search

arakiken / mlterm

Other
147 stars 13 forks source link

Rare SEGV when scrolling up #78

Open Atemu opened 11 months ago

Atemu commented 11 months ago

This has happened maybe twice or thrice this far but rarely, mlterm just hard-crashes when scrolling up from the bottom. It's been a longer session but I've had both longer sessions and sessions with much more verbose output and mlterm had no issue with those.

$ coredumpctl debug
           PID: 5076 (.mlterm-wrapped)
           UID: 1000 (atemu)
           GID: 100 (users)
        Signal: 11 (SEGV)
     Timestamp: Sun 2023-07-30 15:51:13 CEST (1min 17s ago)
  Command Line: mlterm
    Executable: /nix/store/spcqyqqp2wrkyja18l2q2khr761bmk15-mlterm-3.9.3/bin/.mlterm-wrapped
 Control Group: /user.slice/user-1000.slice/session-2.scope
          Unit: session-2.scope
         Slice: user-1000.slice
       Session: 2
     Owner UID: 1000 (atemu)
       Boot ID: f7643b67ba7440b6a1abc317e24fec1c
    Machine ID: ca7ef1a4682942c093045222c16efc7e
      Hostname: HEPHAISTOS
       Storage: /var/lib/systemd/coredump/core.\x2emlterm-wrapped.1000.f7643b67ba7440b6a1abc317e24fec1c.5076.1690725073000000.zst (present)
  Size on Disk: 4.5M
       Message: Process 5076 (.mlterm-wrapped) of user 1000 dumped core.

                Module libpcre2-8.so.0 without build-id.
                Module libgraphite2.so.3 without build-id.
                Module libharfbuzz.so.0 without build-id.
                Module libotl.so without build-id.
                Module libbrotlicommon.so.1 without build-id.
                Module libGLX.so.0 without build-id.
                Module libGLdispatch.so.0 without build-id.
                Module libexpat.so.1 without build-id.
                Module libbrotlidec.so.1 without build-id.
                Module libbz2.so.1 without build-id.
                Module libGL.so.1 without build-id.
                Module libz.so.1 without build-id.
                Module libXext.so.6 without build-id.
                Module libXrender.so.1 without build-id.
                Module libxcb-render.so.0 without build-id.
                Module libxcb-shm.so.0 without build-id.
                Module libpng16.so.16 without build-id.
                Module libEGL.so.1 without build-id.
                Module libfreetype.so.6 without build-id.
                Module libfontconfig.so.1 without build-id.
                Module libtype_cairo.so without build-id.
                Module libXdmcp.so.6 without build-id.
                Module libXau.so.6 without build-id.
                Module libxcb.so.1 without build-id.
                Module libX11.so.6 without build-id.
                Module libpobl.so.2 without build-id.
                Module libmef.so.3 without build-id.
                Module libmlterm_coreotl.so without build-id.
                Module .mlterm-wrapped without build-id.
                Stack trace of thread 5076:
                #0  0x000000000044c766 rewrap_logs (.mlterm-wrapped + 0x4c766)
                #1  0x000000000044e489 vt_enter_backscroll_mode (.mlterm-wrapped + 0x4e489)
                #2  0x0000000000418e55 enter_backscroll_mode.part.0 (.mlterm-wrapped + 0x18e55)
                #3  0x00000000004205f4 button_pressed (.mlterm-wrapped + 0x205f4)
                #4  0x0000000000415899 ui_window_receive_event (.mlterm-wrapped + 0x15899)
                #5  0x00000000004152c5 ui_window_receive_event (.mlterm-wrapped + 0x152c5)
                #6  0x00000000004103ce ui_display_receive_next_event (.mlterm-wrapped + 0x103ce)
                #7  0x0000000000440509 ui_event_source_process (.mlterm-wrapped + 0x40509)
                #8  0x000000000040da35 main_loop_start (.mlterm-wrapped + 0xda35)
                #9  0x000000000040cb39 main (.mlterm-wrapped + 0xcb39)
                #10 0x00007f25e568aace __libc_start_call_main (libc.so.6 + 0x23ace)
                #11 0x00007f25e568ab89 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x23b89)
                #12 0x000000000040cb75 _start (.mlterm-wrapped + 0xcb75)
                ELF object binary architecture: AMD x86-64

GNU gdb (GDB) 13.2
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-unknown-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /nix/store/spcqyqqp2wrkyja18l2q2khr761bmk15-mlterm-3.9.3/bin/.mlterm-wrapped...
(No debugging symbols found in /nix/store/spcqyqqp2wrkyja18l2q2khr761bmk15-mlterm-3.9.3/bin/.mlterm-wrapped)

warning: Can't open file /Users/atemu/.compose-cache/l4_030_1070c512_00280cc0 (deleted) during file-backed mapping note processing
[New LWP 5076]

warning: Section `.reg-xstate/5076' in core file too small.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/nix/store/1x4ijm9r1a88qk7zcmbbfza324gx1aac-glibc-2.37-8/lib/libthread_db.so.1".
Core was generated by `mlterm'.
Program terminated with signal SIGSEGV, Segmentation fault.

warning: Section `.reg-xstate/5076' in core file too small.
#0  0x000000000044c766 in rewrap_logs ()
(gdb) bt
#0  0x000000000044c766 in rewrap_logs ()
#1  0x000000000044e489 in vt_enter_backscroll_mode ()
#2  0x0000000000418e55 in enter_backscroll_mode.part ()
#3  0x00000000004205f4 in button_pressed ()
#4  0x0000000000415899 in ui_window_receive_event ()
#5  0x00000000004152c5 in ui_window_receive_event ()
#6  0x00000000004103ce in ui_display_receive_next_event ()
#7  0x0000000000440509 in ui_event_source_process ()
#8  0x000000000040da35 in main_loop_start ()
#9  0x000000000040cb39 in main ()
(gdb)

I was using adb a bunch and perhaps android prints some odd control chars? Really hard to say. Perhaps you have some insight here.

arakiken commented 10 months ago

Thank you very much. I was able to reproduce this bug and fixed it -> https://github.com/arakiken/mlterm/commit/b77ab7365d9d28f4a2d69a8246a019a4db9fd964

Atemu commented 10 months ago

Thank you so much!

What was the reproducer in the end? Because I'm not even sure how this bug was being triggered, so I couldn't produce a test scenario to ascertain whether this fixes the bug.

arakiken commented 10 months ago

I reproduced this problem by following steps. Use testdata.txt file (from https://www.aljazeera.net) I attached to this message.

1) Start mlterm $ mlterm -sl unlimited -g 80x24 2) Execute a following command in mlterm $ cat testdata.txt 3) Use your mouse to resize the screen of mlterm to 79x24. 4) Scroll the screen of mlterm by pressing Shift+PageUp.

https://github.com/arakiken/mlterm/commit/b77ab7365d9d28f4a2d69a8246a019a4db9fd964#diff-6140e70a19a77257e685b8802dde5cc93900d20fb7834bb77f77a380e08f978bR35 fixed this problem. Before this fix, CHARSET macro in https://github.com/arakiken/mlterm/blob/master/vtemu/vt_char.c#L556 was expanded unexpectedly and vt_get_picture_char() returned a wrong value. As a result, vt_line_char_picture() in https://github.com/arakiken/mlterm/blob/master/uitoolkit/ui_screen.c#L5308C16-L5308C16 broke some backlog data and it caused segfault.