[konsole] [Bug 512115] New: konsole double free or corruption when resizing

andy Sat, 15 Nov 2025 01:06:29 -0800

https://bugs.kde.org/show_bug.cgi?id=512115


            Bug ID: 512115
           Summary: konsole double free or corruption when resizing
    Classification: Applications
           Product: konsole
      Version First 25.08.1
       Reported In:
          Platform: Arch Linux
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

SUMMARY
Hacking around with a pyte script that renders a virtual terminal, I've managed
to crash konsole a few times while resizing it with the journal saying
`konsole[3372710]: double free or corruption (out)` and
`systemd-coredump[3389111]: Process 3372710 (konsole) of user 1000 terminated
abnormally with signal 6/ABRT, processing...`

STEPS TO REPRODUCE
Write a pyte script that resizes the pyte screen frequently, and spend a minute
going wild with resizing the the window super quickly and with large sizes.

The main bits are
```
screen = pyte.Screen(cols, rows)
stream = pyte.Stream(screen)
screen.resize(lines=rows, columns=cols)
```

OBSERVED RESULT
`konsole[3372710]: double free or corruption (out)` and
`systemd-coredump[3389111]: Process 3372710 (konsole) of user 1000 terminated
abnormally with signal 6/ABRT, processing...`

backtrace shows it is something in
#7  0x00007f07709dd6b1 in ?? () from /usr/lib/libkonsoleprivate.so.25.08.1
#8  0x00007f07709e5be8 in Konsole::Screen::resizeImage(int, int) () from
/usr/lib/libkonsoleprivate.so.25.08.1

EXPECTED RESULT
A program running in konsole shouldn't be able to cause a double free somewhere
around Konsole::Screen::resizeImage. 

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: arch linux
KDE Plasma Version: 6.4.5
KDE Frameworks Version: 6.18.0
Qt Version: 6.9.2

