1789142 – Limit the command line to 1024 characters when used as the title

Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1789142 - Limit the command line to 1024 characters when used as the title

Summary: Limit the command line to 1024 characters when used as the title

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	gnome-terminal
Sub Component:
Version:	31
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Debarshi Ray
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-01-08 20:50 UTC by Bill Nottingham
Modified:	2020-03-11 22:46 UTC (History)
CC List:	11 users (show)
Fixed In Version:	gnome-terminal-3.34.2-2.fc31
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-03-11 22:46:16 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Bill Nottingham 2020-01-08 20:50:03 UTC

Description of problem:

Jan 08 15:39:32 nostromo gnome-terminal-[96146]: gdkdisplay-wayland.c:1399: Unable to create Cairo image surface: invalid value (typically too big) for the size of the input (surface, pattern, etc.)
Jan 08 15:39:34 nostromo systemd[2033]: gnome-terminal-server.service: Main process exited, code=dumped, status=11/SEGV
Jan 08 15:39:34 nostromo systemd[2033]: gnome-terminal-server.service: Failed with result 'core-dump'.
Jan 08 15:39:34 nostromo systemd[2033]: gnome-terminal-server.service: Consumed 35.706s CPU time.
and lookup manager.
Jan 08 15:39:35 nostromo systemd-coredump[96571]: Process 96146 (gnome-terminal-) of user 2166 dumped core.
                                                  
                                                  Stack trace of thread 96146:
                                                  #0  0x00007fa1d01477f4 _gdk_wayland_shm_surface_get_wl_buffer (libgdk-3.so.0)
                                                  #1  0x00007fa1d015297c gdk_wayland_window_ensure_cairo_surface (libgdk-3.so.0)
                                                  #2  0x00007fa1d01529ad gdk_window_impl_wayland_begin_paint (libgdk-3.so.0)
                                                  #3  0x00007fa1d0106f7e gdk_window_begin_paint_internal (libgdk-3.so.0)
                                                  #4  0x00007fa1d01074fe gdk_window_begin_draw_frame (libgdk-3.so.0)
                                                  #5  0x00007fa1d0557cbb gtk_widget_render (libgtk-3.so.0)
                                                  #6  0x00007fa1d04012b9 gtk_main_do_event (libgtk-3.so.0)
                                                  #7  0x00007fa1d00e9f79 _gdk_event_emit (libgdk-3.so.0)
                                                  #8  0x00007fa1d00fb291 _gdk_window_process_updates_recurse_helper (libgdk-3.so.0)
                                                  #9  0x00007fa1d00fc465 gdk_window_process_updates_internal (libgdk-3.so.0)
                                                  #10 0x00007fa1d00fc624 gdk_window_process_updates_with_mode (libgdk-3.so.0)
                                                  #11 0x00007fa1cfdfd996 _g_closure_invoke_va (libgobject-2.0.so.0)
                                                  #12 0x00007fa1cfe1a228 g_signal_emit_valist (libgobject-2.0.so.0)
                                                  #13 0x00007fa1cfe1a9d3 g_signal_emit (libgobject-2.0.so.0)
                                                  #14 0x00007fa1d00f3cc3 gdk_frame_clock_paint_idle (libgdk-3.so.0)
                                                  #15 0x00007fa1d00ddf3d gdk_threads_dispatch (libgdk-3.so.0)
                                                  #16 0x00007fa1cfd14021 g_timeout_dispatch (libglib-2.0.so.0)
                                                  #17 0x00007fa1cfd13510 g_main_context_dispatch (libglib-2.0.so.0)
                                                  #18 0x00007fa1cfd138a0 g_main_context_iterate.isra.0 (libglib-2.0.so.0)
                                                  #19 0x00007fa1cfd13943 g_main_context_iteration (libglib-2.0.so.0)
                                                  #20 0x00007fa1cff26d55 g_application_run (libgio-2.0.so.0)
                                                  #21 0x0000557b7dc530c2 main (gnome-terminal-server)
                                                  #22 0x00007fa1cfad81a3 __libc_start_main (libc.so.6)
                                                  #23 0x0000557b7dc532ee _start (gnome-terminal-server)
                                                  
