Description of problem: gnome-terminal segfaults when entering unicode codes directly from the keyboard How reproducible: 100% Steps to Reproduce: 1. Start gnome-terminal 2. Hit Ctrl-Shift-u-2-6-6-5 Actual results: SEGV Expected results: ♥ Additional info: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 805515824 (LWP 29448)] _XftLockFile (f=0x10217cf8) at xftfreetype.c:113 113 if (f->face && !f->lock) (gdb) bt #0 _XftLockFile (f=0x10217cf8) at xftfreetype.c:113 #1 0x0ee7d5e8 in XftLockFace (public=0x31f55008) at xftfreetype.c:355 #2 0x00a72f74 in _vte_xft_open_font_for_char (font=0x100d2980, c=0, locked_fonts=0x1020c6d0) at vtexft.c:232 #3 0x00a74a24 in _vte_xft_draw_text (draw=0x100f9140, requests=0x105b5198, n_requests=1, color=0x7fef4654, alpha=255 '�') at vtexft.c:294 #4 0x00a6477c in _vte_draw_text (draw=0x0, requests=0x10685b28, n_requests=12, color=0x10685b30, alpha=6 '\006') at vtedraw.c:329 #5 0x00a54dfc in vte_terminal_draw_cells (terminal=0x100fc5a8, items=0x105b5198, n=1, fore=<value optimized out>, back=<value optimized out>, clear=275273784, draw_default_bg=<value optimized out>, bold=0, underline=0, strikethrough=0, hilite=0, boxed=0, column_width=6, row_height=13) at vte.c:8947 #6 0x00a5daf4 in vte_terminal_expose (widget=<value optimized out>, event=<value optimized out>) at vte.c:10109 #7 0x0e508ce4 in _gtk_marshal_BOOLEAN__BOXED (closure=0x100cf390, return_value=0x7fef4c90, n_param_values=<value optimized out>, param_values=0x7fef4d28, invocation_hint=<value optimized out>, marshal_data=0xa5cda0) at gtkmarshalers.c:84 #8 0x0edbbbcc in g_type_class_meta_marshal (closure=0x0, return_value=0x10685b28, n_param_values=12, param_values=0x10685b30, invocation_hint=0x6, marshal_data=0xc8) at gclosure.c:567 #9 0x0edbd7fc in IA__g_closure_invoke (closure=0x100cf390, return_value=0x7fef4c90, n_param_values=2, param_values=0x7fef4d28, invocation_hint=0x7fef4c7c) at gclosure.c:490 #10 0x0edd1d70 in signal_emit_unlocked_R (node=0x100cf4a8, detail=0, instance=0x100fc5a8, emission_return=0x7fef4f28, instance_and_params=0x7fef4d28) at gsignal.c:2478 #11 0x0edd2d04 in IA__g_signal_emit_valist (instance=0x100fc5a8, signal_id=<value optimized out>, detail=0, var_args=0x7fef5004) at gsignal.c:2209 #12 0x0edd3148 in IA__g_signal_emit (instance=0x0, signal_id=275274536, detail=12) at gsignal.c:2243 #13 0x0e64de60 in gtk_widget_event_internal (widget=0x100fc5a8, event=0x7fef50d0) at gtkwidget.c:3915 #14 0x0e501fec in IA__gtk_main_do_event (event=0x7fef50d0) at gtkmain.c:1533 #15 0x0e2e3a60 in gdk_window_process_updates_internal (window=0x10094b70) at gdkwindow.c:2338 #16 0x0e2e3d3c in IA__gdk_window_process_all_updates () at gdkwindow.c:2401 #17 0x0e2e3dfc in gdk_window_update_idle (data=0x0) at gdkwindow.c:2259 #18 0x0f9256f8 in g_idle_dispatch (source=<value optimized out>, callback=0xb0a88, user_data=0x0) at gmain.c:3928 #19 0x0f927eb4 in IA__g_main_context_dispatch (context=0x10096f38) at gmain.c:2045 #20 0x0f92bbbc in g_main_context_iterate (context=0x10096f38, block=1, dispatch=1, self=<value optimized out>) at gmain.c:2677 #21 0x0f92c024 in IA__g_main_loop_run (loop=0x10098868) at gmain.c:2881 #22 0x0e502344 in IA__gtk_main () at gtkmain.c:1154 #23 0x1001b3c4 in main (argc=2, argv=0x7fef5684) at terminal.c:1773 (gdb) x/i $pc 0xee7ca10 <_XftLockFile+240>: lwz r0,44(r9) (gdb) p/x $r9 $21 = 0xb0a06 (gdb) list *0x0ee7ca10 0xee7ca10 is in _XftLockFile (xftfreetype.c:113). 108 _XftNumFiles (void) 109 { 110 XftFtFile *f; 111 int count = 0; 112 for (f = _XftFtFiles; f; f = f->next) 113 if (f->face && !f->lock) 114 ++count; 115 return count; 116 } 117 (gdb) p _XftFtFiles $6 = (XftFtFile *) 0x102315b8 (gdb) p _XftFtFiles->next $7 = (struct _XftFtFile *) 0x1028b5d8 (gdb) p _XftFtFiles->next->next $8 = (struct _XftFtFile *) 0x1059b258 (gdb) p _XftFtFiles->next->next->next $9 = (struct _XftFtFile *) 0x10233328 (gdb) p _XftFtFiles->next->next->next->next $10 = (struct _XftFtFile *) 0x10242258 (gdb) p _XftFtFiles->next->next->next->next->next $11 = (struct _XftFtFile *) 0x1059b200 (gdb) p _XftFtFiles->next->next->next->next->next->next $12 = (struct _XftFtFile *) 0x102332c0 (gdb) p _XftFtFiles->next->next->next->next->next->next->next $13 = (struct _XftFtFile *) 0x102421f8 (gdb) p _XftFtFiles->next->next->next->next->next->next->next->next $14 = (struct _XftFtFile *) 0x10242300 (gdb) p _XftFtFiles->next->next->next->next->next->next->next->next->next $16 = (struct _XftFtFile *) 0x10257a58 (gdb) p _XftFtFiles->next->next->next->next->next->next->next->next->next->next $17 = (struct _XftFtFile *) 0x1028b4e8 (gdb) p _XftFtFiles->next->next->next->next->next->next->next->next->next->next->next $18 = (struct _XftFtFile *) 0x105b5858 (gdb) p _XftFtFiles->next->next->next->next->next->next->next->next->next->next->next->next $19 = (struct _XftFtFile *) 0xb0a06 (gdb) p _XftFtFiles->next->next->next->next->next->next->next->next->next->next->next->next $20 = (struct _XftFtFile *) 0xb0a06 (gdb) p _XftFtFiles->next->next->next->next->next->next->next->next->next->next->next->next->next Cannot access memory at address 0xb0a06
This doesn't happen with other GTK+ programs (tested gedit, xchat, evolution, firefox) -- only gnome-terminal. Note that you must unset GTK_IM_MODULE for unicode input to work -- cf. bug #235147
This is the same as http://bugzilla.gnome.org/show_bug.cgi?id=418588 which is fixed upstream. We should get Chris to do a vte release in time for test4...
On the other hand, if we build the patch now, we can close the bug now, and make the open bug list a little shorter, which sounds good to me. Should be fixed in tomorrow's rawhide.