ADDITIONAL INFORMATION

#0  0x00007f076eb3694c in ?? () from /usr/lib/libc.so.6
#1  0x00007f076eadc410 in raise () from /usr/lib/libc.so.6
#2  0x00007f076eac357a in abort () from /usr/lib/libc.so.6
#3  0x00007f076eac4613 in ?? () from /usr/lib/libc.so.6
#4  0x00007f076eb40d65 in ?? () from /usr/lib/libc.so.6
#5  0x00007f076eb42d80 in ?? () from /usr/lib/libc.so.6
#6  0x00007f076eb42f91 in ?? () from /usr/lib/libc.so.6
#7  0x00007f07709dd6b1 in ?? () from /usr/lib/libkonsoleprivate.so.25.08.1
#8  0x00007f07709e5be8 in Konsole::Screen::resizeImage(int, int) () from
/usr/lib/libkonsoleprivate.so.25.08.1
#9  0x00007f07709bd4fd in ?? () from /usr/lib/libkonsoleprivate.so.25.08.1
#10 0x00007f076f11966f in ?? () from /usr/lib/libQt6Core.so.6
#11 0x00007f0770a792d5 in
Konsole::TerminalDisplay::changedContentSizeSignal(int, int) () from
/usr/lib/libkonsoleprivate.so.25.08.1
#12 0x00007f0770a71760 in Konsole::TerminalDisplay::updateImageSize() () from
/usr/lib/libkonsoleprivate.so.25.08.1
#13 0x00007f0770a72ea1 in Konsole::TerminalDisplay::resizeEvent(QResizeEvent*)
() from /usr/lib/libkonsoleprivate.so.25.08.1
#14 0x00007f07700c0586 in QWidget::event(QEvent*) () from
/usr/lib/libQt6Widgets.so.6
#15 0x00007f0770065dd0 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() from /usr/lib/libQt6Widgets.so.6
#16 0x00007f076f0ad678 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
() from /usr/lib/libQt6Core.so.6
#17 0x00007f07700ba0f1 in QWidgetPrivate::setGeometry_sys(int, int, int, int,
bool) () from /usr/lib/libQt6Widgets.so.6
#18 0x00007f07700ba60a in QWidget::setGeometry(QRect const&) () from
/usr/lib/libQt6Widgets.so.6
#19 0x00007f07702aa198 in ?? () from /usr/lib/libQt6Widgets.so.6
#20 0x00007f07702aacb6 in ?? () from /usr/lib/libQt6Widgets.so.6
#21 0x00007f07700c0586 in QWidget::event(QEvent*) () from
/usr/lib/libQt6Widgets.so.6
#22 0x00007f077012cff6 in QFrame::event(QEvent*) () from
/usr/lib/libQt6Widgets.so.6
#23 0x00007f0770065dd0 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() from /usr/lib/libQt6Widgets.so.6
#24 0x00007f076f0ad678 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
() from /usr/lib/libQt6Core.so.6
#25 0x00007f07700ba0f1 in QWidgetPrivate::setGeometry_sys(int, int, int, int,
bool) () from /usr/lib/libQt6Widgets.so.6
#26 0x00007f07700ba60a in QWidget::setGeometry(QRect const&) () from
/usr/lib/libQt6Widgets.so.6
#27 0x00007f0770093a0c in QLayoutPrivate::doResize() () from
/usr/lib/libQt6Widgets.so.6
#28 0x00007f0770065db4 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() from /usr/lib/libQt6Widgets.so.6
#29 0x00007f076f0ad678 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
() from /usr/lib/libQt6Core.so.6
#30 0x00007f07700ba0f1 in QWidgetPrivate::setGeometry_sys(int, int, int, int,
bool) () from /usr/lib/libQt6Widgets.so.6
#31 0x00007f07700ba60a in QWidget::setGeometry(QRect const&) () from
/usr/lib/libQt6Widgets.so.6
#32 0x00007f07702dbb2f in QTabWidget::setUpLayout(bool) () from
/usr/lib/libQt6Widgets.so.6
#33 0x00007f07700c0586 in QWidget::event(QEvent*) () from
/usr/lib/libQt6Widgets.so.6
#34 0x00007f0770065dd0 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() from /usr/lib/libQt6Widgets.so.6
#35 0x00007f076f0ad678 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
() from /usr/lib/libQt6Core.so.6
#36 0x00007f07700ba0f1 in QWidgetPrivate::setGeometry_sys(int, int, int, int,
bool) () from /usr/lib/libQt6Widgets.so.6
#37 0x00007f07700ba60a in QWidget::setGeometry(QRect const&) () from
/usr/lib/libQt6Widgets.so.6
#38 0x00007f07700ca7e2 in QWidget::qt_metacall(QMetaObject::Call, int, void**)
() from /usr/lib/libQt6Widgets.so.6
#39 0x00007f07702dd06e in QTabWidget::qt_metacall(QMetaObject::Call, int,
void**) () from /usr/lib/libQt6Widgets.so.6
#40 0x00007f0770ae5a0f in
