A similar backtrace again from Thurston, Thu, 26 Apr 2007 12:37:10 +1000 (EST):

(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1232992576 (LWP 11188)]
[KCrash handler]
#3  0x0808e5af in QValueVectorPrivate<int>::QValueVectorPrivate ()
#4  0x0808d363 in QValueVectorPrivate<int>::QValueVectorPrivate ()
#5  0x080cc8d8 in QString::~QString ()
#6  0x080ac1e8 in QDockWindow::undock ()
#7  0x08072893 in QMemArray<char>::detach ()
#8  0xb71abe82 in QWidget::event () from /usr/lib/libqt-mt.so.3
#9  0xb7106698 in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3
#10 0xb7106c6b in QApplication::notify () from /usr/lib/libqt-mt.so.3
#11 0xb77f46fc in KApplication::notify () from /usr/lib/libkdecore.so.4
#12 0xb7096653 in QApplication::sendSpontaneousEvent ()
   from /usr/lib/libqt-mt.so.3
#13 0xb7091ae4 in QETWidget::translateMouseEvent ()
   from /usr/lib/libqt-mt.so.3
#14 0xb708fdbe in QApplication::x11ProcessEvent () from /usr/lib/libqt-mt.so.3
#15 0xb70a98c0 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3
#16 0xb711eda2 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3
#17 0xb711eccb in QEventLoop::exec () from /usr/lib/libqt-mt.so.3
#18 0xb7105225 in QApplication::exec () from /usr/lib/libqt-mt.so.3
#19 0x080654db in ?? ()
#20 0xbf945f10 in ?? ()
#21 0xbf945fe0 in ?? ()
#22 0xbf946038 in ?? ()
#23 0x08065439 in ?? ()
#24 0xb6cb2868 in __malloc_initialize_hook () from /lib/tls/libc.so.6
#25 0x08116b70 in ?? ()
#26 0x0804c370 in ?? ()
#27 0x03df6174 in ?? ()
#28 0x0805b4bd in ?? ()
#29 0x09691f73 in ?? ()
#30 0x0000002c in ?? ()
#31 0xb6b8134c in ?? () from /lib/tls/libc.so.6
#32 0xb6b89a1c in ?? () from /lib/tls/libc.so.6
#33 0xb6b8eb6e in ?? () from /lib/tls/libc.so.6
#34 0x000004b2 in ?? ()
#35 0x00000000 in ?? ()

Both were with the 1.2.2_kde3-3bin binary compiled for KDE 3.0, shipped by kolourpaint.org.

The most recent backtrace was on a Debian system running:
Qt: 3.3.5
KDE: 3.4.3

The first backtrace was running on an older Debian system.

Pasting emails from Thurston:

Clarence Dang wrote:
> I mean, did it crash when you clicked Undo or when you dragged something?
>
> What was the last sequence of operations before it crashed?

Don't recall. It might have been using the selection tool again.

> Was the thumbnail open?  

Not open.

> What kind of selection tool?

Rectangular.

> Where you attempt to move, scale or deselect the selection?  Approximately
> how many operations would have been in the undo history and were they all
> selection operations and what kind etc.?

Don't know. It might even have been an Undo of a selection.

The crash looks like it's due to some mouse work when a rectangular selection is active.

Regarding the backtraces:

1. "QGArray::at: Absolute index 0 out of range" indicates array overrun.

2. "QETWidget::translateMouseEvent ()" indicates that the crash was due to a mouse event.

3. "QMemArray<char>::detach ()" suggests some copying of a QByteArray.
   If this is a valid part of the backtrace, kpSelectionDrag - used in clipboard operations - would be guilty.  However, I doubt a copy or paste would have been invoked using the mouse.

4. If "QDockWindow::undock ()" is a valid part of the backtrace, then either the Tool Box, Color Box or Thumbnail was being dragged.  This also seems unlikely.

Alternatively, maybe the Text Toolbar was opened by switching to the text tool.  This would cause some sort of toolbar rearrangement and possibly force other toolbars to be undocked.

5. There appear to be no timers involved in this crash so it is unlikely to be Bug #117866.

Similar crash with KolourPaint 3.5.4-11.el5.centos, according to the About dialog (strangely the RPM is called kdegraphics-3.5.4-2.el5).  Approximate sequence of steps around 2007-10-08 11:26:

1. Opened KolourPaint
2. Pasted an image (from Kolourpaint/KDE4)
3. Undo
4. Fill with blue
5. Pasted an image (can't remember from what source)
6. Held down LMB, then pressed RMB and CRASH (maybe this tried to paste text and tried to bring up the Text Tool Bar and the crash happened inside the the Text Tool Bar QDockWindow?)

I may have changed selection transparency one or more times between one or more of those steps.  This is not easily reproduceable:

[KCrash handler]
#6  0x08093cc5 in QValueVectorPrivate<int>::reserve ()
#7  0x08093f42 in QValueVectorPrivate<int>::reserve ()
#8  0x080db58f in kpToolSelection::staticMetaObject ()
#9  0x0809e2a2 in QDockWindow::undock ()
#10 0x08073bd5 in QWidget::setWFlags ()
#11 0x0539e1d3 in QWidget::event () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#12 0x052f7f7b in QApplication::internalNotify ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#13 0x052f95c7 in QApplication::notify ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#14 0x00b1a062 in KApplication::notify () from /usr/lib/libkdecore.so.4
#15 0x0528f986 in QETWidget::translateMouseEvent ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#16 0x0528e486 in QApplication::x11ProcessEvent ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#17 0x052a019b in QEventLoop::processEvents ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#18 0x053114a0 in QEventLoop::enterLoop ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#19 0x05311356 in QEventLoop::exec () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#20 0x052f7a8f in QApplication::exec () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#21 0x080662cf in QFrame::qt_emit ()
#22 0x44222dec in __libc_start_main () from /lib/libc.so.6
#23 0x08065231 in QFrame::qt_emit ()

Regarding my last Comment #5, LMB + RMB pastes text in X11.

Can't reproduce with current SVN (Qt4, KDE ~4.6).
Let's close this too old bug.