Bug 235020 - crash while using character selector widget
Summary: crash while using character selector widget
Status: RESOLVED FIXED
Alias: None
Product: kdelibs
Classification: Frameworks and Libraries
Component: kdeui (show other bugs)
Version: unspecified
Platform: Unlisted Binaries Linux
: NOR crash
Target Milestone: ---
Assignee: kdelibs bugs
URL:
Keywords:
: 228036 236800 240429 255393 256257 256993 257591 262912 264287 264664 265064 265823 266245 270591 272198 272662 274135 274659 274792 275301 275906 276020 276261 279301 282577 283219 283885 285077 288593 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-04-21 23:47 UTC by Laura Frasca
Modified: 2012-04-09 00:47 UTC (History)
39 users (show)

See Also:
Latest Commit:
Version Fixed In: 4.7.1


Attachments
New crash information added by DrKonqi (7.69 KB, text/plain)
2010-08-24 15:38 UTC, Joachim Mairböck
Details
New crash information added by DrKonqi (6.14 KB, text/plain)
2011-02-11 18:36 UTC, markuss
Details
New crash information added by DrKonqi (7.27 KB, text/plain)
2011-05-02 02:09 UTC, Mohd Asif Ali Rizwaan
Details
New crash information added by DrKonqi (10.13 KB, text/plain)
2011-05-14 14:37 UTC, Petras Ražanskas
Details
New crash information added by DrKonqi (6.46 KB, text/plain)
2011-07-14 17:56 UTC, Admc
Details
New crash information added by DrKonqi (10.25 KB, text/plain)
2011-09-25 19:13 UTC, Thorsteinn A. Malmjursson
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Laura Frasca 2010-04-21 23:47:54 UTC
Application that crashed: plasma-desktop
Version of the application: 0.3
KDE Version: 4.3.4 (KDE 4.3.4)
Qt Version: 4.6.2
Operating System: Linux 2.6.30-2-686 i686
Distribution: Debian GNU/Linux 5.0.4 (lenny)

What I was doing when the application crashed:
When plasma crashed, I was playing with the Character Selector widget, selecting different fonts (I was trying to get it to show me accented characters like an o-umlaut, which is why I wanted the widget at all).

I haven't been able to make it happen again, unfortunately.

 -- Backtrace:
Application: Plasma Workspace (kdeinit4), signal: Segmentation fault
[KCrash Handler]
#6  0xb7555a8e in KCharSelectItemModel::data (this=0x97ab4a0, index=..., role=32) at ../../kdeui/widgets/kcharselect.cpp:865
#7  0xb7553c02 in KCharSelectTablePrivate::_k_slotCurrentChanged (this=0x995cf88, current=..., previous=...) at ../../kdeui/widgets/kcharselect.cpp:218
#8  0xb7553d1f in KCharSelectTable::qt_metacall (this=0x97aee90, _c=QMetaObject::InvokeMetaMethod, _id=96, _a=0xbff6c974) at ./kcharselect_p.moc:81
#9  0xb7e05aea in QMetaObject::metacall (object=0x97aee90, cl=159004296, idx=96, argv=0xbff6c974) at kernel/qmetaobject.cpp:237
#10 0xb7e140b5 in QMetaObject::activate (sender=0x97ec308, m=0xb72c3af0, local_signal_index=1, argv=0xbff6c974) at kernel/qobject.cpp:3293
#11 0xb6f89f89 in QItemSelectionModel::currentChanged (this=0x97ec308, _t1=..., _t2=...) at .moc/release-shared/moc_qitemselectionmodel.cpp:159
#12 0xb6f8a122 in QItemSelectionModel::setCurrentIndex (this=0x97ec308, index=..., command=...) at itemviews/qitemselectionmodel.cpp:1167
#13 0xb6f30f0c in QAbstractItemView::setCurrentIndex (this=0x97aee90, index=...) at itemviews/qabstractitemview.cpp:1003
#14 0xb755402d in KCharSelectTable::setChar (this=0x97aee90, c=...) at ../../kdeui/widgets/kcharselect.cpp:183
#15 0xb7553b24 in KCharSelectTablePrivate::_k_resizeCells (this=0x995cf88) at ../../kdeui/widgets/kcharselect.cpp:266
#16 0xb755351b in KCharSelect::KCharSelectPrivate::_k_fontSelected (this=0x9d8f7f0) at ../../kdeui/widgets/kcharselect.cpp:599
#17 0xb755c53e in KCharSelect::qt_metacall (this=0x9db3c50, _c=QMetaObject::InvokeMetaMethod, _id=9, _a=0xbff6cd18) at ./kcharselect.moc:110
#18 0xb7e05aea in QMetaObject::metacall (object=0x9db3c50, cl=159004296, idx=36, argv=0xbff6cd18) at kernel/qmetaobject.cpp:237
#19 0xb7e140b5 in QMetaObject::activate (sender=0x9d99140, m=0xb72bb678, local_signal_index=6, argv=0xbff6cd18) at kernel/qobject.cpp:3293
#20 0xb6db2903 in QComboBox::currentIndexChanged (this=0x9d99140, _t1=...) at .moc/release-shared/moc_qcombobox.cpp:309
#21 0xb6db45af in QComboBoxPrivate::_q_emitCurrentIndexChanged (this=0x9d60d00, index=...) at widgets/qcombobox.cpp:1236
#22 0xb6db7a69 in QComboBoxPrivate::setCurrentIndex (this=0x9d60d00, mi=...) at widgets/qcombobox.cpp:1992
#23 0xb6db7e5c in QComboBoxPrivate::_q_itemSelected (this=0x9d60d00, item=...) at widgets/qcombobox.cpp:1204
#24 0xb6dbd7b3 in QComboBox::qt_metacall (this=0x9d99140, _c=QMetaObject::InvokeMetaMethod, _id=12, _a=0xbff6cfd8) at .moc/release-shared/moc_qcombobox.cpp:191
#25 0xb7566e2a in KComboBox::qt_metacall (this=0x9d99140, _c=QMetaObject::InvokeMetaMethod, _id=39, _a=0xbff6cfd8) at ./kcombobox.moc:100
#26 0xb746732a in KFontComboBox::qt_metacall (this=0x9d99140, _c=QMetaObject::InvokeMetaMethod, _id=39, _a=0xbff6cfd8) at ./moc_kfontcombobox.moc:70
#27 0xb7e05aea in QMetaObject::metacall (object=0x9d99140, cl=159004296, idx=39, argv=0xbff6cfd8) at kernel/qmetaobject.cpp:237
#28 0xb7e140b5 in QMetaObject::activate (sender=0x98a4ee0, m=0xb72c9994, local_signal_index=0, argv=0xbff6cfd8) at kernel/qobject.cpp:3293
#29 0xb70bb563 in QComboBoxPrivateContainer::itemSelected (this=0x98a4ee0, _t1=...) at .moc/release-shared/moc_qcombobox_p.cpp:213
#30 0xb6db5f2a in QComboBoxPrivateContainer::eventFilter (this=0x98a4ee0, o=0x97cf630, e=0xbff6d694) at widgets/qcombobox.cpp:663
#31 0xb7dffb8a in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=0x957c328, receiver=0x97cf630, event=0xbff6d694) at kernel/qcoreapplication.cpp:819
#32 0xb6992bc9 in QApplicationPrivate::notify_helper (this=0x957c328, receiver=0x97cf630, e=0xbff6d694) at kernel/qapplication.cpp:4296
#33 0xb699a0f7 in QApplication::notify (this=0x95766e0, receiver=0x97cf630, e=0xbff6d694) at kernel/qapplication.cpp:3865
#34 0xb74abe2a in KApplication::notify (this=0x95766e0, receiver=0x97cf630, event=0xbff6d694) at ../../kdeui/kernel/kapplication.cpp:302
#35 0xb7e008eb in QCoreApplication::notifyInternal (this=0x95766e0, receiver=0x97cf630, event=0xbff6d694) at kernel/qcoreapplication.cpp:704
#36 0xb6999052 in QCoreApplication::sendEvent (receiver=0x97cf630, event=0xbff6d694, alienWidget=0x97cf630, nativeWidget=0x98a4ee0, buttonDown=0xb72d7918, lastMouseReceiver=..., spontaneous=true)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#37 QApplicationPrivate::sendMouseEvent (receiver=0x97cf630, event=0xbff6d694, alienWidget=0x97cf630, nativeWidget=0x98a4ee0, buttonDown=0xb72d7918, lastMouseReceiver=..., spontaneous=true)
    at kernel/qapplication.cpp:2965
#38 0xb6a245b8 in QETWidget::translateMouseEvent (this=0x98a4ee0, event=0xbff6dae0) at kernel/qapplication_x11.cpp:4302
#39 0xb6a235ab in QApplication::x11ProcessEvent (this=0x95766e0, event=0xbff6dae0) at kernel/qapplication_x11.cpp:3379
#40 0xb6a516f2 in x11EventSourceDispatch (s=0x957efe8, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#41 0xb65342e5 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#42 0xb6538000 in ?? () from /lib/libglib-2.0.so.0
#43 0xb6538198 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#44 0xb7e2c2f5 in QEventDispatcherGlib::processEvents (this=0x957bd48, flags=...) at kernel/qeventdispatcher_glib.cpp:412
#45 0xb6a51255 in QGuiEventDispatcherGlib::processEvents (this=0x957bd48, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#46 0xb7dfef09 in QEventLoop::processEvents (this=0xbff6ddd4, flags=) at kernel/qeventloop.cpp:149
#47 0xb7dff35a in QEventLoop::exec (this=0xbff6ddd4, flags=...) at kernel/qeventloop.cpp:201
#48 0xb7e034ef in QCoreApplication::exec () at kernel/qcoreapplication.cpp:981
#49 0xb6992c87 in QApplication::exec () at kernel/qapplication.cpp:3579
#50 0xb3fd85cd in kdemain (argc=1, argv=0x956c378) at ../../../../plasma/shells/desktop/main.cpp:50
#51 0x0804de39 in launch (argc=<value optimized out>, _name=<value optimized out>, args=<value optimized out>, cwd=0x0, envc=0, envs=0x954d798 "", reset_env=false, tty=0x0, avoid_loops=false, 
    startup_id_str=0x8050f27 "0") at ../../kinit/kinit.cpp:677
#52 0x0804e9ad in handle_launcher_request (sock=<value optimized out>, who=<value optimized out>) at ../../kinit/kinit.cpp:1169
#53 0x0804ee44 in handle_requests (waitForPid=<value optimized out>) at ../../kinit/kinit.cpp:1362
#54 0x0804f657 in main (argc=2, argv=0xbff6e6b4, envp=0xbff6e6c0) at ../../kinit/kinit.cpp:1793

