Bug 248926 - KWrite/Kate sometimes crash on close (d&d related) [qDeleteAll<QSet<Kate::TextCursor*>>, ~TextBuffer, ~KateBuffer, ..., ~KateDocument]
Summary: KWrite/Kate sometimes crash on close (d&d related) [qDeleteAll<QSet<Kate::Tex...
Status: RESOLVED FIXED
Alias: None
Product: kate
Classification: Applications
Component: part (show other bugs)
Version: unspecified
Platform: openSUSE Linux
: VHI crash
Target Milestone: ---
Assignee: KWrite Developers
URL:
Keywords:
: 255422 262025 262997 263518 265045 280758 283528 294665 297041 315836 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-08-24 20:25 UTC by Lach Sławomir
Modified: 2013-04-11 14:08 UTC (History)
14 users (show)

See Also:
Latest Commit: http://commits.kde.org/kate/69121e434e25f8f4c8ee92a1771a8e87913b3559
Version Fixed In: 4.10.3

Attachments
New crash information added by DrKonqi (7.32 KB, text/plain)
2011-03-15 10:45 UTC, Víctor Fernández Martínez 		Details
New crash information added by DrKonqi (8.33 KB, text/plain)
2013-04-11 08:35 UTC, Pascal d'Hermilly 		Details
fix moving cursor crash (914 bytes, patch)
2013-04-11 13:31 UTC, Dominik Haumann 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Lach Sławomir 2010-08-24 20:25:05 UTC 
Application: kwrite (4.5.00 (KDE 4.5.0))
KDE Platform Version: 4.5.00 (KDE 4.5.0)
Qt Version: 4.6.3
Operating System: Linux 2.6.34-12-desktop x86_64
Distribution: "openSUSE 11.3 (x86_64)"

-- Information about the crash:
- What I was doing when the application crashed:

I was dragged portion of text(from notes on plasma) and use close button. After answer to confirmation dialog kwrite crashesh. Information don't get lost.

The crash can be reproduced every time.

-- Backtrace:
Application: KWrite (kdeinit4), signal: Segmentation fault
[KCrash Handler]
#6  0x00007f321e8e9f99 in free () from /lib64/libc.so.6
#7  0x00007f320b20f597 in qDeleteAll<QSet<Kate::TextCursor*>::const_iterator> (begin=..., end=...) at /usr/include/QtCore/qalgorithms.h:322
#8  0x00007f320b12d6f9 in qDeleteAll<QSet<Kate::TextCursor*> > (this=0x888200, __in_chrg=<value optimized out>) at /usr/include/QtCore/qalgorithms.h:330
#9  Kate::TextBuffer::~TextBuffer (this=0x888200, __in_chrg=<value optimized out>) at /usr/src/debug/kdelibs-4.5.0/kate/buffer/katetextbuffer.cpp:83
#10 0x00007f320b1635c9 in KateBuffer::~KateBuffer (this=0x888200, __in_chrg=<value optimized out>) at /usr/src/debug/kdelibs-4.5.0/kate/document/katebuffer.cpp:88
#11 0x00007f321fed88b4 in QObjectPrivate::deleteChildren (this=0x88bb40) at kernel/qobject.cpp:1986
#12 0x00007f321fedce15 in QObject::~QObject (this=0x885e60, __in_chrg=<value optimized out>) at kernel/qobject.cpp:975
#13 0x00007f3217827962 in KParts::Part::~Part (this=0x885e60, __vtt_parm=0x7f320b486280, __in_chrg=<value optimized out>) at /usr/src/debug/kdelibs-4.5.0/kparts/part.cpp:189
#14 0x00007f320b1d751c in KateDocument::~KateDocument (this=0x885e60, __in_chrg=<value optimized out>, __vtt_parm=<value optimized out>)
    at /usr/src/debug/kdelibs-4.5.0/kate/document/katedocument.cpp:268
#15 0x00007f320b1d7659 in KateDocument::~KateDocument (this=0x885e60, __in_chrg=<value optimized out>, __vtt_parm=<value optimized out>)
    at /usr/src/debug/kdelibs-4.5.0/kate/document/katedocument.cpp:308
#16 0x00007f3211bd298a in ?? () from /usr/lib64/libkdeinit4_kwrite.so
#17 0x00007f3211bd29d9 in ?? () from /usr/lib64/libkdeinit4_kwrite.so
#18 0x00007f321fed952d in QObject::event (this=0x8875c0, e=0xbcbbd0) at kernel/qobject.cpp:1231
#19 0x00007f321f0ec76d in QWidget::event (this=0x8875c0, event=0xbcbbd0) at kernel/qwidget.cpp:8501
#20 0x00007f321f498a6b in QMainWindow::event (this=0x8875c0, event=0xbcbbd0) at widgets/qmainwindow.cpp:1414
#21 0x00007f3220ba88f3 in KXmlGuiWindow::event (this=0x8875c0, ev=0xbcbbd0) at /usr/src/debug/kdelibs-4.5.0/kdeui/xmlgui/kxmlguiwindow.cpp:130
#22 0x00007f321f09c4d4 in QApplicationPrivate::notify_helper (this=0x683e60, receiver=0x8875c0, e=0xbcbbd0) at kernel/qapplication.cpp:4302
#23 0x00007f321f0a4aca in QApplication::notify (this=<value optimized out>, receiver=0x8875c0, e=0xbcbbd0) at kernel/qapplication.cpp:4185
#24 0x00007f3220b2d0b6 in KApplication::notify (this=0x7fff38cde920, receiver=0x8875c0, event=0xbcbbd0) at /usr/src/debug/kdelibs-4.5.0/kdeui/kernel/kapplication.cpp:310
#25 0x00007f321fec7e4c in QCoreApplication::notifyInternal (this=0x7fff38cde920, receiver=0x8875c0, event=0xbcbbd0) at kernel/qcoreapplication.cpp:726
#26 0x00007f321fecb5ba in sendEvent (receiver=0x0, event_type=0, data=0x60f500) at kernel/qcoreapplication.h:215
#27 QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x60f500) at kernel/qcoreapplication.cpp:1367
#28 0x00007f321fef0173 in sendPostedEvents (s=<value optimized out>) at kernel/qcoreapplication.h:220
#29 postEventSourceDispatch (s=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:276
#30 0x00007f321ba4aa93 in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#31 0x00007f321ba4b270 in ?? () from /usr/lib64/libglib-2.0.so.0
#32 0x00007f321ba4b510 in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#33 0x00007f321fef067f in QEventDispatcherGlib::processEvents (this=0x616ba0, flags=<value optimized out>) at kernel/qeventdispatcher_glib.cpp:412
#34 0x00007f321f13d14e in QGuiEventDispatcherGlib::processEvents (this=<value optimized out>, flags=<value optimized out>) at kernel/qguieventdispatcher_glib.cpp:204
#35 0x00007f321fec7292 in QEventLoop::processEvents (this=<value optimized out>, flags=...) at kernel/qeventloop.cpp:149
#36 0x00007f321fec7495 in QEventLoop::exec (this=0x7fff38cde870, flags=...) at kernel/qeventloop.cpp:201
#37 0x00007f321fecb88b in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1003
#38 0x00007f3211bd1fcd in kdemain () from /usr/lib64/libkdeinit4_kwrite.so
#39 0x00000000004074a9 in _start ()

