Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: P1: Critical
Fix Version/s: 5.12.1, 5.14.0 Alpha
Affects Version/s: 5.12.1
Component/s: GUI: Text handling
Labels:
None

Platform/s:

Linux/X11
Commits:
a8db9b8663f0bf3d66b36b5f743bd2fd47105cb6 (qt/qtbase/5.12.1)

Description

Because of https://codereview.qt-project.org/244594, qtextengine.cpp crashes when pressing Key_Down (or Key_Up etc.) in a QTextEdit that contains a trailing tab character.

#2 <signal handler called>
#3 0x00007fde299a2942 in QTextEngine::shape (this=0x16a5ad50, item=item@entry=3) at /d/qt/5/kde/qtbase/src/gui/text/qtextengine.cpp:1982
#4 0x00007fde299b27b9 in QTextLine::xToCursor (this=this@entry=0x7fffe00fecd0, _x=<optimized out>, cpos=cpos@entry=QTextLine::CursorBetweenCharacters) at /d/qt/5/kde/qtbase/src/gui/text/qtextlayout.cpp:3047
#5 0x00007fde299ffa05 in QTextCursorPrivate::movePosition (this=0x16f1c010, op=op@entry=QTextCursor::Down, mode=mode@entry=QTextCursor::MoveAnchor) at /d/qt/5/kde/qtbase/src/gui/text/qtextcursor.cpp:587
#6 0x00007fde29a0245e in QTextCursor::movePosition (this=this@entry=0x16bf0ca0, op=op@entry=QTextCursor::Down, mode=mode@entry=QTextCursor::MoveAnchor, n=n@entry=1) at /d/qt/5/kde/qtbase/src/gui/text/qtextcursor.cpp:1253
#7 0x00007fde2a2cb9eb in QWidgetTextControlPrivate::cursorMoveKeyEvent (this=this@entry=0x16bf0c20, e=e@entry=0x7fffe00ffda0) at /d/qt/5/kde/qtbase/src/widgets/widgets/qwidgettextcontrol.cpp:281
#8 0x00007fde2a2cda9a in QWidgetTextControlPrivate::keyPressEvent (this=this@entry=0x16bf0c20, e=e@entry=0x7fffe00ffda0) at /d/qt/5/kde/qtbase/src/widgets/widgets/qwidgettextcontrol.cpp:1217
#9 0x00007fde2a2d0a39 in QWidgetTextControl::processEvent (this=<optimized out>, e=0x7fffe00ffda0, matrix=..., contextWidget=0x16d26e00) at /d/qt/5/kde/qtbase/src/widgets/widgets/qwidgettextcontrol.cpp:1023
#10 0x00007fde2a2c789a in QWidgetTextControl::processEvent (this=this@entry=0x16d2b260, e=e@entry=0x7fffe00ffda0, coordinateOffset=..., contextWidget=contextWidget@entry=0x16d26e00) at /d/qt/5/kde/qtbase/src/widgets/widgets/qwidgettextcontrol.cpp:983

Testcase:

cd qtbase/examples/widgets/richtext/textedit
wget http://www.davidfaure.fr/2018/mytext
./textedit mytext

and then press Key_Down 4 times.

The new code says

ushort *lc = logClusters(&li);
*lc = item ? lc[-1] : 0;

and lc is nullptr (I added Q_ASSERT(lc) and it hits that assert).

Is it enough to put an if(lc) around all this, i.e. do nothing if lc is null?

Attachments

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews
- Show All Issues
- Show Open Issues

For Gerrit Dashboard: QTBUG-72754
#	Subject	Branch	Project	Status	CR	V
249370,3	Fix a crash in QTextEngine when a paragraph only contains a tab	5.12.1	qt/qtbase	Status: MERGED	+2	0
249813,1	Fix a crash in QTextEngine when a paragraph only contains a tab	5.12	qt/qtbase	Status: ABANDONED	0	0

Activity

People

Assignee:: Lars Knoll

Reporter:: David Faure

Votes:: 1 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 24 Dec '18 16:15

Updated:: 28 Jan '19 22:08

Resolved:: 08 Jan '19 19:05

Gerrit Reviews

There are no open Gerrit changes

Show There are 2 closed Gerrit changes

Hide There are 2 closed Gerrit changes

Fix a crash in QTextEngine when a paragraph only contains a tab: Gerrit Review:

Fix a crash in QTextEngine when a paragraph only contains a tab: Gerrit Review: