Application: kwrite (4.5.00 (KDE 4.5.0)) KDE Platform Version: 4.5.00 (KDE 4.5.0) Qt Version: 4.6.3 Operating System: Linux 2.6.34-12-desktop x86_64 Distribution: "openSUSE 11.3 (x86_64)" -- Information about the crash: - What I was doing when the application crashed: I was dragged portion of text(from notes on plasma) and use close button. After answer to confirmation dialog kwrite crashesh. Information don't get lost. The crash can be reproduced every time. -- Backtrace: Application: KWrite (kdeinit4), signal: Segmentation fault [KCrash Handler] #6 0x00007f321e8e9f99 in free () from /lib64/libc.so.6 #7 0x00007f320b20f597 in qDeleteAll<QSet<Kate::TextCursor*>::const_iterator> (begin=..., end=...) at /usr/include/QtCore/qalgorithms.h:322 #8 0x00007f320b12d6f9 in qDeleteAll<QSet<Kate::TextCursor*> > (this=0x888200, __in_chrg=<value optimized out>) at /usr/include/QtCore/qalgorithms.h:330 #9 Kate::TextBuffer::~TextBuffer (this=0x888200, __in_chrg=<value optimized out>) at /usr/src/debug/kdelibs-4.5.0/kate/buffer/katetextbuffer.cpp:83 #10 0x00007f320b1635c9 in KateBuffer::~KateBuffer (this=0x888200, __in_chrg=<value optimized out>) at /usr/src/debug/kdelibs-4.5.0/kate/document/katebuffer.cpp:88 #11 0x00007f321fed88b4 in QObjectPrivate::deleteChildren (this=0x88bb40) at kernel/qobject.cpp:1986 #12 0x00007f321fedce15 in QObject::~QObject (this=0x885e60, __in_chrg=<value optimized out>) at kernel/qobject.cpp:975 #13 0x00007f3217827962 in KParts::Part::~Part (this=0x885e60, __vtt_parm=0x7f320b486280, __in_chrg=<value optimized out>) at /usr/src/debug/kdelibs-4.5.0/kparts/part.cpp:189 #14 0x00007f320b1d751c in KateDocument::~KateDocument (this=0x885e60, __in_chrg=<value optimized out>, __vtt_parm=<value optimized out>) at /usr/src/debug/kdelibs-4.5.0/kate/document/katedocument.cpp:268 #15 0x00007f320b1d7659 in KateDocument::~KateDocument (this=0x885e60, __in_chrg=<value optimized out>, __vtt_parm=<value optimized out>) at /usr/src/debug/kdelibs-4.5.0/kate/document/katedocument.cpp:308 #16 0x00007f3211bd298a in ?? () from /usr/lib64/libkdeinit4_kwrite.so #17 0x00007f3211bd29d9 in ?? () from /usr/lib64/libkdeinit4_kwrite.so #18 0x00007f321fed952d in QObject::event (this=0x8875c0, e=0xbcbbd0) at kernel/qobject.cpp:1231 #19 0x00007f321f0ec76d in QWidget::event (this=0x8875c0, event=0xbcbbd0) at kernel/qwidget.cpp:8501 #20 0x00007f321f498a6b in QMainWindow::event (this=0x8875c0, event=0xbcbbd0) at widgets/qmainwindow.cpp:1414 #21 0x00007f3220ba88f3 in KXmlGuiWindow::event (this=0x8875c0, ev=0xbcbbd0) at /usr/src/debug/kdelibs-4.5.0/kdeui/xmlgui/kxmlguiwindow.cpp:130 #22 0x00007f321f09c4d4 in QApplicationPrivate::notify_helper (this=0x683e60, receiver=0x8875c0, e=0xbcbbd0) at kernel/qapplication.cpp:4302 #23 0x00007f321f0a4aca in QApplication::notify (this=<value optimized out>, receiver=0x8875c0, e=0xbcbbd0) at kernel/qapplication.cpp:4185 #24 0x00007f3220b2d0b6 in KApplication::notify (this=0x7fff38cde920, receiver=0x8875c0, event=0xbcbbd0) at /usr/src/debug/kdelibs-4.5.0/kdeui/kernel/kapplication.cpp:310 #25 0x00007f321fec7e4c in QCoreApplication::notifyInternal (this=0x7fff38cde920, receiver=0x8875c0, event=0xbcbbd0) at kernel/qcoreapplication.cpp:726 #26 0x00007f321fecb5ba in sendEvent (receiver=0x0, event_type=0, data=0x60f500) at kernel/qcoreapplication.h:215 #27 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x60f500) at kernel/qcoreapplication.cpp:1367 #28 0x00007f321fef0173 in sendPostedEvents (s=<value optimized out>) at kernel/qcoreapplication.h:220 #29 postEventSourceDispatch (s=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:276 #30 0x00007f321ba4aa93 in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0 #31 0x00007f321ba4b270 in ?? () from /usr/lib64/libglib-2.0.so.0 #32 0x00007f321ba4b510 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0 #33 0x00007f321fef067f in QEventDispatcherGlib::processEvents (this=0x616ba0, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:412 #34 0x00007f321f13d14e in QGuiEventDispatcherGlib::processEvents (this=<value optimized out>, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:204 #35 0x00007f321fec7292 in QEventLoop::processEvents (this=<value optimized out>, flags=...) at kernel/qeventloop.cpp:149 #36 0x00007f321fec7495 in QEventLoop::exec (this=0x7fff38cde870, flags=...) at kernel/qeventloop.cpp:201 #37 0x00007f321fecb88b in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1003 #38 0x00007f3211bd1fcd in kdemain () from /usr/lib64/libkdeinit4_kwrite.so #39 0x00000000004074a9 in _start () Reported using DrKonqi
[Comment from a bug triager] From bug 255422: - What I was doing when the application crashed: I was editing normal text file (with unicode box drawing characters). I copy-pasted the file contents into my browser, came a back little later and used F4 to close kate, choose "Do not save" when asked what to do with unsaved changes. From bug 263518: -- Information about the crash: Editing some files, and close one caused this crash. My platform is kubuntu 10.10 with kde 4.5.1. - Updated backtrace (KDE SC 4.5.2): [KCrash Handler] #6 0x0000003634c7a78c in __libc_free (mem=0x160ef00) at malloc.c:3724 #7 0x00007fbac06347bf in qDeleteAll<QSet<Kate::TextCursor*>::const_iterator> (this=0x129d590, __in_chrg=<value optimized out>) at /usr/include/QtCore/qalgorithms.h:322 #8 qDeleteAll<QSet<Kate::TextCursor*> > (this=0x129d590, __in_chrg=<value optimized out>) at /usr/include/QtCore/qalgorithms.h:330 #9 Kate::TextBuffer::~TextBuffer (this=0x129d590, __in_chrg=<value optimized out>) at /usr/src/debug/kdelibs-4.5.2/kate/buffer/katetextbuffer.cpp:83 #10 0x00007fbac06ac169 in KateBuffer::~KateBuffer (this=0x129d590, __in_chrg=<value optimized out>) at /usr/src/debug/kdelibs-4.5.2/kate/document/katebuffer.cpp:88 #11 0x000000363f161e7c in QObjectPrivate::deleteChildren (this=0x129cb10) at kernel/qobject.cpp:1986 #12 0x000000363f168db4 in QObject::~QObject (this=0x129c730, __in_chrg=<value optimized out>) at kernel/qobject.cpp:975 #13 0x000000364a622d12 in KParts::Part::~Part (this=0x129c730, __vtt_parm=0x7fbac0a11fc0, __in_chrg=<value optimized out>) at /usr/src/debug/kdelibs-4.5.2/kparts/part.cpp:212 #14 0x00007fbac0687ff9 in KateDocument::~KateDocument (this=0x129c730, __in_chrg=<value optimized out>, __vtt_parm=<value optimized out>) at /usr/src/debug/kdelibs-4.5.2/kate/document/katedocument.cpp:308 #15 0x00007fbac0688259 in KateDocument::~KateDocument (this=0x129c730, __in_chrg=<value optimized out>, __vtt_parm=<value optimized out>) at /usr/src/debug/kdelibs-4.5.2/kate/document/katedocument.cpp:308 #16 0x000000363f161e7c in QObjectPrivate::deleteChildren (this=0x114a140) at kernel/qobject.cpp:1986 #17 0x000000363f168db4 in QObject::~QObject (this=0x10eda10, __in_chrg=<value optimized out>) at kernel/qobject.cpp:975 #18 0x000000363f1476e5 in QAbstractItemModel::~QAbstractItemModel (this=0x10eda10, __in_chrg=<value optimized out>) at kernel/qabstractitemmodel.cpp:1373 #19 0x0000003644a388aa in KateDocManager::~KateDocManager (this=0x10eda10, __in_chrg=<value optimized out>) at /usr/src/debug/kdesdk-4.5.2/kate/app/katedocmanager.cpp:116 #20 0x0000003644a38c49 in KateDocManager::~KateDocManager (this=0x10eda10, __in_chrg=<value optimized out>) at /usr/src/debug/kdesdk-4.5.2/kate/app/katedocmanager.cpp:116 #21 0x0000003644a31a79 in KateApp::~KateApp (this=0x7fffe3971310, __in_chrg=<value optimized out>) at /usr/src/debug/kdesdk-4.5.2/kate/app/kateapp.cpp:94
*** Bug 255422 has been marked as a duplicate of this bug. ***
*** Bug 263518 has been marked as a duplicate of this bug. ***
Created attachment 58023 [details] New crash information added by DrKonqi kate (3.6.0) on KDE Platform 4.6.00 (4.6.0) "release 375" using Qt 4.7.2 - What I was doing when the application crashed: I closed an empty file and the application crashed. -- Backtrace (Reduced): #7 0x00007fc5c17aa1d7 in qDeleteAll<QSet<Kate::TextCursor*>::const_iterator> (begin=..., end=...) at /usr/include/QtCore/qalgorithms.h:322 #8 0x00007fc5c16c4323 in qDeleteAll<QSet<Kate::TextCursor*> > (this=0x143fbb0, __in_chrg=<value optimized out>) at /usr/include/QtCore/qalgorithms.h:330 #9 Kate::TextBuffer::~TextBuffer (this=0x143fbb0, __in_chrg=<value optimized out>) at /usr/src/debug/kdelibs-4.6.0/kate/buffer/katetextbuffer.cpp:85 #10 0x00007fc5c16f6159 in KateBuffer::~KateBuffer (this=0x143fbb0, __in_chrg=<value optimized out>) at /usr/src/debug/kdelibs-4.6.0/kate/document/katebuffer.cpp:93 #11 0x00007fc5d813fc64 in QObjectPrivate::deleteChildren (this=0x12e06e0) at kernel/qobject.cpp:1955
*** Bug 262025 has been marked as a duplicate of this bug. ***
Can't reproduce, but looks like valid bug. Need way to reproduce :/
*** Bug 280758 has been marked as a duplicate of this bug. ***
*** Bug 262997 has been marked as a duplicate of this bug. ***
*** Bug 265045 has been marked as a duplicate of this bug. ***
*** Bug 283528 has been marked as a duplicate of this bug. ***
*** Bug 294665 has been marked as a duplicate of this bug. ***
*** Bug 297041 has been marked as a duplicate of this bug. ***
Still in KDE 4.8.1, see bug #297041.
