Infinite loop after a mouse click
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| pangoterm |
New
|
Undecided
|
Unassigned | ||
Bug Description
I'm using i3 (a tiling WM) and spawned a second terminal below the existing terminal in the workspace. This caused the existing terminal to have its height halved. I then clicked in the original terminal and it got stuck in an infinite loop as per the below backtrace:
(gdb) bt
#0 0xb7783fcd in fetch_line_text (pt=pt@
at pangoterm.c:378
#1 0xb77840bd in fetch_flow_text (pt=pt@
#2 0xb77841bd in store_clipboard (pt=pt@
#3 0xb778448f in widget_mousepress (widget=0xb966c180, event=0xb96df100, user_data=
at pangoterm.c:1449
#4 0xb735cbac in ?? () from /usr/lib/
#5 0xb6ee983b in g_closure_invoke () from /usr/lib/
#6 0xb6efb855 in ?? () from /usr/lib/
#7 0xb6f03a52 in g_signal_
#8 0xb6f040d5 in g_signal_emit () from /usr/lib/
#9 0xb747d8fc in ?? () from /usr/lib/
#10 0xb735af49 in gtk_propagate_event () from /usr/lib/
#11 0xb735b45d in gtk_main_do_event () from /usr/lib/
#12 0xb71cd189 in ?? () from /usr/lib/
#13 0xb6dfada4 in g_main_
#14 0xb6dfb0c9 in ?? () from /lib/i386-
#15 0xb6dfb479 in g_main_loop_run () from /lib/i386-
#16 0xb735a135 in gtk_main () from /usr/lib/
#17 0xb778092b in main (argc=1, argv=0xbfad9db4) at main.c:239
(gdb) n
365 while(pos.col < rect.end_col) {
(gdb)
367 fetch_cell(pt, pos, &cell);
(gdb)
368 if(!cell.chars[0])
(gdb)
371 for(; skipped_blank; skipped_blank--) {
(gdb)
378 ret += g_unichar_
(gdb)
377 for(int i = 0; cell.chars[i]; i++)
(gdb)
378 ret += g_unichar_
(gdb)
377 for(int i = 0; cell.chars[i]; i++)
(gdb)
378 ret += g_unichar_
(gdb) n
377 for(int i = 0; cell.chars[i]; i++)
(gdb)
382 pos.col += cell.width;
(gdb) p cell.width
$6 = 0 '\000'
(gdb) n
365 while(pos.col < rect.end_col) {
(gdb) p cell
$7 = {chars = {1, 4294967295, 3065081349, 0, 3110435156, 0}, width = 0 '\000', attrs = {bold = 0,
underline = 0, italic = 0, blink = 0, reverse = 0, strike = 0, font = 0, dwl = 0, dhl = 0}, fg = {
red = 32 ' ', green = 150 '\226', blue = 173 '\255'}, bg = {red = 191 '\277', green = 254 '\376',
blue = 205 '\315'}}
(gdb) p pos
$8 = {row = <optimized out>, col = 0}
(gdb) p str
$9 = (gchar *) 0x0
| affects: | libvterm → pangoterm |
| Paul "LeoNerd" Evans (leonerd) wrote | #1 |
| Paul "LeoNerd" Evans (leonerd) wrote | #2 |
I suspect that was attempting to fetch an invalid cell.
Some more debugging on another occurance leads to an observed (lockup) crash where it is looking at an invalid position; specifically the position column index was past the size of the terminal. This itself came from the 'rect' argument passed in to fetch_line_text().
That position came from fetch_flow_text() which itself came from store_clipboard().
The pt state itself here had the following fields of interest:
rows = 33
cols = 135
highlight = 0
highlight_start = { .row = 32, .col = 140 }
highlight_stop = { .row = 32, .col = 161 }
dragging = NO_DRAG
drag_start = { .row = 22, .col = 53 }
drag_pos = { .row = 59, .col = 76 }