search

CTSRD-CHERI / cheribsd-ports

FreeBSD ports tree adapted for CheriBSD.
https://CheriBSD.org
Other
5 stars 11 forks source link

x11/konsole: crash when resizing #160

Open kwitaszczyk opened 1 month ago

kwitaszczyk commented 1 month ago

Konsole crashes in icu when resizing to large dimensions. I've found this bug when using Xvnc and 4K resolution. On real hardware, I had to resize the window to dimensions larger than my screen dimensions (2048x1152 despite of a 4K screen).

My environment:

FreeBSD cheribsd 15.0-CURRENT FreeBSD 15.0-CURRENT #0 dev-n268215-087f488f0032: Thu May 30 17:57:44 BST 2024     root@cheribsd:/usr/obj/usr/src/arm64.aarch64c/sys/GENERIC-MORELLO-PURECAP arm64

The crash happens regardless of security.cheri.lib_based_c18n_default being set or not.

Steps to reproduce on hardware:

  1. Move a window to the top left corner
  2. Using the bottom right corner, not the maximise button, resize the window to the maximum size
  3. If Konsole hasn't crashed yet, move the window to the left, outside screen boundaries, leaving right border visible and use the right border line to resize it to the right as much as possible. This step is not needed when using Xvnc in the full screen mode with a 4K screen

Crash:

kw543@cheribsd:~ $ gdb-cheri-c18n  -nx konsole konsole.core
(...)
Core was generated by `/usr/local/bin/konsole'.
Program terminated with signal SIGPROT, CHERI protection violation.
Capability bounds fault.
#0  0x0000000040edf1e4 in countSpaces (dest=0x61040e00 [rwRW,0x61040e00-0x61041062] u' ' <repeats 200 times>..., size=305, spacesCountl=0x69989ca8 [rwRW,0x69989ca8-0x69989cac], spacesCountr=0x69989ca4 [rwRW,0x69989ca4-0x69989ca8]) at ushape.cpp:466