Reported using DrKonqi
Comment 1 Christoph Feck 2010-06-03 00:38:08 UTC
*** Bug 240429 has been marked as a duplicate of this bug. ***
Comment 2 Joachim Mairböck 2010-08-24 15:38:00 UTC
Created attachment 50893 [details]
New crash information added by DrKonqi

kcharselect (v1.7) on KDE Platform 4.5.00 (KDE 4.5.0) using Qt 4.6.3

- What I was doing when the application crashed:
KCharSelect crashed also when changing the font size (but not always, I was successfully able to increase it in the past).

-- Backtrace (Reduced):
#7  KCharSelectItemModel::data (this=0x8213ab8, index=..., role=32) at /usr/src/debug/kdelibs-4.5.0/kdeui/widgets/kcharselect.cpp:865
#8  0xb75d7a29 in KCharSelectTablePrivate::_k_slotCurrentChanged (this=0xb2016ac8, current=..., previous=...) at /usr/src/debug/kdelibs-4.5.0/kdeui/widgets/kcharselect.cpp:218
#9  0xb75d7bad in KCharSelectTable::qt_metacall (this=0x82c93f8, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0xbfec6274)
    at /usr/src/debug/kdelibs-4.5.0/build/kdeui/kcharselect_p.moc:87
[...]
[...]
#12 0xb6bfba8d in QItemSelectionModel::currentChanged (this=0x827b798, _t1=..., _t2=...) at .moc/release-shared/moc_qitemselectionmodel.cpp:159
#13 0xb6bfbc0c in QItemSelectionModel::setCurrentIndex (this=0x827b798, index=..., command=...) at itemviews/qitemselectionmodel.cpp:1167
Comment 3 Christoph Feck 2010-09-03 04:33:51 UTC
*** Bug 228036 has been marked as a duplicate of this bug. ***
Comment 4 Christoph Feck 2010-09-03 04:34:38 UTC
*** Bug 236800 has been marked as a duplicate of this bug. ***
Comment 5 Pino Toscano 2010-11-07 01:19:14 UTC
*** Bug 256257 has been marked as a duplicate of this bug. ***
Comment 6 Pino Toscano 2010-11-07 01:20:20 UTC
*** Bug 255393 has been marked as a duplicate of this bug. ***
Comment 7 Christoph Feck 2010-11-10 00:27:27 UTC
Clemens, if this is reproducible, and you can compile kdelibs from source, can you test the following patch in kdelibs/kdeui/widgets:

--- kcharselect_p.h     2009-12-23 17:24:24.480648617 +0100
+++ kcharselect_p.h     2010-11-10 00:29:11.857144169 +0100
@@ -209,7 +209,7 @@
             maxChar = qMax(5, fm.height());
         }
         m_columns  = maxWidth / maxChar;
-        if (m_columns == 0) {
+        if (m_columns <= 0) {
             m_columns = 1;
         }
         reset();
Comment 8 Pino Toscano 2010-11-15 18:21:07 UTC
*** Bug 256993 has been marked as a duplicate of this bug. ***
Comment 9 Clemens Eisserer 2010-11-15 18:30:03 UTC
Cristoph: Sorry, I haven't compiled KDE from source.
Comment 10 Christoph Feck 2010-11-15 18:41:22 UTC
SVN commit 1197409 by cfeck:

Fix crash in KCharSelect

Make sure we use at least one column, even if the passed maxWidth
is negative.

