Public bug reported:
When I'm using ibus-keyman with the IPA (SIL) keyboard in gnome-terminal
and type n> (or just backspace after the n), gnome-terminal crashes.
The reason is that in text_input_delete_surrounding_text()
(modules/input/imwayland.c:253) before_length doesn't get checked. If we
don't have surrounding text (as in this case) cursor_pointer is NULL and
thus (cursor_pointer - before_length) results in an invalid pointer.
The other question is why we don't have surrounding text, but that's a
different problem. In any case we shouldn't crash in
text_input_delete_surrounding_text().
I believe this is a different bug from #2036647 because of the different
callstack and that we shouldn't call g_utf8_pointer_to_offset with
invalid pointers.
ProblemType: Crash
DistroRelease: Ubuntu 23.10
Package: gnome-terminal 3.49.92-2ubuntu1
ProcVersionSignature: Ubuntu 6.5.0-15.15-generic 6.5.3
Uname: Linux 6.5.0-15-generic x86_64
ApportVersion: 2.27.0-0ubuntu5
Architecture: amd64
CasperMD5CheckMismatches: ./boot/grub/grub.cfg
CasperMD5CheckResult: fail
CurrentDesktop: ubuntu:GNOME
Date: Fri Jan 26 17:43:54 2024
ExecutablePath: /usr/libexec/gnome-terminal-server
InstallationDate: Installed on 2024-01-23 (3 days ago)
InstallationMedia: Ubuntu 23.10.1 "Mantic Minotaur" - Release amd64 (20231016.1)
JournalErrors:
Jan 26 17:43:53 hostname gnome-terminal-[4907]: g_atomic_ref_count_dec:
assertion 'old_value > 0' failed
Jan 26 17:43:53 hostname gnome-terminal-[4907]: g_atomic_ref_count_dec:
assertion 'old_value > 0' failed
Jan 26 17:44:00 hostname systemd[1623]: gnome-terminal-server.service: Main
process exited, code=dumped, status=11/SEGV
Jan 26 17:44:00 hostname systemd[1623]: gnome-terminal-server.service: Failed
with result 'core-dump'.
ProcCmdline: /usr/libexec/gnome-terminal-server
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
XDG_RUNTIME_DIR=<set>
SegvAnalysis:
Segfault happened at: 0x7f884099c180 <g_utf8_pointer_to_offset+48>: movzbl
(%rsi),%ecx
PC (0x7f884099c180) ok
source "(%rsi)" (0x00000000) not located in a known VMA region (needed
readable region)!
destination "%ecx" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: gnome-terminal
StacktraceTop:
g_utf8_pointer_to_offset () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
?? () from /usr/lib/x86_64-linux-gnu/gtk-3.0/3.0.0/immodules/im-wayland.so
?? () from /lib/x86_64-linux-gnu/libffi.so.8
?? () from /lib/x86_64-linux-gnu/libffi.so.8
ffi_call () from /lib/x86_64-linux-gnu/libffi.so.8
Title: gnome-terminal-server crashed with SIGSEGV in g_utf8_pointer_to_offset()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sudo users vboxsf
modified.conffile..etc.apport.crashdb.conf: [modified]
mtime.conffile..etc.apport.crashdb.conf: 2024-01-26T17:42:28.299334
separator:
** Affects: gnome-terminal (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-crash mantic need-amd64-retrace wayland-session
** Information type changed from Private to Public
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-terminal in Ubuntu.
https://bugs.launchpad.net/bugs/2051381
Title:
gnome-terminal-server crashed with SIGSEGV in
g_utf8_pointer_to_offset()
Status in gnome-terminal package in Ubuntu:
New
Bug description:
When I'm using ibus-keyman with the IPA (SIL) keyboard in gnome-
terminal and type n> (or just backspace after the n), gnome-terminal
crashes.
The reason is that in text_input_delete_surrounding_text()
(modules/input/imwayland.c:253) before_length doesn't get checked. If
we don't have surrounding text (as in this case) cursor_pointer is
NULL and thus (cursor_pointer - before_length) results in an invalid
pointer.
The other question is why we don't have surrounding text, but that's a
different problem. In any case we shouldn't crash in
text_input_delete_surrounding_text().
I believe this is a different bug from #2036647 because of the
different callstack and that we shouldn't call
g_utf8_pointer_to_offset with invalid pointers.
ProblemType: Crash
DistroRelease: Ubuntu 23.10
Package: gnome-terminal 3.49.92-2ubuntu1
ProcVersionSignature: Ubuntu 6.5.0-15.15-generic 6.5.3
Uname: Linux 6.5.0-15-generic x86_64
ApportVersion: 2.27.0-0ubuntu5
Architecture: amd64
CasperMD5CheckMismatches: ./boot/grub/grub.cfg
CasperMD5CheckResult: fail
CurrentDesktop: ubuntu:GNOME
Date: Fri Jan 26 17:43:54 2024
ExecutablePath: /usr/libexec/gnome-terminal-server
InstallationDate: Installed on 2024-01-23 (3 days ago)
InstallationMedia: Ubuntu 23.10.1 "Mantic Minotaur" - Release amd64
(20231016.1)
JournalErrors:
Jan 26 17:43:53 hostname gnome-terminal-[4907]: g_atomic_ref_count_dec:
assertion 'old_value > 0' failed
Jan 26 17:43:53 hostname gnome-terminal-[4907]: g_atomic_ref_count_dec:
assertion 'old_value > 0' failed
Jan 26 17:44:00 hostname systemd[1623]: gnome-terminal-server.service: Main
process exited, code=dumped, status=11/SEGV
Jan 26 17:44:00 hostname systemd[1623]: gnome-terminal-server.service:
Failed with result 'core-dump'.
ProcCmdline: /usr/libexec/gnome-terminal-server
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
XDG_RUNTIME_DIR=<set>
SegvAnalysis:
Segfault happened at: 0x7f884099c180 <g_utf8_pointer_to_offset+48>: movzbl
(%rsi),%ecx
PC (0x7f884099c180) ok
source "(%rsi)" (0x00000000) not located in a known VMA region (needed
readable region)!
destination "%ecx" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: gnome-terminal
StacktraceTop:
g_utf8_pointer_to_offset () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
?? () from /usr/lib/x86_64-linux-gnu/gtk-3.0/3.0.0/immodules/im-wayland.so
?? () from /lib/x86_64-linux-gnu/libffi.so.8
?? () from /lib/x86_64-linux-gnu/libffi.so.8
ffi_call () from /lib/x86_64-linux-gnu/libffi.so.8
Title: gnome-terminal-server crashed with SIGSEGV in
g_utf8_pointer_to_offset()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sudo users vboxsf
modified.conffile..etc.apport.crashdb.conf: [modified]
mtime.conffile..etc.apport.crashdb.conf: 2024-01-26T17:42:28.299334
separator:
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-terminal/+bug/2051381/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
