213964 – [testcase] Kate crash related to Code Folding with certain highlighters (python, R)

Bug 213964 - [testcase] Kate crash related to Code Folding with certain highlighters (python, R)

Summary: [testcase] Kate crash related to Code Folding with certain highlighters (pyth...

Status:	RESOLVED FIXED

Alias:	None

Product:	kate
Classification:	Applications
Component:	folding (show other bugs)
Version:	unspecified
Platform:	Unlisted Binaries Linux

Importance:	VHI crash
Target Milestone:	---
Assignee:	KWrite Developers

URL:
Keywords:

Duplicates (4):	229379 231223 241059 241349 (view as bug list)
Depends on:
Blocks:

Reported:	2009-11-10 12:18 UTC by Sönke Hahn
Modified:	2010-07-01 09:15 UTC (History)
CC List:	9 users (show)

See Also:
Latest Commit:
Version Fixed In:

Attachments
Testcase (R syntax) (495 bytes, text/plain) 2010-05-27 16:05 UTC, Thomas Friedrichsmeier	Details
New crash information added by DrKonqi (7.58 KB, text/plain) 2010-07-01 09:15 UTC, Alan Prescott	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Sönke Hahn 2009-11-10 12:18:03 UTC

Application that crashed: kate
Version of the application: 3.3.2
KDE Version: 4.3.2 (KDE 4.3.2)
Qt Version: 4.5.2
Operating System: Linux 2.6.31-14-generic x86_64
Distribution: Ubuntu 9.10

What I was doing when the application crashed:
Judging from the backtrace, this is related to code folding. I edited a python file and no code folding was available (the code folding bar was just grey). IIRC, i clicked View->Code Folding->Collapse Toplevel at some point. Some minutes later, kate crashed. I might have typed a shortcut, but can't reproduce :(

