scim-chewing will crash GNOME terminal.
@seb128
Submitted by Sébastien Bacher Link to original bug (#449433)
Description
The bug has been opened on https://bugs.launchpad.net/ubuntu/+source/vte/+bug/121161
"... scim-chewing will crash GNOME terminal when I input chinese with scim-chewing. ... libvte9 1:0.16.1-0ubuntu1 ...
I have noticed the same problem with scim-anthy (for Japanese input), as well. This used to work, but when I don't remember. I don't see any recent package updates to either gnome-terminal, libvte-common or scim.
I don't seem to be able to reliably reproduce it, however, it appears at this time that the Japanese comma can tend to invoke the problem. Backspacing and retyping may also help, perhaps. At some random points, the currently-input text becomes an opaque white box (none of the text visible), and then later is visible again (after more typing). This is true of xfce4-terminal as well, which also crashes.
When running xfce4-terminal within gnome-terminal, I managed to get a "*** glibc detected *** xfce4-terminal: munmap_chunk(): invalid pointer: 0x08439c40 ", followed by a "backtrace" that was not very informative (possibly because I don't have the debug symbols). After installing the debug symbols (for it and libvte), I was unable to reproduce that same crash. I also got " glibc detected *** xfce4-terminal: corrupted double-linked list: 0x0823aa20 ***" without a backtrace.
I also get random messages like (xfce4-terminal:18241): Vte-WARNING **: Can not find appropiate font for character U+823a2c0." or "...for character U+0019" (the former could never be a valid Unicode character, the latter is Ctrl+Y).
I'm reassigning to vte, since the same problem is in xfce4-terminal. ... http://launchpadlibrarian.net/8139419/valgrind.log.19308 valgrind.log.19308 (545.2 KiB, text/plain) ... ==19308== Invalid read of size 4 ==19308== at 0x4112427: _vte_xft_draw_text (vtexft.c:795) ==19308== by 0x41040ED: _vte_draw_text (vtedraw.c:329) ==19308== by 0x40F3EB3: vte_terminal_draw_cells (vte.c:8951) ==19308== by 0x40FD075: vte_terminal_expose (vte.c:10097) ==19308== by 0x42CE6AF: _gtk_marshal_BOOLEAN__BOXED (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x4693E48: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x469562A: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A6752: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A73EE: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A77E8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x43E2E17: (within /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x42C8DE3: gtk_main_do_event (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x451264E: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512886: gdk_window_process_all_updates (in /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512904: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x46F2090: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F3DF1: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F6DCE: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F7178: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x42C9043: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x80533DC: main (main.c:277) ==19308== Address 0x75AC2CC is 0 bytes after a block of size 36 alloc'd ==19308== at 0x4020620: malloc (vg_replace_malloc.c:149) ==19308== by 0x46FB2C5: g_malloc (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x40FCD6B: vte_terminal_expose (vte.c:10065) ==19308== by 0x42CE6AF: _gtk_marshal_BOOLEAN__BOXED (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x4693E48: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x469562A: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A6752: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A73EE: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A77E8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x43E2E17: (within /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x42C8DE3: gtk_main_do_event (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x451264E: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512886: gdk_window_process_all_updates (in /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512904: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x46F2090: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F3DF1: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F6DCE: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F7178: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x42C9043: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x80533DC: main (main.c:277) ... ==19308== Invalid read of size 2 ==19308== at 0x40F3DDE: vte_terminal_draw_cells (vte.c:8938) ==19308== by 0x40FD075: vte_terminal_expose (vte.c:10097) ==19308== by 0x42CE6AF: _gtk_marshal_BOOLEAN__BOXED (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x4693E48: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x469562A: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A6752: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A73EE: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A77E8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x43E2E17: (within /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x42C8DE3: gtk_main_do_event (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x451264E: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512886: gdk_window_process_all_updates (in /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512904: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x46F2090: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F3DF1: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F6DCE: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F7178: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x42C9043: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x80533DC: main (main.c:277) ==19308== Address 0x75AC2D4 is 8 bytes after a block of size 36 alloc'd ==19308== at 0x4020620: malloc (vg_replace_malloc.c:149) ==19308== by 0x46FB2C5: g_malloc (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x40FCD6B: vte_terminal_expose (vte.c:10065) ==19308== by 0x42CE6AF: _gtk_marshal_BOOLEAN__BOXED (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x4693E48: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x469562A: g_closure_invoke (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A6752: (within /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A73EE: g_signal_emit_valist (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x46A77E8: g_signal_emit (in /usr/lib/libgobject-2.0.so.0.1200.11) ==19308== by 0x43E2E17: (within /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x42C8DE3: gtk_main_do_event (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x451264E: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512886: gdk_window_process_all_updates (in /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x4512904: (within /usr/lib/libgdk-x11-2.0.so.0.1000.11) ==19308== by 0x46F2090: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F3DF1: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F6DCE: (within /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x46F7178: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1200.11) ==19308== by 0x42C9043: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1000.11) ==19308== by 0x80533DC: main (main.c:277) ... Here is valgrind output (xfce4-terminal did not crash for this run, but valgrind seems to have found plenty to complain about). The test was to type the text, "echo 今日は、田中さん" ("Hello, Mr Tanaka"), twice, then exit via Ctrl+D. ... BTW, I checked to see if the "U+823a2c0" could have been some strange combination of actual Unicode characters involved in the text I typed; this does not appear to be the case. ..."
Version: 0.16.x
Resolution: RESOLVED FIXED