warning: 466    ushape.cpp: No such file or directory
[Current thread is 1 (LWP 100613)]
(gdb) directory /home/kw543/cheribsd-ports/devel/icu/work/icu/source/common
Source directories searched: /home/kw543/cheribsd-ports/devel/icu/work/icu/source/common:$cdir:$cwd
(gdb) bt
#0  0x0000000040ecc1e4 in countSpaces (dest=0x4dc1dc00 [rwRW,0x4dc1dc00-0x4dc1de5e] u' ' <repeats 200 times>..., size=303, spacesCountl=0xfffffff752d8 [rwRW,0xfffffff752d8-0xfffffff752dc], spacesCountr=0xfffffff752d4 [rwRW,0xfffffff752d4-0xfffffff752d8]) at ushape.cpp:466
#1  0x0000000040ecb7a8 in u_shapeArabic (source=0x4d8f7820 [rwRW,0x4d8f7820-0x4d8f7c00] u' ' <repeats 200 times>..., sourceLength=303, dest=0xfffffff767cc [rwRW,0xfffffff767cc-0xfffffff76fcc] u"kw543@cheribsd:~ $", ' ' <repeats 96 times>, "毛\xfff7\xffff", destCapacity=1024, options=9, pErrorCode=0xfffffff76fcc [rwRW,0xfffffff76fcc-0xfffffff76fd0]) at ushape.cpp:1584
#2  0x000000004050eac0 in Konsole::TerminalDisplay::bidiMap (this=0x4dd79000 [rwRW,0x4dd79000-0x4dd795c0], screenline=0x48ec82f0 [rwRW,0x48ec7000-0x48f11980], line=..., log2line=0xfffffff7a9c0 [rwRW,0xfffffff7a9c0-0xfffffff7b9c0], line2log=0xfffffff799c0 [rwRW,0xfffffff799c0-0xfffffff7a9c0], shapemap=0xfffffff791c0 [rwRW,0xfffffff791c0-0xfffffff799c0], vis2line=0xfffffff781c0 [rwRW,0xfffffff781c0-0xfffffff791c0], 
    shaped=@0xfffffff781bc: false, shape=true, bidi=true) at /wrkdirs/usr/ports/x11/konsole/work/konsole-23.04.3/src/terminalDisplay/TerminalDisplay.cpp:3248
#3  0x0000000040528fd0 in Konsole::TerminalPainter::drawContents (this=0x4daca490 [rwRW,0x4daca490-0x4daca4c0], image=0x48ec7000 [rwRW,0x48ec7000-0x48f11980], paint=..., rect=..., printerFriendly=false, imageSize=19089, bidiEnabled=true, lineProperties=..., ulColorTable=0x506b1f5a [rwRW,0x506b1e80-0x506b20d0]) at /wrkdirs/usr/ports/x11/konsole/work/konsole-23.04.3/src/terminalDisplay/TerminalPainter.cpp:279
#4  0x000000004050826c in Konsole::TerminalDisplay::paintEvent (this=0x4dd79000 [rwRW,0x4dd79000-0x4dd795c0], pe=0xfffffff7c880 [rwRW,0xfffffff7c880-0xfffffff7c8e0]) at /wrkdirs/usr/ports/x11/konsole/work/konsole-23.04.3/src/terminalDisplay/TerminalDisplay.cpp:721
#5  0x00000000432c1778 in QWidget::event (this=0x4dd79000 [rwRW,0x4dd79000-0x4dd795c0], event=0xfffffff7c880 [rwRW,0xfffffff7c880-0xfffffff7c8e0]) at kernel/qwidget.cpp:8644
#6  0x00000000405145f0 in Konsole::TerminalDisplay::event (this=0x4dd79000 [rwRW,0x4dd79000-0x4dd795c0], event=0xfffffff7c880 [rwRW,0xfffffff7c880-0xfffffff7c8e0]) at /wrkdirs/usr/ports/x11/konsole/work/konsole-23.04.3/src/terminalDisplay/TerminalDisplay.cpp:2925
#7  0x0000000043284e98 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x4dd79000 [rwRW,0x4dd79000-0x4dd795c0], e=0xfffffff7c880 [rwRW,0xfffffff7c880-0xfffffff7c8e0]) at kernel/qapplication.cpp:3640
#8  0x00000000432863e4 in QApplication::notify (this=0x4802b740 [rwRW,0x4802b740-0x4802b760], receiver=0x4dd79000 [rwRW,0x4dd79000-0x4dd795c0], e=0xfffffff7c880 [rwRW,0xfffffff7c880-0xfffffff7c8e0]) at kernel/qapplication.cpp:2979
#9  0x000000004461f0dc in QCoreApplication::notifyInternal2 (receiver=0x4dd79000 [rwRW,0x4dd79000-0x4dd795c0], event=0xfffffff7c880 [rwRW,0xfffffff7c880-0xfffffff7c8e0]) at kernel/qcoreapplication.cpp:1096
#10 0x000000004461fc44 in QCoreApplication::sendSpontaneousEvent (receiver=0x4dc1dc00 [rwRW,0x4dc1dc00-0x4dc1de5e], event=0x12f) at kernel/qcoreapplication.cpp:1506
#11 0x00000000432b218c in QWidgetPrivate::sendPaintEvent (this=0x4805b680 [rwRW,0x4805b680-0x4805b990], toBePainted=...) at kernel/qwidget.cpp:5479
#12 QWidgetPrivate::drawWidget (this=0x4805b680 [rwRW,0x4805b680-0x4805b990], pdev=0x4801c7d0 [rwRW,0x4801c7a0-0x4801c840], rgn=..., offset=..., flags=..., sharedPainter=<optimized out>, repaintManager=<optimized out>) at kernel/qwidget.cpp:5429
