Package: libvte-2.91-0
Version: 0.84.0-2
Severity: normal
X-Debbugs-Cc: [email protected]
Dear Maintainer,
On Debian Testing (Forky), running `vim` in virt-manager's Serial console
causes virt-manager (python3) to crash with:
../src/vte.cc:5083: void vte::terminal::Terminal::map_erase_binding(EraseMode,
EraseMode, unsigned int, char*&, size_t&, bool&, bool&): Assertion `auto_mode
!= eTTY' failed.
The crash happens after the ~ lines are drawn and during/after the color change
from dark blue (34m) to light blue (94m), while Vim sends multiple DCS queries
(\eP+qXXXX\e\).
Reproduction:
1. Open a VM in virt-manager → Serial console
2. Run: vim
3. Crash occurs reliably.
Workarounds:
- TERM=vt220 vim → no crash (but no colors)
- virsh console works fine (bypasses VTE)
I have attached a minimal C reproducer that triggers the same assertion by
sending the relevant DCS queries after ~ lines + color change.
-- System Information:
Debian Release: forky/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 7.0.4+deb14-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=en_ZA.UTF-8, LC_CTYPE=en_ZA.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libvte-2.91-0 depends on:
ii libatk1.0-0t64 2.60.3-1
ii libc6 2.42-16
ii libcairo-gobject2 1.18.4-3+b1
ii libcairo2 1.18.4-3+b1
ii libfribidi0 1.0.16-5+b1
ii libgcc-s1 16-20260425-1
ii libglib2.0-0t64 2.88.0-1
ii libgnutls30t64 3.8.13-1
ii libgtk-3-0t64 3.24.52-1
ii libicu78 78.3-1
ii liblz4-1 1.10.0-10
ii libpango-1.0-0 1.57.1-2
ii libpangocairo-1.0-0 1.57.1-2
ii libpcre2-8-0 10.46-1+b2
ii libsimdutf33 8.2.0-1
ii libstdc++6 16-20260425-1
ii libsystemd0 260.1-1
ii libvte-2.91-common 0.84.0-2
libvte-2.91-0 recommends no packages.
libvte-2.91-0 suggests no packages.
-- no debconf information
#include <stdio.h>
#include <unistd.h>
#include <string.h>
void send(const char *s) {
fwrite(s, 1, strlen(s), stdout);
fflush(stdout);
usleep(35 * 1000);
}
int main(void) {
printf("=== VTE Crash Reproducer (Vim splash + DCS) ===\n");
fflush(stdout);
/* Many DCS queries - this is the key part that triggers the bug */
const char *dcs[] = {
"\x1bP+q436f\x1b\\", "\x1bP+q6b75\x1b\\", "\x1bP+q6b64\x1b\\",
"\x1bP+q6b72\x1b\\", "\x1bP+q6b6c\x1b\\", "\x1bP+q2332\x1b\\",
"\x1bP+q6b32\x1b\\", "\x1bP+q6b33\x1b\\", "\x1bP+q6b34\x1b\\",
"\x1bP+q6b35\x1b\\", "\x1bP+q6b36\x1b\\", "\x1bP+q6b37\x1b\\",
"\x1bP+q6b38\x1b\\", "\x1bP+q6b39\x1b\\", "\x1bP+q6b3b\x1b\\",
"\x1bP+q4631\x1b\\", "\x1bP+q4632\x1b\\", "\x1bP+q2531\x1b\\",
"\x1bP+q2638\x1b\\", "\x1bP+q6b62\x1b\\", "\x1bP+q6b49\x1b\\",
"\x1bP+q6b44\x1b\\", "\x1bP+q6b68\x1b\\", "\x1bP+q4037\x1b\\",
"\x1bP+q6b50\x1b\\", "\x1bP+q6b4e\x1b\\",
NULL
};
for (int i = 0; dcs[i] != NULL; i++) {
send(dcs[i]);
}
printf("\n=== Reproducer finished ===\n");
return 0;
}
