Bug 125321

Summary: Null pointer dereference at KateViewInternal::home
Product: [Applications] kate Reporter: Martin Pärtel <martin.partel>
Component: generalAssignee: KWrite Developers <kwrite-bugs-null>
Status: RESOLVED FIXED    
Severity: crash    
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Martin Pärtel 2006-04-10 23:21:04 UTC 
Version:           2.5.2 (using KDE 3.5.2, Debian Package 4:3.5.2-2 (testing/unstable))
Compiler:          Target: i486-linux-gnu
OS:                Linux (i686) release 2.6.16.2

I'm sorry I cannot give you much more than this backtrace. I was editing an HTML file and doing many things so quickly that I didn't notice what exactly caused the crash. The crash occurred shortly after an undo, though and some of the text involved might have been selected. I'm pretty sure I can't reproduce this one.


Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1231931712 (LWP 397)]
[KCrash handler]
#6  KateTextLine::nextNonSpaceChar (this=0x0, pos=0) at qstring.h:880
#7  0xb6559793 in KateTextLine::firstChar (this=0x0) at katetextline.cpp:137
#8  0xb661478b in KateViewInternal::home (this=0x8c63960, sel=true)
    at kateviewinternal.cpp:1195
#9  0xb663d4dc in KateView::shiftHome (this=0x0) at kateview.h:340
#10 0xb6622cb3 in KateView::qt_invoke (this=0x8c5f468, _id=167, _o=0xbfae78cc)
    at kateview.moc:769
#11 0xb72c654b in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#12 0xb72c6fdc in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#13 0xb6d01e99 in KAction::activated (this=0x0) at kaction.moc:176
#14 0xb6d3c031 in KAction::slotActivated (this=0x8c903e0) at kaction.cpp:1102
#15 0xb6d5b3bf in KAction::qt_invoke (this=0x8c903e0, _id=15, _o=0xbfae79dc)
    at kaction.moc:218
#16 0xb72c654b in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#17 0xb72c6fdc in QObject::activate_signal () from /usr/lib/libqt-mt.so.3
#18 0xb7870529 in KAccelPrivate::menuItemActivated (this=0x0)
    at kaccelprivate.moc:110
#19 0xb78abf37 in KAccelPrivate::emitActivatedSignal (this=0x8c8c800, 
    pAction=0x8c906d8) at kaccel.cpp:403
#20 0xb790aff5 in KAccelPrivate::eventFilter (this=0x8c8c800, 
    pEvent=0xbfae7e7c) at kaccel.cpp:373
#21 0xb72c36b0 in QObject::activate_filters () from /usr/lib/libqt-mt.so.3
#22 0xb72c372e in QObject::event () from /usr/lib/libqt-mt.so.3
#23 0xb7300b9a in QWidget::event () from /usr/lib/libqt-mt.so.3
#24 0xb725c87a in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3
#25 0xb725cc0d in QApplication::notify () from /usr/lib/libqt-mt.so.3
#26 0xb793302e in KApplication::notify (this=0xbfae8474, receiver=0x8c63960, 
    event=0xbfae7e7c) at kapplication.cpp:550
#27 0xb78abcf6 in KAccelEventHandler::x11Event (this=0x81924a0, 
    pEvent=0xbfae81b8) at qapplication.h:520
#28 0xb793150f in KApplication::x11EventFilter (this=0xbfae8474, 
    _event=0xbfae81b8) at kapplication.cpp:1651
#29 0xb71da423 in qt_set_x11_event_filter () from /usr/lib/libqt-mt.so.3
#30 0xb71e768f in QApplication::x11ProcessEvent () from /usr/lib/libqt-mt.so.3
#31 0xb72012a2 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3
#32 0xb7275255 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3
#33 0xb727517a in QEventLoop::exec () from /usr/lib/libqt-mt.so.3
#34 0xb725b38d in QApplication::exec () from /usr/lib/libqt-mt.so.3
#35 0xb68e7c13 in kdemain (argc=0, argv=0x0)
    at /home/sid-user/kdebase/kdebase-3.5.2/./kate/app/katemain.cpp:253
#36 0xb7fcd524 in kdeinitmain (argc=0, argv=0x0) at kate_dummy.cpp:3
#37 0x0804e1d6 in launch (argc=1, _name=0x8075ad4 "kate", 
    args=0x8075ad9 "\001", cwd=0x0, envc=1, envs=0x8075aea "", 
    reset_env=false, tty=0x0, avoid_loops=false, startup_id_str=0x0)
    at kinit.cpp:639
#38 0x0804e897 in handle_launcher_request (sock=8) at kinit.cpp:1205
#39 0x0804ee13 in handle_requests (waitForPid=0) at kinit.cpp:1406
#40 0x0804fe9b in main (argc=2, argv=0xbfae8fd4, envp=0x0) at kinit.cpp:1850
#41 0xb7d3ceb0 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#42 0x0804b861 in _start () at ../sysdeps/i386/elf/start.S:119
Comment 1 Dominik Haumann 2006-04-15 20:05:32 UTC 
I was not able to reproduce, but the bt shows exactly where it crashes:
Missing check, whether the text line pointer is NULL in 
KateViewInternal::home.
Comment 2 Dominik Haumann 2006-04-18 16:30:39 UTC 
On Monday 10 April 2006 23:21, Martin Pأ¤rtel wrote:
> #18 0xb7870529 in KAccelPrivate::menuItemActivated (this=0x0)
>     at kaccelprivate.moc:110
> #19 0xb78abf37 in KAccelPrivate::emitActivatedSignal (this=0x8c8c800,
>     pAction=0x8c906d8) at kaccel.cpp:403


