Bug 154278 - [PATCH] KWrite crashes on code folding
Summary: [PATCH] KWrite crashes on code folding
Status: RESOLVED FIXED
Alias: None
Product: kate
Classification: Applications
Component: kwrite (show other bugs)
Version: unspecified
Platform: Compiled Sources Linux
: NOR crash
Target Milestone: ---
Assignee: KWrite Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-12-18 18:42 UTC by Akarsh Simha
Modified: 2007-12-23 23:35 UTC (History)
0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Proposed patch (526 bytes, patch)
2007-12-19 15:06 UTC, Thomas Friedrichsmeier 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Akarsh Simha 2007-12-18 18:42:53 UTC 
Version:           3.97.1 (using KDE Devel)
Installed from:    Compiled sources
Compiler:          g++ 4.2.3 

On opening a diff with KWrite, it was highlighted correctly. However, it showed code-folding options which is not expected in a diff. On trying to fold the second nested level, KStars crashed.

The Backtrace is pasted below:

Using host libthread_db library "/lib/i686/cmov/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1245747520 (LWP 23171)]
[KCrash handler]
#5  0xffffe410 in __kernel_vsyscall ()
#6  0xb6541eb5 in raise () from /lib/i686/cmov/libc.so.6
#7  0xb6543831 in abort () from /lib/i686/cmov/libc.so.6
#8  0xb65854e5 in malloc_get_state () from /lib/i686/cmov/libc.so.6
#9  0xb6586145 in free () from /lib/i686/cmov/libc.so.6
#10 0xb674be41 in operator delete () from /usr/lib/libstdc++.so.6
#11 0xb417878b in KateCodeFoldingTree::toggleRegionVisibility (this=0x81eb4ac, 
    line=33)
    at /home/kde-devel/kde/src/KDE/kdelibs/kate/syntax/katecodefolding.cpp:1348
#12 0xb4179cd8 in KateCodeFoldingTree::qt_metacall (this=0x81eb4ac, 
    _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0xbfacf64c)
    at /home/kde-devel/kde/build/KDE/kdelibs/kate/katecodefolding.moc:86
#13 0xb7089aca in QMetaObject::activate () from /usr/lib/libQtCore.so.4
#14 0xb708a682 in QMetaObject::activate () from /usr/lib/libQtCore.so.4
#15 0xb41a831e in KateIconBorder::toggleRegionVisibility (this=0x81f4668, 
    _t1=33)
    at /home/kde-devel/kde/build/KDE/kdelibs/kate/kateviewhelpers.moc:140
#16 0xb41a8584 in KateIconBorder::mouseReleaseEvent (this=0x81f4668, 
    e=0xbfacfc2c)
    at /home/kde-devel/kde/src/KDE/kdelibs/kate/view/kateviewhelpers.cpp:1243
#17 0xb691b3fd in QWidget::event () from /usr/lib/libQtGui.so.4
#18 0xb68d161d in QApplicationPrivate::notify_helper ()
   from /usr/lib/libQtGui.so.4
#19 0xb68d5861 in QApplication::notify () from /usr/lib/libQtGui.so.4
#20 0xb7661a73 in KApplication::notify (this=0xbfad0298, receiver=0x81f4668, 
    event=0xbfacfc2c)
    at /home/kde-devel/kde/src/KDE/kdelibs/kdeui/kernel/kapplication.cpp:319
#21 0xb7076c5b in QCoreApplication::notifyInternal ()
   from /usr/lib/libQtCore.so.4
#22 0xb692d93c in QETWidget::translateMouseEvent () from /usr/lib/libQtGui.so.4
#23 0xb692d05a in QApplication::x11ProcessEvent () from /usr/lib/libQtGui.so.4
#24 0xb69518e6 in QX11Info::copyX11Data () from /usr/lib/libQtGui.so.4
#25 0xb605a1c6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#26 0xb605d552 in g_main_context_check () from /usr/lib/libglib-2.0.so.0
#27 0xb605db0e in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#28 0xb709adc2 in QEventDispatcherGlib::processEvents ()
   from /usr/lib/libQtCore.so.4
#29 0xb6951715 in QX11Info::copyX11Data () from /usr/lib/libQtGui.so.4
#30 0xb7075fd2 in QEventLoop::processEvents () from /usr/lib/libQtCore.so.4
#31 0xb70760dc in QEventLoop::exec () from /usr/lib/libQtCore.so.4
#32 0xb70787ea in QCoreApplication::exec () from /usr/lib/libQtCore.so.4
#33 0xb68d0a77 in QApplication::exec () from /usr/lib/libQtGui.so.4
#34 0xb7edfcea in kdemain (argc=2, argv=0xbfad0694)
    at /home/kde-devel/kde/src/KDE/kdebase/apps/kwrite/kwritemain.cpp:786
#35 0x08048776 in main (argc=)
    at /home/kde-devel/kde/build/KDE/kdebase/apps/kwrite/kwrite_dummy.cpp:3
#0  0xffffe410 in __kernel_vsyscall ()
Comment 1 Thomas Friedrichsmeier 2007-12-19 15:06:54 UTC 
Created attachment 22622 [details]
Proposed patch

Confirming in SVN revision 748424.

The problem seems to be that inside KateFoldingTree::toggleRegionVisibility(),
invalid nodes are deleted. This will also delete the node's children. However,
any (now deleted) children of the node may still be in the list as dangling
pointers. Solution: Delayed deletion of these nodes. It would be nice, if
somebody else could take another look at this, though.
Comment 2 Thomas Friedrichsmeier 2007-12-19 15:13:25 UTC 
Note: To reproduce as described, you will need a .diff with at least two hunks inside the same file. The second hunk will be shown as a green (sub-)folding area (which is another small bug). Trying to fold this area will crash.

If needed, I can attach such a diff as testcase, but not doing so, now, as I guess you all have such a diff somewhere, and it would require an additional step in the bugzilla interface...
Comment 3 Dominik Haumann 2007-12-19 18:17:02 UTC 
In the code folding code there were many places which lead to a crash because auf the dangling pointer. And the fix was exactly as described in your patch. I'm unfamiliar with the code folding code, but if the patch fixes the crash I'd say it's ok to commit.
Comment 4 Akarsh Simha 2007-12-20 22:47:14 UTC 
Hi

Has this patch been commited?

Regards
Akarsh
Comment 5 Thomas Friedrichsmeier 2007-12-23 23:35:39 UTC 
SVN commit 752223 by tfry:

Deleting invalid nodes immediateley could lead to dangling pointers (sub-nodes) left in the list.
BUG: 154278

 M  +2 -2      katecodefolding.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=752223