Bug 135045

Summary: Crash on various occasions
Product: [Applications] kate Reporter: Stefan Nikolaus <stefan.nikolaus>
Component: generalAssignee: KWrite Developers <kwrite-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: abyss.7, sgh
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: A cpp file that causes kate to crash.
a valgrind log showing the crash.
possible fix

Description Stefan Nikolaus 2006-10-03 15:29:07 UTC 
Version:           2.5.5 (using KDE Devel)
Installed from:    Compiled sources
OS:                Linux

While using Kate, it crashes sometimes, if I select a line or undo an operation.

3.5 branch (591511)
gcc (GCC) 4.1.0 (SUSE Linux)


Using host libthread_db library "/lib64/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 47766239381600 (LWP 26531)]
[KCrash handler]
#5  0x000000000040b1ba in QChar (this=0x7fff3d0fd3e0, c=@0x0)
    at /usr/local/lib64/qt3/include/qstring.h:270
#6  0x00002b71732fa50c in KateRenderer::textWidth (this=0xbeb640, 
    textLine=@0x7fff3d0fd460, cursorCol=40)
    at /home/kde/3.5/kdelibs/kate/part/katerenderer.cpp:766
#7  0x00002b71732db9a3 in KateViewInternal::updateMicroFocusHint (
    this=0xbf1f50) at /home/kde/3.5/kdelibs/kate/part/kateviewinternal.cpp:886
#8  0x00002b71732de8a2 in KateViewInternal::updateCursor (this=0xbf1f50, 
    newCursor=@0x7fff3d0fd5d0, force=false, center=false, 
    calledExternally=false)
    at /home/kde/3.5/kdelibs/kate/part/kateviewinternal.cpp:2169
#9  0x00002b71732e04d2 in KateViewInternal::placeCursor (this=0xbf1f50, 
    p=@0x7fff3d0fdbb0, keepSelection=false, updateSelection=true)
    at /home/kde/3.5/kdelibs/kate/part/kateviewinternal.cpp:2377
#10 0x00002b71732e0bf8 in KateViewInternal::mousePressEvent (this=0xbf1f50, 
    e=0x7fff3d0fdba0)
    at /home/kde/3.5/kdelibs/kate/part/kateviewinternal.cpp:2699
#11 0x00002b716f8a1287 in QWidget::event (this=0xbf1f50, e=0x7fff3d0fdba0)
    at kernel/qwidget.cpp:4671
#12 0x00002b716f808d6e in QApplication::internalNotify (this=0x7fff3d0fe5b0, 
    receiver=0xbf1f50, e=0x7fff3d0fdba0) at kernel/qapplication.cpp:2635
#13 0x00002b716f80ace5 in QApplication::notify (this=0x7fff3d0fe5b0, 
    receiver=0xbf1f50, e=0x7fff3d0fdba0) at kernel/qapplication.cpp:2421
#14 0x00002b716ea6d811 in KApplication::notify (this=0x7fff3d0fe5b0, 
    receiver=0xbf1f50, event=0x7fff3d0fdba0)
    at /home/kde/3.5/kdelibs/kdecore/kapplication.cpp:550
#15 0x00002b716f79c9a6 in QApplication::sendSpontaneousEvent (
    receiver=0xbf1f50, event=0x7fff3d0fdba0) at kernel/qapplication.h:499
#16 0x00002b716f79b62b in QETWidget::translateMouseEvent (this=0xbf1f50, 
    event=0x7fff3d0fe220) at kernel/qapplication_x11.cpp:4297
#17 0x00002b716f799822 in QApplication::x11ProcessEvent (this=0x7fff3d0fe5b0, 
    event=0x7fff3d0fe220) at kernel/qapplication_x11.cpp:3448
#18 0x00002b716f7afac3 in QEventLoop::processEvents (this=0x5c3e10, flags=4)
    at kernel/qeventloop_x11.cpp:192
#19 0x00002b716f821c77 in QEventLoop::enterLoop (this=0x5c3e10)
    at kernel/qeventloop.cpp:198
#20 0x00002b716f821abb in QEventLoop::exec (this=0x5c3e10)
    at kernel/qeventloop.cpp:145
#21 0x00002b716f80a688 in QApplication::exec (this=0x7fff3d0fe5b0)
    at kernel/qapplication.cpp:2758
#22 0x00002b717221aa5a in kdemain (argc=1, argv=0x56c320)
    at /home/kde/3.5/kdebase/kate/app/katemain.cpp:253
#23 0x00002b7172113927 in kdeinitmain (argc=1, argv=0x56c320)
    at ./kate/app/kdeinit_kate.la.cpp:3
#24 0x0000000000409274 in launch (argc=1, _name=0x56dfc8 "kate", 
    args=0x56dfcd "\001", cwd=0x0, envc=1, envs=0x56dfe2 "", reset_env=false, 
    tty=0x0, avoid_loops=false, 
    startup_id_str=0x56dfea "gamorr;1159881625;792423;3854_TIME24096121")
    at /home/kde/3.5/kdelibs/kinit/kinit.cpp:673
#25 0x0000000000409d63 in handle_launcher_request (sock=9)
    at /home/kde/3.5/kdelibs/kinit/kinit.cpp:1240
#26 0x000000000040a5b1 in handle_requests (waitForPid=0)
    at /home/kde/3.5/kdelibs/kinit/kinit.cpp:1443
#27 0x000000000040b094 in main (argc=5, argv=0x7fff3d0ff828, 
    envp=0x7fff3d0ff858) at /home/kde/3.5/kdelibs/kinit/kinit.cpp:1909
Comment 1 Dominik Haumann 2006-10-04 20:36:13 UTC 
> On 2006-09-10: SVN commit 582742 by amantia:
> 
> Commit the QXIMInputContext crash workaround at higher level, so not only 
> KDevelop is protected, but other katepart using applications as well.