 -- Backtrace:
Application: Kate (kdeinit4), signal: Segmentation fault
The current source language is "auto; currently c".
[KCrash Handler]
#5  QVector<KateCodeFoldingNode*>::size (this=0x3c09f10, node=0x3ad46a0, line=282) at /usr/include/qt4/QtCore/qvector.h:119
#6  KateCodeFoldingNode::findChild (this=0x3c09f10, node=0x3ad46a0, line=282) at ../../kate/syntax/katecodefolding.h:85
#7  KateCodeFoldingTree::removeOpening (this=0x3c09f10, node=0x3ad46a0, line=282) at ../../kate/syntax/katecodefolding.cpp:554
#8  0x00007f1ab9f4ce66 in KateCodeFoldingTree::cleanupUnneededNodes (this=0x3c09f10, line=282) at ../../kate/syntax/katecodefolding.cpp:1321
#9  0x00007f1ab9f4dbdc in KateCodeFoldingTree::updateLine (this=0x3c09f10, line=<value optimized out>, regionChanges=0x7fffe8860030, updated=<value optimized out>, changed=<value optimized out>, 
    colsChanged=<value optimized out>) at ../../kate/syntax/katecodefolding.cpp:530
#10 0x00007f1ab9ef5475 in KateBuffer::doHighlight (this=0x3c09ec0, startLine=<value optimized out>, endLine=<value optimized out>, invalidate=<value optimized out>)
    at ../../kate/document/katebuffer.cpp:1261
#11 0x00007f1ab9ef7011 in KateBuffer::editEnd (this=0x3c09ec0) at ../../kate/document/katebuffer.cpp:476
#12 0x00007f1ab9ee3404 in KateDocument::editEnd (this=0x3c18e50) at ../../kate/document/katedocument.cpp:972
#13 0x00007f1ab9ee460e in KateDocument::typeChars (this=0x3c18e50, view=0x3c10db0, chars=...) at ../../kate/document/katedocument.cpp:3847
#14 0x00007f1ab9f6c4ba in KateViewInternal::keyPressEvent (this=0x37c6610, e=0x7fffe8860ac0) at ../../kate/view/kateviewinternal.cpp:2444
#15 0x00007f1ab9f6b7cc in KateViewInternal::eventFilter (this=0x37c6610, obj=0x37c6610, e=0x7fffe8860ac0) at ../../kate/view/kateviewinternal.cpp:2250
#16 0x00007f1acb45cf47 in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=<value optimized out>, receiver=0x37c6610, event=0x7fffe8860ac0) at kernel/qcoreapplication.cpp:726
#17 0x00007f1ac940decc in QApplicationPrivate::notify_helper (this=0x1dcab90, receiver=0x37c6610, e=0x7fffe8860ac0) at kernel/qapplication.cpp:4052
#18 0x00007f1ac9415ce3 in QApplication::notify (this=<value optimized out>, receiver=0x37c6610, e=0x7fffe8860ac0) at kernel/qapplication.cpp:3662
#19 0x00007f1aca044ab6 in KApplication::notify (this=0x7fffe8862cd0, receiver=0x37c6610, event=0x7fffe8860ac0) at ../../kdeui/kernel/kapplication.cpp:302
#20 0x00007f1acb45dc2c in QCoreApplication::notifyInternal (this=0x7fffe8862cd0, receiver=0x37c6610, event=0x7fffe8860ac0) at kernel/qcoreapplication.cpp:610
#21 0x00007f1ac949edfa in QKeyMapper::sendKeyEvent (keyWidget=0x37c6610, grab=<value optimized out>, type=QEvent::KeyPress, code=34, modifiers=<value optimized out>, text=..., autorepeat=false, 
    count=1, nativeScanCode=11, nativeVirtualKey=34, nativeModifiers=1) at kernel/qkeymapper_x11.cpp:1861
#22 0x00007f1ac94a1370 in QKeyMapperPrivate::translateKeyEvent (this=0x1e001e0, keyWidget=0x37c6610, event=<value optimized out>, grab=false) at kernel/qkeymapper_x11.cpp:1831
#23 0x00007f1ac9479493 in QApplication::x11ProcessEvent (this=<value optimized out>, event=0x7fffe88628a0) at kernel/qapplication_x11.cpp:3443
#24 0x00007f1ac94a2d0c in x11EventSourceDispatch (s=<value optimized out>, callback=<value optimized out>, user_data=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:146
#25 0x00007f1ac833ebbe in g_main_dispatch (context=0x1dce920) at /build/buildd/glib2.0-2.22.2/glib/gmain.c:1960
#26 IA__g_main_context_dispatch (context=0x1dce920) at /build/buildd/glib2.0-2.22.2/glib/gmain.c:2513
#27 0x00007f1ac8342588 in g_main_context_iterate (context=0x1dce920, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>)
    at /build/buildd/glib2.0-2.22.2/glib/gmain.c:2591
#28 0x00007f1ac83426b0 in IA__g_main_context_iteration (context=0x1dce920, may_block=1) at /build/buildd/glib2.0-2.22.2/glib/gmain.c:2654
#29 0x00007f1acb4861a6 in QEventDispatcherGlib::processEvents (this=0x1dcace0, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:327
#30 0x00007f1ac94a24be in QGuiEventDispatcherGlib::processEvents (this=0x3c09f10, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:202
#31 0x00007f1acb45c532 in QEventLoop::processEvents (this=<value optimized out>, flags=) at kernel/qeventloop.cpp:149
#32 0x00007f1acb45c904 in QEventLoop::exec (this=0x7fffe8862bd0, flags=) at kernel/qeventloop.cpp:201
#33 0x00007f1acb45eab9 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:888
#34 0x00007f1ac0539d2d in kdemain () from /usr/lib/libkdeinit4_kate.so
#35 0x0000000000406da8 in launch (argc=2, _name=<value optimized out>, args=<value optimized out>, cwd=<value optimized out>, envc=16, envs=<value optimized out>, reset_env=false, tty=0x0, 
    avoid_loops=false, startup_id_str=0x1d6ffd9 "peach;1257841192;909724;5189_TIME66192") at ../../kinit/kinit.cpp:677
#36 0x0000000000407aa0 in handle_launcher_request (sock=7, who=<value optimized out>) at ../../kinit/kinit.cpp:1169
#37 0x0000000000407f51 in handle_requests (waitForPid=0) at ../../kinit/kinit.cpp:1362
#38 0x0000000000408bb2 in main (argc=2, argv=<value optimized out>, envp=<value optimized out>) at ../../kinit/kinit.cpp:1793

This bug may be a duplicate of or related to bug 177790

Reported using DrKonqi

Comment 1 Dario Andres 2010-03-19 14:14:50 UTC

From bug 229379:
-- Information about the crash:
The text windows was split in three part. I was moving the right lift o f the
middle windows part when kate crashed.
I was using kate for python code editing, the python plugin was installed, in
the consol a ipython was started, with this option:
ipython -pylab -wthread
The folding marker were not a their good place.

