Bug 145328

Summary: kate: crash when opening large files
Product: [Applications] kate Reporter: Olivier Vitrat <ovit.debian>
Component: generalAssignee: KWrite Developers <kwrite-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: estellnb, mroos
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Debian stable   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Olivier Vitrat 2007-05-11 20:07:22 UTC
Version:            (using KDE KDE 3.5.5)
Installed from:    Debian stable Packages

Reported in Debian BTS at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415605

kate (and kwrite) crash when opening a large text file. I produced a
file with "ls -alR / > aaa; cat aaa aaa aaa aaa" and got a 148M text
file "bbb". Opening "aaa" works fine but opening "bbb" makes both kate
and kwrite crash.

Got a better backtrace too:

Using host libthread_db library "/lib/tls/i686/cmov/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -1233979168 (LWP 3506)]
[KCrash handler]
#6  KateBuffer::findBlock_internal (this=0x81191c0, i=2157376, index=0x0)
    at /tmp/buildd/kdelibs-3.5.5a.dfsg.1/./kate/part/katebuffer.h:141
#7  0xb5f88cc9 in KateViewInternal::range (this=0x81c52e8, realLine=2157376,
    previous=0x0)
    at /tmp/buildd/kdelibs-3.5.5a.dfsg.1/./kate/part/katebuffer.h:546
#8  0xb5f8940e in KateViewInternal::viewLine (this=0x81c52e8,
    realCursor=@0xbf84f90c)
    at /tmp/buildd/kdelibs-3.5.5a.dfsg.1/./kate/part/kateviewinternal.cpp:1443
#9  0xb5f8a521 in KateViewInternal::viewLineOffset (this=0x81c52e8,
    virtualCursor=@0xbf84f964, offset=-45, keepX=false)
    at /tmp/buildd/kdelibs-3.5.5a.dfsg.1/./kate/part/kateviewinternal.cpp:1555
#10 0xb5f8b066 in KateViewInternal::maxStartPos (this=0x81c52e8, changed=true)
    at /tmp/buildd/kdelibs-3.5.5a.dfsg.1/./kate/part/kateviewinternal.cpp:370
#11 0xb5f8b168 in KateViewInternal::updateView (this=0x81c52e8, changed=true,
    viewLinesScrolled=0)
    at /tmp/buildd/kdelibs-3.5.5a.dfsg.1/./kate/part/kateviewinternal.cpp:478
#12 0xb5f8f876 in KateView::updateView (this=0x81a0050, changed=true)
    at /tmp/buildd/kdelibs-3.5.5a.dfsg.1/./kate/part/kateview.cpp:1315
#13 0xb5f9a161 in KateDocument::openFile (this=0x8118d48, job=0x0)
    at /tmp/buildd/kdelibs-3.5.5a.dfsg.1/./kate/part/katedocument.cpp:2385
#14 0xb5f9a743 in KateDocument::openFile (this=0x8118d48)
    at /tmp/buildd/kdelibs-3.5.5a.dfsg.1/./kate/part/katedocument.cpp:2305
#15 0xb5f0381f in KateDocument::openURL (this=0x8118d48, url=@0xbf84fee8)
    at /tmp/buildd/kdelibs-3.5.5a.dfsg.1/./kate/part/katedocument.cpp:2218
#16 0xb7f147f9 in KWrite::loadURL (this=0x80924d0, url=@0xbf84fee8)
    at /tmp/buildd/kdebase-3.5.5a.dfsg.1/./kate/app/kwritemain.cpp:188
#17 0xb7f189d3 in kdemain (argc=2, argv=0xbf850074)
    at /tmp/buildd/kdebase-3.5.5a.dfsg.1/./kate/app/kwritemain.cpp:673
#18 0x08048482 in main (argc=1, argv=0x8d8bbf0) at kwrite.la.cpp:2
#19 0xb7cd7ea8 in __libc_start_main () from /lib/tls/i686/cmov/libc.so.6
#20 0x080483d1 in _start () at ../sysdeps/i386/elf/start.S:119
Comment 1 Bram Schoenmakers 2007-05-19 22:32:18 UTC
*** Bug 145670 has been marked as a duplicate of this bug. ***
Comment 2 Dominik Haumann 2007-05-20 01:00:54 UTC
See also bug #92149 for a similar backtrace.
Olivier Vitrat and Meelis Roos: Can you provide a valgrind trace?
$ valgrind kwrite
Comment 3 Meelis Roos 2007-05-28 11:07:35 UTC
Tried with 3.5.7 Debian package, still crashes. Running with valgrind results in the following output:

==13229== Memcheck, a memory error detector.
==13229== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==13229== Using LibVEX rev 1732, a library for dynamic binary translation.
==13229== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==13229== Using valgrind-3.2.3-Debian, a dynamic binary instrumentation framework.
==13229== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==13229== For more details, rerun with: -v
==13229==
==13229== Syscall param write(buf) points to uninitialised byte(s)
==13229==    at 0x423468E: __write_nocancel (in /usr/lib/debug/libc-2.5.so)
==13229==    by 0x55DE29E: _X11TransWrite (in /usr/lib/libX11.so.6.2.0)
==13229==    by 0x55E3BD5: (within /usr/lib/libX11.so.6.2.0)
==13229==    by 0x55E3CAA: _XReply (in /usr/lib/libX11.so.6.2.0)
==13229==    by 0x55C9F70: XInternAtom (in /usr/lib/libX11.so.6.2.0)
==13229==    by 0x55DDDCA: XSetWMProperties (in /usr/lib/libX11.so.6.2.0)
==13229==    by 0x50137F0: QWidget::create(unsigned long, bool, bool) (qwidget_x11.cpp:613)
==13229==    by 0x50E6DA9: QWidget::QWidget(QWidget*, char const*, unsigned) (qwidget.cpp:889)
==13229==    by 0x47B4D0D: KApplication::init(bool) (kapplication.cpp:946)
==13229==    by 0x47B6817: KApplication::KApplication(bool, bool) (kapplication.cpp:634)
==13229==    by 0x4050A70: kdemain (kwritemain.cpp:590)
==13229==    by 0x80484C1: main (kwrite.la.cpp:2)
==13229==  Address 0x58C3290 is 240 bytes inside a block of size 16,384 alloc'd
==13229==    at 0x40217EF: calloc (vg_replace_malloc.c:279)
==13229==    by 0x55CECBD: XOpenDisplay (in /usr/lib/libX11.so.6.2.0)
==13229==    by 0x4FCF367: qt_init_internal(int*, char**, _XDisplay*, unsigned long, unsigned long) (qapplication_x11.cpp:1767)
==13229==    by 0x4FD13BD: qt_init(int*, char**, QApplication::Type) (qapplication_x11.cpp:2385)
==13229==    by 0x5049433: QApplication::construct(int&, char**, QApplication::Type) (qapplication.cpp:813)
==13229==    by 0x5049772: QApplication::QApplication(int&, char**, bool) (qapplication.cpp:773)
==13229==    by 0x47B664D: KApplication::KApplication(bool, bool) (kapplication.cpp:622)
==13229==    by 0x4050A70: kdemain (kwritemain.cpp:590)
==13229==    by 0x80484C1: main (kwrite.la.cpp:2)
==13229==
==13229== Syscall param write(buf) points to uninitialised byte(s)
==13229==    at 0x423468E: __write_nocancel (in /usr/lib/debug/libc-2.5.so)
==13229==    by 0x55DE29E: _X11TransWrite (in /usr/lib/libX11.so.6.2.0)
==13229==    by 0x55E3BD5: (within /usr/lib/libX11.so.6.2.0)
==13229==    by 0x55C0500: XFlush (in /usr/lib/libX11.so.6.2.0)
==13229==    by 0x501242B: QWidget::setCursor(QCursor const&) (qwidget_x11.cpp:1076)
==13229==    by 0x6B1AFE6: KateViewInternal::KateViewInternal(KateView*, KateDocument*) (kateviewinternal.cpp:176)
==13229==    by 0x6B25BEF: KateView::KateView(KateDocument*, QWidget*, char const*) (kateview.cpp:119)
==13229==    by 0x6B25F34: KateDocument::createView(QWidget*, char const*) (katedocument.cpp:356)
==13229==    by 0x404FAB1: KWrite::KWrite(KTextEditor::Document*) (kwritemain.cpp:90)
==13229==    by 0x4050C43: kdemain (kwritemain.cpp:660)
==13229==    by 0x80484C1: main (kwrite.la.cpp:2)
==13229==  Address 0x58C323E is 158 bytes inside a block of size 16,384 alloc'd
==13229==    at 0x40217EF: calloc (vg_replace_malloc.c:279)
==13229==    by 0x55CECBD: XOpenDisplay (in /usr/lib/libX11.so.6.2.0)
==13229==    by 0x4FCF367: qt_init_internal(int*, char**, _XDisplay*, unsigned long, unsigned long) (qapplication_x11.cpp:1767)
==13229==    by 0x4FD13BD: qt_init(int*, char**, QApplication::Type) (qapplication_x11.cpp:2385)
