Bug 778188 – VTE crashes on multiple repeated BELL chars

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 778188 - VTE crashes on multiple repeated BELL chars


Summary:	VTE crashes on multiple repeated BELL chars


Status:	RESOLVED FIXED

Product:	gtk+
Classification:	Platform
Component:	Backend: Wayland
Version:	3.22.x
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	gtk-bugs
QA Contact:	gtk-bugs

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2017-02-05 01:36 UTC by Derek
Modified:	2017-07-20 02:11 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
wayland: Make beep requests go through the GdkDisplay (4.01 KB, patch) 2017-03-13 06:58 UTC, Jonas Ådahl	committed	Details \| Review
wayland: Throttle system bell requests (2.11 KB, patch) 2017-03-13 06:59 UTC, Jonas Ådahl	committed	Details \| Review

Description Derek 2017-02-05 01:36:12 UTC

Hi, I've managed to reproduce an issue where VTE crashes when printing the BELL character in a while loop. The following code crashes both gnome-terminal and terminix:

    while true; do printf '\7'; done

Comment 1 Christian Persch′ 2017-02-05 13:05:40 UTC

Got a stack trace?

Comment 2 Christian Persch 2017-02-05 18:07:08 UTC

Not reproducible here. (Although it does make vte use rather much CPU.)

Comment 3 Derek 2017-02-05 19:53:00 UTC

Yes. This is the stack trace I get:

Feb 05 17:49:42 derek-lenny systemd-coredump[16131]: Process 15248 (gnome-terminal-) of user 1000 dumped core.

Stack trace of thread 15248:
#0  0x00007f8eaba2504f raise (libc.so.6)
#1  0x00007f8eaba2647a abort (libc.so.6)
#2  0x00007f8ea7cb9fef n/a (libwayland-client.so.0)
#3  0x00007f8ea7cb6195 wl_proxy_marshal_array_constructor_versioned (libwayland-client.so.0)
#4  0x00007f8ea7cb62dc wl_proxy_marshal (libwayland-client.so.0)
#5  0x00007f8eadd66609 n/a (libvte-2.91.so.0)
#6  0x00007f8eadd558df n/a (libvte-2.91.so.0)
#7  0x00007f8eadd56b71 n/a (libvte-2.91.so.0)
#8  0x00007f8eadd56c58 n/a (libvte-2.91.so.0)
#9  0x00007f8eadd56f89 n/a (libvte-2.91.so.0)
#10 0x00007f8eac1fceb3 n/a (libglib-2.0.so.0)
#11 0x00007f8eac1fc43a g_main_context_dispatch (libglib-2.0.so.0)
#12 0x00007f8eac1fc7f0 n/a (libglib-2.0.so.0)
#13 0x00007f8eac1fc89c g_main_context_iteration (libglib-2.0.so.0)
#14 0x00007f8eac7b654d g_application_run (libgio-2.0.so.0)
#15 0x0000000000412909 n/a (gnome-terminal-server)
#16 0x00007f8eaba12291 __libc_start_main (libc.so.6)
#17 0x0000000000412a3a n/a (gnome-terminal-server)

Stack trace of thread 15258:
#0  0x00007f8eabad148d poll (libc.so.6)
#1  0x00007f8eac1fc786 n/a (libglib-2.0.so.0)
#2  0x00007f8eac1fc89c g_main_context_iteration (libglib-2.0.so.0)
#3  0x00007f8eac1fc8e1 n/a (libglib-2.0.so.0)
#4  0x00007f8eac2240d5 n/a (libglib-2.0.so.0)
#5  0x00007f8eabd97454 start_thread (libpthread.so.0)
#6  0x00007f8eabada7df __clone (libc.so.6)

Stack trace of thread 15255:
#0  0x00007f8eabad148d poll (libc.so.6)
#1  0x00007f8eac1fc786 n/a (libglib-2.0.so.0)
#2  0x00007f8eac1fc89c g_main_context_iteration (libglib-2.0.so.0)
#3  0x00007f8ea06ad4bd n/a (libdconfsettings.so)
#4  0x00007f8eac2240d5 n/a (libglib-2.0.so.0)
#5  0x00007f8eabd97454 start_thread (libpthread.so.0)
#6  0x00007f8eabada7df __clone (libc.so.6)

Stack trace of thread 15259:
#0  0x00007f8eabad148d poll (libc.so.6)
#1  0x00007f8eac1fc786 n/a (libglib-2.0.so.0)
#2  0x00007f8eac1fcb12 g_main_loop_run (libglib-2.0.so.0)
#3  0x00007f8eac7e2316 n/a (libgio-2.0.so.0)
#4  0x00007f8eac2240d5 n/a (libglib-2.0.so.0)
#5  0x00007f8eabd97454 start_thread (libpthread.so.0)
#6  0x00007f8eabada7df __clone (libc.so.6)