Reported using DrKonqi
Comment 1 Dario Andres 2011-01-23 16:08:03 UTC 
[Comment from a bug triager]
From bug 255422:
- What I was doing when the application crashed:
I was editing normal text file (with unicode box drawing characters). I
copy-pasted the file contents into my browser, came a back little later and
used F4 to close kate, choose "Do not save" when asked what to do with unsaved
changes.

From bug 263518:
-- Information about the crash:
Editing some files, and close one caused this crash.
My platform is kubuntu 10.10 with kde 4.5.1.

- Updated backtrace (KDE SC 4.5.2):
[KCrash Handler]
#6  0x0000003634c7a78c in __libc_free (mem=0x160ef00) at malloc.c:3724
#7  0x00007fbac06347bf in qDeleteAll<QSet<Kate::TextCursor*>::const_iterator>
(this=0x129d590, __in_chrg=<value optimized out>) at
/usr/include/QtCore/qalgorithms.h:322
#8  qDeleteAll<QSet<Kate::TextCursor*> > (this=0x129d590, __in_chrg=<value
optimized out>) at /usr/include/QtCore/qalgorithms.h:330
#9  Kate::TextBuffer::~TextBuffer (this=0x129d590, __in_chrg=<value optimized
out>) at /usr/src/debug/kdelibs-4.5.2/kate/buffer/katetextbuffer.cpp:83
#10 0x00007fbac06ac169 in KateBuffer::~KateBuffer (this=0x129d590,
__in_chrg=<value optimized out>) at
/usr/src/debug/kdelibs-4.5.2/kate/document/katebuffer.cpp:88
#11 0x000000363f161e7c in QObjectPrivate::deleteChildren (this=0x129cb10) at
kernel/qobject.cpp:1986
#12 0x000000363f168db4 in QObject::~QObject (this=0x129c730, __in_chrg=<value
optimized out>) at kernel/qobject.cpp:975
#13 0x000000364a622d12 in KParts::Part::~Part (this=0x129c730,
__vtt_parm=0x7fbac0a11fc0, __in_chrg=<value optimized out>) at
/usr/src/debug/kdelibs-4.5.2/kparts/part.cpp:212
#14 0x00007fbac0687ff9 in KateDocument::~KateDocument (this=0x129c730,
__in_chrg=<value optimized out>, __vtt_parm=<value optimized out>)
    at /usr/src/debug/kdelibs-4.5.2/kate/document/katedocument.cpp:308
#15 0x00007fbac0688259 in KateDocument::~KateDocument (this=0x129c730,
__in_chrg=<value optimized out>, __vtt_parm=<value optimized out>)
    at /usr/src/debug/kdelibs-4.5.2/kate/document/katedocument.cpp:308
#16 0x000000363f161e7c in QObjectPrivate::deleteChildren (this=0x114a140) at
kernel/qobject.cpp:1986
#17 0x000000363f168db4 in QObject::~QObject (this=0x10eda10, __in_chrg=<value
optimized out>) at kernel/qobject.cpp:975
#18 0x000000363f1476e5 in QAbstractItemModel::~QAbstractItemModel
(this=0x10eda10, __in_chrg=<value optimized out>) at
kernel/qabstractitemmodel.cpp:1373
#19 0x0000003644a388aa in KateDocManager::~KateDocManager (this=0x10eda10,
__in_chrg=<value optimized out>) at
/usr/src/debug/kdesdk-4.5.2/kate/app/katedocmanager.cpp:116
#20 0x0000003644a38c49 in KateDocManager::~KateDocManager (this=0x10eda10,
__in_chrg=<value optimized out>) at
/usr/src/debug/kdesdk-4.5.2/kate/app/katedocmanager.cpp:116
#21 0x0000003644a31a79 in KateApp::~KateApp (this=0x7fffe3971310,
__in_chrg=<value optimized out>) at
/usr/src/debug/kdesdk-4.5.2/kate/app/kateapp.cpp:94
Comment 2 Dario Andres 2011-01-23 16:08:38 UTC 
*** Bug 255422 has been marked as a duplicate of this bug. ***
Comment 3 Dario Andres 2011-01-23 16:08:47 UTC 
*** Bug 263518 has been marked as a duplicate of this bug. ***
Comment 4 Víctor Fernández Martínez 2011-03-15 10:45:49 UTC 
Created attachment 58023 [details]
New crash information added by DrKonqi

kate (3.6.0) on KDE Platform 4.6.00 (4.6.0) "release 375" using Qt 4.7.2

- What I was doing when the application crashed:

I closed an empty file and the application crashed.

-- Backtrace (Reduced):
#7  0x00007fc5c17aa1d7 in qDeleteAll<QSet<Kate::TextCursor*>::const_iterator> (begin=..., end=...) at /usr/include/QtCore/qalgorithms.h:322
#8  0x00007fc5c16c4323 in qDeleteAll<QSet<Kate::TextCursor*> > (this=0x143fbb0, __in_chrg=<value optimized out>) at /usr/include/QtCore/qalgorithms.h:330
#9  Kate::TextBuffer::~TextBuffer (this=0x143fbb0, __in_chrg=<value optimized out>) at /usr/src/debug/kdelibs-4.6.0/kate/buffer/katetextbuffer.cpp:85
#10 0x00007fc5c16f6159 in KateBuffer::~KateBuffer (this=0x143fbb0, __in_chrg=<value optimized out>) at /usr/src/debug/kdelibs-4.6.0/kate/document/katebuffer.cpp:93
#11 0x00007fc5d813fc64 in QObjectPrivate::deleteChildren (this=0x12e06e0) at kernel/qobject.cpp:1955
Comment 5 Dominik Haumann 2011-06-25 17:54:50 UTC 
*** Bug 262025 has been marked as a duplicate of this bug. ***
Comment 6 Christoph Cullmann 2011-08-11 15:30:26 UTC 
Can't reproduce, but looks like valid bug. Need way to reproduce :/
Comment 7 Dominik Haumann 2011-09-09 13:40:40 UTC 
*** Bug 280758 has been marked as a duplicate of this bug. ***
Comment 8 Dominik Haumann 2011-09-09 13:42:31 UTC 
*** Bug 262997 has been marked as a duplicate of this bug. ***
Comment 9 Dominik Haumann 2011-09-09 13:43:40 UTC 
*** Bug 265045 has been marked as a duplicate of this bug. ***
Comment 10 Dominik Haumann 2011-10-08 21:08:10 UTC 
*** Bug 283528 has been marked as a duplicate of this bug. ***
Comment 11 Jekyll Wu 2012-02-23 10:58:05 UTC 
*** Bug 294665 has been marked as a duplicate of this bug. ***
Comment 12 Dominik Haumann 2012-03-29 18:00:18 UTC 
*** Bug 297041 has been marked as a duplicate of this bug. ***
Comment 13 Dominik Haumann 2012-03-29 18:02:47 UTC 
Still in KDE 4.8.1, see bug #297041.
Comment 14 Kevin Funk 2013-02-27 10:31:36 UTC 
*** Bug 315836 has been marked as a duplicate of this bug. ***
Comment 15 Pascal d'Hermilly 2013-04-11 08:35:33 UTC 
Created attachment 78788 [details]
New crash information added by DrKonqi

kate (3.10.2) on KDE Platform 4.10.2 using Qt 4.8.3

- What I was doing when the application crashed:
I had dropped some text into kate and it died when I was closing that single untitled file with ctrl+w. I had other files open in kate. 
This has happened a lot to me lately.
KDE 4.10.2

-- Backtrace (Reduced):
#6  0x00007f9b6b15a5bc in __GI___libc_free (mem=0x21ad900) at malloc.c:2982
#7  0x00007f9b593c7ecf in qDeleteAll<QSet<Kate::TextCursor*>::const_iterator> (end=..., begin=...) at /usr/include/qt4/QtCore/qalgorithms.h:322
#8  qDeleteAll<QSet<Kate::TextCursor*> > (c=...) at /usr/include/qt4/QtCore/qalgorithms.h:330
#9  Kate::TextBuffer::~TextBuffer (this=0x226b0b0, __in_chrg=<optimized out>) at ../../part/buffer/katetextbuffer.cpp:94
#10 0x00007f9b59431e09 in KateBuffer::~KateBuffer (this=0x226b0b0, __in_chrg=<optimized out>) at ../../part/document/katebuffer.cpp:86
Comment 16 Dominik Haumann 2013-04-11 09:03:33 UTC 
Pascal, we hoped to have that fixed for KDE 4.10.2. Your backtrace tells us otherwise. Most importantly: We need a way to reproduce. If you find a way to reproduce, please let us know!

Did you maybe just upgrade to KDE 4.10.2 and didn't restart Kate yet?
Do you have automatic spell checking enabled?
Comment 17 Pascal d'Hermilly 2013-04-11 09:55:17 UTC 
It seems to depend on the drag and drop operation. If it is a "copy" operation no problem. It if is a "move" operation, Kate crashes when closing the document.

1 open kate
2 Go To http://jsfiddle.net/H4wHk/ in a browser(tested firefox and chrome)
3 drag the "DRAG ME INTO KATE" into kate
4 It should say "Remy" inside kate
5 close the document and kate crashes
Comment 18 Dominik Haumann 2013-04-11 10:22:28 UTC 
Valgrind trace of KDE 4.10 branch:

==9362== Invalid read of size 8
==9362==    at 0x192A4816: void qDeleteAll<QSet<Kate::TextCursor*>::const_iterator>(QSet<Kate::TextCursor*>::const_iterator, QSet<Kate::TextCursor*>::const_iterator) (qalgorithms.h:322)
==9362==    by 0x192A365F: void qDeleteAll<QSet<Kate::TextCursor*> >(QSet<Kate::TextCursor*> const&) (qalgorithms.h:330)
==9362==    by 0x1929E4DB: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:94)
==9362==    by 0x1932FEB1: KateBuffer::~KateBuffer() (katebuffer.cpp:78)
==9362==    by 0x1932FEE3: KateBuffer::~KateBuffer() (katebuffer.cpp:86)
==9362==    by 0x7FF1321: QObjectPrivate::deleteChildren() (qobject.cpp:1916)
==9362==    by 0x7FF5165: QObject::~QObject() (qobject.cpp:926)
==9362==    by 0x52C4347: KParts::Part::~Part() (in /usr/lib64/libkparts.so.4.9.5)
==9362==    by 0x5075F72: KTextEditor::Document::~Document() (document.cpp:135)
==9362==    by 0x19308FF4: KateDocument::~KateDocument() (katedocument.cpp:227)
==9362==    by 0x193090E5: KateDocument::~KateDocument() (katedocument.cpp:267)
==9362==    by 0x4E3D411: KWrite::~KWrite() (kwritemain.cpp:140)
==9362==  Address 0x139f0ff0 is 112 bytes inside a block of size 648 free'd
==9362==    at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9362==    by 0x193C2E95: KateViewInternal::~KateViewInternal() (kateviewinternal.cpp:248)
==9362==    by 0x193AE8D0: KateView::~KateView() (kateview.cpp:316)
==9362==    by 0x193AEAC9: KateView::~KateView() (kateview.cpp:323)
==9362==    by 0x4E3D3B9: KWrite::~KWrite() (kwritemain.cpp:135)
==9362==    by 0x4E3D525: KWrite::~KWrite() (kwritemain.cpp:144)
==9362==    by 0x7FF3607: QObject::event(QEvent*) (qobject.cpp:1184)
==9362==    by 0x6CB6869: QWidget::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==9362==    by 0x707B55A: QMainWindow::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==9362==    by 0x675BEB7: KXmlGuiWindow::event(QEvent*) (in /usr/lib64/libkdeui.so.5.9.5)
==9362==    by 0x6C6785B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==9362==    by 0x6C6BCD9: QApplication::notify(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==9362== 
==9362== Invalid write of size 8
==9362==    at 0x5089C8B: KTextEditor::MovingCursor::~MovingCursor() (movingcursor.cpp:34)
==9362==    by 0x5089CBF: KTextEditor::MovingCursor::~MovingCursor() (movingcursor.cpp:36)
==9362==    by 0x192A4824: void qDeleteAll<QSet<Kate::TextCursor*>::const_iterator>(QSet<Kate::TextCursor*>::const_iterator, QSet<Kate::TextCursor*>::const_iterator) (qalgorithms.h:322)
==9362==    by 0x192A365F: void qDeleteAll<QSet<Kate::TextCursor*> >(QSet<Kate::TextCursor*> const&) (qalgorithms.h:330)
==9362==    by 0x1929E4DB: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:94)
==9362==    by 0x1932FEB1: KateBuffer::~KateBuffer() (katebuffer.cpp:78)
==9362==    by 0x1932FEE3: KateBuffer::~KateBuffer() (katebuffer.cpp:86)
==9362==    by 0x7FF1321: QObjectPrivate::deleteChildren() (qobject.cpp:1916)
==9362==    by 0x7FF5165: QObject::~QObject() (qobject.cpp:926)
==9362==    by 0x52C4347: KParts::Part::~Part() (in /usr/lib64/libkparts.so.4.9.5)
==9362==    by 0x5075F72: KTextEditor::Document::~Document() (document.cpp:135)
==9362==    by 0x19308FF4: KateDocument::~KateDocument() (katedocument.cpp:227)
==9362==  Address 0x139f0ff0 is 112 bytes inside a block of size 648 free'd
==9362==    at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9362==    by 0x193C2E95: KateViewInternal::~KateViewInternal() (kateviewinternal.cpp:248)
==9362==    by 0x193AE8D0: KateView::~KateView() (kateview.cpp:316)
==9362==    by 0x193AEAC9: KateView::~KateView() (kateview.cpp:323)
==9362==    by 0x4E3D3B9: KWrite::~KWrite() (kwritemain.cpp:135)
==9362==    by 0x4E3D525: KWrite::~KWrite() (kwritemain.cpp:144)
==9362==    by 0x7FF3607: QObject::event(QEvent*) (qobject.cpp:1184)
==9362==    by 0x6CB6869: QWidget::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==9362==    by 0x707B55A: QMainWindow::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==9362==    by 0x675BEB7: KXmlGuiWindow::event(QEvent*) (in /usr/lib64/libkdeui.so.5.9.5)
==9362==    by 0x6C6785B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==9362==    by 0x6C6BCD9: QApplication::notify(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==9362== 
==9362== Invalid free() / delete / delete[] / realloc()
==9362==    at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9362==    by 0x5089CCB: KTextEditor::MovingCursor::~MovingCursor() (movingcursor.cpp:36)
==9362==    by 0x192A4824: void qDeleteAll<QSet<Kate::TextCursor*>::const_iterator>(QSet<Kate::TextCursor*>::const_iterator, QSet<Kate::TextCursor*>::const_iterator) (qalgorithms.h:322)
==9362==    by 0x192A365F: void qDeleteAll<QSet<Kate::TextCursor*> >(QSet<Kate::TextCursor*> const&) (qalgorithms.h:330)
==9362==    by 0x1929E4DB: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:94)
==9362==    by 0x1932FEB1: KateBuffer::~KateBuffer() (katebuffer.cpp:78)
==9362==    by 0x1932FEE3: KateBuffer::~KateBuffer() (katebuffer.cpp:86)
==9362==    by 0x7FF1321: QObjectPrivate::deleteChildren() (qobject.cpp:1916)
==9362==    by 0x7FF5165: QObject::~QObject() (qobject.cpp:926)
==9362==    by 0x52C4347: KParts::Part::~Part() (in /usr/lib64/libkparts.so.4.9.5)
==9362==    by 0x5075F72: KTextEditor::Document::~Document() (document.cpp:135)
==9362==    by 0x19308FF4: KateDocument::~KateDocument() (katedocument.cpp:227)