                                                  Stack trace of thread 96175:
                                                  #0  0x00007fa1cfba7a6f __poll (libc.so.6)
                                                  #1  0x00007fa1cfd1380e g_main_context_iterate.isra.0 (libglib-2.0.so.0)
                                                  #2  0x00007fa1cfd13943 g_main_context_iteration (libglib-2.0.so.0)
                                                  #3  0x00007fa1cfd13991 glib_worker_main (libglib-2.0.so.0)
                                                  #4  0x00007fa1cfd3cfc2 g_thread_proxy (libglib-2.0.so.0)
                                                  #5  0x00007fa1cfc854e2 start_thread (libpthread.so.0)
                                                  #6  0x00007fa1cfbb2693 __clone (libc.so.6)
                                                  
                                                  Stack trace of thread 96177:
                                                  #0  0x00007fa1cfba7a6f __poll (libc.so.6)
                                                  #1  0x00007fa1cfd1380e g_main_context_iterate.isra.0 (libglib-2.0.so.0)
                                                  #2  0x00007fa1cfd13943 g_main_context_iteration (libglib-2.0.so.0)
                                                  #3  0x00007fa1d095d93d dconf_gdbus_worker_thread (libdconfsettings.so)
                                                  #4  0x00007fa1cfd3cfc2 g_thread_proxy (libglib-2.0.so.0)
                                                  #5  0x00007fa1cfc854e2 start_thread (libpthread.so.0)
                                                  #6  0x00007fa1cfbb2693 __clone (libc.so.6)
                                                  
                                                  Stack trace of thread 96180:
                                                  #0  0x00007fa1cfba7a6f __poll (libc.so.6)
                                                  #1  0x00007fa1cfd1380e g_main_context_iterate.isra.0 (libglib-2.0.so.0)
                                                  #2  0x00007fa1cfd13b93 g_main_loop_run (libglib-2.0.so.0)
                                                  #3  0x00007fa1cff62a4a gdbus_shared_thread_func (libgio-2.0.so.0)
                                                  #4  0x00007fa1cfd3cfc2 g_thread_proxy (libglib-2.0.so.0)
                                                  #5  0x00007fa1cfc854e2 start_thread (libpthread.so.0)
                                                  #6  0x00007fa1cfbb2693 __clone (libc.so.6)


Version-Release number of selected component (if applicable):

3.34.2

How reproducible:

100%

Steps to Reproduce:
1. grep a maildir for some string

Actual results:

kaboom

Expected results:

no kaboom

Additional info:

Appears to have broken very recently.

Comment 1 Bill Nottingham 2020-01-08 21:14:39 UTC

adjusted traceback:

Thread 1 "gnome-terminal-" received signal SIGSEGV, Segmentation fault.
_gdk_wayland_shm_surface_get_wl_buffer (surface=<optimized out>) at gdkdisplay-wayland.c:1410
1410      return data->buffer;
(gdb) bt
#0  _gdk_wayland_shm_surface_get_wl_buffer (surface=<optimized out>) at gdkdisplay-wayland.c:1410
#1  0x00007f4144a1097c in gdk_wayland_window_ensure_cairo_surface (window=<optimized out>)
    at gdkwindow-wayland.c:889
#2  0x00007f4144a109ad in gdk_window_impl_wayland_begin_paint (window=<optimized out>) at gdkwindow-wayland.c:928
#3  0x00007f41449c4f7e in gdk_window_begin_paint_internal (region=0x555d37ddc0a0, window=0x555d3802d2a0)
    at gdkwindow.c:2954
#4  gdk_window_begin_paint_internal (window=0x555d3802d2a0, region=0x555d37ddc0a0) at gdkwindow.c:2930
#5  0x00007f41449c54fe in gdk_window_begin_draw_frame (window=window@entry=0x555d3802d2a0, 
    region=region@entry=0x555d37ddc0a0) at gdkwindow.c:3257
#6  0x00007f4144e15cbb in gtk_widget_render (widget=widget@entry=0x555d37734720, window=0x555d3802d2a0, 
    region=0x555d37ddc0a0) at gtkwidget.c:17587
#7  0x00007f4144cbf2b9 in gtk_main_do_event (event=0x7fffb927e0a0) at gtkmain.c:1840
#8  gtk_main_do_event (event=<optimized out>) at gtkmain.c:1687
#9  0x00007f41449a7f79 in _gdk_event_emit (event=event@entry=0x7fffb927e0a0) at gdkevents.c:73
#10 0x00007f41449b9291 in _gdk_window_process_updates_recurse_helper (window=0x555d3802d2a0, 
    expose_region=<optimized out>) at gdkwindow.c:3874
#11 0x00007f41449ba465 in gdk_window_process_updates_internal (window=0x555d3802d2a0) at gdkwindow.c:4020
#12 0x00007f41449ba624 in gdk_window_process_updates_with_mode (recurse_mode=<optimized out>, 
    window=<optimized out>) at gdkwindow.c:4215
#13 gdk_window_process_updates_with_mode (window=<optimized out>, recurse_mode=<optimized out>)
    at gdkwindow.c:4186
#14 0x00007f41446bb996 in _g_closure_invoke_va (closure=0x555d37fb6700, return_value=0x0, 
    instance=0x555d376fbf90, args=0x7fffb927e3e0, n_params=0, param_types=0x0) at ../gobject/gclosure.c:873
#15 0x00007f41446d8228 in g_signal_emit_valist (instance=0x555d376fbf90, signal_id=<optimized out>, detail=0, 
    var_args=var_args@entry=0x7fffb927e3e0) at ../gobject/gsignal.c:3306
#16 0x00007f41446d89d3 in g_signal_emit (instance=instance@entry=0x555d376fbf90, signal_id=<optimized out>, 
    detail=detail@entry=0) at ../gobject/gsignal.c:3453
#17 0x00007f41449b1383 in _gdk_frame_clock_emit_paint (frame_clock=frame_clock@entry=0x555d376fbf90)
    at gdkframeclock.c:643
#18 0x00007f41449b1cc3 in gdk_frame_clock_paint_idle (data=0x555d376fbf90) at gdkframeclockidle.c:450
#19 0x00007f414499bf3d in gdk_threads_dispatch (data=data@entry=0x555d378c0ee0) at gdk.c:777
#20 0x00007f41445d2021 in g_timeout_dispatch (source=source@entry=0x555d383029c0, 
    callback=0x7f414499bf10 <gdk_threads_dispatch>, user_data=0x555d378c0ee0) at ../glib/gmain.c:4668
#21 0x00007f41445d1510 in g_main_dispatch (context=0x555d376f8350) at ../glib/gmain.c:3179
#22 g_main_context_dispatch (context=context@entry=0x555d376f8350) at ../glib/gmain.c:3844
#23 0x00007f41445d18a0 in g_main_context_iterate (context=context@entry=0x555d376f8350, block=block@entry=1, 
    dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/gmain.c:3917
#24 0x00007f41445d1943 in g_main_context_iteration (context=context@entry=0x555d376f8350, 
    may_block=may_block@entry=1) at ../glib/gmain.c:3978
#25 0x00007f41447e4d55 in g_application_run (application=0x555d379c20f0, argc=<optimized out>, 
    argv=<optimized out>) at ../gio/gapplication.c:2559
#26 0x0000555d365bb0c2 in main (argc=<optimized out>, argv=<optimized out>) at server.c:187

Comment 2 Bill Nottingham 2020-01-08 21:53:05 UTC

This is due to the PS0 setting.