CCBUG: 235020


 M  +1 -1      kcharselect_p.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1197409
Comment 11 Christoph Feck 2010-11-15 18:42:33 UTC
SVN commit 1197410 by cfeck:

Fix crash in KCharSelect (backport r1197409)

FIXED-IN: 4.5.4
BUG: 235020


 M  +1 -1      kcharselect_p.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=1197410
Comment 12 Dario Andres 2010-11-22 12:51:01 UTC
*** Bug 257591 has been marked as a duplicate of this bug. ***
Comment 13 Pino Toscano 2011-01-12 09:59:07 UTC
*** Bug 262912 has been marked as a duplicate of this bug. ***
Comment 14 Christoph Feck 2011-01-26 02:07:39 UTC
*** Bug 264287 has been marked as a duplicate of this bug. ***
Comment 15 Christoph Feck 2011-01-26 02:08:17 UTC
Reopen because of bug 264287 (which is from KDE 4.5.5).
Comment 16 Christoph Feck 2011-01-28 19:04:47 UTC
*** Bug 264664 has been marked as a duplicate of this bug. ***
Comment 17 raffamaiden 2011-01-30 23:41:36 UTC
I confirm that is bug happen also with KDE 4.6.0. Here is the backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00bd203e in KCharSelectItemModel::data (this=0x98c0c80, index=..., role=32) at ../../kdeui/widgets/kcharselect.cpp:867
867     ../../kdeui/widgets/kcharselect.cpp: File o directory non esistente.
        in ../../kdeui/widgets/kcharselect.cpp
(gdb) backtrace
#0  0x00bd203e in KCharSelectItemModel::data (this=0x98c0c80, index=..., role=32) at ../../kdeui/widgets/kcharselect.cpp:867
#1  0x00bd0282 in KCharSelectTablePrivate::_k_slotCurrentChanged (this=0x9275b48, current=..., previous=...)
    at ../../kdeui/widgets/kcharselect.cpp:218
#2  0x00bd039f in KCharSelectTable::qt_metacall (this=0x90f8800, _c=QMetaObject::InvokeMetaMethod, _id=96, _a=0xbfd8bb34)
    at ./kcharselect_p.moc:87
#3  0x00e788ca in QMetaObject::metacall (object=0x90f8800, cl=160376424, idx=96, argv=0xbfd8bb34)
    at kernel/qmetaobject.cpp:237
#4  0x00e8b6ad in QMetaObject::activate (sender=0x98c6dd0, m=0x1a5ea50, local_signal_index=1, argv=0x0)
    at kernel/qobject.cpp:3280
#5  0x016fd319 in QItemSelectionModel::currentChanged (this=0x98c6dd0, _t1=..., _t2=...)
    at .moc/release-shared/moc_qitemselectionmodel.cpp:159
#6  0x016fd4b2 in QItemSelectionModel::setCurrentIndex (this=0x98c6dd0, index=..., command=...)
    at itemviews/qitemselectionmodel.cpp:1156
#7  0x016a47ac in QAbstractItemView::setCurrentIndex (this=0x90f8800, index=...) at itemviews/qabstractitemview.cpp:1007
#8  0x00bd06ad in KCharSelectTable::setChar (this=0x90f8800, c=...) at ../../kdeui/widgets/kcharselect.cpp:183
#9  0x00bd18fa in KCharSelect::KCharSelectPrivate::_k_blockSelected (this=0x90ce2b0, index=16)
    at ../../kdeui/widgets/kcharselect.cpp:802
#10 0x00bd8c42 in KCharSelect::qt_metacall (this=0x90c8208, _c=QMetaObject::InvokeMetaMethod, _id=13, _a=0xbfd8be68)
    at ./kcharselect.moc:120
#11 0x00e788ca in QMetaObject::metacall (object=0x90c8208, cl=160376424, idx=40, argv=0xbfd8be68)
    at kernel/qmetaobject.cpp:237
#12 0x00e8b6ad in QMetaObject::activate (sender=0x90f2af0, m=0x1a56224, local_signal_index=5, argv=0x0)
    at kernel/qobject.cpp:3280
#13 0x0151a783 in QComboBox::currentIndexChanged (this=0x90f2af0, _t1=16) at .moc/release-shared/moc_qcombobox.cpp:302
#14 0x0151c3da in QComboBoxPrivate::_q_emitCurrentIndexChanged (this=0x91c7940, index=...) at widgets/qcombobox.cpp:1264
#15 0x01520349 in QComboBoxPrivate::setCurrentIndex (this=0x91c7940, mi=...) at widgets/qcombobox.cpp:2022
---Type <return> to continue, or q <return> to quit---
#16 0x0152073c in QComboBoxPrivate::_q_itemSelected (this=0x91c7940, item=...) at widgets/qcombobox.cpp:1233
#17 0x01526157 in QComboBox::qt_metacall (this=0x90f2af0, _c=QMetaObject::InvokeMetaMethod, _id=12, _a=0xbfd8c0d8)
    at .moc/release-shared/moc_qcombobox.cpp:191
#18 0x00be467a in KComboBox::qt_metacall (this=0x90f2af0, _c=QMetaObject::InvokeMetaMethod, _id=39, _a=0xbfd8c0d8)
    at ./kcombobox.moc:106
#19 0x00e788ca in QMetaObject::metacall (object=0x90f2af0, cl=160376424, idx=39, argv=0xbfd8c0d8)
    at kernel/qmetaobject.cpp:237
#20 0x00e8b6ad in QMetaObject::activate (sender=0x94895d8, m=0x1a64b14, local_signal_index=0, argv=0x0)
    at kernel/qobject.cpp:3280
#21 0x01842313 in QComboBoxPrivateContainer::itemSelected (this=0x94895d8, _t1=...)
    at .moc/release-shared/moc_qcombobox_p.cpp:213
#22 0x0151e7fa in QComboBoxPrivateContainer::eventFilter (this=0x94895d8, o=0x928a4a8, e=0xbfd8c6e0)
    at widgets/qcombobox.cpp:687
#23 0x00e7229a in QCoreApplicationPrivate::sendThroughObjectEventFilters (this=0x904c940, receiver=0x928a4a8, 
    event=0xbfd8c6e0) at kernel/qcoreapplication.cpp:847
#24 0x010d2fb9 in QApplicationPrivate::notify_helper (this=0x904c940, receiver=0x928a4a8, e=0xbfd8c6e0)
    at kernel/qapplication.cpp:4392
#25 0x010d9c2e in QApplication::notify (this=0xbfd8cf94, receiver=0x928a4a8, e=0xbfd8c6e0) at kernel/qapplication.cpp:3959
#26 0x00b20f7a in KApplication::notify (this=0xbfd8cf94, receiver=0x928a4a8, event=0xbfd8c6e0)
    at ../../kdeui/kernel/kapplication.cpp:311
#27 0x00e72b3b in QCoreApplication::notifyInternal (this=0xbfd8cf94, receiver=0x928a4a8, event=0xbfd8c6e0)
    at kernel/qcoreapplication.cpp:732
#28 0x010d8094 in sendEvent (receiver=0x928a4a8, event=0xbfd8c6e0, alienWidget=0x928a4a8, nativeWidget=0x94895d8, 
    buttonDown=0x1a6d3c0, lastMouseReceiver=..., spontaneous=true)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215
#29 QApplicationPrivate::sendMouseEvent (receiver=0x928a4a8, event=0xbfd8c6e0, alienWidget=0x928a4a8, 
---Type <return> to continue, or q <return> to quit---
    nativeWidget=0x94895d8, buttonDown=0x1a6d3c0, lastMouseReceiver=..., spontaneous=true) at kernel/qapplication.cpp:3058
#30 0x01167261 in QETWidget::translateMouseEvent (this=0x94895d8, event=0xbfd8cbfc) at kernel/qapplication_x11.cpp:4337
#31 0x01166151 in QApplication::x11ProcessEvent (this=0xbfd8cf94, event=0xbfd8cbfc) at kernel/qapplication_x11.cpp:3414
#32 0x0119536a in x11EventSourceDispatch (s=0x904fba8, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#33 0x08134855 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#34 0x08138668 in ?? () from /lib/libglib-2.0.so.0
#35 0x08138848 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#36 0x00ea1565 in QEventDispatcherGlib::processEvents (this=0x9038188, flags=...) at kernel/qeventdispatcher_glib.cpp:415
#37 0x01194be5 in QGuiEventDispatcherGlib::processEvents (this=0x9038188, flags=...)
    at kernel/qguieventdispatcher_glib.cpp:204
#38 0x00e71609 in QEventLoop::processEvents (this=0xbfd8cef4, flags=DWARF-2 expression error: DW_OP_reg operations must be used either alone or in conjuction with DW_OP_piece or DW_OP_bit_piece.
) at kernel/qeventloop.cpp:149
#39 0x00e71a8a in QEventLoop::exec (this=0xbfd8cef4, flags=...) at kernel/qeventloop.cpp:201
#40 0x00e7600f in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1009
#41 0x010d1e07 in QApplication::exec () at kernel/qapplication.cpp:3672
#42 0x0804fc60 in _start ()
(gdb)
Comment 18 Pino Toscano 2011-02-01 12:39:58 UTC
*** Bug 265064 has been marked as a duplicate of this bug. ***
Comment 19 Christoph Feck 2011-02-08 19:10:15 UTC
*** Bug 265823 has been marked as a duplicate of this bug. ***
Comment 20 markuss 2011-02-11 18:36:20 UTC
Created attachment 57163 [details]
New crash information added by DrKonqi