*** Bug 315836 has been marked as a duplicate of this bug. ***
Created attachment 78788 [details] New crash information added by DrKonqi kate (3.10.2) on KDE Platform 4.10.2 using Qt 4.8.3 - What I was doing when the application crashed: I had dropped some text into kate and it died when I was closing that single untitled file with ctrl+w. I had other files open in kate. This has happened a lot to me lately. KDE 4.10.2 -- Backtrace (Reduced): #6 0x00007f9b6b15a5bc in __GI___libc_free (mem=0x21ad900) at malloc.c:2982 #7 0x00007f9b593c7ecf in qDeleteAll<QSet<Kate::TextCursor*>::const_iterator> (end=..., begin=...) at /usr/include/qt4/QtCore/qalgorithms.h:322 #8 qDeleteAll<QSet<Kate::TextCursor*> > (c=...) at /usr/include/qt4/QtCore/qalgorithms.h:330 #9 Kate::TextBuffer::~TextBuffer (this=0x226b0b0, __in_chrg=<optimized out>) at ../../part/buffer/katetextbuffer.cpp:94 #10 0x00007f9b59431e09 in KateBuffer::~KateBuffer (this=0x226b0b0, __in_chrg=<optimized out>) at ../../part/document/katebuffer.cpp:86
Pascal, we hoped to have that fixed for KDE 4.10.2. Your backtrace tells us otherwise. Most importantly: We need a way to reproduce. If you find a way to reproduce, please let us know! Did you maybe just upgrade to KDE 4.10.2 and didn't restart Kate yet? Do you have automatic spell checking enabled?
It seems to depend on the drag and drop operation. If it is a "copy" operation no problem. It if is a "move" operation, Kate crashes when closing the document. 1 open kate 2 Go To http://jsfiddle.net/H4wHk/ in a browser(tested firefox and chrome) 3 drag the "DRAG ME INTO KATE" into kate 4 It should say "Remy" inside kate 5 close the document and kate crashes
Valgrind trace of KDE 4.10 branch: ==9362== Invalid read of size 8 ==9362== at 0x192A4816: void qDeleteAll<QSet<Kate::TextCursor*>::const_iterator>(QSet<Kate::TextCursor*>::const_iterator, QSet<Kate::TextCursor*>::const_iterator) (qalgorithms.h:322) ==9362== by 0x192A365F: void qDeleteAll<QSet<Kate::TextCursor*> >(QSet<Kate::TextCursor*> const&) (qalgorithms.h:330) ==9362== by 0x1929E4DB: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:94) ==9362== by 0x1932FEB1: KateBuffer::~KateBuffer() (katebuffer.cpp:78) ==9362== by 0x1932FEE3: KateBuffer::~KateBuffer() (katebuffer.cpp:86) ==9362== by 0x7FF1321: QObjectPrivate::deleteChildren() (qobject.cpp:1916) ==9362== by 0x7FF5165: QObject::~QObject() (qobject.cpp:926) ==9362== by 0x52C4347: KParts::Part::~Part() (in /usr/lib64/libkparts.so.4.9.5) ==9362== by 0x5075F72: KTextEditor::Document::~Document() (document.cpp:135) ==9362== by 0x19308FF4: KateDocument::~KateDocument() (katedocument.cpp:227) ==9362== by 0x193090E5: KateDocument::~KateDocument() (katedocument.cpp:267) ==9362== by 0x4E3D411: KWrite::~KWrite() (kwritemain.cpp:140) ==9362== Address 0x139f0ff0 is 112 bytes inside a block of size 648 free'd ==9362== at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==9362== by 0x193C2E95: KateViewInternal::~KateViewInternal() (kateviewinternal.cpp:248) ==9362== by 0x193AE8D0: KateView::~KateView() (kateview.cpp:316) ==9362== by 0x193AEAC9: KateView::~KateView() (kateview.cpp:323) ==9362== by 0x4E3D3B9: KWrite::~KWrite() (kwritemain.cpp:135) ==9362== by 0x4E3D525: KWrite::~KWrite() (kwritemain.cpp:144) ==9362== by 0x7FF3607: QObject::event(QEvent*) (qobject.cpp:1184) ==9362== by 0x6CB6869: QWidget::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==9362== by 0x707B55A: QMainWindow::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==9362== by 0x675BEB7: KXmlGuiWindow::event(QEvent*) (in /usr/lib64/libkdeui.so.5.9.5) ==9362== by 0x6C6785B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==9362== by 0x6C6BCD9: QApplication::notify(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==9362== ==9362== Invalid write of size 8 ==9362== at 0x5089C8B: KTextEditor::MovingCursor::~MovingCursor() (movingcursor.cpp:34) ==9362== by 0x5089CBF: KTextEditor::MovingCursor::~MovingCursor() (movingcursor.cpp:36) ==9362== by 0x192A4824: void qDeleteAll<QSet<Kate::TextCursor*>::const_iterator>(QSet<Kate::TextCursor*>::const_iterator, QSet<Kate::TextCursor*>::const_iterator) (qalgorithms.h:322) ==9362== by 0x192A365F: void qDeleteAll<QSet<Kate::TextCursor*> >(QSet<Kate::TextCursor*> const&) (qalgorithms.h:330) ==9362== by 0x1929E4DB: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:94) ==9362== by 0x1932FEB1: KateBuffer::~KateBuffer() (katebuffer.cpp:78) ==9362== by 0x1932FEE3: KateBuffer::~KateBuffer() (katebuffer.cpp:86) ==9362== by 0x7FF1321: QObjectPrivate::deleteChildren() (qobject.cpp:1916) ==9362== by 0x7FF5165: QObject::~QObject() (qobject.cpp:926) ==9362== by 0x52C4347: KParts::Part::~Part() (in /usr/lib64/libkparts.so.4.9.5) ==9362== by 0x5075F72: KTextEditor::Document::~Document() (document.cpp:135) ==9362== by 0x19308FF4: KateDocument::~KateDocument() (katedocument.cpp:227) ==9362== Address 0x139f0ff0 is 112 bytes inside a block of size 648 free'd ==9362== at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==9362== by 0x193C2E95: KateViewInternal::~KateViewInternal() (kateviewinternal.cpp:248) ==9362== by 0x193AE8D0: KateView::~KateView() (kateview.cpp:316) ==9362== by 0x193AEAC9: KateView::~KateView() (kateview.cpp:323) ==9362== by 0x4E3D3B9: KWrite::~KWrite() (kwritemain.cpp:135) ==9362== by 0x4E3D525: KWrite::~KWrite() (kwritemain.cpp:144) ==9362== by 0x7FF3607: QObject::event(QEvent*) (qobject.cpp:1184) ==9362== by 0x6CB6869: QWidget::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==9362== by 0x707B55A: QMainWindow::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==9362== by 0x675BEB7: KXmlGuiWindow::event(QEvent*) (in /usr/lib64/libkdeui.so.5.9.5) ==9362== by 0x6C6785B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==9362== by 0x6C6BCD9: QApplication::notify(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==9362== ==9362== Invalid free() / delete / delete[] / realloc() ==9362== at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==9362== by 0x5089CCB: KTextEditor::MovingCursor::~MovingCursor() (movingcursor.cpp:36) ==9362== by 0x192A4824: void qDeleteAll<QSet<Kate::TextCursor*>::const_iterator>(QSet<Kate::TextCursor*>::const_iterator, QSet<Kate::TextCursor*>::const_iterator) (qalgorithms.h:322) ==9362== by 0x192A365F: void qDeleteAll<QSet<Kate::TextCursor*> >(QSet<Kate::TextCursor*> const&) (qalgorithms.h:330) ==9362== by 0x1929E4DB: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:94) ==9362== by 0x1932FEB1: KateBuffer::~KateBuffer() (katebuffer.cpp:78) ==9362== by 0x1932FEE3: KateBuffer::~KateBuffer() (katebuffer.cpp:86) ==9362== by 0x7FF1321: QObjectPrivate::deleteChildren() (qobject.cpp:1916) ==9362== by 0x7FF5165: QObject::~QObject() (qobject.cpp:926) ==9362== by 0x52C4347: KParts::Part::~Part() (in /usr/lib64/libkparts.so.4.9.5) ==9362== by 0x5075F72: KTextEditor::Document::~Document() (document.cpp:135) ==9362== by 0x19308FF4: KateDocument::~KateDocument() (katedocument.cpp:227) ==9362== Address 0x139f0ff0 is 112 bytes inside a block of size 648 free'd ==9362== at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==9362== by 0x193C2E95: KateViewInternal::~KateViewInternal() (kateviewinternal.cpp:248) ==9362== by 0x193AE8D0: KateView::~KateView() (kateview.cpp:316) ==9362== by 0x193AEAC9: KateView::~KateView() (kateview.cpp:323) ==9362== by 0x4E3D3B9: KWrite::~KWrite() (kwritemain.cpp:135) ==9362== by 0x4E3D525: KWrite::~KWrite() (kwritemain.cpp:144) ==9362== by 0x7FF3607: QObject::event(QEvent*) (qobject.cpp:1184) ==9362== by 0x6CB6869: QWidget::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==9362== by 0x707B55A: QMainWindow::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==9362== by 0x675BEB7: KXmlGuiWindow::event(QEvent*) (in /usr/lib64/libkdeui.so.5.9.5) ==9362== by 0x6C6785B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==9362== by 0x6C6BCD9: QApplication::notify(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==9362== ASSERT: "m_invalidCursors.empty()" in file /home/dhaumann/local/projects/kate/part/buffer/katetextbuffer.cpp, line 