Comment 3 Bill Nottingham 2020-01-09 00:28:37 UTC

Removing upstream link, this is fedora-specific in our added patches. And it probably is on the gnome-terminal side, not the vte side.

Comment 4 Bill Nottingham 2020-01-09 00:44:20 UTC

Fix (interdiff, can make a separate diff as well):

diff --git a/gnome-terminal-cntr-ntfy-autottl-ts.patch b/gnome-terminal-cntr-ntfy-autottl-ts.patch
index 1180fc9..21af98d 100644
--- a/gnome-terminal-cntr-ntfy-autottl-ts.patch
+++ b/gnome-terminal-cntr-ntfy-autottl-ts.patch
@@ -5597,7 +5597,7 @@ index 9c9b29f48c83..4d6d057f7fda 100644
    gboolean user_title; /* title was manually set */
    GSList *match_tags;
    guint contents_changed_source_id;
-@@ -886,6 +888,15 @@ terminal_screen_format_title (TerminalScreen *screen,
+@@ -886,6 +888,17 @@ terminal_screen_format_title (TerminalScreen *screen,
        add_sep = FALSE;
      }
  
@@ -5608,6 +5608,8 @@ index 9c9b29f48c83..4d6d057f7fda 100644
 +      priv->current_cmdline[0] != '\0')
 +    {
 +      g_string_append_printf (title, " — %s", priv->current_cmdline);
++      if (title->len > 1024)
++        g_string_set_size (title, 1024);
 +    }
 +
    if (*titleptr == NULL || strcmp (title->str, *titleptr) != 0)

1024 per suggestion from @chpe (it's the maximum title length VTE sets itself for things.)

Comment 5 Bill Nottingham 2020-01-09 00:49:40 UTC

-> https://src.fedoraproject.org/rpms/gnome-terminal/pull-request/2

Comment 6 Bill Nottingham 2020-01-09 19:39:29 UTC

Reproducer:

mkdir ~/crash-pad
cd ~/crash-pad
for foo in $(seq 1 20000) ; do touch this-is-a-really-long-filename:-so-long-i-just-need-to-fill-space-blah-blah-blah-$foo ; done
grep "test string" *

Comment 7 Christian Persch 2020-01-22 20:11:01 UTC

++      if (title->len > 1024)
++        g_string_set_size (title, 1024);

This could truncate a UTF-8 character in the middle, making title->str contain invalid UTF-8.

Comment 8 Debarshi Ray 2020-03-02 18:08:36 UTC

(In reply to Christian Persch from comment #7)
> ++      if (title->len > 1024)
> ++        g_string_set_size (title, 1024);
> 
> This could truncate a UTF-8 character in the middle, making title->str
> contain invalid UTF-8.

g_utf8_substring might be a better choice?

Comment 9 Christian Persch 2020-03-02 19:48:57 UTC

(In reply to Debarshi Ray from comment #8)
> (In reply to Christian Persch from comment #7)
> > ++      if (title->len > 1024)
> > ++        g_string_set_size (title, 1024);
> > 
> > This could truncate a UTF-8 character in the middle, making title->str
> > contain invalid UTF-8.
> 
> g_utf8_substring might be a better choice?

That's one option, yes.

(BTW, there's another problem in that priv->current_cmdline is used here in the title, and also the notification body text, but it is just slurped from /proc/$pid/cmdline and never validated as UTF-8!)

Comment 10 Debarshi Ray 2020-03-03 14:53:33 UTC

By the way, I'd like to point out that there's the hidden show-foreground-process-in-title option to disable the title updates to work around this bug.

It's not exposed in the graphical user interface, but if you go to /org/gnome/terminal/legacy/profiles: in dconf-editor and select your gnome-terminal profile, you will see it.

