Version: 3.97.1 (using KDE Devel) Installed from: Compiled sources Compiler: g++ 4.2.3 On opening a diff with KWrite, it was highlighted correctly. However, it showed code-folding options which is not expected in a diff. On trying to fold the second nested level, KStars crashed. The Backtrace is pasted below: Using host libthread_db library "/lib/i686/cmov/libthread_db.so.1". [Thread debugging using libthread_db enabled] [New Thread -1245747520 (LWP 23171)] [KCrash handler] #5 0xffffe410 in __kernel_vsyscall () #6 0xb6541eb5 in raise () from /lib/i686/cmov/libc.so.6 #7 0xb6543831 in abort () from /lib/i686/cmov/libc.so.6 #8 0xb65854e5 in malloc_get_state () from /lib/i686/cmov/libc.so.6 #9 0xb6586145 in free () from /lib/i686/cmov/libc.so.6 #10 0xb674be41 in operator delete () from /usr/lib/libstdc++.so.6 #11 0xb417878b in KateCodeFoldingTree::toggleRegionVisibility (this=0x81eb4ac, line=33) at /home/kde-devel/kde/src/KDE/kdelibs/kate/syntax/katecodefolding.cpp:1348 #12 0xb4179cd8 in KateCodeFoldingTree::qt_metacall (this=0x81eb4ac, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0xbfacf64c) at /home/kde-devel/kde/build/KDE/kdelibs/kate/katecodefolding.moc:86 #13 0xb7089aca in QMetaObject::activate () from /usr/lib/libQtCore.so.4 #14 0xb708a682 in QMetaObject::activate () from /usr/lib/libQtCore.so.4 #15 0xb41a831e in KateIconBorder::toggleRegionVisibility (this=0x81f4668, _t1=33) at /home/kde-devel/kde/build/KDE/kdelibs/kate/kateviewhelpers.moc:140 #16 0xb41a8584 in KateIconBorder::mouseReleaseEvent (this=0x81f4668, e=0xbfacfc2c) at /home/kde-devel/kde/src/KDE/kdelibs/kate/view/kateviewhelpers.cpp:1243 #17 0xb691b3fd in QWidget::event () from /usr/lib/libQtGui.so.4 #18 0xb68d161d in QApplicationPrivate::notify_helper () from /usr/lib/libQtGui.so.4 #19 0xb68d5861 in QApplication::notify () from /usr/lib/libQtGui.so.4 #20 0xb7661a73 in KApplication::notify (this=0xbfad0298, receiver=0x81f4668, event=0xbfacfc2c) at /home/kde-devel/kde/src/KDE/kdelibs/kdeui/kernel/kapplication.cpp:319 #21 0xb7076c5b in QCoreApplication::notifyInternal () from /usr/lib/libQtCore.so.4 #22 0xb692d93c in QETWidget::translateMouseEvent () from /usr/lib/libQtGui.so.4 #23 0xb692d05a in QApplication::x11ProcessEvent () from /usr/lib/libQtGui.so.4 #24 0xb69518e6 in QX11Info::copyX11Data () from /usr/lib/libQtGui.so.4 #25 0xb605a1c6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #26 0xb605d552 in g_main_context_check () from /usr/lib/libglib-2.0.so.0 #27 0xb605db0e in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #28 0xb709adc2 in QEventDispatcherGlib::processEvents () from /usr/lib/libQtCore.so.4 #29 0xb6951715 in QX11Info::copyX11Data () from /usr/lib/libQtGui.so.4 #30 0xb7075fd2 in QEventLoop::processEvents () from /usr/lib/libQtCore.so.4 #31 0xb70760dc in QEventLoop::exec () from /usr/lib/libQtCore.so.4 #32 0xb70787ea in QCoreApplication::exec () from /usr/lib/libQtCore.so.4 #33 0xb68d0a77 in QApplication::exec () from /usr/lib/libQtGui.so.4 #34 0xb7edfcea in kdemain (argc=2, argv=0xbfad0694) at /home/kde-devel/kde/src/KDE/kdebase/apps/kwrite/kwritemain.cpp:786 #35 0x08048776 in main (argc=) at /home/kde-devel/kde/build/KDE/kdebase/apps/kwrite/kwrite_dummy.cpp:3 #0 0xffffe410 in __kernel_vsyscall ()
Created attachment 22622 [details] Proposed patch Confirming in SVN revision 748424. The problem seems to be that inside KateFoldingTree::toggleRegionVisibility(), invalid nodes are deleted. This will also delete the node's children. However, any (now deleted) children of the node may still be in the list as dangling pointers. Solution: Delayed deletion of these nodes. It would be nice, if somebody else could take another look at this, though.
Note: To reproduce as described, you will need a .diff with at least two hunks inside the same file. The second hunk will be shown as a green (sub-)folding area (which is another small bug). Trying to fold this area will crash. If needed, I can attach such a diff as testcase, but not doing so, now, as I guess you all have such a diff somewhere, and it would require an additional step in the bugzilla interface...
In the code folding code there were many places which lead to a crash because auf the dangling pointer. And the fix was exactly as described in your patch. I'm unfamiliar with the code folding code, but if the patch fixes the crash I'd say it's ok to commit.
Hi Has this patch been commited? Regards Akarsh
SVN commit 752223 by tfry: Deleting invalid nodes immediateley could lead to dangling pointers (sub-nodes) left in the list. BUG: 154278 M +2 -2 katecodefolding.cpp WebSVN link: http://websvn.kde.org/?view=rev&revision=752223