95 KCrash: Application 'kwrite' crashing... KCrash: Attempting to start /usr/lib64/kde4/libexec/drkonqi from kdeinit ==9362== Invalid read of size 4 ==9362== at 0x66C8090: ??? (in /usr/lib64/libkdeui.so.5.9.5) ==9362== by 0x66C8B95: ??? (in /usr/lib64/libkdeui.so.5.9.5) ==9362== by 0x66C8FA0: KCrash::defaultCrashHandler(int) (in /usr/lib64/libkdeui.so.5.9.5) ==9362== by 0x9312D9F: ??? (in /lib64/libc-2.15.so) ==9362== by 0x9312D24: raise (in /lib64/libc-2.15.so) ==9362== by 0x93141A7: abort (in /lib64/libc-2.15.so) ==9362== by 0x7ED8C13: qt_message_output(QtMsgType, char const*) (qglobal.cpp:2323) ==9362== by 0x7ED8DC7: qt_message(QtMsgType, char const*, __va_list_tag*) (qglobal.cpp:2369) ==9362== by 0x7ED8F53: qFatal(char const*, ...) (qglobal.cpp:2552) ==9362== by 0x7ED8F99: qt_assert(char const*, char const*, int) (qglobal.cpp:2018) ==9362== by 0x1929E50A: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:95) ==9362== by 0x1932FEB1: KateBuffer::~KateBuffer() (katebuffer.cpp:78) ==9362== Address 0xf540c10 is 0 bytes inside a block of size 3 alloc'd ==9362== at 0x4C2ABED: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==9362== by 0x66C7FF0: ??? (in /usr/lib64/libkdeui.so.5.9.5) ==9362== by 0x66C8B95: ??? (in /usr/lib64/libkdeui.so.5.9.5) ==9362== by 0x66C8FA0: KCrash::defaultCrashHandler(int) (in /usr/lib64/libkdeui.so.5.9.5) ==9362== by 0x9312D9F: ??? (in /lib64/libc-2.15.so) ==9362== by 0x9312D24: raise (in /lib64/libc-2.15.so) ==9362== by 0x93141A7: abort (in /lib64/libc-2.15.so) ==9362== by 0x7ED8C13: qt_message_output(QtMsgType, char const*) (qglobal.cpp:2323) ==9362== by 0x7ED8DC7: qt_message(QtMsgType, char const*, __va_list_tag*) (qglobal.cpp:2369) ==9362== by 0x7ED8F53: qFatal(char const*, ...) (qglobal.cpp:2552) ==9362== by 0x7ED8F99: qt_assert(char const*, char const*, int) (qglobal.cpp:2018) ==9362== by 0x1929E50A: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:95) ==9362== sock_file=/home/dhaumann/.kde4/socket-obiwan/kdeinit4__0
Kate master: [KCrash Handler] #5 0x00007f5d8da40114 in free () from /lib64/libc.so.6 #6 0x00007f5d91e08ccc in KTextEditor::MovingCursor::~MovingCursor (this=0x1fbec48, __in_chrg=<optimized out>) at /home/dhaumann/local/projects/kate/ktexteditor/movingcursor.cpp:36 #7 0x00007f5d81b4166d in qDeleteAll<QSet<Kate::TextCursor*>::const_iterator> (begin=..., end=...) at /usr/include/QtCore/qalgorithms.h:322 #8 0x00007f5d81b408fc in qDeleteAll<QSet<Kate::TextCursor*> > (c=...) at /usr/include/QtCore/qalgorithms.h:330 #9 0x00007f5d81b3bc30 in Kate::TextBuffer::~TextBuffer (this=0x1b9fbf0, __in_chrg=<optimized out>) at /home/dhaumann/local/projects/kate/part/buffer/katetextbuffer.cpp:96 #10 0x00007f5d81bd2c62 in KateBuffer::~KateBuffer (this=0x1b9fbf0, __in_chrg=<optimized out>) at /home/dhaumann/local/projects/kate/part/document/katebuffer.cpp:78 #11 0x00007f5d81bd2c94 in KateBuffer::~KateBuffer (this=0x1b9fbf0, __in_chrg=<optimized out>) at /home/dhaumann/local/projects/kate/part/document/katebuffer.cpp:86 #12 0x00007f5d8ee98322 in QObjectPrivate::deleteChildren (this=this@entry=0x1b73020) at kernel/qobject.cpp:1916 #13 0x00007f5d8ee9c166 in QObject::~QObject (this=0x1b72c10, __in_chrg=<optimized out>) at kernel/qobject.cpp:926 #14 0x00007f5d91b7a348 in KParts::Part::~Part() () from /usr/lib64/libkparts.so.4 #15 0x00007f5d91df4f73 in KTextEditor::Document::~Document (this=0x1b72c10, __vtt_parm=0x7f5d81ff4b48 <VTT for KateDocument+8>, __in_chrg=<optimized out>) at /home/dhaumann/local/projects/kate/ktexteditor/document.cpp:135 #16 0x00007f5d81babcf3 in KateDocument::~KateDocument (this=0x1b72c10, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /home/dhaumann/local/projects/kate/part/document/katedocument.cpp:226 #17 0x00007f5d81babde4 in KateDocument::~KateDocument (this=0x1b72c10, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /home/dhaumann/local/projects/kate/part/document/katedocument.cpp:266 #18 0x00007f5d9202a472 in KWrite::~KWrite (this=0x1b74e50, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /home/dhaumann/local/projects/kate/kwrite/kwritemain.cpp:140 valgrind trace of kate master: ==13031== Invalid read of size 8 ==13031== at 0x192A865E: void qDeleteAll<QSet<Kate::TextCursor*>::const_iterator>(QSet<Kate::TextCursor*>::const_iterator, QSet<Kate::TextCursor*>::const_iterator) (qalgorithms.h:322) ==13031== by 0x192A78FB: void qDeleteAll<QSet<Kate::TextCursor*> >(QSet<Kate::TextCursor*> const&) (qalgorithms.h:330) ==13031== by 0x192A2C2F: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:96) ==13031== by 0x19339C61: KateBuffer::~KateBuffer() (katebuffer.cpp:78) ==13031== by 0x19339C93: KateBuffer::~KateBuffer() (katebuffer.cpp:86) ==13031== by 0x7FF1321: QObjectPrivate::deleteChildren() (qobject.cpp:1916) ==13031== by 0x7FF5165: QObject::~QObject() (qobject.cpp:926) ==13031== by 0x52C4347: KParts::Part::~Part() (in /usr/lib64/libkparts.so.4.9.5) ==13031== by 0x5075F72: KTextEditor::Document::~Document() (document.cpp:135) ==13031== by 0x19312CF2: KateDocument::~KateDocument() (katedocument.cpp:226) ==13031== by 0x19312DE3: KateDocument::~KateDocument() (katedocument.cpp:266) ==13031== by 0x4E3D471: KWrite::~KWrite() (kwritemain.cpp:140) ==13031== Address 0x125015a8 is 136 bytes inside a block of size 664 free'd ==13031== at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13031== by 0x193C35E7: KateViewInternal::~KateViewInternal() (kateviewinternal.cpp:239) ==13031== by 0x193AF5CC: KateView::~KateView() (kateview.cpp:314) ==13031== by 0x193AF7E9: KateView::~KateView() (kateview.cpp:321) ==13031== by 0x4E3D419: KWrite::~KWrite() (kwritemain.cpp:135) ==13031== by 0x4E3D585: KWrite::~KWrite() (kwritemain.cpp:144) ==13031== by 0x7FF3607: QObject::event(QEvent*) (qobject.cpp:1184) ==13031== by 0x6CB6869: QWidget::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==13031== by 0x707B55A: QMainWindow::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==13031== by 0x675BEB7: KXmlGuiWindow::event(QEvent*) (in /usr/lib64/libkdeui.so.5.9.5) ==13031== by 0x6C6785B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==13031== by 0x6C6BCD9: QApplication::notify(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==13031== ==13031== Invalid write of size 8 ==13031== at 0x5089C8B: KTextEditor::MovingCursor::~MovingCursor() (movingcursor.cpp:34) ==13031== by 0x5089CBF: KTextEditor::MovingCursor::~MovingCursor() (movingcursor.cpp:36) ==13031== by 0x192A866C: void qDeleteAll<QSet<Kate::TextCursor*>::const_iterator>(QSet<Kate::TextCursor*>::const_iterator, QSet<Kate::TextCursor*>::const_iterator) (qalgorithms.h:322) ==13031== by 0x192A78FB: void qDeleteAll<QSet<Kate::TextCursor*> >(QSet<Kate::TextCursor*> const&) (qalgorithms.h:330) ==13031== by 0x192A2C2F: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:96) ==13031== by 0x19339C61: KateBuffer::~KateBuffer() (katebuffer.cpp:78) ==13031== by 0x19339C93: KateBuffer::~KateBuffer() (katebuffer.cpp:86) ==13031== by 0x7FF1321: QObjectPrivate::deleteChildren() (qobject.cpp:1916) ==13031== by 0x7FF5165: QObject::~QObject() (qobject.cpp:926) ==13031== by 0x52C4347: KParts::Part::~Part() (in /usr/lib64/libkparts.so.4.9.5) ==13031== by 0x5075F72: KTextEditor::Document::~Document() (document.cpp:135) ==13031== by 0x19312CF2: KateDocument::~KateDocument() (katedocument.cpp:226) ==13031== Address 0x125015a8 is 136 bytes inside a block of size 664 free'd ==13031== at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13031== by 0x193C35E7: KateViewInternal::~KateViewInternal() (kateviewinternal.cpp:239) ==13031== by 0x193AF5CC: KateView::~KateView() (kateview.cpp:314) ==13031== by 0x193AF7E9: KateView::~KateView() (kateview.cpp:321) ==13031== by 0x4E3D419: KWrite::~KWrite() (kwritemain.cpp:135) ==13031== by 0x4E3D585: KWrite::~KWrite() (kwritemain.cpp:144) ==13031== by 0x7FF3607: QObject::event(QEvent*) (qobject.cpp:1184) ==13031== by 0x6CB6869: QWidget::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==13031== by 0x707B55A: QMainWindow::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==13031== by 