kcharselect (v1.8) on KDE Platform 4.6.00 (4.6.0) using Qt 4.7.1

- What I was doing when the application crashed:

I was browsing characters and selecting different Unicode blocks

-- Backtrace (Reduced):
#7  KCharSelectItemModel::data (this=0x836fec8, index=..., role=32) at /usr/src/debug/kdelibs-4.6.0/kdeui/widgets/kcharselect.cpp:867
#8  0xb740a679 in KCharSelectTablePrivate::_k_slotCurrentChanged (this=0x81d9740, current=..., previous=...) at /usr/src/debug/kdelibs-4.6.0/kdeui/widgets/kcharselect.cpp:218
#9  0xb740a7fd in KCharSelectTable::qt_metacall (this=0x81bd210, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0xbf9f7144)
    at /usr/src/debug/kdelibs-4.6.0/build/kdeui/kcharselect_p.moc:87
[...]
#12 0xb69cb01d in QItemSelectionModel::currentChanged (this=0x81d3b48, _t1=..., _t2=...) at .moc/release-shared/moc_qitemselectionmodel.cpp:159
#13 0xb69cb19c in QItemSelectionModel::setCurrentIndex (this=0x81d3b48, index=..., command=...) at itemviews/qitemselectionmodel.cpp:1156
Comment 21 Christoph Feck 2011-04-01 03:07:42 UTC
*** Bug 266245 has been marked as a duplicate of this bug. ***
Comment 22 Christoph Feck 2011-04-13 02:56:20 UTC
*** Bug 270591 has been marked as a duplicate of this bug. ***
Comment 23 Mohd Asif Ali Rizwaan 2011-05-02 02:09:52 UTC
Created attachment 59519 [details]
New crash information added by DrKonqi

kcharselect (v1.8) on KDE Platform 4.6.2 (4.6.2) using Qt 4.7.2

- What I was doing when the application crashed:
Changing font size crashed kcharselect.

-- Backtrace (Reduced):
#7  KCharSelectItemModel::data (this=0xa192ed8, index=..., role=32) at ../../kdeui/widgets/kcharselect.cpp:867
#8  0x00a8cde2 in KCharSelectTablePrivate::_k_slotCurrentChanged (this=0xb4b02560, current=..., previous=...) at ../../kdeui/widgets/kcharselect.cpp:218
#9  0x00a8cf5f in KCharSelectTable::qt_metacall (this=0xa184230, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0xbf90ff24) at ./kcharselect_p.moc:87
[...]
#12 0x016ee2c9 in QItemSelectionModel::currentChanged (this=0xb4b13438, _t1=..., _t2=...) at .moc/release-shared/moc_qitemselectionmodel.cpp:159
#13 0x016ee3ff in QItemSelectionModel::setCurrentIndex (this=0xb4b13438, index=..., command=...) at itemviews/qitemselectionmodel.cpp:1169
Comment 24 Roger Pixley 2011-05-03 18:53:26 UTC
Application: Kcharselect
Version: 1.8
KDE Version: 4.6.2
Qt Verson: 4.7.2-9
Operating System: Linux version 2.6.35.12-88.fc14.i686
Distro: Fedora 14


I was typing in super and fairly reliably it would always crash on the letter p. Tried P in other combinations and that worked fine. If I type in Super very very slowly it works a little less than 1/2 the time. 