==9362==  Address 0x139f0ff0 is 112 bytes inside a block of size 648 free'd
==9362==    at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9362==    by 0x193C2E95: KateViewInternal::~KateViewInternal() (kateviewinternal.cpp:248)
==9362==    by 0x193AE8D0: KateView::~KateView() (kateview.cpp:316)
==9362==    by 0x193AEAC9: KateView::~KateView() (kateview.cpp:323)
==9362==    by 0x4E3D3B9: KWrite::~KWrite() (kwritemain.cpp:135)
==9362==    by 0x4E3D525: KWrite::~KWrite() (kwritemain.cpp:144)
==9362==    by 0x7FF3607: QObject::event(QEvent*) (qobject.cpp:1184)
==9362==    by 0x6CB6869: QWidget::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==9362==    by 0x707B55A: QMainWindow::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==9362==    by 0x675BEB7: KXmlGuiWindow::event(QEvent*) (in /usr/lib64/libkdeui.so.5.9.5)
==9362==    by 0x6C6785B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==9362==    by 0x6C6BCD9: QApplication::notify(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==9362== 
ASSERT: "m_invalidCursors.empty()" in file /home/dhaumann/local/projects/kate/part/buffer/katetextbuffer.cpp, line 95
KCrash: Application 'kwrite' crashing...
KCrash: Attempting to start /usr/lib64/kde4/libexec/drkonqi from kdeinit
==9362== Invalid read of size 4
==9362==    at 0x66C8090: ??? (in /usr/lib64/libkdeui.so.5.9.5)
==9362==    by 0x66C8B95: ??? (in /usr/lib64/libkdeui.so.5.9.5)
==9362==    by 0x66C8FA0: KCrash::defaultCrashHandler(int) (in /usr/lib64/libkdeui.so.5.9.5)
==9362==    by 0x9312D9F: ??? (in /lib64/libc-2.15.so)
==9362==    by 0x9312D24: raise (in /lib64/libc-2.15.so)
==9362==    by 0x93141A7: abort (in /lib64/libc-2.15.so)
==9362==    by 0x7ED8C13: qt_message_output(QtMsgType, char const*) (qglobal.cpp:2323)
==9362==    by 0x7ED8DC7: qt_message(QtMsgType, char const*, __va_list_tag*) (qglobal.cpp:2369)
==9362==    by 0x7ED8F53: qFatal(char const*, ...) (qglobal.cpp:2552)
==9362==    by 0x7ED8F99: qt_assert(char const*, char const*, int) (qglobal.cpp:2018)
==9362==    by 0x1929E50A: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:95)
==9362==    by 0x1932FEB1: KateBuffer::~KateBuffer() (katebuffer.cpp:78)
==9362==  Address 0xf540c10 is 0 bytes inside a block of size 3 alloc'd
==9362==    at 0x4C2ABED: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==9362==    by 0x66C7FF0: ??? (in /usr/lib64/libkdeui.so.5.9.5)
==9362==    by 0x66C8B95: ??? (in /usr/lib64/libkdeui.so.5.9.5)
==9362==    by 0x66C8FA0: KCrash::defaultCrashHandler(int) (in /usr/lib64/libkdeui.so.5.9.5)
==9362==    by 0x9312D9F: ??? (in /lib64/libc-2.15.so)
==9362==    by 0x9312D24: raise (in /lib64/libc-2.15.so)
==9362==    by 0x93141A7: abort (in /lib64/libc-2.15.so)
==9362==    by 0x7ED8C13: qt_message_output(QtMsgType, char const*) (qglobal.cpp:2323)
==9362==    by 0x7ED8DC7: qt_message(QtMsgType, char const*, __va_list_tag*) (qglobal.cpp:2369)
==9362==    by 0x7ED8F53: qFatal(char const*, ...) (qglobal.cpp:2552)
==9362==    by 0x7ED8F99: qt_assert(char const*, char const*, int) (qglobal.cpp:2018)
==9362==    by 0x1929E50A: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:95)
==9362== 
sock_file=/home/dhaumann/.kde4/socket-obiwan/kdeinit4__0
Comment 19 Dominik Haumann 2013-04-11 10:31:03 UTC 
Kate master:
[KCrash Handler]
#5  0x00007f5d8da40114 in free () from /lib64/libc.so.6
#6  0x00007f5d91e08ccc in KTextEditor::MovingCursor::~MovingCursor (this=0x1fbec48, __in_chrg=<optimized out>) at /home/dhaumann/local/projects/kate/ktexteditor/movingcursor.cpp:36
#7  0x00007f5d81b4166d in qDeleteAll<QSet<Kate::TextCursor*>::const_iterator> (begin=..., end=...) at /usr/include/QtCore/qalgorithms.h:322
#8  0x00007f5d81b408fc in qDeleteAll<QSet<Kate::TextCursor*> > (c=...) at /usr/include/QtCore/qalgorithms.h:330
#9  0x00007f5d81b3bc30 in Kate::TextBuffer::~TextBuffer (this=0x1b9fbf0, __in_chrg=<optimized out>) at /home/dhaumann/local/projects/kate/part/buffer/katetextbuffer.cpp:96
#10 0x00007f5d81bd2c62 in KateBuffer::~KateBuffer (this=0x1b9fbf0, __in_chrg=<optimized out>) at /home/dhaumann/local/projects/kate/part/document/katebuffer.cpp:78
#11 0x00007f5d81bd2c94 in KateBuffer::~KateBuffer (this=0x1b9fbf0, __in_chrg=<optimized out>) at /home/dhaumann/local/projects/kate/part/document/katebuffer.cpp:86
#12 0x00007f5d8ee98322 in QObjectPrivate::deleteChildren (this=this@entry=0x1b73020) at kernel/qobject.cpp:1916
#13 0x00007f5d8ee9c166 in QObject::~QObject (this=0x1b72c10, __in_chrg=<optimized out>) at kernel/qobject.cpp:926
#14 0x00007f5d91b7a348 in KParts::Part::~Part() () from /usr/lib64/libkparts.so.4
#15 0x00007f5d91df4f73 in KTextEditor::Document::~Document (this=0x1b72c10, __vtt_parm=0x7f5d81ff4b48 <VTT for KateDocument+8>, __in_chrg=<optimized out>) at /home/dhaumann/local/projects/kate/ktexteditor/document.cpp:135
#16 0x00007f5d81babcf3 in KateDocument::~KateDocument (this=0x1b72c10, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /home/dhaumann/local/projects/kate/part/document/katedocument.cpp:226
#17 0x00007f5d81babde4 in KateDocument::~KateDocument (this=0x1b72c10, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /home/dhaumann/local/projects/kate/part/document/katedocument.cpp:266
#18 0x00007f5d9202a472 in KWrite::~KWrite (this=0x1b74e50, __in_chrg=<optimized out>, __vtt_parm=<optimized out>) at /home/dhaumann/local/projects/kate/kwrite/kwritemain.cpp:140


valgrind trace of kate master:
==13031== Invalid read of size 8
==13031==    at 0x192A865E: void qDeleteAll<QSet<Kate::TextCursor*>::const_iterator>(QSet<Kate::TextCursor*>::const_iterator, QSet<Kate::TextCursor*>::const_iterator) (qalgorithms.h:322)
==13031==    by 0x192A78FB: void qDeleteAll<QSet<Kate::TextCursor*> >(QSet<Kate::TextCursor*> const&) (qalgorithms.h:330)
==13031==    by 0x192A2C2F: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:96)
==13031==    by 0x19339C61: KateBuffer::~KateBuffer() (katebuffer.cpp:78)
==13031==    by 0x19339C93: KateBuffer::~KateBuffer() (katebuffer.cpp:86)
==13031==    by 0x7FF1321: QObjectPrivate::deleteChildren() (qobject.cpp:1916)
==13031==    by 0x7FF5165: QObject::~QObject() (qobject.cpp:926)
==13031==    by 0x52C4347: KParts::Part::~Part() (in /usr/lib64/libkparts.so.4.9.5)
==13031==    by 0x5075F72: KTextEditor::Document::~Document() (document.cpp:135)
==13031==    by 0x19312CF2: KateDocument::~KateDocument() (katedocument.cpp:226)
==13031==    by 0x19312DE3: KateDocument::~KateDocument() (katedocument.cpp:266)
==13031==    by 0x4E3D471: KWrite::~KWrite() (kwritemain.cpp:140)
==13031==  Address 0x125015a8 is 136 bytes inside a block of size 664 free'd
==13031==    at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==13031==    by 0x193C35E7: KateViewInternal::~KateViewInternal() (kateviewinternal.cpp:239)
==13031==    by 0x193AF5CC: KateView::~KateView() (kateview.cpp:314)
==13031==    by 0x193AF7E9: KateView::~KateView() (kateview.cpp:321)
==13031==    by 0x4E3D419: KWrite::~KWrite() (kwritemain.cpp:135)
==13031==    by 0x4E3D585: KWrite::~KWrite() (kwritemain.cpp:144)
==13031==    by 0x7FF3607: QObject::event(QEvent*) (qobject.cpp:1184)
==13031==    by 0x6CB6869: QWidget::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==13031==    by 0x707B55A: QMainWindow::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==13031==    by 0x675BEB7: KXmlGuiWindow::event(QEvent*) (in /usr/lib64/libkdeui.so.5.9.5)
==13031==    by 0x6C6785B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==13031==    by 0x6C6BCD9: QApplication::notify(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==13031== 
==13031== Invalid write of size 8
==13031==    at 0x5089C8B: KTextEditor::MovingCursor::~MovingCursor() (movingcursor.cpp:34)
==13031==    by 0x5089CBF: KTextEditor::MovingCursor::~MovingCursor() (movingcursor.cpp:36)
==13031==    by 0x192A866C: void qDeleteAll<QSet<Kate::TextCursor*>::const_iterator>(QSet<Kate::TextCursor*>::const_iterator, QSet<Kate::TextCursor*>::const_iterator) (qalgorithms.h:322)
==13031==    by 0x192A78FB: void qDeleteAll<QSet<Kate::TextCursor*> >(QSet<Kate::TextCursor*> const&) (qalgorithms.h:330)
==13031==    by 0x192A2C2F: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:96)
==13031==    by 0x19339C61: KateBuffer::~KateBuffer() (katebuffer.cpp:78)
==13031==    by 0x19339C93: KateBuffer::~KateBuffer() (katebuffer.cpp:86)
==13031==    by 0x7FF1321: QObjectPrivate::deleteChildren() (qobject.cpp:1916)
==13031==    by 0x7FF5165: QObject::~QObject() (qobject.cpp:926)
==13031==    by 0x52C4347: KParts::Part::~Part() (in /usr/lib64/libkparts.so.4.9.5)
==13031==    by 0x5075F72: KTextEditor::Document::~Document() (document.cpp:135)
==13031==    by 0x19312CF2: KateDocument::~KateDocument() (katedocument.cpp:226)
==13031==  Address 0x125015a8 is 136 bytes inside a block of size 664 free'd
==13031==    at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==13031==    by 0x193C35E7: KateViewInternal::~KateViewInternal() (kateviewinternal.cpp:239)
==13031==    by 0x193AF5CC: KateView::~KateView() (kateview.cpp:314)
==13031==    by 0x193AF7E9: KateView::~KateView() (kateview.cpp:321)
==13031==    by 0x4E3D419: KWrite::~KWrite() (kwritemain.cpp:135)
==13031==    by 0x4E3D585: KWrite::~KWrite() (kwritemain.cpp:144)
==13031==    by 0x7FF3607: QObject::event(QEvent*) (qobject.cpp:1184)
==13031==    by 0x6CB6869: QWidget::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==13031==    by 0x707B55A: QMainWindow::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==13031==    by 0x675BEB7: KXmlGuiWindow::event(QEvent*) (in /usr/lib64/libkdeui.so.5.9.5)
==13031==    by 0x6C6785B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==13031==    by 0x6C6BCD9: QApplication::notify(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==13031== 
==13031== Invalid free() / delete / delete[] / realloc()