This bug may be fixed, but I'm unsure as you use kde-devel version (bug report says kate 2.5.5, 3.5 branch). When did you svn up the last time? Before or after 10th of september?
Comment 2 Stefan Nikolaus 2006-10-04 21:18:00 UTC 
SVN rev. 591511. That's after 2006-10-02.
Comment 3 Jonas Widarsson 2006-10-05 12:38:50 UTC 
Before going to bed yesterday night started an overnight updated with kdesvn-build. 
And got the crash since then. Kate 2.5.5
I use kdevelop and kate every day. This is a new bug.
Also, It only crashes on certain files.
I can send in the crashy cpp-file for you if you like.
Just give me an adress.
Comment 4 Dominik Haumann 2006-10-05 12:46:46 UTC 
Jonas, can you attach the test file to this bug report? Otherwise, just send me a mail. If you know exactly how to reproduce, please tell us. A valgrind trace would help, too.
Comment 5 Jonas Widarsson 2006-10-05 13:04:31 UTC 
Created attachment 18017 [details]
A cpp file that causes kate to crash.

I'll attach a valgrind trace when it's ready.
Also, I am not sure what revision number I am running right now because I
updated to kdebase that doesn't compile. I'll report later.
Comment 6 Jonas Widarsson 2006-10-05 13:19:28 UTC 
Created attachment 18018 [details]
a valgrind log showing the crash.

This is:

URL: svn://anonsvn.kde.org/home/kde/branches/KDE/3.5/kdebase/kate
Repository Root: svn://anonsvn.kde.org/home/kde
Repository UUID: 283d02a7-25f6-0310-bc7c-ecb5cbfe19da
Revision: 592671


And the crash is 100% consistently reproduced like this:
I have a default session including ONLY parsergrammar.cpp
I click with the mouse anywhere in that document, which always leads to the
crash.