Application: KCharSelect (kcharselect), signal: Segmentation fault
[KCrash Handler]
#7  KCharSelectItemModel::data (this=0x927aa68, index=..., role=32) at /usr/src/debug/kdelibs-4.6.2/kdeui/widgets/kcharselect.cpp:867
#8  0x06594323 in KCharSelectTablePrivate::_k_slotCurrentChanged (this=0x922b0d0, current=..., previous=...) at /usr/src/debug/kdelibs-4.6.2/kdeui/widgets/kcharselect.cpp:218
#9  0x065944af in KCharSelectTable::qt_metacall (this=0x9202d70, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0xbffb0504) at /usr/src/debug/kdelibs-4.6.2/i686-redhat-linux-gnu/kdeui/kcharselect_p.moc:87
#10 0x05ede79b in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#11 0x05eedcc7 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#12 0x02a305ca in QItemSelectionModel::currentChanged(QModelIndex const&, QModelIndex const&) () from /usr/lib/libQtGui.so.4
#13 0x02a30733 in QItemSelectionModel::setCurrentIndex(QModelIndex const&, QFlags<QItemSelectionModel::SelectionFlag>) () from /usr/lib/libQtGui.so.4
#14 0x029d2abd in QAbstractItemView::setCurrentIndex(QModelIndex const&) () from /usr/lib/libQtGui.so.4
#15 0x0659489b in KCharSelectTable::setChar (this=0x9202d70, c=...) at /usr/src/debug/kdelibs-4.6.2/kdeui/widgets/kcharselect.cpp:183
#16 0x06596140 in KCharSelect::KCharSelectPrivate::_k_search (this=0x91e36a8) at /usr/src/debug/kdelibs-4.6.2/kdeui/widgets/kcharselect.cpp:840
#17 0x065967c0 in KCharSelect::KCharSelectPrivate::_k_searchEditChanged (this=0x91e36a8) at /usr/src/debug/kdelibs-4.6.2/kdeui/widgets/kcharselect.cpp:825
#18 0x0659cea6 in KCharSelect::qt_metacall (this=0x91e6398, _c=QMetaObject::InvokeMetaMethod, _id=14, _a=0xbffb0888) at /usr/src/debug/kdelibs-4.6.2/i686-redhat-linux-gnu/kdeui/kcharselect.moc:121
#19 0x05ede79b in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#20 0x05eedcc7 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#21 0x028b5c24 in QLineEdit::textChanged(QString const&) () from /usr/lib/libQtGui.so.4
#22 0x028b61ed in QLineEdit::qt_metacall(QMetaObject::Call, int, void**) () from /usr/lib/libQtGui.so.4
#23 0x065c6fdb in KLineEdit::qt_metacall (this=0x91d8b10, _c=QMetaObject::InvokeMetaMethod, _id=27, _a=0xbffb0a18) at /usr/src/debug/kdelibs-4.6.2/i686-redhat-linux-gnu/kdeui/klineedit.moc:133
#24 0x05ede79b in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/libQtCore.so.4
#25 0x05eedcc7 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#26 0x02b519b4 in QLineControl::textChanged(QString const&) () from /usr/lib/libQtGui.so.4
#27 0x028bafbb in QLineControl::finishChange(int, bool, bool) () from /usr/lib/libQtGui.so.4
#28 0x028bc914 in QLineControl::insert(QString const&) () from /usr/lib/libQtGui.so.4
#29 0x028bd669 in QLineControl::processKeyEvent(QKeyEvent*) () from /usr/lib/libQtGui.so.4
#30 0x028b1389 in QLineEdit::keyPressEvent(QKeyEvent*) () from /usr/lib/libQtGui.so.4
#31 0x065c855f in KLineEdit::keyPressEvent (this=0x91d8b10, e=0xbffb1354) at /usr/src/debug/kdelibs-4.6.2/kdeui/widgets/klineedit.cpp:945
#32 0x024a49b8 in QWidget::event(QEvent*) () from /usr/lib/libQtGui.so.4
#33 0x028b3ea8 in QLineEdit::event(QEvent*) () from /usr/lib/libQtGui.so.4
#34 0x065c57bb in KLineEdit::event (this=0x91d8b10, ev=0xbffb1354) at /usr/src/debug/kdelibs-4.6.2/kdeui/widgets/klineedit.cpp:1399
#35 0x0244b54c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#36 0x02450a5d in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#37 0x064ed4bb in KApplication::notify (this=0xbffb1d94, receiver=0x91d8b10, event=0xbffb1354) at /usr/src/debug/kdelibs-4.6.2/kdeui/kernel/kapplication.cpp:311
#38 0x05ed7f63 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#39 0x024495af in ?? () from /usr/lib/libQtGui.so.4
#40 0x024fafee in ?? () from /usr/lib/libQtGui.so.4
#41 0x024fb474 in ?? () from /usr/lib/libQtGui.so.4
#42 0x024d4022 in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/libQtGui.so.4
#43 0x024ff550 in ?? () from /usr/lib/libQtGui.so.4
#44 0x003bf192 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#45 0x003bf978 in ?? () from /lib/libglib-2.0.so.0
#46 0x003bfc35 in g_main_context_iteration () from /lib/libglib-2.0.so.0
#47 0x05f05cad in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#48 0x024ff1c6 in ?? () from /usr/lib/libQtGui.so.4
#49 0x05ed70fa in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#50 0x05ed73aa in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#51 0x05edbf57 in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#52 0x02449358 in QApplication::exec() () from /usr/lib/libQtGui.so.4
#53 0x0804fd24 in _start ()
Comment 25 Christoph Feck 2011-05-13 01:23:50 UTC
*** Bug 272198 has been marked as a duplicate of this bug. ***
Comment 26 Christoph Feck 2011-05-13 01:26:37 UTC
Can anyone who can reproduce the bug (I never could) make a backtrace of an unoptimized build (where it doesn't say "index=..." but shows the actual value)?
Comment 27 Christoph Feck 2011-05-13 01:59:27 UTC
*** Bug 272662 has been marked as a duplicate of this bug. ***
Comment 28 Petras Ražanskas 2011-05-14 14:37:37 UTC
Created attachment 59989 [details]
New crash information added by DrKonqi

kcharselect (v1.8) on KDE Platform 4.6.2 (4.6.2) using Qt 4.7.2

- What I was doing when the application crashed:

Changing anything in the drop-down menus, be it Alphabet or Blocks, results in the segmentation fault 100% of the times. This report was generated after attempting to select "Symbols" from the Alphabet menu.