==13229==    by 0x5049433: QApplication::construct(int&, char**, QApplication::Type) (qapplication.cpp:813)
==13229==    by 0x5049772: QApplication::QApplication(int&, char**, bool) (qapplication.cpp:773)
==13229==    by 0x47B664D: KApplication::KApplication(bool, bool) (kapplication.cpp:622)
==13229==    by 0x4050A70: kdemain (kwritemain.cpp:590)
==13229==    by 0x80484C1: main (kwrite.la.cpp:2)
==13229==
==13229== Use of uninitialised value of size 4
==13229==    at 0x6A7835D: KateBuffer::findBlock_internal(unsigned, unsigned*) (katebuffer.h:141)
==13229==    by 0x6B1519A: KateViewInternal::range(int, KateLineRange const*) (katebuffer.h:546)
==13229==    by 0x6B158CD: KateViewInternal::viewLine(KateTextCursor const&) (kateviewinternal.cpp:1443)
==13229==    by 0x6B17583: KateViewInternal::viewLineOffset(KateTextCursor const&, int, bool) (kateviewinternal.cpp:1555)
==13229==    by 0x6B180CB: KateViewInternal::maxStartPos(bool) (kateviewinternal.cpp:370)
==13229==    by 0x6B18176: KateViewInternal::updateView(bool, int) (kateviewinternal.cpp:478)
==13229==    by 0x6B1BDA7: KateView::updateView(bool) (kateview.cpp:1315)
==13229==    by 0x6B290E1: KateDocument::openFile(KIO::Job*) (katedocument.cpp:2388)
==13229==    by 0x6B296E4: KateDocument::openFile() (katedocument.cpp:2308)
==13229==    by 0x6A84FE7: KateDocument::openURL(KURL const&) (katedocument.cpp:2221)
==13229==    by 0x404CBC8: KWrite::loadURL(KURL const&) (kwritemain.cpp:188)
==13229==    by 0x4050E82: kdemain (kwritemain.cpp:673)
==13229==
==13229== Invalid read of size 4
==13229==    at 0x6A7835D: KateBuffer::findBlock_internal(unsigned, unsigned*) (katebuffer.h:141)
==13229==    by 0x6B1519A: KateViewInternal::range(int, KateLineRange const*) (katebuffer.h:546)
==13229==    by 0x6B158CD: KateViewInternal::viewLine(KateTextCursor const&) (kateviewinternal.cpp:1443)
==13229==    by 0x6B17583: KateViewInternal::viewLineOffset(KateTextCursor const&, int, bool) (kateviewinternal.cpp:1555)
==13229==    by 0x6B180CB: KateViewInternal::maxStartPos(bool) (kateviewinternal.cpp:370)
==13229==    by 0x6B18176: KateViewInternal::updateView(bool, int) (kateviewinternal.cpp:478)
==13229==    by 0x6B1BDA7: KateView::updateView(bool) (kateview.cpp:1315)
==13229==    by 0x6B290E1: KateDocument::openFile(KIO::Job*) (katedocument.cpp:2388)
==13229==    by 0x6B296E4: KateDocument::openFile() (katedocument.cpp:2308)
==13229==    by 0x6A84FE7: KateDocument::openURL(KURL const&) (katedocument.cpp:2221)
==13229==    by 0x404CBC8: KWrite::loadURL(KURL const&) (kwritemain.cpp:188)
==13229==    by 0x4050E82: kdemain (kwritemain.cpp:673)
==13229==  Address 0x8 is not stack'd, malloc'd or (recently) free'd
KCrash: Application 'kwrite' crashing...
==13229==
==13229== ERROR SUMMARY: 16 errors from 4 contexts (suppressed: 143 from 2)
==13229== malloc/free: in use at exit: 12,074,937 bytes in 328,869 blocks.
==13229== malloc/free: 635,058 allocs, 306,189 frees, 1,150,377,279 bytes allocated.
==13229== For counts of detected errors, rerun with: -v
==13229== searching for pointers to 328,869 not-freed blocks.
==13229== checked 11,802,940 bytes.
==13229==
==13229== LEAK SUMMARY:
==13229==    definitely lost: 5,501 bytes in 166 blocks.
==13229==      possibly lost: 153,408 bytes in 16 blocks.
==13229==    still reachable: 11,916,028 bytes in 328,687 blocks.
==13229==         suppressed: 0 bytes in 0 blocks.
==13229== Rerun with --leak-check=full to see details of leaked memory.
Comment 4 Christoph Cullmann 2008-08-11 13:23:09 UTC
Fixed for KDE 4.