Description of problem: When running Qt application (kedit) in the indic locale using httx, after a series of input, the application crash. [snip] receiving IMEnd with 1 chars sending IMStart with 0 chars to 0x8d90a80 sending IMEnd with 1 chars to 0x8d90a80, text=ॠreceiving IMEnd with 1 chars sending IMStart with 0 chars to 0x8d90a80 sending IMEnd with 1 chars to 0x8d90a80, text=ॠreceiving IMEnd with 1 chars *** glibc detected *** double free or corruption: 0x08e25110 *** Alarm clock Version-Release number of selected component (if applicable): im-sdk-12.1-7 qt-3.3.3-8 How reproducible: ALways Steps to Reproduce: 1.in the g-t, killall httx 2.in the g-t, LANG=hi_IN.UTF-8 httx 3.in another g-t, LANG=hi_IN.UTF-8 kedit 4.ctrl-space to activate LE 5.enter a series of input very rapidly Actual results: Application crash Expected results: Application should not crash Additional info:
Look like it is about the indic shaper in Qt. I can reproduce it with cut paste indic character. Moving to qt component. Here is the backtrace: #0 0x00b0b7bc in free () from /usr/lib/libkdecore.so.4 #1 0x05ea9227 in QTextEngine::reallocate (this=0xfee17e70, totalGlyphs=32) at kernel/qtextengine.cpp:913 #2 0x05d96e1d in QOpenType::appendTo (this=0x8f56450, engine=0xfee17e70, si=0x8f99f30, doLogClusters=false) at qtextengine_p.h:351 #3 0x05ea47c2 in indic_shape (script=14, string=@0xfee17e74, from=0, len=10, engine=0xfee17e70, si=0x8f99f30) at qscriptengine_x11.cpp:1652 #4 0x05ea9007 in QTextEngine::shape (this=0xfee17e70, item=14) at qtextengine_unix.cpp:90 #5 0x05eaa86b in QTextEngine::width (this=0xfee17e70, from=3, len=1) at kernel/qtextengine.cpp:1011 #6 0x05d70a6c in QFontMetrics::charWidth (this=0x8f53d00, str=@0xcc000880, pos=3) at kernel/qfont_x11.cpp:711 #7 0x05e61ae2 in QTextFormat::width (this=0x8f53cf0, str=@0xfee17f70, pos=3) at kernel/qrichtext.cpp:3611 #8 0x05e62336 in QTextString::width (this=0x8f53e40, idx=3) at qrichtext_p.h:2095 #9 0x05e82a09 in QTextFormatterBreakWords::format (this=0x8f54a60, doc=0x8f534b8, parag=0x8f545c8, start=-1) at kernel/qrichtext.cpp:5751 #10 0x05e78841 in QTextParagraph::format (this=0x8f545c8, start=-1, doMove=true) at qrichtext_p.h:1189 #11 0x05e7e285 in QTextCursor::insert (this=0x8f54b48, str=@0xcc000880, checkNewLine=24, formatting=0x0) at kernel/qrichtext.cpp:588 ---Type <return> to continue, or q <return> to quit--- #12 0x05f7d648 in QTextEdit::insert (this=0x8f51ce8, text=@0xcc000880, insertionFlags=3422554240) at widgets/qtextedit.cpp:3089 #13 0x05f7dd7f in QTextEdit::insert (this=0xcc000880, text=@0xcc000880, removeSelected=128) at widgets/qtextedit.cpp:3030 #14 0x05f7aa0f in QTextEdit::pasteSubType (this=0x8f51ce8, subtype=@0xfee18540, m=0x8f45f68) at widgets/qtextedit.cpp:5142 #15 0x05f7af43 in QTextEdit::pasteSubType (this=0x8f51ce8, subtype=@0xcc000880) at widgets/qtextedit.cpp:5031 #16 0x05f764cf in QTextEdit::paste (this=0x8f51ce8) at widgets/qtextedit.cpp:3360 #17 0x0641fe86 in KEdit::keyPressEvent () from /usr/lib/libkdeui.so.4 #18 