-- Backtrace (Reduced):
#7  KCharSelectItemModel::data (this=0xa4f5268, index=..., role=32) at ../../kdeui/widgets/kcharselect.cpp:867
#8  0x00393de2 in KCharSelectTablePrivate::_k_slotCurrentChanged (this=0xa065e68, current=..., previous=...) at ../../kdeui/widgets/kcharselect.cpp:218
#9  0x00393f5f in KCharSelectTable::qt_metacall (this=0xa04a798, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0xbfcaf304) at ./kcharselect_p.moc:87
[...]
#12 0x015b22c9 in QItemSelectionModel::currentChanged (this=0xa4d0cf0, _t1=..., _t2=...) at .moc/release-shared/moc_qitemselectionmodel.cpp:159
#13 0x015b23ff in QItemSelectionModel::setCurrentIndex (this=0xa4d0cf0, index=..., command=...) at itemviews/qitemselectionmodel.cpp:1169
Comment 29 Beat Wolf 2011-06-03 15:34:37 UTC
*** Bug 274792 has been marked as a duplicate of this bug. ***
Comment 30 Christoph Feck 2011-06-14 12:52:48 UTC
*** Bug 274135 has been marked as a duplicate of this bug. ***
Comment 31 Christoph Feck 2011-06-14 12:53:15 UTC
*** Bug 274659 has been marked as a duplicate of this bug. ***
Comment 32 Christoph Feck 2011-06-14 12:53:40 UTC
*** Bug 275301 has been marked as a duplicate of this bug. ***
Comment 33 Christoph Feck 2011-06-20 13:48:24 UTC
*** Bug 275906 has been marked as a duplicate of this bug. ***
Comment 34 Christoph Feck 2011-06-20 13:48:45 UTC
*** Bug 276020 has been marked as a duplicate of this bug. ***
Comment 35 sahinsureyya 2011-06-20 19:42:43 UTC
On June 20, 2011 07:48:27 AM Christoph Feck wrote:
> https://bugs.kde.org/show_bug.cgi?id=235020
> 
> 
> Christoph Feck <christoph@maxiom.de> changed:
> 
>            What    |Removed                     |Added
> ---------------------------------------------------------------------------
> - CC|                            |sahinsureyya@yahoo.ca
> 
> 
> 
> 
> --- Comment #33 from Christoph Feck <christoph maxiom de>  2011-06-20
> 13:48:24 --- *** Bug 275906 has been marked as a duplicate of this bug.
> ***

If I add a charselect plasma widget to my kde desktop, it is working fine. The 
problem is when I start using kcharselect gui program.  It crashes everytime I 
try to use the comboboxes to choose a different alphabet as I described 
previously.

I am using Kubuntu 11.04, I tried the same program on Fedora 15 with kde 4.6.3 
and kcharselect gui program crashes there as well.
Comment 36 Christoph Feck 2011-06-23 04:37:46 UTC
*** Bug 276261 has been marked as a duplicate of this bug. ***
Comment 37 Radu-Cristian Fotescu 2011-07-04 19:53:50 UTC
KDE 4.6.90 mysteriously fixed this bug!

Note that this bug has a bunch of duplicates: 228036, 236800, 256257, 255393, 256993, 257591, 262912, 264287, 264664, 265064, 265823, 266245, 270591, 272198, 272662, 274792, 274135, 274659, 275301, 275906, 275906, 276020, 276261.

The descriptions for each bug report being not always helpful in reproducing the crash, here's my way of making KCharSelect crash on purpose.

How to make KCharSelect crash on any version up to and including 4.6.4:
1. Open KCharSelect and make it have the minimum horizontal size (it should display 18 characters on a row; if it doesn't, keep it at this size nevertheless);
2. Select the "DejaVu Sans" or any other DejaVu typeface.
3. Keep "European Alphabets" in the first drop-down list.
4. In the second drop-down list, start to switch the code pages between the available ones, in order:
-- Basic Latin
-- Latin-1 Supplement
-- Latin Extended A
-- Latin Extended B
-- Latin Extended Additional
-- Latin Extended C
-- Latin Extended D
and so on.
5. It should have crashed by now. If not, keep switching back and forth between the code pages until it does!
The bug is actually triggered by unknown errors in some fonts (the DejaVu family being one of them).

I could see this bug as not showing up anymore in KDE 4.6.90 (in Mageia Cauldron and Fedora Rawhide).

I suggest to mark this bug as FIXED.
Comment 38 Christoph Feck 2011-07-04 22:51:10 UTC
That's odd, because there are no changes in KDE/4.7 branch that could affect this bug. Maybe you also updated Qt version? I also use DejaVu font, but could never reproduce it.

Let's wait some time before closing it.
Comment 39 Christoph Feck 2011-07-04 22:55:21 UTC
Hm, it shouldn't depend on the Qt version, bug 276020 is actually from a recent Qt, too. If someone can confirm the bug has been fixed in KDE, I would really like to see a git bisect to understand the bugger :)
Comment 40 Radu-Cristian Fotescu 2011-07-05 04:27:00 UTC
Cristoph,

Please try to follow my steps in any KDE 4.6.3/4.6.4 mainstream 32-bit Linux distro -- not a hand-build KDE! The bug _should_ manifest itself!

Observe the requirement "make KCharSelect have the minimum horizontal size". This increases the probability of crash.

Also, the bug itself _might_ be because of Qt (I've inspected kdeui/widgets/kcharselect.cpp in kdelibs and could find no obvious bug!), but even if the error is in QFont, there is a responsibility in KDE not checking anything and letting everything crash!

I was actually outraged that a bug with so many duplicates could never be fixed. After all, excuse my French, but I've _never_ encountered a crash with Charmap in any Windows version from 3.1 to 7, whereas I was always able to crash KCharSelect in KDE 4.x. Go figure.
Comment 41 Valter Mura 2011-07-07 09:06:47 UTC
*This is strange*: if I try to change the charset when the windows is in the default view, the program crashes; if I before change (enlarge) the size of the window and then change the charset, the program works correctly.

Kubuntu Natty 11.04
KDE 4.6.4
Comment 42 Radu-Cristian Fotescu 2011-07-07 09:27:37 UTC
(In reply to comment #41)
> *This is strange*: if I try to change the charset when the windows is in the
> default view, the program crashes; if I before change (enlarge) the size of the
> window and then change the charset, the program works correctly.
> 
> Kubuntu Natty 11.04
> KDE 4.6.4

Valter,

After you change (==enlarge) the size of the window, change it back to the default view, which is normally set to be the *minimum* horizontal width. 

It should start crashing again.
Comment 43 Valter Mura 2011-07-07 09:44:27 UTC
Yes, I can con(In reply to comment #42)
> (In reply to comment #41)
> > *This is strange*: if I try to change the charset when the windows is in the
> > default view, the program crashes; if I before change (enlarge) the size of the
> > window and then change the charset, the program works correctly.
> > 
> > Kubuntu Natty 11.04
> > KDE 4.6.4
> 
> Valter,
> 
> After you change (==enlarge) the size of the window, change it back to the
> default view, which is normally set to be the *minimum* horizontal width. 
> 
> It should start crashing again.