Comment 11 Benjamin Otte 2020-03-03 18:24:36 UTC

We were debugging this together on IRC, and here's my summary:

1. The test from comment 6 creates a PS0 that is about 1,729,000 characters long (it depends on your hostname!).
2. That is almost 2^21 characters - remember that number for later.
2. That string is then set on the title Label in a TerminalHeaderbar
3. That label is properly set to ellipsize.
4. When the label is measured, it creates a PangoLayout with that given text and tells Pango to measure it
5. Pango does integer measurements in Pango units (1 pixel = 2^10 Pango Units)
6. Glyphs are almost 16 pixels wide, that is about 2^4 pixels.
7. Pango now has to deal with sizes going up to 2^(10 + 4 + 21) = 2^35.
8. Pango's API reports sizes as ints (and I suppose uses ints internally), so at most 2^31.

=> The numbers Pango reports for strings like this are completely busted.

9. Pango returns a random number that overflowed multiples times to the label (from step 4).
10. Sometimes that number is very large. In my current test, it is 128779.
11. GTK's sizing machinery deals with that fine.
12. GtkWindow resizes itself to the required size.
13. Wayland deals with it fine.
14. When it comes time to paint the window, we prepare to draw.
15. We do that by creating a cairo surface for the Window's size.
16. Cairo conforms to X11 limits and does not allow sizes larger 1985's int (today's int16): 2^15.

=> Cairo explodes because 128779 is larger than 32767.

=> GTK can't deal with Cairo complaining and crashes.

And that's where we are.

While the real problems are the ones I've outlined with the "=>", those are really hard to fix.

So the best fix is probably to just cut the PS0 string to some reasoanbly large number that doesn't overflow Pango and let it be properly ellipsized. The upper bound would be 2^(31 - 10 - 4) = 2^(17) = 131,072, but I don't think anybody can read more than 1,000 characters, even with a really small font and a 4k monitor.  
So I'd pick a number that is far enough away from either (1000 < number < 131072) and cut the string there.

That was fun to debug.

Comment 12 Debarshi Ray 2020-03-03 20:45:19 UTC

(In reply to Christian Persch from comment #9)
> (In reply to Debarshi Ray from comment #8)
> > (In reply to Christian Persch from comment #7)
> > > ++      if (title->len > 1024)
> > > ++        g_string_set_size (title, 1024);
> > > 
> > > This could truncate a UTF-8 character in the middle, making title->str
> > > contain invalid UTF-8.
> > 
> > g_utf8_substring might be a better choice?
> 
> That's one option, yes.

After debugging with Benjamin (see comment 11), I am thinking that vanilla gnome-terminal should always suitably truncate the window title. Crashes like this aren't something that can only be caused by the window title automatically reflecting the current command. One could do the same by emitting the OSC 0 escape sequence with a really long string.

> (BTW, there's another problem in that priv->current_cmdline is used here in
> the title, and also the notification body text, but it is just slurped from
> /proc/$pid/cmdline and never validated as UTF-8!)

I threw g_utf8_make_valid() at it to enforce valid UTF-8.

Comment 13 Debarshi Ray 2020-03-05 14:25:55 UTC

Built gnome-terminal-3.34.2-2.fc31:
https://bodhi.fedoraproject.org/updates/FEDORA-2020-3059e6f8a8

Also fixed in Rawhide.

I will do a build for Fedora 32 later once the currently pending GNOME 3.35.92 mega-update makes its way into stable.

Comment 14 Debarshi Ray 2020-03-05 14:27:36 UTC

Thanks for the detailed bug report and sample fixes, Bill. In the end I tweaked your patch a bit, as we discussed above.

Comment 15 Fedora Update System 2020-03-06 03:39:11 UTC

gnome-terminal-3.34.2-2.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-3059e6f8a8

Comment 16 Fedora Update System 2020-03-11 22:46:16 UTC

gnome-terminal-3.34.2-2.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.