Bug#862591: libvte-2.91-0: xfce4-terminal crashes when dumping a lot of text

Mon May 15 14:33:57 UTC 2017

Hello Brian Warner,

Thanks for your bug report. Would like to add a few notes besides
what Michael already said... See below.

On Sun, May 14, 2017 at 01:57:32PM -0700, Brian Warner wrote:
> Package: libvte-2.91-0
> Version: 0.46.1-1
> Severity: grave
> 
> There seems to be a bug in sid's libvte, such that dumping a large
> amount of text to stdout in a short period of time causes the terminal
> program to crash. "cat" of a file with 1MB of the letter "a" is
> sufficient to reproduce it.

fwiw, I'm not able to reprocude this on amd64 with gnome-terminal.

> 
> I'm assigning this to libvte because I was able to crash xfce4-terminal,
> lilyterm, and termit this way, so it's clearly not specific to any one
> terminal program. I'm marking it "grave" because losing a terminal is
> pretty harsh.. any programs you've spawned from there (emacs, web
> browsers) abruptly exit too.
> 
> I'm running this on an ARM64 chromebook (an Acer R13), which might be an
> unusual platform, just in case that makes a difference.
> 
> I was able to get a stack trace by building vte2.91-0.46.1 and
> xfce4-terminal-0.8.4 locally with debug symbols turned on. It looks like
> this:
> 
> Thread 1 "xfce4-terminal" received signal SIGABRT, Aborted.
> __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
> 51	../sysdeps/unix/sysv/linux/raise.c: No such file or directory.
> #0  0x0000007cb52229fc in __GI_raise (sig=sig at entry=6) at
> ../sysdeps/unix/sysv/linux/raise.c:51
> #1  0x0000007cb5223df4 in __GI_abort () at abort.c:89
> #2  0x0000007cb53dc59c in g_assertion_message
> (domain=domain at entry=0x7cb5fa3bb8 "Vte", file=file at entry=0x7cb5fac250
> "/home/warner/stuff/debian/vte2.91-0.46.1/./src/vtestream-file.h",
> line=line at entry=790, func=func at entry=0x7cb5fac098
> <_vte_boa_uncompress::__PRETTY_FUNCTION__> "unsigned int
> _vte_boa_uncompress(char*, unsigned int, const char*, unsigned int)",
> message=message at entry=0x5ccf97f720 "assertion failed (z_ret == Z_OK):
> (4294967293 == 0)") at ././glib/gtestutils.c:2432
[...]

In other words, this assertion fails:
http://sources.debian.net/src/vte2.91/0.46.1-1/src/vtestream-file.h/#L790

        z_ret = uncompress ((Bytef *) dst, &dstlen_ulongf, (const Bytef *) src, srclen);
        g_assert_cmpuint (z_ret, ==, Z_OK);

Would be great if you could confirm by posting the asserting message
that the application outputs when crashing.

Seems to me like you need to seek the answer to why uncompress fails
in the zlib library.... (Possibly vte could handle the error more
gracefully but probably a good idea to find out why zlib uncompress
fails first.)

HTH.

Regards,
Andreas Henriksson