Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-72754

QTextEngine crashes when navigating over a line that contains a trailing tab character

    XMLWordPrintable

    Details

    • Platform/s:
      Linux/X11
    • Commits:
      a8db9b8663f0bf3d66b36b5f743bd2fd47105cb6 (qt/qtbase/5.12.1)

      Description

      Because of https://codereview.qt-project.org/244594, qtextengine.cpp crashes when pressing Key_Down (or Key_Up etc.) in a QTextEdit that contains a trailing tab character.

      #2  <signal handler called>
      #3  0x00007fde299a2942 in QTextEngine::shape (this=0x16a5ad50, item=item@entry=3) at /d/qt/5/kde/qtbase/src/gui/text/qtextengine.cpp:1982
      #4  0x00007fde299b27b9 in QTextLine::xToCursor (this=this@entry=0x7fffe00fecd0, _x=<optimized out>, cpos=cpos@entry=QTextLine::CursorBetweenCharacters) at /d/qt/5/kde/qtbase/src/gui/text/qtextlayout.cpp:3047
      #5  0x00007fde299ffa05 in QTextCursorPrivate::movePosition (this=0x16f1c010, op=op@entry=QTextCursor::Down, mode=mode@entry=QTextCursor::MoveAnchor) at /d/qt/5/kde/qtbase/src/gui/text/qtextcursor.cpp:587
      #6  0x00007fde29a0245e in QTextCursor::movePosition (this=this@entry=0x16bf0ca0, op=op@entry=QTextCursor::Down, mode=mode@entry=QTextCursor::MoveAnchor, n=n@entry=1) at /d/qt/5/kde/qtbase/src/gui/text/qtextcursor.cpp:1253
      #7  0x00007fde2a2cb9eb in QWidgetTextControlPrivate::cursorMoveKeyEvent (this=this@entry=0x16bf0c20, e=e@entry=0x7fffe00ffda0) at /d/qt/5/kde/qtbase/src/widgets/widgets/qwidgettextcontrol.cpp:281
      #8  0x00007fde2a2cda9a in QWidgetTextControlPrivate::keyPressEvent (this=this@entry=0x16bf0c20, e=e@entry=0x7fffe00ffda0) at /d/qt/5/kde/qtbase/src/widgets/widgets/qwidgettextcontrol.cpp:1217
      #9  0x00007fde2a2d0a39 in QWidgetTextControl::processEvent (this=<optimized out>, e=0x7fffe00ffda0, matrix=..., contextWidget=0x16d26e00) at /d/qt/5/kde/qtbase/src/widgets/widgets/qwidgettextcontrol.cpp:1023
      #10 0x00007fde2a2c789a in QWidgetTextControl::processEvent (this=this@entry=0x16d2b260, e=e@entry=0x7fffe00ffda0, coordinateOffset=..., contextWidget=contextWidget@entry=0x16d26e00) at /d/qt/5/kde/qtbase/src/widgets/widgets/qwidgettextcontrol.cpp:983

      Testcase:

      cd qtbase/examples/widgets/richtext/textedit
      wget http://www.davidfaure.fr/2018/mytext
      ./textedit mytext
      

      and then press Key_Down 4 times.

      The new code says

      ushort *lc = logClusters(&li);
      *lc = item ? lc[-1] : 0;
      

      and lc is nullptr (I added Q_ASSERT(lc) and it hits that assert).

      Is it enough to put an if(lc) around all this, i.e. do nothing if lc is null?

        Attachments

        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

            Assignee:
            laknoll Lars Knoll
            Reporter:
            dfaure_kdab David Faure
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Gerrit Reviews

                There are no open Gerrit changes