In step #18 this=0x0 is already wrong. I cannot see how that happens. Maybe 
it is a kdecore issue, or even Qt bug? We cannot do anything about it right 
now.
Comment 3 Andreas Kling 2006-07-02 12:22:34 UTC 
SVN commit 557058 by kling:

Check textLine() return values in KateViewInternal's home() and end() functions.

BUG: 125321


 M  +12 -2     kateviewinternal.cpp  


--- branches/KDE/3.5/kdelibs/kate/part/kateviewinternal.cpp #557057:557058
@@ -1233,8 +1233,13 @@
     return;
   }
 
+  KateTextLine::Ptr l = textLine( cursor.line() );
+
+  if (!l)
+    return;
+
   KateTextCursor c = cursor;
-  int lc = textLine( c.line() )->firstChar();
+  int lc = l->firstChar();
 
   if( lc < 0 || c.col() == lc ) {
     c.setCol(0);
@@ -1270,9 +1275,14 @@
     return;
   }
 
+  KateTextLine::Ptr l = textLine( cursor.line() );
+
+  if (!l)
+    return;
+
   // "Smart End", as requested in bugs #78258 and #106970
   KateTextCursor c = cursor;
-  int lc = textLine( c.line() )->lastChar();
+  int lc = l->lastChar();
 
   if (lc < 0 || c.col() == (lc + 1)) {
     c.setCol(currentRange().endCol - 1);
Comment 4 Andreas Kling 2006-07-02 12:37:46 UTC 
SVN commit 557066 by kling:

Forward-port of SVN commit 557058 by kling: 
 
Check textLine() return values in KateViewInternal's home() and end() functions. 
   
CCBUG: 125321 


 M  +11 -2     kateviewinternal.cpp  


--- trunk/KDE/kdelibs/kate/part/kateviewinternal.cpp #557065:557066
@@ -1126,8 +1126,13 @@
     return;
   }
 
+  KateTextLine::Ptr l = textLine( cursor.line() );
+
+  if (!l)
+    return;
+
   KTextEditor::Cursor c = m_cursor;
-  int lc = textLine( c.line() )->firstChar();
+  int lc = l->firstChar();
 
   if( lc < 0 || c.column() == lc ) {
     c.setColumn(0);
@@ -1167,9 +1172,13 @@
     return;
   }
 
+  KateTextLine::Ptr l = textLine( cursor.line() );
+  if (!l)
+    return;
+
   // "Smart End", as requested in bugs #78258 and #106970
   KTextEditor::Cursor c = m_cursor;
-  int lc = textLine( c.line() )->lastChar();
+  int lc = l->lastChar();
 
   if (lc < 0 || c.column() == (lc + 1)) {
     c.setColumn(currentLayout().endCol() - 1);