Bug 282416

Summary: crash in folding bar after reload
Product: [Applications] kate Reporter: Dominik Haumann <dhaumann>
Component: foldingAssignee: KWrite Developers <kwrite-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: adrian.lungu89, dhaumann
Priority: VHI    
Version: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Dominik Haumann 2011-09-20 16:00:23 UTC 
Application: kwrite (4.6.00 (4.6.0) "release 6")
KDE Platform Version: 4.6.00 (4.6.0) "release 6"
Qt Version: 4.7.1
Operating System: Linux 2.6.37.6-0.7-desktop i686
Distribution: "openSUSE 11.4 (i586)"

-- Information about the crash:
- What I was doing when the application crashed:

1. move with mouse over icon border to highlight the folding region
2. press F5
3. click the folding bar
4. crash

The crash can be reproduced every time.

-- Backtrace:
Application: KWrite (kwrite), signal: Segmentation fault
[Current thread is 1 (Thread 0xb4fd8710 (LWP 7131))]

Thread 3 (Thread 0xb2218b70 (LWP 7132)):
#0  0xffffe424 in __kernel_vsyscall ()
#1  0xb5dea105 in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/libpthread.so.0
#2  0xb2759e17 in ?? () from /usr/lib/libQtScript.so.4
#3  0xb2759e5f in ?? () from /usr/lib/libQtScript.so.4
#4  0xb5de5b05 in start_thread () from /lib/libpthread.so.0
#5  0xb5a53d5e in clone () from /lib/libc.so.6

Thread 2 (Thread 0xb13aab70 (LWP 7134)):
#0  0xffffe424 in __kernel_vsyscall ()
#1  0xb5a4c9b1 in select () from /lib/libc.so.6
#2  0xb5f3ba88 in ?? () from /usr/lib/libQtCore.so.4
#3  0xb5e603aa in ?? () from /usr/lib/libQtCore.so.4
#4  0xb5de5b05 in start_thread () from /lib/libpthread.so.0
#5  0xb5a53d5e in clone () from /lib/libc.so.6

Thread 1 (Thread 0xb4fd8710 (LWP 7131)):
[KCrash Handler]
#7  0xb24be185 in KateCodeFoldingNode::getStartMatching (this=0x0, endNode=0x82a0e88) at /home/dhaumann/local/projects/kate/part/syntax/katecodefolding.cpp:148
#8  0xb24c0b43 in KateCodeFoldingTree::getLineInfo (this=0x82a0c60, info=0xbfbbb32c, line=-1) at /home/dhaumann/local/projects/kate/part/syntax/katecodefolding.cpp:972
#9  0xb244a031 in KateBuffer::lineInfo (this=0x82a0bd8, info=0xbfbbb32c, line=-1) at /home/dhaumann/local/projects/kate/part/document/katebuffer.h:187
#10 0xb2441a9d in KateDocument::lineInfo (this=0x82a0620, info=0xbfbbb32c, line=4294967295) at /home/dhaumann/local/projects/kate/part/document/katedocument.cpp:4041
#11 0xb24f5f82 in KateIconBorder::mouseReleaseEvent (this=0x82a6320, e=0xbfbbb984) at /home/dhaumann/local/projects/kate/part/view/kateviewhelpers.cpp:1490
#12 0xb65325b0 in QWidget::event(QEvent*) () from /usr/lib/libQtGui.so.4
#13 0xb64d7414 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#14 0xb64e0c20 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#15 0xb6f871f1 in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#16 0xb5f5cfde in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#17 0xb64d845c in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) () from /usr/lib/libQtGui.so.4
#18 0xb6564030 in ?? () from /usr/lib/libQtGui.so.4
#19 0xb656313e in QApplication::x11ProcessEvent(_XEvent*) () from /usr/lib/libQtGui.so.4
#20 0xb658d960 in ?? () from /usr/lib/libQtGui.so.4
#21 0xb5455509 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#22 0xb5455d10 in ?? () from /lib/libglib-2.0.so.0
#23 0xb5455fce in g_main_context_iteration () from /lib/libglib-2.0.so.0
#24 0xb5f8b76b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#25 0xb658d55a in ?? () from /usr/lib/libQtGui.so.4
#26 0xb5f5c2bd in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#27 0xb5f5c4e9 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#28 0xb5f60f90 in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#29 0xb64d5104 in QApplication::exec() () from /usr/lib/libQtGui.so.4
#30 0xb78086aa in kdemain (argc=1, argv=0xbfbbc524) at /home/dhaumann/local/projects/kate/kwrite/kwritemain.cpp:680
#31 0x08048739 in main (argc=1, argv=0xbfbbc524) at /home/dhaumann/local/projects/kate/build/kwrite/kwrite_dummy.cpp:3