Yes, Radu,

I can confirm this behaviour: at the third time I tried to change the charset, after having resized the window to its original (minimum) size, it started crashing again.
--
Valter
Comment 44 Admc 2011-07-14 17:56:26 UTC
Created attachment 61876 [details]
New crash information added by DrKonqi

kcharselect (v1.8) on KDE Platform 4.6.5 (4.6.5) using Qt 4.7.2

- What I was doing when the application crashed:
I was changing character set in kcharselect, crash happens very often.

-- Backtrace (Reduced):
#7  KCharSelectItemModel::data (this=0x9b2e438, index=..., role=32) at ../../kdeui/widgets/kcharselect.cpp:867
#8  0x008ebcf2 in KCharSelectTablePrivate::_k_slotCurrentChanged (this=0x9b23df8, current=..., previous=...) at ../../kdeui/widgets/kcharselect.cpp:218
#9  0x008ebe6f in KCharSelectTable::qt_metacall (this=0x9b1b5c8, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0xbfa09194) at ./kcharselect_p.moc:87
[...]
#12 0x014a0d59 in QItemSelectionModel::currentChanged (this=0x9ff9240, _t1=..., _t2=...) at .moc/release-shared/moc_qitemselectionmodel.cpp:159
#13 0x014a0e8f in QItemSelectionModel::setCurrentIndex (this=0x9ff9240, index=..., command=...) at itemviews/qitemselectionmodel.cpp:1169
Comment 45 Radu-Cristian Fotescu 2011-07-14 18:14:15 UTC
I had tons of backtraces for various KDE4 versions, too bad I've deleted them.
It always crashes at kdeui/widgets/kcharselect.cpp:867 etc., no matter what KDE 4.x.y -- except that it doesn't crash anymore with KDE 4.6.90 and KDE 4.6.95 (4.6.95 tested in Mageia Cauldron).
Comment 46 Harald Sitter 2011-07-14 19:12:21 UTC
Well then.

We just did some research on this in #kubuntu-devel and here are the findings:

The offending line of comment 44 is
    QChar c = m_chars[pos];

m_chars is a QList<QChar>.
[] operator accesses on QLists is always a bit tricky because the index *must* be valid.
a valid index is defined as 0 <= i < size().

the latter part of this requirement is ensured by the if at line 680
    if (pos >= m_chars.size() || index.row() < 0 || index.column() < 0) {
from which only returns can leave.

however, the careful observer will notice that the former part is not at all ensured, and the calculation for pos looks tricky enough to result in an -int

    int pos = m_columns * (index.row()) + index.column();

now concluding that in this line there cannot be an assignment error as then the stack trace would contain qchar related stuff (seeing as the list does not use pointers but actual qchars), and the fact that only one part of the validity constraint is checked it seems like a likely enough case that the pos calculation falls apart for one reason or another and then results in an negative int.

consequently here the output of p pos
$1 = -469761976

clearly the pos calculation is failing, and IMHO that code could use a couple more asserts really

FWIW: p m_columns
$2 = 18

the other 2 arguments are not printable but seeing as multiplying 18 with x would only result in negative int if x itself is negative (which cannot be because aforementioned if ensures row() and column() to be >=0, so it would be at least pos=18*0) which only leaves the possibility of an insanely great x, which indicates an invalid modelindex.

so, two things should equally be able to resolve this issue:
a) ensure index to be 0<=i<size()
b) add !index.isValid() to the if (which should be used anyway, like really, because it already ensures that the column and row are not negative)

of course a combination of both would be perfect

unanswered is the question whether the index is invalid anyway, but I suppose that is not necessarily within the scope of this bug as from where I am standing the data() function as it is right now is not to be considered safe at all due to the [] list access with appropriate checks for valid index.
Comment 47 Radu-Cristian Fotescu 2011-07-14 19:20:39 UTC
You're fabulous, guys!

But I am stupid enough and not a "careful observer". I have been looking at the very same code some 3 weeks ago and couldn't find the flaw. 

I mean, I can't see how pos can be invalid/negative :-(
It all looks pretty OK to me :-(((
Comment 48 Harald Sitter 2011-07-14 19:48:18 UTC
pos is an int, usually an (signed) int has a range of -(2^31) to (2^31) − 1. If you calculate something that is greater than (2^31) − 1 and assign it to a (signed) int the variable will actually contain a negative number (or still a positive but wrong number if the calculation result is a sufficiently large number).
http://en.wikipedia.org/wiki/Two's_complement

So, if column and row are sufficiently great, then multiplying anything >1 will result in a number that is greater than (2^31) − 1 and thus cause a negative integer.

Meaning if row is a super great number or column is a super great number or the both put together make a super great number, multiplying them with m_column will result in a wrong index for the m_chars QList (i.e. < 0).

Now since nothing is checking for this case the QList then explodes because you are trying to access an invalid index, resulting in the segfault.

The solution could be something like:

    if (pos < 0 || pos >= m_chars.size() || index.isValid) {

for line 680. That way it becomes terribly unlikely that pos is an invalid index as you are meeting the index constraint now (0 <= i < size()). Even if pos were to contain a wrong value for whatever reason, the worst that would happen is bogus data in the view, but certainly no crash.

But I really need to mention again: should the modelindex be valid at this point despite having super great values for row and column, it is worth finding out why its column or row value is so great. Either there is another issue somewhere else in the application that results in this bogus but valid modelindex OR there are really that many entries, in which case you need to do some major refactoring to resolve the problem, since a QList (since it is using a signed integer as index) can only contain (2^31) − 1 entries.
Comment 49 Harald Sitter 2011-07-14 19:53:19 UTC
Ah, actually the proposed fix was meant to read

    if (pos < 0 || pos >= m_chars.size() || !index.isValid) {

We definitely want to go further if the modelindex is valid :D
Comment 50 Christoph Feck 2011-08-03 17:59:07 UTC
Git commit fd1ac854f8f0d21c98300ef034c627ea3f34deee by Christoph Feck.
Committed on 03/08/2011 at 19:58.
Pushed by cfeck into branch 'master'.

Initialize pointer variable

CCBUG: 235020

M  +1    -1    kdeui/widgets/kcharselect.cpp

http://commits.kde.org/kdelibs/fd1ac854f8f0d21c98300ef034c627ea3f34deee
Comment 51 Christoph Feck 2011-08-03 18:58:23 UTC
Git commit 0a2a5468a7b18663f369b15f9f8850f7e15d1558 by Christoph Feck.
Committed on 03/08/2011 at 20:57.
Pushed by cfeck into branch 'master'.