0x675BEB7: KXmlGuiWindow::event(QEvent*) (in /usr/lib64/libkdeui.so.5.9.5) ==13031== by 0x6C6785B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==13031== by 0x6C6BCD9: QApplication::notify(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==13031== ==13031== Invalid free() / delete / delete[] / realloc() ==13031== at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13031== by 0x5089CCB: KTextEditor::MovingCursor::~MovingCursor() (movingcursor.cpp:36) ==13031== by 0x192A866C: void qDeleteAll<QSet<Kate::TextCursor*>::const_iterator>(QSet<Kate::TextCursor*>::const_iterator, QSet<Kate::TextCursor*>::const_iterator) (qalgorithms.h:322) ==13031== by 0x192A78FB: void qDeleteAll<QSet<Kate::TextCursor*> >(QSet<Kate::TextCursor*> const&) (qalgorithms.h:330) ==13031== by 0x192A2C2F: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:96) ==13031== by 0x19339C61: KateBuffer::~KateBuffer() (katebuffer.cpp:78) ==13031== by 0x19339C93: KateBuffer::~KateBuffer() (katebuffer.cpp:86) ==13031== by 0x7FF1321: QObjectPrivate::deleteChildren() (qobject.cpp:1916) ==13031== by 0x7FF5165: QObject::~QObject() (qobject.cpp:926) ==13031== by 0x52C4347: KParts::Part::~Part() (in /usr/lib64/libkparts.so.4.9.5) ==13031== by 0x5075F72: KTextEditor::Document::~Document() (document.cpp:135) ==13031== by 0x19312CF2: KateDocument::~KateDocument() (katedocument.cpp:226) ==13031== Address 0x125015a8 is 136 bytes inside a block of size 664 free'd ==13031== at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13031== by 0x193C35E7: KateViewInternal::~KateViewInternal() (kateviewinternal.cpp:239) ==13031== by 0x193AF5CC: KateView::~KateView() (kateview.cpp:314) ==13031== by 0x193AF7E9: KateView::~KateView() (kateview.cpp:321) ==13031== by 0x4E3D419: KWrite::~KWrite() (kwritemain.cpp:135) ==13031== by 0x4E3D585: KWrite::~KWrite() (kwritemain.cpp:144) ==13031== by 0x7FF3607: QObject::event(QEvent*) (qobject.cpp:1184) ==13031== by 0x6CB6869: QWidget::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==13031== by 0x707B55A: QMainWindow::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==13031== by 0x675BEB7: KXmlGuiWindow::event(QEvent*) (in /usr/lib64/libkdeui.so.5.9.5) ==13031== by 0x6C6785B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==13031== by 0x6C6BCD9: QApplication::notify(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4) ==13031== ASSERT: "m_invalidCursors.empty()" in file /home/dhaumann/local/projects/kate/part/buffer/katetextbuffer.cpp, line 97 KCrash: Application 'kwrite' crashing... KCrash: Attempting to start /usr/lib64/kde4/libexec/drkonqi from kdeinit ==13031== Invalid read of size 4 ==13031== at 0x66C8090: ??? (in /usr/lib64/libkdeui.so.5.9.5) ==13031== by 0x66C8B95: ??? (in /usr/lib64/libkdeui.so.5.9.5) ==13031== by 0x66C8FA0: KCrash::defaultCrashHandler(int) (in /usr/lib64/libkdeui.so.5.9.5) ==13031== by 0x9312D9F: ??? (in /lib64/libc-2.15.so) ==13031== by 0x9312D24: raise (in /lib64/libc-2.15.so) ==13031== by 0x93141A7: abort (in /lib64/libc-2.15.so) ==13031== by 0x7ED8C13: qt_message_output(QtMsgType, char const*) (qglobal.cpp:2323) ==13031== by 0x7ED8DC7: qt_message(QtMsgType, char const*, __va_list_tag*) (qglobal.cpp:2369) ==13031== by 0x7ED8F53: qFatal(char const*, ...) (qglobal.cpp:2552) ==13031== by 0x7ED8F99: qt_assert(char const*, char const*, int) (qglobal.cpp:2018) ==13031== by 0x192A2C5E: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:97) ==13031== by 0x19339C61: KateBuffer::~KateBuffer() (katebuffer.cpp:78) ==13031== Address 0xfcc1270 is 0 bytes inside a block of size 3 alloc'd ==13031== at 0x4C2ABED: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==13031== by 0x66C7FF0: ??? (in /usr/lib64/libkdeui.so.5.9.5) ==13031== by 0x66C8B95: ??? (in /usr/lib64/libkdeui.so.5.9.5) ==13031== by 0x66C8FA0: KCrash::defaultCrashHandler(int) (in /usr/lib64/libkdeui.so.5.9.5) ==13031== by 0x9312D9F: ??? (in /lib64/libc-2.15.so) ==13031== by 0x9312D24: raise (in /lib64/libc-2.15.so) ==13031== by 0x93141A7: abort (in /lib64/libc-2.15.so) ==13031== by 0x7ED8C13: qt_message_output(QtMsgType, char const*) (qglobal.cpp:2323) ==13031== by 0x7ED8DC7: qt_message(QtMsgType, char const*, __va_list_tag*) (qglobal.cpp:2369) ==13031== by 0x7ED8F53: qFatal(char const*, ...) (qglobal.cpp:2552) ==13031== by 0x7ED8F99: qt_assert(char const*, char const*, int) (qglobal.cpp:2018) ==13031== by 0x192A2C5E: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:97) ==13031==
