After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 546940 - Crash when selecting text
Crash when selecting text
Status: RESOLVED FIXED
Product: vte
Classification: Core
Component: general
0.17.x
Other Linux
: Normal critical
: ---
Assigned To: VTE Maintainers
VTE Maintainers
Depends on:
Blocks:
 
 
Reported: 2008-08-08 14:07 UTC by Pascal Terjan
Modified: 2008-08-13 22:28 UTC
See Also:
GNOME target: ---
GNOME version: 2.23/2.24


Description Pascal Terjan 2008-08-08 14:07:59 UTC 
Bug reported on Mandriva at https://qa.mandriva.com/show_bug.cgi?id=42607

Program received signal SIGSEGV, Segmentation fault.
vte_terminal_extend_selection (terminal=<value optimized out>, x=<value optimized out>, y=<value optimized out>, 
    always_grow=<value optimized out>, force=<value optimized out>) at vte.c:6178
6178                                    if (cell->attr.fragment || cell->c != 0)
Missing debug package(s), you should install: GConf2-debug ORBit2-debug alsa-plugins-debug at-spi-debug audiofile-debug avahi-debug dbus-debug dbus-glib-debug esound-debug freetype2-debug gamin-debug gnome-keyring-debug gnome-panel-debug gnome-vfs2-debug gvfs-debug ia_ora-gnome-debug libalsa2-debug libart_lgpl-debug libbonobo-debug libbonoboui-debug libcanberra-debug libcroco0.6-debug libgail-gnome-debug libgnome2-debug libgnomecanvas-debug libgnomeui2-debug libgsf-debug libice-debug libogg-debug librsvg-debug libsm-debug libtool-debug libvorbis-debug libx11-debug libxau-debug libxcb-debug libxcursor-debug libxdmcp-debug libxinerama-debug libxml2-debug libxrandr-debug libxrender-debug openssl-debug pcre-debug pixman-debug pulseaudio-debug startup-notification-debug zlib-debug
(gdb) bt

+ Trace 204853

  • #0 vte_terminal_extend_selection
    at vte.c line 6178
  • #1 vte_terminal_motion_notify
    at vte.c line 6632
  • #2 _gtk_marshal_BOOLEAN__BOXED
    at gtkmarshalers.c line 84
  • #3 IA__g_closure_invoke
    at gclosure.c line 767
  • #4 signal_emit_unlocked_R
    at gsignal.c line 3282
  • #5 IA__g_signal_emit_valist
    at gsignal.c line 2987
  • #6 IA__g_signal_emit
    at gsignal.c line 3034
  • #7 gtk_widget_event_internal
    at gtkwidget.c line 4745
  • #8 IA__gtk_propagate_event
    at gtkmain.c line 2363
  • #9 IA__gtk_main_do_event
    at gtkmain.c line 1568
  • #10 gdk_event_dispatch
    at gdkevents-x11.c line 2365
  • #11 IA__g_main_context_dispatch
    at gmain.c line 2072
  • #12 g_main_context_iterate
    at gmain.c line 2705
  • #13 IA__g_main_loop_run
    at gmain.c line 2928
  • #14 IA__gtk_main
    at gtkmain.c line 1172
  • #15 main
    at terminal.c line 1270 
6173                    if (rowdata != NULL) {
6174                            /* Find the last non-empty character on the last line. */
6175                            for (i = rowdata->cells->len - 1; i >= 0; i--) {
6176                                    cell = &g_array_index(rowdata->cells,
6177                                                    struct vte_charcell, i);
6178                                    if (cell->attr.fragment || cell->c != 0)
6179                                            break;
6180                            }
6181                            /* If the end point is to its right, then extend the
6182                             * endpoint as far right as we can expect. */
Comment 1 Eric Piel 2008-08-10 10:30:57 UTC 
Hi, I'm hit by the same bug (and I'm also using mandriva cooker). It turns out to be very easy to reproduce: select a line which is empty. For instance, type
# echo

Then select the empty line (either part of it or all of it, it doesn't matter).
Comment 2 Eric Piel 2008-08-10 10:40:52 UTC 
Looking at the log, it seems it's a regression introduced by Behdad Esfahbod in revision 2079 (to fix bug 546366).

BTW, last_nonempty is now unsused.
Comment 3 Thierry Vignaud 2008-08-12 12:38:21 UTC 
As the original reporter (in MDV bug), I think it's more difficult
to reproduce than you think.

In order to reproduce it, I usually had to flow out quite
a big amount of text (like "find /" output) and then try
to select some lines.

For information, I was using gnome-terminal-2.23.6.

Original GDB backtrace is available unmangled at https://qa.mandriva.com/attachment.cgi?id=10460
Comment 4 Pedro Villavicencio 2008-08-12 12:54:12 UTC 
There's an Ubuntu bug about it too here: https://bugs.edge.launchpad.net/ubuntu/+source/vte/+bug/256769
Comment 5 Matthias Clasen 2008-08-13 20:51:39 UTC 
Fedora bug on the same:
https://bugzilla.redhat.com/show_bug.cgi?id=458544
Comment 6 Behdad Esfahbod 2008-08-13 22:21:59 UTC 
Thanks all.  This was a very tricky 64bit-only crash.  I've committed a fix now.

2008-08-13  Behdad Esfahbod  <behdad@gnome.org>

        Bug 546940 – Crash when selecting text

        * src/vte.c (vte_terminal_extend_selection): Fix crash with 64-bit
        systems.  Note to self:

                unsigned int len = 0;
                long i = len - 1;
                assert (i < 0);

        fails on 64-bit systems.


Will make a release soon, after auditing the code for similar issues.
Comment 7 Behdad Esfahbod 2008-08-13 22:27:47 UTC 
Here's the patch for the lazy: http://pastebin.ca/raw/1170460