When I'm using ibus-keyman with the IPA (SIL) keyboard in gnome-terminal and type n> (or just backspace after the n), gnome-terminal crashes.
The reason is that in text_input_delete_surrounding_text() (modules/input/imwayland.c:253) before_length doesn't get checked. If we don't have surrounding text (as in this case) cursor_pointer is NULL and thus (cursor_pointer - before_length) results in an invalid pointer.
The other question is why we don't have surrounding text, but that's a different problem. In any case we shouldn't crash in text_input_delete_surrounding_text().
I believe this is a different bug from #2036647 because of the different callstack and that we shouldn't call g_utf8_pointer_to_offset with invalid pointers.
ProblemType: Crash
DistroRelease: Ubuntu 23.10
Package: gnome-terminal 3.49.92-2ubuntu1
ProcVersionSignature: Ubuntu 6.5.0-15.15-generic 6.5.3
Uname: Linux 6.5.0-15-generic x86_64
ApportVersion: 2.27.0-0ubuntu5
Architecture: amd64
CasperMD5CheckMismatches: ./boot/grub/grub.cfg
CasperMD5CheckResult: fail
CurrentDesktop: ubuntu:GNOME
Date: Fri Jan 26 17:43:54 2024
ExecutablePath: /usr/libexec/gnome-terminal-server
InstallationDate: Installed on 2024-01-23 (3 days ago)
InstallationMedia: Ubuntu 23.10.1 "Mantic Minotaur" - Release amd64 (20231016.1)
JournalErrors:
Jan 26 17:43:53 hostname gnome-terminal-[4907]: g_atomic_ref_count_dec: assertion 'old_value > 0' failed
Jan 26 17:43:53 hostname gnome-terminal-[4907]: g_atomic_ref_count_dec: assertion 'old_value > 0' failed
Jan 26 17:44:00 hostname systemd[1623]: gnome-terminal-server.service: Main process exited, code=dumped, status=11/SEGV
Jan 26 17:44:00 hostname systemd[1623]: gnome-terminal-server.service: Failed with result 'core-dump'.
ProcCmdline: /usr/libexec/gnome-terminal-server
ProcEnviron:
LANG=en_US.UTF-8
PATH=(custom, no user)
SHELL=/bin/bash
XDG_RUNTIME_DIR=<set>
SegvAnalysis:
Segfault happened at: 0x7f884099c180 <g_utf8_pointer_to_offset+48>: movzbl (%rsi),%ecx
PC (0x7f884099c180) ok
source "(%rsi)" (0x00000000) not located in a known VMA region (needed readable region)!
destination "%ecx" ok
SegvReason: reading NULL VMA
Signal: 11
SourcePackage: gnome-terminal
StacktraceTop:
g_utf8_pointer_to_offset () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
?? () from /usr/lib/x86_64-linux-gnu/gtk-3.0/3.0.0/immodules/im-wayland.so
?? () from /lib/x86_64-linux-gnu/libffi.so.8
?? () from /lib/x86_64-linux-gnu/libffi.so.8
ffi_call () from /lib/x86_64-linux-gnu/libffi.so.8
Title: gnome-terminal-server crashed with SIGSEGV in g_utf8_pointer_to_offset()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin plugdev sudo users vboxsf
modified.conffile..etc.apport.crashdb.conf: [modified]
mtime.conffile..etc.apport.crashdb.conf: 2024-01-26T17:42:28.299334
separator:
Correct me please if I'm wrong, but it looks to me that you have studied the relevant source code and even located the problem in one of the ibus related package.
So I'm wondering, shouldn't you have filed this bug against that component, rather than gnome-terminal?
Is there anything gnome-terminal's developers could and should do to fix this crash? As far as I understand you, it doesn't look the case to me.
Could you please re-assign this bug to the software package where the bug actually is and whose developers thus have a chance of fixing it?