Proposed patch: diff --git a/part/buffer/katetextcursor.cpp b/part/buffer/katetextcursor.cpp index 9214e96..6875e35 100644 --- a/part/buffer/katetextcursor.cpp +++ b/part/buffer/katetextcursor.cpp @@ -110,6 +110,10 @@ void TextCursor::setPosition(const KTextEditor::Cursor& position, bool init) } #endif + // if cursor was invalid before, remove it from invalid cursor list + if (!m_block) + m_buffer.m_invalidCursors.remove (this); + // else: valid cursor m_block = block; m_line = position.line () - m_block->startLine ();
The problem is twofold: 1. without the patch, it seems the invalid cursor is not removed 2. Kate::View has a (non-pointer) variable Kate::TextRange m_selection; hence deleting the text-range itself. It is very strange that this bug did not appear more frequently...
> It is very strange that this bug did not appear more frequently... I think it's because it only happens when the DnD operation is a MOVE operation. By far the most DnD operations I've tested it against is COPY.
Correct, if drag&dropping a note from Plasma Notes, it crashes, too. But if doing the same with CTRL, it does not crash.
Git commit f93802fdadcdcc1236857d5b6ddde0850305dfbd by Dominik Haumann. Committed on 11/04/2013 at 15:00. Pushed by dhaumann into branch 'master'. unit test for crash in MovingCursor this has nothing to do with MovingRanges M +19 -0 tests/movingcursor_test.cpp M +1 -0 tests/movingcursor_test.h http://commits.kde.org/kate/f93802fdadcdcc1236857d5b6ddde0850305dfbd
Created attachment 78805 [details] fix moving cursor crash I'm 100% sure this patch is correct. Still, can you confirm, Christoph? This essentially means, that basically no one uses KTE::MovingCursors so far, and if so, they were very rarely invalid.
More on this: KateViewInternal::dropEvent() is imo a bit buggy: // fix the cursor position before editStart(), so that it is correctly // stored for the undo action KTextEditor::Cursor targetCursor(m_cursor); // backup current cursor int selectionWidth = m_view->selectionRange().columnWidth(); // for block selection int selectionHeight = m_view->selectionRange().numberOfLines(); // for block selection if ( event->dropAction() != Qt::CopyAction ) { (*) editSetCursor(m_view->selectionRange().end()); } else { m_view->clearSelection(); } (*) Here we set the cursor to selectionRange().end(), which is invalid if there is not selection. This is why the crash happened in the first place later. The code should check for the validity of the selection, but to be honest, this code looks quite old anyways. So Maybe it should be cleaned up ;)
Git commit a898d98835972c40d71663ca3453598289ecc50e by Dominik Haumann. Committed on 11/04/2013 at 15:55. Pushed by dhaumann into branch 'master'. fix crash in MovingCursors not associated to MovingRanges M +7 -0 part/buffer/katetextcursor.cpp http://commits.kde.org/kate/a898d98835972c40d71663ca3453598289ecc50e
Git commit 92e4a4715604673a8d8afb131897aa9ddce46198 by Dominik Haumann. Committed on 11/04/2013 at 15:55. Pushed by dhaumann into branch 'KDE/4.10'. fix crash in MovingCursors not associated to MovingRanges M +7 -0 part/buffer/katetextcursor.cpp http://commits.kde.org/kate/92e4a4715604673a8d8afb131897aa9ddce46198
Fixed in KDE 4.10.3. Thanks for the steps to reproduce, Pascal.
Git commit 69121e434e25f8f4c8ee92a1771a8e87913b3559 by Dominik Haumann. Committed on 11/04/2013 at 15:55. Pushed by dhaumann into branch 'KDE/4.9'. fix crash in MovingCursors not associated to MovingRanges M +7 -0 part/buffer/katetextcursor.cpp http://commits.kde.org/kate/69121e434e25f8f4c8ee92a1771a8e87913b3559