GNOME Bugzilla – Bug 449433
scim-chewing will crash GNOME terminal.
Last modified: 2007-06-25 10:13:13 UTC
The bug has been opened on https://bugs.launchpad.net/ubuntu/+source/vte/+bug/121161 "... scim-chewing will crash GNOME terminal when I input chinese with scim-chewing. ... libvte9 1:0.16.1-0ubuntu1 ... I have noticed the same problem with scim-anthy (for Japanese input), as well. This used to work, but when I don't remember. I don't see any recent package updates to either gnome-terminal, libvte-common or scim. I don't seem to be able to reliably reproduce it, however, it appears at this time that the Japanese comma can tend to invoke the problem. Backspacing and retyping may also help, perhaps. At some random points, the currently-input text becomes an opaque white box (none of the text visible), and then later is visible again (after more typing). This is true of xfce4-terminal as well, which also crashes. When running xfce4-terminal within gnome-terminal, I managed to get a "*** glibc detected *** xfce4-terminal: munmap_chunk(): invalid pointer: 0x08439c40 ***", followed by a "backtrace" that was not very informative (possibly because I don't have the debug symbols). After installing the debug symbols (for it and libvte), I was unable to reproduce that same crash. I also got "*** glibc detected *** xfce4-terminal: corrupted double-linked list: 0x0823aa20 ***" without a backtrace. I also get random messages like (xfce4-terminal:18241): Vte-WARNING **: Can not find appropiate font for character U+823a2c0." or "...for character U+0019" (the former could never be a valid Unicode character, the latter is Ctrl+Y). I'm reassigning to vte, since the same problem is in xfce4-terminal. ... http://launchpadlibrarian.net/8139419/valgrind.log.19308 valgrind.log.19308 (545.2 KiB, text/plain) ... ==19308== Invalid read of size 4 ==19308== at 0x4112427: _vte_xft_draw_text (vtexft.c:795) ==19308== by 0x41040ED: _vte_draw_text (vtedraw.c:329) ==19308== by 0x40F3EB3: vte_terminal_draw_cells (vte.c:8951) ==19308== by 0x40FD075: vte_terminal_expose (vte.c:10097) ==19308== by 0x42CE6AF: _gtk_marshal_BOOLEAN__BOXED (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x4693E48: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x469562A: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A6752: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A73EE: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A77E8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x43E2E17: (within /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x42C8DE3: gtk_main_do_event (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x451264E: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512886: gdk_window_process_all_updates (in /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512904: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x46F2090: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F3DF1: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F6DCE: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F7178: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x42C9043: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x80533DC: main (main.c:277) ==19308== Address 0x75AC2CC is 0 bytes after a block of size 36 alloc'd ==19308== at 0x4020620: malloc (vg_replace_malloc.c:149) ==19308== by 0x46FB2C5: g_malloc (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x40FCD6B: vte_terminal_expose (vte.c:10065) ==19308== by 0x42CE6AF: _gtk_marshal_BOOLEAN__BOXED (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x4693E48: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x469562A: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A6752: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A73EE: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A77E8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x43E2E17: (within /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x42C8DE3: gtk_main_do_event (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x451264E: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512886: gdk_window_process_all_updates (in /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512904: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x46F2090: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F3DF1: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F6DCE: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F7178: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x42C9043: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x80533DC: main (main.c:277) ... ==19308== Invalid read of size 2 ==19308== at 0x40F3DDE: vte_terminal_draw_cells (vte.c:8938) ==19308== by 0x40FD075: vte_terminal_expose (vte.c:10097) ==19308== by 0x42CE6AF: _gtk_marshal_BOOLEAN__BOXED (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x4693E48: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x469562A: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A6752: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A73EE: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A77E8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x43E2E17: (within /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x42C8DE3: gtk_main_do_event (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x451264E: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512886: gdk_window_process_all_updates (in /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512904: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x46F2090: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F3DF1: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F6DCE: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F7178: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x42C9043: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x80533DC: main (main.c:277) ==19308== Address 0x75AC2D4 is 8 bytes after a block of size 36 alloc'd ==19308== at 0x4020620: malloc (vg_replace_malloc.c:149) ==19308== by 0x46FB2C5: g_malloc (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x40FCD6B: vte_terminal_expose (vte.c:10065) ==19308== by 0x42CE6AF: _gtk_marshal_BOOLEAN__BOXED (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x4693E48: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x469562A: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A6752: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A73EE: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A77E8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x43E2E17: (within /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x42C8DE3: gtk_main_do_event (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x451264E: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512886: gdk_window_process_all_updates (in /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512904: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x46F2090: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F3DF1: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F6DCE: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F7178: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x42C9043: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x80533DC: main (main.c:277) ... Here is valgrind output (xfce4-terminal did not crash for this run, but valgrind seems to have found plenty to complain about). The test was to type the text, "echo 今日は、田中さん" ("Hello, Mr Tanaka"), twice, then exit via Ctrl+D. ... BTW, I checked to see if the "U+823a2c0" could have been some strange combination of actual Unicode characters involved in the text I typed; this does not appear to be the case. ..."
Sebastien, the trace above is slightly outdated, but is reminiscent of bug 433776. Can you ask the reporter to confirm the bug in a recent package (0.16.4 or later)?
I've asked the submitter, marking the bug NEEDINFO
distribution comment: "Running under QEMU, I confirmed the bug in Feisty, and then after upgrading to Gutsy, confirmed that it appears to be working correctly."