Konsole::TabbedViewContainer::qt_metacall(QMetaObject::Call, int, void**) ()
from /usr/lib/libkonsoleprivate.so.25.08.1
#41 0x00007f076f24c660 in QPropertyAnimation::updateCurrentValue(QVariant
const&) () from /usr/lib/libQt6Core.so.6
#42 0x00007f076f257dc7 in ?? () from /usr/lib/libQt6Core.so.6
#43 0x00007f076f251797 in
QPropertyAnimation::updateState(QAbstractAnimation::State,
QAbstractAnimation::State) () from /usr/lib/libQt6Core.so.6
#44 0x00007f076f246484 in
QAbstractAnimationPrivate::setState(QAbstractAnimation::State) () from
/usr/lib/libQt6Core.so.6
#45 0x00007f077012b298 in ?? () from /usr/lib/libQt6Widgets.so.6
#46 0x00007f07701f12af in ?? () from /usr/lib/libQt6Widgets.so.6
#47 0x00007f07702458ea in ?? () from /usr/lib/libQt6Widgets.so.6
#48 0x00007f0770093a0c in QLayoutPrivate::doResize() () from
/usr/lib/libQt6Widgets.so.6
#49 0x00007f0770065db4 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() from /usr/lib/libQt6Widgets.so.6
#50 0x00007f076f0ad678 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
() from /usr/lib/libQt6Core.so.6
#51 0x00007f07700ddbe5 in ?? () from /usr/lib/libQt6Widgets.so.6
#52 0x00007f0770065dd0 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() from /usr/lib/libQt6Widgets.so.6
#53 0x00007f076f0ad678 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
() from /usr/lib/libQt6Core.so.6
#54 0x00007f076f7f7509 in
QGuiApplicationPrivate::processGeometryChangeEvent(QWindowSystemInterfacePrivate::GeometryChangeEvent*)
() from /usr/lib/libQt6Gui.so.6
#55 0x00007f076f869e18 in void
QWindowSystemInterface::handleGeometryChange<QWindowSystemInterface::SynchronousDelivery>(QWindow*,
QRect const&) () from /usr/lib/libQt6Gui.so.6
#56 0x00007f076bf00eeb in QtWaylandClient::QWaylandWindow::setGeometry(QRect
const&) () from /usr/lib/libQt6WaylandClient.so.6
#57 0x00007f076befab23 in
QtWaylandClient::QWaylandWindow::resizeFromApplyConfigure(QSize const&, QPoint
const&) () from /usr/lib/libQt6WaylandClient.so.6
#58 0x00007f0770beffe4 in
QtWaylandClient::QWaylandXdgSurface::Toplevel::applyConfigure() () from
/usr/lib/qt6/plugins/wayland-shell-integration/libxdg-shell.so
#59 0x00007f0770bf0edf in QtWaylandClient::QWaylandXdgSurface::applyConfigure()
() from /usr/lib/qt6/plugins/wayland-shell-integration/libxdg-shell.so
#60 0x00007f076bf01312 in QtWaylandClient::QWaylandWindow::applyConfigure() ()
from /usr/lib/libQt6WaylandClient.so.6
#61 0x00007f076f106a74 in QObject::event(QEvent*) () from
/usr/lib/libQt6Core.so.6
#62 0x00007f0770065dd0 in QApplicationPrivate::notify_helper(QObject*, QEvent*)
() from /usr/lib/libQt6Widgets.so.6
#63 0x00007f076f0ad678 in QCoreApplication::notifyInternal2(QObject*, QEvent*)
() from /usr/lib/libQt6Core.so.6
#64 0x00007f076f0ada5b in QCoreApplicationPrivate::sendPostedEvents(QObject*,
int, QThreadData*) () from /usr/lib/libQt6Core.so.6
#65 0x00007f076f3887f8 in ?? () from /usr/lib/libQt6Core.so.6
#66 0x00007f076ca57f4d in ?? () from /usr/lib/libglib-2.0.so.0
#67 0x00007f076ca59617 in ?? () from /usr/lib/libglib-2.0.so.0
#68 0x00007f076ca59825 in g_main_context_iteration () from
/usr/lib/libglib-2.0.so.0
#69 0x00007f076f384fe2 in
QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
from /usr/lib/libQt6Core.so.6
#70 0x00007f076f0b9ca6 in
QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from
/usr/lib/libQt6Core.so.6
#71 0x00007f076f0b1d21 in QCoreApplication::exec() () from
/usr/lib/libQt6Core.so.6
#72 0x000055e338e3fb8d in ?? ()
#73 0x00007f076eac5675 in ?? () from /usr/lib/libc.so.6
#74 0x00007f076eac5729 in __libc_start_main () from /usr/lib/libc.so.6
#75 0x000055e338e405f5 in ?? ()

-- 
You are receiving this mail because:
You are watching all bug changes.

[konsole] [Bug 512115] New: konsole double free or corruption when resizing

Reply via email to