Happy hunting ;)
Comment 7 Jonas Widarsson 2006-10-05 13:51:20 UTC 
I got some more crash reproduction info.
The crash occurs if you save a file starting with a blank line, close the file reopen it. Click it somewhere (not on the first line) or navigate with keyboard somewhere off that first blank line, and kate crashes.
It doesn't happen if there is at least one character on the first line.
Comment 8 Jonas Widarsson 2006-10-05 14:17:53 UTC 
just for your information, the same crash occurs in kwrite too:

==22741== Invalid read of size 2
==22741==    at 0x40527C6: QChar::QChar(QChar const&) (qstring.h:270)
==22741==    by 0x7034E1F: KateRenderer::textWidth(KSharedPtr<KateTextLine> const&, int) (katerenderer.cpp:766)
==22741==    by 0x7015BAE: KateViewInternal::updateMicroFocusHint() (kateviewinternal.cpp:886)
==22741==    by 0x7018A34: KateViewInternal::updateCursor(KateTextCursor const&, bool, bool, bool) (kateviewinternal.cpp:2169)
==22741==    by 0x701A0CB: KateViewInternal::placeCursor(QPoint const&, bool, bool) (kateviewinternal.cpp:2377)
==22741==    by 0x701A791: KateViewInternal::mousePressEvent(QMouseEvent*) (kateviewinternal.cpp:2699)
==22741==    by 0x4E79F32: QWidget::event(QEvent*) (in /home/jonas/kdesvn/build/qt-copy/lib/libqt-mt.so.3.3.6)
==22741==    by 0x4DE3666: QApplication::internalNotify(QObject*, QEvent*) (in /home/jonas/kdesvn/build/qt-copy/lib/libqt-mt.so.3.3.6)
==22741==    by 0x4DE4548: QApplication::notify(QObject*, QEvent*) (in /home/jonas/kdesvn/build/qt-copy/lib/libqt-mt.so.3.3.6)
==22741==    by 0x4977728: KApplication::notify(QObject*, QEvent*) (kapplication.cpp:550)
==22741==    by 0x4D835C8: QETWidget::translateMouseEvent(_XEvent const*) (in /home/jonas/kdesvn/build/qt-copy/lib/libqt-mt.so.3.3.6)
==22741==    by 0x4D824D6: QApplication::x11ProcessEvent(_XEvent*) (in /home/jonas/kdesvn/build/qt-copy/lib/libqt-mt.so.3.3.6)
==22741==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
Comment 9 Stefan Nikolaus 2006-10-06 13:14:40 UTC 
I CANNOT confirm, that the crash does not occur, if there's one character in the first line at least.
Comment 10 Jonas Widarsson 2006-10-06 16:54:09 UTC 
And I was able to keep working all day and night without problems as long as the first line isn't blank.
Comment 11 Dominik Haumann 2006-10-06 17:28:21 UTC 
Created attachment 18033 [details]
possible fix

can you please try the attached patch? I can not reproduce this crash at all,
so there is no way for me to try this...
Comment 12 Dominik Haumann 2006-10-06 18:33:50 UTC 
*** Bug 135169 has been marked as a duplicate of this bug. ***
Comment 13 Tomasz Czapiewski 2006-10-06 22:46:42 UTC 
It's 100% reproductible bug - kate crashes when the first line of opened file is empty - no matter if it's html, txt or something else.
If you put some characters (even one) in the first line then kate doesn't crash, even when you delete all the characters from the first line later.

Kate crashes only when you open the file with empty first line of file and you try to search through file or navigate with arrows to the end of lines or to lines which are wrapped to the next line.

gdb points to KateRenderer::textWidth()

And it's KDE 3.5.5 related.
Comment 14 Stefan Nikolaus 2006-10-06 23:17:36 UTC 
I've observed crashes also for files not beginning with an empty line. Anyway, since I installed the patch (17:45), I haven't encountered one.
Comment 15 Dirk Mueller 2006-10-07 14:03:41 UTC 
I can reproduce the crash and the patch seems to be correct.
Comment 16 Dominik Haumann 2006-10-07 14:29:44 UTC 
SVN commit 593300 by dhaumann:

fix crash that makes katepart pretty unusable.
Please retag for KDE 3.5.5 - thanks & sorry for the hassle.

BUG: 135045


 M  +1 -1      katerenderer.cpp  


--- branches/KDE/3.5/kdelibs/kate/part/katerenderer.cpp #593299:593300
@@ -763,7 +763,7 @@
 
     x += width;
 
-    if (unicode[z] == QChar('\t'))
+    if (z < len && unicode[z] == QChar('\t'))
       x -= x % width;
   }
Comment 17 Tommi Tervo 2006-10-30 14:06:03 UTC 
*** Bug 136451 has been marked as a duplicate of this bug. ***