0x05e532cf in QWidget::event (this=0x8f51ce8, e=0xfee18bb0) at kernel/qwidget.cpp:4742 #19 0x05f6ce7d in QTextEdit::event (this=0x8f51ce8, e=0xfee18bb0) at widgets/qtextedit.cpp:1219 #20 0x05dbe849 in QApplication::internalNotify (this=0xcc000880, receiver=0x8f51ce8, e=0xfee18bb0) at kernel/qapplication.cpp:2635 #21 0x05dbee5c in QApplication::notify (this=0xfee190b0, receiver=0x8f51ce8, e=0xfee18bb0) at kernel/qapplication.cpp:2392 #22 0x009eb4e8 in KApplication::notify () from /usr/lib/libkdecore.so.4 #23 0x05d54ce2 in QETWidget::translateKeyEvent (this=0x8f51ce8, event=0x56, grab=6) at qapplication.h:518 #24 0x05d5c2c2 in QApplication::x11ProcessEvent (this=0xfee190b0, ---Type <return> to continue, or q <return> to quit--- event=0xfee18f50) at kernel/qapplication_x11.cpp:3480 #25 0x05d6e686 in QEventLoop::processEvents (this=0x8ec6510, flags=4) at kernel/qeventloop_x11.cpp:192 #26 0x05dd3e75 in QEventLoop::enterLoop (this=0x8ec6510) at kernel/qeventloop.cpp:198 #27 0x05dd3dce in QEventLoop::exec (this=0x8ec6510) at kernel/qeventloop.cpp:145 #28 0x05dbda4b in QApplication::exec (this=0xfee190b0) at kernel/qapplication.cpp:2758 #29 0x0076462c in kdemain () from /usr/lib/libkdeinit_kedit.so #30 0x080485f2 in ?? () #31 0x00000001 in ?? () #32 0xfee19284 in ?? () #33 0x080496d8 in ?? () #34 0x00513ff4 in ?? () from /lib/tls/libc.so.6 #35 0x00000000 in ?? ()
valgrind --tool=memcheck: ==11857== Use of uninitialised value of size 4 ==11857== at 0xB0B7BC: free (in /usr/lib/libkdecore.so.4.2.0) ==11857== by 0x5EA9226: QTextEngine::reallocate(int) (in /usr/lib/qt-3.3/lib/libqt-mt.so.3.3.3) ==11857== by 0x5D96E1C: QOpenType::appendTo(QTextEngine*, QScriptItem*, bool) (in /usr/lib/qt-3.3/lib/libqt-mt.so.3.3.3) ==11857== by 0x5EA47C1: (within /usr/lib/qt-3.3/lib/libqt-mt.so.3.3.3) ==11857== ==11857== Invalid read of size 4 ==11857== at 0xB0B7BC: free (in /usr/lib/libkdecore.so.4.2.0) ==11857== by 0x5EA9226: QTextEngine::reallocate(int) (in /usr/lib/qt-3.3/lib/libqt-mt.so.3.3.3) ==11857== by 0x5D96E1C: QOpenType::appendTo(QTextEngine*, QScriptItem*, bool) (in /usr/lib/qt-3.3/lib/libqt-mt.so.3.3.3) ==11857== by 0x5EA47C1: (within /usr/lib/qt-3.3/lib/libqt-mt.so.3.3.3) ==11857== Address 0x3B8D1364 is not stack'd, malloc'd or (recently) free'd ==11857== ==11857== ERROR SUMMARY: 126 errors from 3 contexts (suppressed: 70 from 1) ==11857== malloc/free: in use at exit: 456810 bytes in 16346 blocks. ==11857== malloc/free: 132688 allocs, 116342 frees, 3014744 bytes allocated. ==11857== For a detailed leak analysis, rerun with: --leak-check=yes ==11857== For counts of detected errors, rerun with: -v
it's strange, i still cannot reproduce it with your instructions on machine with FC3+updates! could you please give exactly instructions to reproduce this problem. thanks
Here is the exact steps to reproduce: - install ttfonts-hi - run LANG=hi_IN.UTF-8 kedit - copy "à¥" by ctrl-c here - keep and hold ctrl-v in kedit
It seems to be fixed in qt-3.3.4-4. i cannot reproduce this crash with this version.