Summary: | Kate crashed while editing a php file with highlighting set to xml | ||
---|---|---|---|
Product: | [Applications] kate | Reporter: | Gerald Senarclens de Grancy <oss> |
Component: | general | Assignee: | KWrite Developers <kwrite-bugs-null> |
Status: | VERIFIED FIXED | ||
Severity: | crash | CC: | dima |
Priority: | HI | ||
Version: | Git | ||
Target Milestone: | --- | ||
Platform: | Ubuntu | ||
OS: | Linux | ||
Latest Commit: | http://commits.kde.org/kate/7f9ea56ea8d6140d586e93426c8ad243cc8fd2b5 | Version Fixed In: | 4.11.1 |
Attachments: |
manual TC
New crash information added by DrKonqi |
Description
Gerald Senarclens de Grancy
2013-04-16 21:55:09 UTC
Gerald, Can you attach a test case? And if you can reproduce a crash, it always helps to have a valgrind trace. Please start ./run.sh valgrind kate and then paste the ~3 blocks of relevant valgrind trace here. Context: kate was pulled 2013-04-16 at around 5pm CET; I tried the crash on both on a KDE 4.9.5 as well as on KDE 4.10.2 on Kubuntu 12.10). The valgrind output below is created on 4.9.5. Right after starting with (even before the crash) ~/repos/kde >./run.sh valgrind --leak-check=full kate ~/318468.php there is (unfortunately not very helpful location information; if there's something to improve the output, let me know; debug packages suggested by Dr. Konqui are installed and kate is compiled w/ -DCMAKE_BUILD_TYPE=DebugFull) """ QDBusConnection: session D-Bus connection created before QCoreApplication. Application may misbehave. Hspell: can't open /usr/share/hspell/hebrew.wgz.sizes. Enchant dict for "en_US" 0x183c6150 Object::connect: No such signal KateBuffer::respellCheckBlock(KateDocument*,int,int) in /home/gerald/repos/kde/kate/part/spellcheck/ontheflycheck.cpp:61 Enchant dict for "en_US" 0x185846d0 ==17384== Conditional jump or move depends on uninitialised value(s) ==17384== at 0x19627465: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x1962835C: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x19628417: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x196299B3: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x1962AB48: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x1962AC1F: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x1960B5D3: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x218D87FF: ??? ==17384== by 0x195C2FC0: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x196234A3: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x421C1B3: ??? ==17384== by 0x195C39AD: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ... ==17384== Conditional jump or move depends on uninitialised value(s) ==17384== at 0x1962ABCB: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x1960A355: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x212792EF: ??? ==17384== by 0x195C39AD: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x195C3C12: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x196F1641: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x196F82B8: QScriptEngine::evaluate(QString const&, QString const&, int) (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x18EE45F2: Kate::Script::require(QScriptContext*, QScriptEngine*) (katescripthelpers.cpp:139) ==17384== by 0x19714AE7: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x196271CF: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x196042C5: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==17384== by 0x421C4B5: ??? ... Enchant dict for "en_US" 0x186bb3a0 kate(17384)/Kate (XML/Syntax) KateHighlighting::makeContextList: Unknown highlighting description referenced: "Modelines/PHP" in "/home/gerald/repos/kde/usr/share/apps/katepart/syntax/html-php.xml" QFSFileEngine::open: No file name specified """ then I set 'tools->highlighting->markup->xml' and get """ ==17384== Invalid read of size 8 ==17384== at 0x55C2DB0: qt_blend_argb32_on_argb32_ssse3(unsigned char*, int, unsigned char const*, int, int, int, int) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x579168C: QRasterPaintEngine::drawImage(QPointF const&, QImage const&) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x579B1C5: QRasterPaintEngine::drawPixmap(QPointF const&, QPixmap const&) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x571DADC: QPainter::drawPixmap(QPointF const&, QPixmap const&) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x12142CAE: ??? (in /usr/lib/kde4/plugins/styles/oxygen.so) ==17384== by 0x12155AB2: ??? (in /usr/lib/kde4/plugins/styles/oxygen.so) ==17384== by 0x12138243: ??? (in /usr/lib/kde4/plugins/styles/oxygen.so) ==17384== by 0x5A05E03: QMenu::paintEvent(QPaintEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x561A801: QWidget::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x5A0A96A: QMenu::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x55CAE9B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x55CF309: QApplication::notify(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== Address 0x126fd560 is 1,760 bytes inside a block of size 1,764 alloc'd ==17384== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==17384== by 0x5685D55: QImageData::create(QSize const&, QImage::Format, int) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x568628A: QImage::QImage(int, int, QImage::Format) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x56AD5C6: QRasterPixmapData::resize(int, int) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x56A5B6E: QPixmapData::create(int, int, QPixmapData::PixelType) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x569E2D6: QPixmap::init(int, int, int) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x569F6FC: QPixmap::QPixmap(int, int) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x1216592C: ??? (in /usr/lib/kde4/plugins/styles/oxygen.so) ==17384== by 0x12142C68: ??? (in /usr/lib/kde4/plugins/styles/oxygen.so) ==17384== by 0x12155AB2: ??? (in /usr/lib/kde4/plugins/styles/oxygen.so) ==17384== by 0x12138243: ??? (in /usr/lib/kde4/plugins/styles/oxygen.so) ==17384== by 0x5A05E03: QMenu::paintEvent(QPaintEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) """ then I type a single char, Kate crashes and a storm of valgrind output is created """ ==17384== Invalid read of size 8 ==17384== at 0x718E930: QString::operator==(QString const&) const (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==17384== by 0x18F1B3D5: KateHlManager::nameForIdentifier(QString const&) (katesyntaxmanager.cpp:395) ==17384== by 0x18EBD0C5: KateDocument::highlightingModeAt(KTextEditor::Cursor const&) (katedocument.cpp:5324) ==17384== by 0x1DA95628: KTextEditor::CodesnippetsCore::SnippetCompletionModel::shouldStartCompletion(KTextEditor::View*, QString const&, bool, KTextEditor::Cursor const&) (completionmodel.cpp:456) ==17384== by 0x18E506BA: _shouldStartCompletion(KTextEditor::CodeCompletionModel*, KTextEditor::View*, QString, bool, KTextEditor::Cursor const&) (katecompletionwidget.cpp:94) ==17384== by 0x18E57488: KateCompletionWidget::automaticInvocation() (katecompletionwidget.cpp:1306) ==17384== by 0x18E57B0C: KateCompletionWidget::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (katecompletionwidget.moc:100) ==17384== by 0x725BF5E: QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==17384== by 0x725B26B: QObject::event(QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==17384== by 0x55CAE9B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x55CF309: QApplication::notify(QObject*, QEvent*) (in /usr/lib/x86_64-linux-gnu/libQtGui.so.4.8.3) ==17384== by 0x6A351F5: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:311) ==17384== Address 0x78 is not stack'd, malloc'd or (recently) free'd ==17384== KCrash: Application 'kate' crashing... ... ==17384== LEAK SUMMARY: ==17384== definitely lost: 11,140 bytes in 33 blocks ==17384== indirectly lost: 38,432 bytes in 1,197 blocks ==17384== possibly lost: 2,785,492 bytes in 48,106 blocks ==17384== still reachable: 19,363,005 bytes in 252,134 blocks ==17384== suppressed: 0 bytes in 0 blocks ==17384== Reachable blocks (those to which a pointer was found) are not shown. ==17384== To see them, rerun with: --leak-check=full --show-reachable=yes ==17384== ==17384== For counts of detected and suppressed errors, rerun with: -v ==17384== Use --track-origins=yes to see where uninitialised values come from ==17384== ERROR SUMMARY: 2567 errors from 1676 contexts (suppressed: 2 from 2) """ I'll try to create an automated TC by the end of the week. Christoph moved the snipped code for KDE 4.10 into the Kate Part, it's not a plugin anymore. Besides that, he simplified quite a bit. Therefore, it's questionable wheter the valgrind trace is usefule. Can you provide a valgrind trace for git master? Btw, only the very last part ==17384== Invalid read of size 8 is of interest. You can omit the rest ;) Thanks so far! Created attachment 78983 [details]
manual TC
For now, a manual TC should do; instructions:
1) ./run.sh kate ~/318468.php
2) type "s" (or any other letter)
Curious, `find -name completionmodel.cpp` doesn't find the file in my source tree. I had pulled and built right before generating the valgrind output. Maybe sth had gone wrong w/ the build and I didn't realize. Either way. Pulled again tonight and couldn't reproduce the crash w/ the same steps. Valgrind kept spitting out invalid reads though and when I tried to close kate, a crash is what I got. Hope this output is of better use: ==6181== Invalid write of size 8 ==6181== at 0x197E0284: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x1978C9D7: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x1984B87B: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x19823141: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x1982338B: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x198F55BF: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x198F5C38: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x726002B: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x198E3B38: QScriptEngine::~QScriptEngine() (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x190CB45A: KateScript::~KateScript() (katescript.cpp:100) ==6181== by 0x190CD557: KateCommandLineScript::~KateCommandLineScript() (katecommandlinescript.cpp:40) ==6181== by 0x190CD5A3: KateCommandLineScript::~KateCommandLineScript() (katecommandlinescript.cpp:43) ==6181== Address 0x29bfacc5 is not stack'd, malloc'd or (recently) free'd ==6181== KCrash: Application 'kate' crashing... KCrash: Attempting to start /usr/lib/kde4/libexec/drkonqi from kdeinit ==6181== Invalid read of size 4 ==6181== at 0x6A94F70: startFromKdeinit(int, char const**) (kcrash.cpp:781) ==6181== by 0x6A95A75: KCrash::startProcess(int, char const**, bool) (kcrash.cpp:537) ==6181== by 0x6A95E80: KCrash::defaultCrashHandler(int) (kcrash.cpp:435) ==6181== by 0x507649F: ??? (in /lib/x86_64-linux-gnu/libc-2.15.so) ==6181== by 0x197E0283: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x1978C9D7: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x1984B87B: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x19823141: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x1982338B: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x198F55BF: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x198F5C38: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x726002B: QObject::~QObject() (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== Address 0xf6d4080 is 0 bytes inside a block of size 3 alloc'd ==6181== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==6181== by 0x6A94ED0: startFromKdeinit(int, char const**) (kcrash.cpp:660) ==6181== by 0x6A95A75: KCrash::startProcess(int, char const**, bool) (kcrash.cpp:537) ==6181== by 0x6A95E80: KCrash::defaultCrashHandler(int) (kcrash.cpp:435) ==6181== by 0x507649F: ??? (in /lib/x86_64-linux-gnu/libc-2.15.so) ==6181== by 0x197E0283: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x1978C9D7: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x1984B87B: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x19823141: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x1982338B: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x198F55BF: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== by 0x198F5C38: ??? (in /usr/lib/x86_64-linux-gnu/libQtScript.so.4.8.3) ==6181== sock_file=/home/gerald/.kde/socket-obelix/kdeinit4__0 QSocketNotifier: Invalid socket 18 and type 'Read', disabling... QSocketNotifier: Invalid socket 13 and type 'Read', disabling... ==6181== Thread 2: ==6181== Invalid read of size 2 ==6181== at 0x72774C3: socketNotifierSourceCheck(_GSource*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7F5B88B: g_main_context_check (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==6181== by 0x7F5BD21: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==6181== by 0x7F5BEA3: g_main_context_iteration (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==6181== by 0x7277C45: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x72482EE: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7248577: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7149B3F: QThread::exec() (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x72289DE: QInotifyFileSystemWatcherEngine::run() (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x714CB1B: QThreadPrivate::start(void*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7AE6E99: start_thread (pthread_create.c:308) ==6181== by 0x5133CBC: clone (clone.S:112) ==6181== Address 0x1c11bfe6 is 6 bytes inside a block of size 16 free'd ==6181== at 0x4C2A44B: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==6181== by 0x72774C2: socketNotifierSourceCheck(_GSource*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7F5B88B: g_main_context_check (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==6181== by 0x7F5BD21: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==6181== by 0x7F5BEA3: g_main_context_iteration (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==6181== by 0x7277C45: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x72482EE: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7248577: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7149B3F: QThread::exec() (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x72289DE: QInotifyFileSystemWatcherEngine::run() (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x714CB1B: QThreadPrivate::start(void*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7AE6E99: start_thread (pthread_create.c:308) ==6181== ==6181== Invalid read of size 2 ==6181== at 0x72774CB: socketNotifierSourceCheck(_GSource*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7F5B88B: g_main_context_check (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==6181== by 0x7F5BD21: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==6181== by 0x7F5BEA3: g_main_context_iteration (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==6181== by 0x7277C45: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x72482EE: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7248577: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7149B3F: QThread::exec() (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x72289DE: QInotifyFileSystemWatcherEngine::run() (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x714CB1B: QThreadPrivate::start(void*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7AE6E99: start_thread (pthread_create.c:308) ==6181== by 0x5133CBC: clone (clone.S:112) ==6181== Address 0x1c11bfe4 is 4 bytes inside a block of size 16 free'd ==6181== at 0x4C2A44B: operator delete(void*) (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==6181== by 0x72774C2: socketNotifierSourceCheck(_GSource*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7F5B88B: g_main_context_check (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==6181== by 0x7F5BD21: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==6181== by 0x7F5BEA3: g_main_context_iteration (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.3400.1) ==6181== by 0x7277C45: QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x72482EE: QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7248577: QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7149B3F: QThread::exec() (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x72289DE: QInotifyFileSystemWatcherEngine::run() (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x714CB1B: QThreadPrivate::start(void*) (in /usr/lib/x86_64-linux-gnu/libQtCore.so.4.8.3) ==6181== by 0x7AE6E99: start_thread (pthread_create.c:308) ==6181== ==6181== ==6181== HEAP SUMMARY: ==6181== in use at exit: 26,046,629 bytes in 227,983 blocks ==6181== total heap usage: 2,549,011 allocs, 2,321,028 frees, 312,927,250 bytes allocated ==6181== ==6181== LEAK SUMMARY: ==6181== definitely lost: 11,236 bytes in 43 blocks ==6181== indirectly lost: 43,674 bytes in 1,225 blocks ==6181== possibly lost: 4,424,091 bytes in 49,358 blocks ==6181== still reachable: 21,567,628 bytes in 177,357 blocks ==6181== suppressed: 0 bytes in 0 blocks ==6181== Rerun with --leak-check=full to see details of leaked memory ==6181== ==6181== For counts of detected and suppressed errors, rerun with: -v ==6181== Use --track-origins=yes to see where uninitialised values come from ==6181== ERROR SUMMARY: 2374 errors from 163 contexts (suppressed: 2 from 2) Created attachment 79407 [details]
New crash information added by DrKonqi
kate (3.10.2) on KDE Platform 4.10.2 using Qt 4.8.4
- What I was doing when the application crashed:
I was editing a CoffeeScript file and pressed Ctrl-Z.
-- Backtrace (Reduced):
#6 QString::operator== (this=0x78, other=...) at tools/qstring.cpp:2192
#7 0x00007f981d4e41f0 in KateHlManager::nameForIdentifier (this=0x20778b0, identifier=...) at ../../part/syntax/katesyntaxmanager.cpp:395
#8 0x00007f981d4875f9 in KateDocument::highlightingModeAt (this=0x51d4e20, position=...) at ../../part/document/katedocument.cpp:5379
#9 0x00007f981d5c9311 in SnippetCompletionModel::initData (this=0x26dbda0, view=0x54b38a0) at ../../part/snippet/snippetcompletionmodel.cpp:94
#10 0x00007f981d44a3c7 in KateCompletionWidget::startCompletion (this=this@entry=0x553b350, word=..., modelsToStart=..., invocationType=invocationType@entry=KTextEditor::CodeCompletionModel::AutomaticInvocation) at ../../part/completion/katecompletionwidget.cpp:389
I took a look a the code in katesyntaxmanager.cpp. This function looks up "name" in "hlDict": QString KateHlManager::identifierForName(const QString& name) { KateHighlighting *hl = 0; if ((hl = hlDict[name])) return hl->getIdentifier (); return QString(); } According to the QHash documentation, if the key does not exist, it will be created with a default value: "If the hash contains no item with the key, the function inserts a default-constructed value into the hash with the key, and returns a reference to it. If the hash contains multiple items with the key, this function returns a reference to the most recently inserted value." So if name wasn't in hlDict, then hlDict[name] will now contain a NULL. Then, the "nameForIdentifier" function will dereference the NULL pointer: if ( (*it)->getIdentifier() == identifier ) { return it.key(); } Wouldn't this explain the crash? Git commit 6516cb8e272eebebdeb4c090f4e177f5dc803534 by Dominik Haumann. Committed on 09/08/2013 at 12:54. Pushed by dhaumann into branch 'master'. fix crash in KateHlManager::identifierForName Thanks to Gerald for lots of testing + valgrind trace :) Thanks to Dima Ryazanov <dima@gmail.com> for the patch! FIXED-IN: 4.11.1 M +2 -4 part/syntax/katesyntaxmanager.cpp http://commits.kde.org/kate/6516cb8e272eebebdeb4c090f4e177f5dc803534 Git commit 7f9ea56ea8d6140d586e93426c8ad243cc8fd2b5 by Dominik Haumann. Committed on 09/08/2013 at 12:54. Pushed by dhaumann into branch 'KDE/4.11'. fix crash in KateHlManager::identifierForName Thanks to Gerald for lots of testing + valgrind trace :) Thanks to Dima Ryazanov <dima@gmail.com> for the patch! FIXED-IN: 4.11.1 M +2 -4 part/syntax/katesyntaxmanager.cpp http://commits.kde.org/kate/7f9ea56ea8d6140d586e93426c8ad243cc8fd2b5 Issue doesn't reproduce anymore. Thanks for the fix! |