==13031==    at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==13031==    by 0x5089CCB: KTextEditor::MovingCursor::~MovingCursor() (movingcursor.cpp:36)
==13031==    by 0x192A866C: void qDeleteAll<QSet<Kate::TextCursor*>::const_iterator>(QSet<Kate::TextCursor*>::const_iterator, QSet<Kate::TextCursor*>::const_iterator) (qalgorithms.h:322)
==13031==    by 0x192A78FB: void qDeleteAll<QSet<Kate::TextCursor*> >(QSet<Kate::TextCursor*> const&) (qalgorithms.h:330)
==13031==    by 0x192A2C2F: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:96)
==13031==    by 0x19339C61: KateBuffer::~KateBuffer() (katebuffer.cpp:78)
==13031==    by 0x19339C93: KateBuffer::~KateBuffer() (katebuffer.cpp:86)
==13031==    by 0x7FF1321: QObjectPrivate::deleteChildren() (qobject.cpp:1916)
==13031==    by 0x7FF5165: QObject::~QObject() (qobject.cpp:926)
==13031==    by 0x52C4347: KParts::Part::~Part() (in /usr/lib64/libkparts.so.4.9.5)
==13031==    by 0x5075F72: KTextEditor::Document::~Document() (document.cpp:135)
==13031==    by 0x19312CF2: KateDocument::~KateDocument() (katedocument.cpp:226)
==13031==  Address 0x125015a8 is 136 bytes inside a block of size 664 free'd
==13031==    at 0x4C299DC: operator delete(void*) (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==13031==    by 0x193C35E7: KateViewInternal::~KateViewInternal() (kateviewinternal.cpp:239)
==13031==    by 0x193AF5CC: KateView::~KateView() (kateview.cpp:314)
==13031==    by 0x193AF7E9: KateView::~KateView() (kateview.cpp:321)
==13031==    by 0x4E3D419: KWrite::~KWrite() (kwritemain.cpp:135)
==13031==    by 0x4E3D585: KWrite::~KWrite() (kwritemain.cpp:144)
==13031==    by 0x7FF3607: QObject::event(QEvent*) (qobject.cpp:1184)
==13031==    by 0x6CB6869: QWidget::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==13031==    by 0x707B55A: QMainWindow::event(QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==13031==    by 0x675BEB7: KXmlGuiWindow::event(QEvent*) (in /usr/lib64/libkdeui.so.5.9.5)
==13031==    by 0x6C6785B: QApplicationPrivate::notify_helper(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==13031==    by 0x6C6BCD9: QApplication::notify(QObject*, QEvent*) (in /usr/lib64/libQtGui.so.4.8.4)
==13031== 
ASSERT: "m_invalidCursors.empty()" in file /home/dhaumann/local/projects/kate/part/buffer/katetextbuffer.cpp, line 97
KCrash: Application 'kwrite' crashing...
KCrash: Attempting to start /usr/lib64/kde4/libexec/drkonqi from kdeinit
==13031== Invalid read of size 4
==13031==    at 0x66C8090: ??? (in /usr/lib64/libkdeui.so.5.9.5)
==13031==    by 0x66C8B95: ??? (in /usr/lib64/libkdeui.so.5.9.5)
==13031==    by 0x66C8FA0: KCrash::defaultCrashHandler(int) (in /usr/lib64/libkdeui.so.5.9.5)
==13031==    by 0x9312D9F: ??? (in /lib64/libc-2.15.so)
==13031==    by 0x9312D24: raise (in /lib64/libc-2.15.so)
==13031==    by 0x93141A7: abort (in /lib64/libc-2.15.so)
==13031==    by 0x7ED8C13: qt_message_output(QtMsgType, char const*) (qglobal.cpp:2323)
==13031==    by 0x7ED8DC7: qt_message(QtMsgType, char const*, __va_list_tag*) (qglobal.cpp:2369)
==13031==    by 0x7ED8F53: qFatal(char const*, ...) (qglobal.cpp:2552)
==13031==    by 0x7ED8F99: qt_assert(char const*, char const*, int) (qglobal.cpp:2018)
==13031==    by 0x192A2C5E: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:97)
==13031==    by 0x19339C61: KateBuffer::~KateBuffer() (katebuffer.cpp:78)
==13031==  Address 0xfcc1270 is 0 bytes inside a block of size 3 alloc'd
==13031==    at 0x4C2ABED: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==13031==    by 0x66C7FF0: ??? (in /usr/lib64/libkdeui.so.5.9.5)
==13031==    by 0x66C8B95: ??? (in /usr/lib64/libkdeui.so.5.9.5)
==13031==    by 0x66C8FA0: KCrash::defaultCrashHandler(int) (in /usr/lib64/libkdeui.so.5.9.5)
==13031==    by 0x9312D9F: ??? (in /lib64/libc-2.15.so)
==13031==    by 0x9312D24: raise (in /lib64/libc-2.15.so)
==13031==    by 0x93141A7: abort (in /lib64/libc-2.15.so)
==13031==    by 0x7ED8C13: qt_message_output(QtMsgType, char const*) (qglobal.cpp:2323)
==13031==    by 0x7ED8DC7: qt_message(QtMsgType, char const*, __va_list_tag*) (qglobal.cpp:2369)
==13031==    by 0x7ED8F53: qFatal(char const*, ...) (qglobal.cpp:2552)
==13031==    by 0x7ED8F99: qt_assert(char const*, char const*, int) (qglobal.cpp:2018)
==13031==    by 0x192A2C5E: Kate::TextBuffer::~TextBuffer() (katetextbuffer.cpp:97)
==13031==
Comment 20 Dominik Haumann 2013-04-11 10:48:34 UTC 
Proposed patch:

diff --git a/part/buffer/katetextcursor.cpp b/part/buffer/katetextcursor.cpp
index 9214e96..6875e35 100644
--- a/part/buffer/katetextcursor.cpp
+++ b/part/buffer/katetextcursor.cpp
@@ -110,6 +110,10 @@ void TextCursor::setPosition(const KTextEditor::Cursor& position, bool init)
   }
 #endif
 
+  // if cursor was invalid before, remove it from invalid cursor list
+  if (!m_block)
+    m_buffer.m_invalidCursors.remove (this);
+
   // else: valid cursor
   m_block = block;
   m_line = position.line () - m_block->startLine ();
Comment 21 Dominik Haumann 2013-04-11 11:30:30 UTC 
The problem is twofold:
1. without the patch, it seems the invalid cursor is not removed
2. Kate::View has a (non-pointer) variable Kate::TextRange m_selection; hence deleting the text-range itself.

It is very strange that this bug did not appear more frequently...
Comment 22 Pascal d'Hermilly 2013-04-11 11:41:45 UTC 
> It is very strange that this bug did not appear more frequently...
I think it's because it only happens when the DnD operation is a MOVE operation. By far the most DnD operations I've tested it against is COPY.
Comment 23 Dominik Haumann 2013-04-11 11:51:44 UTC 
Correct, if drag&dropping a note from Plasma Notes, it crashes, too. But if doing the same with CTRL, it does not crash.
Comment 24 Dominik Haumann 2013-04-11 13:00:17 UTC 
Git commit f93802fdadcdcc1236857d5b6ddde0850305dfbd by Dominik Haumann.
Committed on 11/04/2013 at 15:00.
Pushed by dhaumann into branch 'master'.

unit test for crash in MovingCursor

this has nothing to do with MovingRanges

M  +19   -0    tests/movingcursor_test.cpp
M  +1    -0    tests/movingcursor_test.h

http://commits.kde.org/kate/f93802fdadcdcc1236857d5b6ddde0850305dfbd
Comment 25 Dominik Haumann 2013-04-11 13:31:53 UTC 
Created attachment 78805 [details]
fix moving cursor crash

I'm 100% sure this patch is correct. Still, can you confirm, Christoph?

This essentially means, that basically no one uses KTE::MovingCursors so far, and if so, they were very rarely invalid.
Comment 26 Dominik Haumann 2013-04-11 13:39:03 UTC 
More on this: KateViewInternal::dropEvent() is imo a bit buggy:

    // fix the cursor position before editStart(), so that it is correctly
    // stored for the undo action
    KTextEditor::Cursor targetCursor(m_cursor); // backup current cursor
    int selectionWidth = m_view->selectionRange().columnWidth(); // for block selection
    int selectionHeight = m_view->selectionRange().numberOfLines(); // for block selection

    if ( event->dropAction() != Qt::CopyAction ) {
(*)    editSetCursor(m_view->selectionRange().end());
    } else {
      m_view->clearSelection();
    }

(*) Here we set the cursor to selectionRange().end(), which is invalid if there is not selection. This is why the crash happened in the first place later. The code should check for the validity of the selection, but to be honest, this code looks quite old anyways. So Maybe it should be cleaned up ;)
Comment 27 Dominik Haumann 2013-04-11 13:55:52 UTC 
Git commit a898d98835972c40d71663ca3453598289ecc50e by Dominik Haumann.
Committed on 11/04/2013 at 15:55.
Pushed by dhaumann into branch 'master'.

fix crash in MovingCursors not associated to MovingRanges

M  +7    -0    part/buffer/katetextcursor.cpp

http://commits.kde.org/kate/a898d98835972c40d71663ca3453598289ecc50e
Comment 28 Dominik Haumann 2013-04-11 14:01:37 UTC 
Git commit 92e4a4715604673a8d8afb131897aa9ddce46198 by Dominik Haumann.
Committed on 11/04/2013 at 15:55.
Pushed by dhaumann into branch 'KDE/4.10'.

fix crash in MovingCursors not associated to MovingRanges

M  +7    -0    part/buffer/katetextcursor.cpp

http://commits.kde.org/kate/92e4a4715604673a8d8afb131897aa9ddce46198
Comment 29 Dominik Haumann 2013-04-11 14:02:18 UTC 
Fixed in KDE 4.10.3. Thanks for the steps to reproduce, Pascal.
Comment 30 Dominik Haumann 2013-04-11 14:08:17 UTC 
Git commit 69121e434e25f8f4c8ee92a1771a8e87913b3559 by Dominik Haumann.
Committed on 11/04/2013 at 15:55.
Pushed by dhaumann into branch 'KDE/4.9'.

fix crash in MovingCursors not associated to MovingRanges

M  +7    -0    part/buffer/katetextcursor.cpp

http://commits.kde.org/kate/69121e434e25f8f4c8ee92a1771a8e87913b3559