#13 0x00000000432bb714 in QWidgetPrivate::paintSiblingsRecursive (this=<optimized out>, pdev=<optimized out>, siblings=..., index=<optimized out>, rgn=..., offset=..., flags=..., sharedPainter=<optimized out>, repaintManager=<optimized out>) at kernel/qwidget.cpp:5610
#14 0x00000000432b1a04 in QWidgetPrivate::drawWidget (this=0x50760500 [rwRW,0x50760500-0x50760870], pdev=0x4801c7d0 [rwRW,0x4801c7a0-0x4801c840], rgn=..., offset=..., flags=..., sharedPainter=0x0, repaintManager=<optimized out>) at kernel/qwidget.cpp:5470
#15 0x00000000432bb714 in QWidgetPrivate::paintSiblingsRecursive (this=<optimized out>, pdev=<optimized out>, siblings=..., index=<optimized out>, rgn=..., offset=..., flags=..., sharedPainter=<optimized out>, repaintManager=<optimized out>) at kernel/qwidget.cpp:5610
#16 0x00000000432b1a04 in QWidgetPrivate::drawWidget (this=0x48059700 [rwRW,0x48059700-0x48059a50], pdev=0x4801c7d0 [rwRW,0x4801c7a0-0x4801c840], rgn=..., offset=..., flags=..., sharedPainter=0x0, repaintManager=<optimized out>) at kernel/qwidget.cpp:5470
#17 0x00000000432bb714 in QWidgetPrivate::paintSiblingsRecursive (this=<optimized out>, pdev=<optimized out>, siblings=..., index=<optimized out>, rgn=..., offset=..., flags=..., sharedPainter=<optimized out>, repaintManager=<optimized out>) at kernel/qwidget.cpp:5610
#18 0x00000000432b1a04 in QWidgetPrivate::drawWidget (this=0x48059380 [rwRW,0x48059380-0x480596f0], pdev=0x4801c7d0 [rwRW,0x4801c7a0-0x4801c840], rgn=..., offset=..., flags=..., sharedPainter=0x0, repaintManager=<optimized out>) at kernel/qwidget.cpp:5470
#19 0x00000000432bb714 in QWidgetPrivate::paintSiblingsRecursive (this=<optimized out>, pdev=<optimized out>, siblings=..., index=<optimized out>, rgn=..., offset=..., flags=..., sharedPainter=<optimized out>, repaintManager=<optimized out>) at kernel/qwidget.cpp:5610
#20 0x00000000432b1a04 in QWidgetPrivate::drawWidget (this=0x4805ac00 [rwRW,0x4805ac00-0x4805af30], pdev=0x4801c7d0 [rwRW,0x4801c7a0-0x4801c840], rgn=..., offset=..., flags=..., sharedPainter=0x0, repaintManager=<optimized out>) at kernel/qwidget.cpp:5470
#21 0x0000000043291584 in QWidgetRepaintManager::paintAndFlush (this=0x4dae4ac0 [rwRW,0x4dae4ac0-0x4dae4b70]) at kernel/qwidgetrepaintmanager.cpp:1023
#22 0x000000004329176c in QWidgetRepaintManager::sync (this=0x4dae4ac0 [rwRW,0x4dae4ac0-0x4dae4b70]) at kernel/qwidgetrepaintmanager.cpp:770
#23 0x00000000432b0e28 in QWidgetPrivate::syncBackingStore (this=0x4805ac00 [rwRW,0x4805ac00-0x4805af30]) at kernel/qwidget.cpp:1758
#24 0x00000000432e3678 in QWidgetWindow::handleResizeEvent (this=0x481194c0 [rwRW,0x481194c0-0x48119570], event=0xfffffff7e560 [rwRW,0xfffffff7e560-0xfffffff7e5a0]) at kernel/qwidgetwindow.cpp:841
#25 0x00000000432e1744 in QWidgetWindow::event (this=0x481194c0 [rwRW,0x481194c0-0x48119570], event=0xfffffff7e560 [rwRW,0xfffffff7e560-0xfffffff7e5a0]) at kernel/qwidgetwindow.cpp:322
#26 0x0000000043284e98 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x481194c0 [rwRW,0x481194c0-0x48119570], e=0xfffffff7e560 [rwRW,0xfffffff7e560-0xfffffff7e5a0]) at kernel/qapplication.cpp:3640
#27 0x00000000432863e4 in QApplication::notify (this=0x4802b740 [rwRW,0x4802b740-0x4802b760], receiver=0x481194c0 [rwRW,0x481194c0-0x48119570], e=0xfffffff7e560 [rwRW,0xfffffff7e560-0xfffffff7e5a0]) at kernel/qapplication.cpp:2979
#28 0x000000004461f0dc in QCoreApplication::notifyInternal2 (receiver=0x481194c0 [rwRW,0x481194c0-0x48119570], event=0xfffffff7e560 [rwRW,0xfffffff7e560-0xfffffff7e5a0]) at kernel/qcoreapplication.cpp:1096