Sanitize section height

CCBUG: 235020

M  +5    -2    kdeui/widgets/kcharselect.cpp

http://commits.kde.org/kdelibs/0a2a5468a7b18663f369b15f9f8850f7e15d1558
Comment 52 Christoph Feck 2011-08-03 22:45:57 UTC
*** Bug 279301 has been marked as a duplicate of this bug. ***
Comment 53 David Faure 2011-08-06 23:08:06 UTC
Git commit ecedf01713e211f66a8b07c6140a2e4ced45cd25 by David Faure, on behalf of Christoph Feck.
Committed on 03/08/2011 at 19:58.
Pushed by dfaure into branch 'KDE/4.7'.

Initialize pointer variable

CCBUG: 235020

M  +1    -1    kdeui/widgets/kcharselect.cpp

http://commits.kde.org/kdelibs/ecedf01713e211f66a8b07c6140a2e4ced45cd25
Comment 54 David Faure 2011-08-06 23:08:06 UTC
Git commit 3d92ac3be519514963fc25805ba4ed43ba5a1b84 by David Faure, on behalf of Christoph Feck.
Committed on 03/08/2011 at 20:57.
Pushed by dfaure into branch 'KDE/4.7'.

Sanitize section height

CCBUG: 235020

M  +5    -2    kdeui/widgets/kcharselect.cpp

http://commits.kde.org/kdelibs/3d92ac3be519514963fc25805ba4ed43ba5a1b84
Comment 55 Christoph Feck 2011-08-09 16:46:05 UTC
There is another patch waiting for review, it is a bit more invasive, so anyone who could reproduce this crash, might try it and give feedback.

https://git.reviewboard.kde.org/r/102263/
Comment 56 Radu-Cristian Fotescu 2011-08-11 02:15:32 UTC
Christoph,

What do you mean by "I NEVER could reproduce the crash, so I don't know if this changes anything at all."????

How could anyone attempt to fix a bug if (s)he is unable to reproduce it? Am I dreaming? (Bad dream.)

My comment 37 (#c37) should enable anyone to reproduce the bug!

Once again, I must be in a bad dream. It's impossible to fix a bug that you can't reproduce!
Comment 57 Michael Pyne 2011-08-11 03:42:15 UTC
In reply to comment 56, it is certainly possible to fix a bug that you cannot reproduce.

E.g. race condition bugs rely on timing, and are sometimes very sensitive to differences between machines. Memory alignment bugs are also highly hardware dependent.

Both classes of bugs tend to be harder to reproduce on x86 architectures (if they can be reproduced at all), since x86 memory barriers are generally less fine-grained, and x86 supports unaligned memory access (for most things) with a speed penalty but without crashing.

That doesn't mean that a developer cannot understand the cause of a bug and fix it, even if he can't get it to happen on his machine. I myself have fixed a couple of bugs that would never occur on my machine, but the cause eventually became clear due to code inspection. I have also diagnosed a Plasma bug that never happened on my system (though the actual fix was left to smarter Plasma developers).
Comment 58 Christoph Feck 2011-08-11 21:10:16 UTC
> How could anyone attempt to fix a bug if (s)he is unable to reproduce it?

By reading code?
Comment 59 Christoph Feck 2011-08-20 09:06:23 UTC
Git commit 0e4754a0eacd4528a4d2b369704afca9f36e366f by Christoph Feck.
Committed on 20/08/2011 at 11:00.
Pushed by cfeck into branch 'KDE/4.7'.

Fix crash in KCharSelect

- use Selected instead of Current table cell item
- emit correct signals on layout changes

Thanks Albert for confirmation!

BUG: 235020
FIXED-IN: 4.7.1
REVIEW: 102263

M  +7    -6    kdeui/widgets/kcharselect.cpp
M  +3    -3    kdeui/widgets/kcharselect_p.h

http://commits.kde.org/kdelibs/0e4754a0eacd4528a4d2b369704afca9f36e366f
Comment 60 Christoph Feck 2011-09-23 10:07:30 UTC
*** Bug 282577 has been marked as a duplicate of this bug. ***
Comment 61 Thorsteinn A. Malmjursson 2011-09-25 19:13:09 UTC
Created attachment 63957 [details]
New crash information added by DrKonqi

kcharselect (v1.9) on KDE Platform 4.7.00 (4.7.0) using Qt 4.7.2

- What I was doing when the application crashed:

I had been searching for a fish related symbol, moving through different sets of fonts, changed charset to Symbols, and kcharselect crashed immediately, going Signal 11.  This is a repeatable and serious fault, needs correction asap.

-- Backtrace (Reduced):
#7  KCharSelectItemModel::data (this=0x92db140, index=..., role=32) at ../../kdeui/widgets/kcharselect.cpp:867
#8  0x00d266f2 in KCharSelectTablePrivate::_k_slotCurrentChanged (this=0x93f1738, current=..., previous=...) at ../../kdeui/widgets/kcharselect.cpp:218
#9  0x00d2686f in KCharSelectTable::qt_metacall (this=0x93def00, _c=QMetaObject::InvokeMetaMethod, _id=<value optimized out>, _a=0xbf856414) at ./kcharselect_p.moc:87
[...]
#12 0x01569d59 in QItemSelectionModel::currentChanged (this=0x96b3048, _t1=..., _t2=...) at .moc/release-shared/moc_qitemselectionmodel.cpp:159
#13 0x01569e8f in QItemSelectionModel::setCurrentIndex (this=0x96b3048, index=..., command=...) at itemviews/qitemselectionmodel.cpp:1169
Comment 62 Michael Pyne 2011-09-25 23:29:41 UTC
Git commit 17be088532a9201f4582163ca5afc82a879121a7 by Michael Pyne.
Committed on 26/09/2011 at 01:10.
Pushed by mpyne into branch 'KDE/4.7'.

kcharselect: Improved precondition checking.

Apparently bug 235020 (crash in KCharSelect) is still around even in
kdelibs 4.7.0.

Harald Sitter had noted in comment 46 to that bug that the QModelIndex
should be checked before it is used, and the int type of pos means it
could overflow to be negative. Neither condition is checked for yet, so
check for them now.

Hopefully we really fix bug 235020 (or at least reduce severity away
from being a crasher).

This commit is for 4.7.2.

CCBUG:235020.

M  +3    -4    kdeui/widgets/kcharselect.cpp

http://commits.kde.org/kdelibs/17be088532a9201f4582163ca5afc82a879121a7
Comment 63 Christoph Feck 2011-10-03 15:42:47 UTC
*** Bug 283219 has been marked as a duplicate of this bug. ***
Comment 64 Christoph Feck 2011-10-12 22:16:43 UTC
*** Bug 283885 has been marked as a duplicate of this bug. ***
Comment 65 Christoph Feck 2011-10-27 12:55:26 UTC
*** Bug 285077 has been marked as a duplicate of this bug. ***
Comment 66 Eike Hein 2012-04-09 00:47:24 UTC
*** Bug 288593 has been marked as a duplicate of this bug. ***