Backtrace:
#5  size (this=0x1539f00, node=0x2485e50, line=451) at
/usr/include/QtCore/qvector.h:124
#6  findChild (this=0x1539f00, node=0x2485e50, line=451) at
/usr/src/debug/kdelibs-4.4.0/kate/syntax/katecodefolding.h:85
#7  KateCodeFoldingTree::removeOpening (this=0x1539f00, node=0x2485e50,
line=451) at /usr/src/debug/kdelibs-4.4.0/kate/syntax/katecodefolding.cpp:554
#8  0x00007fc6ae6374ae in KateCodeFoldingTree::cleanupUnneededNodes
(this=0x1539f00, line=451) at
/usr/src/debug/kdelibs-4.4.0/kate/syntax/katecodefolding.cpp:1321
#9  0x00007fc6ae637c3c in KateCodeFoldingTree::updateLine (this=0x1539f00,
line=<value optimized out>, regionChanges=0x7fff0afc3900, updated=<value
optimized out>, changed=<value optimized out>, 
    colsChanged=<value optimized out>) at
/usr/src/debug/kdelibs-4.4.0/kate/syntax/katecodefolding.cpp:530
#10 0x00007fc6ae5d1400 in KateBuffer::doHighlight (this=<value optimized out>,
startLine=<value optimized out>, endLine=<value optimized out>,
invalidate=<value optimized out>)
    at /usr/src/debug/kdelibs-4.4.0/kate/document/katebuffer.cpp:1332
#11 0x00007fc6ae5d364c in KateBuffer::editEnd (this=0x1539eb0) at
/usr/src/debug/kdelibs-4.4.0/kate/document/katebuffer.cpp:538
#12 0x00007fc6ae5b85cc in KateDocument::editEnd (this=0x152c230) at
/usr/src/debug/kdelibs-4.4.0/kate/document/katedocument.cpp:975
#13 0x00007fc6ae5ba8c5 in KateDocument::typeChars (this=0x152c230, view=<value
optimized out>, chars=...) at
/usr/src/debug/kdelibs-4.4.0/kate/document/katedocument.cpp:2743
#14 0x00007fc6ae653db7 in KateViewInternal::keyPressEvent (this=0x173b2a0,
e=0x7fff0afc44c0) at
/usr/src/debug/kdelibs-4.4.0/kate/view/kateviewinternal.cpp:2456
#15 0x00007fc6ae653022 in KateViewInternal::eventFilter (this=0x173b2a0,
obj=0x173b2a0, e=0x7fff0afc44c0) at
/usr/src/debug/kdelibs-4.4.0/kate/view/kateviewinternal.cpp:2259
...

Comment 2 Dario Andres 2010-03-19 14:14:55 UTC

*** Bug 229379 has been marked as a duplicate of this bug. ***

Comment 3 Dario Andres 2010-03-19 14:15:01 UTC

*** Bug 231223 has been marked as a duplicate of this bug. ***

Comment 4 Thomas Friedrichsmeier 2010-05-27 16:05:11 UTC

Created attachment 43941 [details]
Testcase (R syntax)

An RKWard user gave me reproducable instructions to trigger a crash with this backtrace. I've reduced those to the attached testcase. Basically:

1) Load this file. Do NOT edit anything. Highlighting should be "R Script", automatically.
2) Collapse the top level folding (Ctrl+Shift+-)
3) Type "('" on line 7 (without the double quotes, with the single quote) -> CRASH
4) Next time around, type the "('" on line 30 -> no crash
5) Delete the two chars again, and try step 3, now -> no crash

Some further notes:
- Typing a round bracket ('(') is important. A single or double quote alone is not enough. Note that in the R highlighter, round brackets trigger a new context (but I don't know, whether that is the relevant aspect, here).
- A certain minimum number (~60) of lines between the inserted text and the folded region is important. The lines need not necessarily be empty. 
- I tried to produce an equivalent testcase for C-highlighting, but this did not trigger the crash.

Tested in KDE 4.3.4 and 4.4.80 (SVN rev. 1129152), each in kwrite, and the katepart in RKWard. All give the same result and known backtrace.

Comment 5 Dominik Haumann 2010-05-28 01:20:17 UTC

can reproduce... still not easy to fix.

Comment 6 bernd 2010-05-29 01:48:19 UTC

regarding Thomas observation , it does actually seem that no "new" open bracket "(" is required, i am the one who wrote the original script which crashed and i just had a case crashing where i added a ' into and existing function call facet_wrap(~HeadSN) [before] to facet(~HeadSN,scale='free')  as soon as i typed the first quote the system crashed

Comment 7 Dominik Haumann 2010-06-10 22:55:42 UTC

*** Bug 241349 has been marked as a duplicate of this bug. ***

Comment 8 Dominik Haumann 2010-06-10 22:56:15 UTC

*** Bug 241059 has been marked as a duplicate of this bug. ***

Comment 9 Bernhard Beschow 2010-06-11 12:28:33 UTC

Who can provide a small test case using the QTest framework?

Comment 10 Dominik Haumann 2010-06-12 20:15:06 UTC

I've added a test case called "bug213964". It should always crash the test.

Comment 11 David Edmundson 2010-06-14 01:46:50 UTC

The crash appears to be caused by node->parentNode being equal to 1 (i.e clearly not a valid pointer to another node) at line 544 of katecodefolding.cpp

As to why that's the case..I'm not sure.

Comment 12 Christoph Cullmann 2010-06-20 19:31:39 UTC

SVN commit 1140437 by cullmann:

contributed patch for bug 213964, crash in code folding
author: Stefan Schenk

BUG: 213964


 M  +7 -3      katecodefolding.cpp  
 M  +3 -0      katecodefolding.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1140437

Comment 13 Alan Prescott 2010-07-01 09:15:32 UTC

Created attachment 48500 [details]
New crash information added by DrKonqi

Kate crashed as I was editing a (folded) PHP script and entering a double quote (").

I had several PHP files open at the time, some folded and some not, and all were from a remote host opened using the fish:// protocol

I had already noticed odd behaviour when entering a single quote (') in that after entering a single quote the cursor moved to the left of the quote so that further keystrokes entered the file in front of the quote.
This did not happen in all the open files, only in the one being edited at the time of the crash