#29 0x000000004461fc44 in QCoreApplication::sendSpontaneousEvent (receiver=0x4dc1dc00 [rwRW,0x4dc1dc00-0x4dc1de5e], event=0x12f) at kernel/qcoreapplication.cpp:1506
#30 0x0000000043ada8b8 in QGuiApplicationPrivate::processGeometryChangeEvent (e=<optimized out>) at kernel/qguiapplication.cpp:2610
#31 0x0000000043ad766c in QGuiApplicationPrivate::processWindowSystemEvent (e=0x481897e0 [rwRW,0x481897e0-0x48189840]) at kernel/qguiapplication.cpp:2017
#32 0x0000000043abb928 in QWindowSystemInterface::sendWindowSystemEvents (flags=...) at kernel/qwindowsysteminterface.cpp:1169
#33 0x0000000043ab74a4 in QWindowSystemInterface::flushWindowSystemEvents (flags=...) at kernel/qwindowsysteminterface.cpp:1138
#34 0x000000004631d270 in QtWaylandClient::QWaylandWindow::applyConfigure (this=0x480a1f00 [rwRW,0x480a1f00-0x480a21d0]) at qwaylandwindow.cpp:531
#35 0x0000000046346bb8 in QtWaylandClient::QWaylandWindow::qt_static_metacall (_o=0x4dc1dc00 [rwRW,0x4dc1dc00-0x4dc1de5e], _c=303, _id=9, _a=0xfffffff752d8 [rwRW,0xfffffff752d8-0xfffffff752dc]) at .moc/moc_qwaylandwindow_p.cpp:86
#36 0x0000000044648a54 in QMetaCallEvent::placeMetaCall (this=0x49c73bc0 [rwRW,0x49c73bc0-0x49c73c90], object=0x480a1f00 [rwRW,0x480a1f00-0x480a21d0]) at kernel/qobject.cpp:635
#37 0x0000000044649fc0 in QObject::event (this=0x480a1f00 [rwRW,0x480a1f00-0x480a21d0], e=0x49c73bc0 [rwRW,0x49c73bc0-0x49c73c90]) at kernel/qobject.cpp:1347
#38 0x0000000043284e98 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x480a1f00 [rwRW,0x480a1f00-0x480a21d0], e=0x49c73bc0 [rwRW,0x49c73bc0-0x49c73c90]) at kernel/qapplication.cpp:3640
#39 0x00000000432863e4 in QApplication::notify (this=0x4802b740 [rwRW,0x4802b740-0x4802b760], receiver=0x480a1f00 [rwRW,0x480a1f00-0x480a21d0], e=0x49c73bc0 [rwRW,0x49c73bc0-0x49c73c90]) at kernel/qapplication.cpp:2979
#40 0x000000004461f0dc in QCoreApplication::notifyInternal2 (receiver=0x480a1f00 [rwRW,0x480a1f00-0x480a21d0], event=0x49c73bc0 [rwRW,0x49c73bc0-0x49c73c90]) at kernel/qcoreapplication.cpp:1096
#41 0x000000004462045c in QCoreApplication::sendEvent (receiver=0x480a1f00 [rwRW,0x480a1f00-0x480a21d0], event=0x49c73bc0 [rwRW,0x49c73bc0-0x49c73c90]) at kernel/qcoreapplication.cpp:1494
#42 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=4, data=0x48042000 [rwRW,0x48042000-0x480420d0]) at kernel/qcoreapplication.cpp:1853
#43 0x0000000044677a1c in QEventDispatcherUNIX::processEvents (this=0x480eba60 [rwRW,0x480eba60-0x480eba80], flags=...) at kernel/qeventdispatcher_unix.cpp:468
#44 0x0000000046356250 in QUnixEventDispatcherQPA::processEvents (this=0x4dc1dc00 [rwRW,0x4dc1dc00-0x4dc1de5e], flags=...) at qunixeventdispatcher.cpp:63
#45 0x000000004461af30 in QEventLoop::processEvents (this=0xfffffff7f300 [rwRW,0xfffffff7f300-0xfffffff7f320], flags=...) at kernel/qeventloop.cpp:142
#46 QEventLoop::exec (this=0xfffffff7f300 [rwRW,0xfffffff7f300-0xfffffff7f320], flags=...) at kernel/qeventloop.cpp:235
#47 0x000000004461f848 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1407
#48 0x0000000043ad6f34 in QGuiApplication::exec () at kernel/qguiapplication.cpp:1870
#49 0x0000000043286040 in QApplication::exec () at kernel/qapplication.cpp:2832
#50 0x0000000000118fa0 in main (argc=1, argv=0xffffbff7f1f0 [rwRW,0xffffbff7f1f0-0xffffbff7f210]) at /wrkdirs/usr/ports/x11/konsole/work/konsole-23.04.3/src/main.cpp:271
(gdb) disassemble /s $pcc,+4
Dump of assembler code from 0x40ecc1e4 to 0x40ecc1e8:
ushape.cpp:
466     while((dest[i] == SPACE_CHAR) && (countl < size)) {
=> 0x0000000040ecc1e4 <_ZL11countSpacesPDsijPiS0_+52>:  ldrh    w9, [c0, x8, lsl #1]
End of assembler dump.
kwitaszczyk commented 1 month ago

A fix for this issue has been submitted to upstream in https://github.com/unicode-org/icu/pull/3024.