Application: kate (3.10.1) KDE Platform Version: 4.10.1 (Compiled from sources) Qt Version: 4.8.4 Operating System: Linux 3.8.3-gentoo-z1 x86_64 Distribution (Platform): Gentoo Packages -- Information about the crash: - What I was doing when the application crashed: my indenter calls KateDocument::defStyleNum() w/ line number value set to -1 (yep, this was error in my script), but kate shouldn't crash anyway. The crash can be reproduced every time. -- Backtrace: Application: Kate (kate), signal: Segmentation fault Using host libthread_db library "/lib64/libthread_db.so.1". [Current thread is 1 (Thread 0x7f678034f7c0 (LWP 11616))] Thread 3 (Thread 0x7f676abb0700 (LWP 11617)): #0 0x00007f677d165d1c in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0 #1 0x00007f676e997dd7 in QTWTF::TCMalloc_PageHeap::scavengerThread (this=0x7f676eca7740 <QTWTF::pageheap_memory>) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:2359 #2 0x00007f676e997e09 in QTWTF::TCMalloc_PageHeap::runScavengerThread (context=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/wtf/FastMalloc.cpp:1464 #3 0x00007f677d161f3b in start_thread () from /lib64/libpthread.so.0 #4 0x00007f677fcb408d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114 Thread 2 (Thread 0x7f66dee47700 (LWP 11618)): #0 0x00007f677d164105 in pthread_mutex_lock () from /lib64/libpthread.so.0 #1 0x00007f677d401c21 in g_mutex_lock (mutex=mutex@entry=0x7f66d80009a0) at gthread-posix.c:210 #2 0x00007f677d3c1e13 in g_main_context_prepare (context=context@entry=0x7f66d80009a0, priority=priority@entry=0x7f66dee46c90) at gmain.c:2929 #3 0x00007f677d3c25d9 in g_main_context_iterate (context=context@entry=0x7f66d80009a0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3270 #4 0x00007f677d3c27d4 in g_main_context_iteration (context=0x7f66d80009a0, may_block=1) at gmain.c:3351 #5 0x00007f677db635c6 in QEventDispatcherGlib::processEvents (this=0x7f66d80008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:426 #6 0x00007f677db3238f in QEventLoop::processEvents (this=this@entry=0x7f66dee46e00, flags=...) at kernel/qeventloop.cpp:149 #7 0x00007f677db32618 in QEventLoop::exec (this=0x7f66dee46e00, flags=...) at kernel/qeventloop.cpp:204 #8 0x00007f677da284c0 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:542 #9 0x00007f677db11abf in QInotifyFileSystemWatcherEngine::run (this=0x29ff990) at io/qfilesystemwatcher_inotify.cpp:256 #10 0x00007f677da2b68c in QThreadPrivate::start (arg=0x29ff990) at thread/qthread_unix.cpp:338 #11 0x00007f677d161f3b in start_thread () from /lib64/libpthread.so.0 #12 0x00007f677fcb408d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:114 Thread 1 (Thread 0x7f678034f7c0 (LWP 11616)): [KCrash Handler] #6 0x00007f676f003d6a in size (this=0x8) at /usr/include/qt4/QtCore/qvector.h:137 #7 attribute (pos=0, this=0x0) at /storage/tmp/paludis/kde-base-katepart-4.10.1/work/katepart-4.10.1/part/buffer/katetextline.h:269 #8 KateDocument::defStyleNum (this=0x3177b90, line=-1, column=0) at /storage/tmp/paludis/kde-base-katepart-4.10.1/work/katepart-4.10.1/part/document/katedocument.cpp:5391 #9 0x00007f676ef9b33f in KateScriptDocument::qt_static_metacall (_o=0x2fa0780, _id=<optimized out>, _a=0x7fffdb1aa250, _c=<optimized out>) at /storage/tmp/paludis/kde-base-katepart-4.10.1/work/katepart-4.10.1_build/part/moc_katescriptdocument.cpp:394 #10 0x00007f676ef9c3cb in KateScriptDocument::qt_metacall (this=0x2fa0780, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fffdb1aa250) at /storage/tmp/paludis/kde-base-katepart-4.10.1/work/katepart-4.10.1_build/part/moc_katescriptdocument.cpp:468 #11 0x00007f676ea07bbe in QScript::callQtMethod (exec=exec@entry=0x7f66ddfe4218, callType=callType@entry=QMetaMethod::Method, thisQObject=thisQObject@entry=0x2fa0780, scriptArgs=..., meta=meta@entry=0x7f676f3afba0 <KateScriptDocument::staticMetaObject>, initialIndex=89, maybeOverloaded=true) at bridge/qscriptqobject.cpp:960 #12 0x00007f676ea094ed in QScript::QtFunction::execute (this=this@entry=0x7f66ddf875c0, exec=0x7f66ddfe4218, thisValue=..., thisValue@entry=..., scriptArgs=...) at bridge/qscriptqobject.cpp:1015 #13 0x00007f676ea09719 in QScript::QtFunction::call (exec=0x7f66ddfe4218, callee=0x7f66ddf875c0, thisValue=..., args=...) at bridge/qscriptqobject.cpp:1030 #14 0x00007f676e900bc0 in QTJSC::NativeFuncWrapper::operator() (this=0x7fffdb1aa460, exec=0x7f66ddfe4218, jsobj=0x7f66ddf875c0, thisValue=..., argList=...) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.cpp:46 #15 0x00007f676e8dccea in QTJSC::cti_op_call_NotJSFunction (args=0x7fffdb1aa4b0) at ../3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp:1780 #16 0x00007f66ea326162 in ?? () #17 0x0000000000000000 in ?? () Reported using DrKonqi
KateDocument::defStyle() must validate parameters to prevent out of range array access.
fixed in commit http://commits.kde.org/kate/55d9aa3b0969ef40403d4a19d6a23ed1f2d36248
Git commit 07a020e27277e62fe47e2b9859f12aa266c0f26d by Dominik Haumann. Committed on 21/03/2013 at 08:54. Pushed by dhaumann into branch 'KDE/4.10'. guard KateDocument::defStyleNum() against invalid cursor input FIXED-IN: 4.10.2 M +3 -0 part/document/katedocument.cpp http://commits.kde.org/kate/07a020e27277e62fe47e2b9859f12aa266c0f26d