098868) at gmain.c:2881
#22 0x0e502344 in IA__gtk_main () at gtkmain.c:1154
#23 0x1001b3c4 in main (argc=2, argv=0x7fef5684) at terminal.c:1773
(gdb) x/i $pc
0xee7ca10 <_XftLockFile+240>:   lwz     r0,44(r9)
(gdb) p/x $r9
$21 = 0xb0a06
(gdb) list *0x0ee7ca10
0xee7ca10 is in _XftLockFile (xftfreetype.c:113).
108     _XftNumFiles (void)
109     {
110         XftFtFile   *f;
111         int         count = 0;
112         for (f = _XftFtFiles; f; f = f->next)
113             if (f->face && !f->lock)
114                 ++count;
115         return count;
116     }
(gdb) p _XftFtFiles
$6 = (XftFtFile *) 0x102315b8
(gdb) p _XftFtFiles->next
$7 = (struct _XftFtFile *) 0x1028b5d8
(gdb) p _XftFtFiles->next->next
$8 = (struct _XftFtFile *) 0x1059b258
(gdb) p _XftFtFiles->next->next->next
$9 = (struct _XftFtFile *) 0x10233328
(gdb) p _XftFtFiles->next->next->next->next
$10 = (struct _XftFtFile *) 0x10242258
(gdb) p _XftFtFiles->next->next->next->next->next
$11 = (struct _XftFtFile *) 0x1059b200
(gdb) p _XftFtFiles->next->next->next->next->next->next
$12 = (struct _XftFtFile *) 0x102332c0
(gdb) p _XftFtFiles->next->next->next->next->next->next->next
$13 = (struct _XftFtFile *) 0x102421f8
(gdb) p _XftFtFiles->next->next->next->next->next->next->next->next
$14 = (struct _XftFtFile *) 0x10242300
(gdb) p _XftFtFiles->next->next->next->next->next->next->next->next->next
$16 = (struct _XftFtFile *) 0x10257a58
(gdb) p _XftFtFiles->next->next->next->next->next->next->next->next->next->next
$17 = (struct _XftFtFile *) 0x1028b4e8
(gdb) p
$18 = (struct _XftFtFile *) 0x105b5858
(gdb) p
$19 = (struct _XftFtFile *) 0xb0a06
(gdb) p
$20 = (struct _XftFtFile *) 0xb0a06
(gdb) p
Cannot access memory at address 0xb0a06
Comment 1 David Woodhouse 2007-04-04 00:24:13 EDT
This doesn't happen with other GTK+ programs (tested gedit, xchat, evolution,
firefox) -- only gnome-terminal. 

Note that you must unset GTK_IM_MODULE for unicode input to work -- cf. bug #235147
Comment 2 Matthias Clasen 2007-04-04 09:26:00 EDT
This is the same as http://bugzilla.gnome.org/show_bug.cgi?id=418588
which is fixed upstream. We should get Chris to do a vte release in time for
Comment 3 Ray Strode [halfline] 2007-04-04 11:42:05 EDT
On the other hand, if we build the patch now, we can close the bug now, and make
the open bug list a little shorter, which sounds good to me.

Should be fixed in tomorrow's rawhide.