Stack trace of thread 15516:
#0  0x00007f8eabad5f19 syscall (libc.so.6)
#1  0x00007f8eac24203a g_cond_wait_until (libglib-2.0.so.0)
#2  0x00007f8eac1d0e89 n/a (libglib-2.0.so.0)
#3  0x00007f8eac1d14ac g_async_queue_timeout_pop (libglib-2.0.so.0)
#4  0x00007f8eac224b9d n/a (libglib-2.0.so.0)
#5  0x00007f8eac2240d5 n/a (libglib-2.0.so.0)
#6  0x00007f8eabd97454 start_thread (libpthread.so.0)
#7  0x00007f8eabada7df __clone (libc.so.6)

Comment 4 Christian Persch 2017-02-05 19:58:17 UTC

-> gtk+:wayland

Comment 5 Timm Bäder 2017-02-05 20:26:42 UTC

With debug symbols:

+ Trace 237110

#0 raise
from /usr/lib/libc.so.6
#1 abort
from /usr/lib/libc.so.6
#2 wl_abort
at /home/baedert/Source/gnome/wayland/src/wayland-util.c line 419
#3 wl_proxy_marshal_array_constructor_versioned
at /home/baedert/Source/gnome/wayland/src/wayland-client.c line 659
#4 wl_proxy_marshal_array_constructor
at /home/baedert/Source/gnome/wayland/src/wayland-client.c line 599
#5 wl_proxy_marshal
at /home/baedert/Source/gnome/wayland/src/wayland-client.c line 696
#6 gtk_shell1_system_bell
at ../../gdk/wayland/gtk-shell-client-protocol.h line 161
#7 gdk_wayland_display_beep
at /home/baedert/Source/gnome/gtk+-3/gdk/wayland/gdkdisplay-wayland.c line 671
#8 gdk_display_beep
at /home/baedert/Source/gnome/gtk+-3/gdk/gdkdisplay.c line 1653
#9 VteTerminalPrivate::beep
at vte.cc line 4529
#10 vte_sequence_handler_bell
at vteseq.cc line 1018
#11 VteTerminalPrivate::process_incoming
at vte.cc line 3588
#12 VteTerminalPrivate::time_process_incoming
at vte.cc line 10431
#13 VteTerminalPrivate::process
at vte.cc line 10455
#14 process_timeout
at vte.cc line 10497
#15 g_timeout_dispatch.lto_priv.211
#16 g_main_dispatch.lto_priv.1021
at /home/baedert/Source/gnome/glib/glib/gmain.c line 3203
#17 g_main_context_dispatch
at /home/baedert/Source/gnome/glib/glib/gmain.c line 3856
#18 g_main_context_iterate
at /home/baedert/Source/gnome/glib/glib/gmain.c line 3929
#19 g_main_context_iteration
at /home/baedert/Source/gnome/glib/glib/gmain.c line 3990
#20 g_application_run
at /home/baedert/Source/gnome/glib/gio/gapplication.c line 2381
#21 main
at /home/baedert/Source/gnome/gnome-terminal/src/server.c line 180

Comment 6 Jonas Ådahl 2017-02-16 03:17:25 UTC

The problem is the wayland socket is flooded. Either GTK+ or VTE should throttle the beep requests.

Comment 7 Jonas Ådahl 2017-03-13 06:58:54 UTC

Created attachment 347798 [details] [review]
wayland: Make beep requests go through the GdkDisplay

This way we can add things like throttling.

Comment 8 Jonas Ådahl 2017-03-13 06:59:02 UTC

Created attachment 347799 [details] [review]
wayland: Throttle system bell requests

If a bad behaving application tries to make the window/display beep too
often, throttle the beep requests so that we don't end up filling the
Wayland socket queue.

The throttle is set to 50 beeps per second, which far more beeps than
will ever make any sense from a user experience point of view, but will
avoid terminating due to an excessive amount of requests.

Comment 9 Matthias Clasen 2017-03-13 14:36:56 UTC

50 beeps per second - I like it!

Comment 10 Jonas Ådahl 2017-03-24 01:35:50 UTC

(In reply to Matthias Clasen from comment #9)
> 50 beeps per second - I like it!

It has a nice buzzing sound to it too. Does that count as a a-c-n?

Comment 11 Benjamin Berg 2017-07-19 14:57:07 UTC

I am hitting this bug every once in a while (as have other people here).

Any reason that this has not been merged yet? From my side it is looking good, except that gdk_window_beep needs the same treatment (i.e. gdk_window_impl_wayland_beep, I am trying to get VTE to use that instead).

Comment 12 Benjamin Berg 2017-07-19 15:34:29 UTC

Oh right, the first patch addresses that. So everything should be good with the patches.

Comment 13 Matthias Clasen 2017-07-19 16:16:40 UTC

Review of attachment 347798 [details] [review]:

sure

Comment 14 Matthias Clasen 2017-07-19 16:17:25 UTC

Review of attachment 347799 [details] [review]:

sure

Comment 15 Jonas Ådahl 2017-07-20 02:01:28 UTC

Attachment 347798 [details] pushed as 96295ad - wayland: Make beep requests go through the GdkDisplay
Attachment 347799 [details] pushed as f6dd1f6 - wayland: Throttle system bell requests

Comment 16 Jonas Ådahl 2017-07-20 02:11:40 UTC

Backported to gtk-3-22.