Reported using DrKonqi
Comment 1 Dominik Haumann 2011-09-20 16:08:59 UTC 
Adrian: Can you have a look, this is definitely in the new code :-)
Comment 2 Adrian 2011-09-20 16:15:36 UTC 
Dominik, please attach a file on which the bug can be replicated. I tried on a .c file, but I couldn't replicate it.

Thank you,
Adrian
Comment 3 Dominik Haumann 2011-09-20 16:18:19 UTC 
Updated backtrace:

#7  0xb250a185 in KateCodeFoldingNode::getStartMatching (this=0x0, endNode=0x829fcf0) at syntax/katecodefolding.cpp:148
#8  0xb250cb43 in KateCodeFoldingTree::getLineInfo (this=0x829fae8, info=0xbfdcc7fc, line=-1) at syntax/katecodefolding.cpp:972
#9  0xb2496031 in KateBuffer::lineInfo (this=0x829fa60, info=0xbfdcc7fc, line=-1) at document/katebuffer.h:187
#10 0xb248da9d in KateDocument::lineInfo (this=0x829f5b8, info=0xbfdcc7fc, line=-1) at document/katedocument.cpp:4041
#11 0xb2541f80 in KateIconBorder::mouseReleaseEvent (this=0x82a4438, e=0xbfdcce54) at view/kateviewhelpers.cpp:1490

This implies that in
  void KateCodeFoldingTree::getLineInfo(KateLineInfo *info, int line)
the line
  if (m_lineMapping.contains(line) && !m_lineMapping[line].isEmpty()) {
returns true, meaning that line = -1 is in the m_lineMapping QMap.

Isn't this wrong?
Comment 4 Dominik Haumann 2011-09-20 16:21:50 UTC 
Hm, you should be able to reproduce, as said:

1. make the code folding bar visible
2. hover over it, so the blue part appears
3. press F5 (reload)
4. click (_without_ moving the mouse, i.e. no blue bar anymore!)
5. crash

Reproducible with all files.
Comment 5 Dominik Haumann 2011-09-20 16:22:30 UTC 
The problem is that I pass -1 to lineInfo. I will fix that, but your code should be more robust here. As said, why is -1 in the line mapping at all?
Comment 6 Adrian 2011-09-20 16:27:09 UTC 
I have left my computer for the moment. I will come back in about an hour
and take a closer look. I tried to fallow your steps, but it didn't crash. I
hope i will be luckier when i come back. I'll keep you in touch with the
progress.
On Sep 20, 2011 6:22 PM, "Dominik Haumann" <haumann@kate-editor.org> wrote:
> https://bugs.kde.org/show_bug.cgi?id=282416
>
>
>
>
>
> --- Comment #5 from Dominik Haumann <haumann kate-editor org> 2011-09-20
16:22:30 ---
> The problem is that I pass -1 to lineInfo. I will fix that, but your code
> should be more robust here. As said, why is -1 in the line mapping at all?
>
> --
> Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
> ------- You are receiving this mail because: -------
> You are on the CC list for the bug.
Comment 7 Adrian 2011-09-20 19:50:04 UTC 
Git commit 230bcb64e2efee87ada4505fea562ebb88bd7892 by Adrian Lungu.
Committed on 20/09/2011 at 21:42.
Pushed by lungu into branch 'master'.

Folding bug fixed

The root node was iterated in getLineInfo() method causing a crash

BUG: 282416

M  +2    -2    part/syntax/katecodefolding.cpp

http://commits.kde.org/kate/230bcb64e2efee87ada4505fea562ebb88bd7892
Comment 8 Adrian 2011-09-20 19:57:15 UTC 
It should work just fine now, Dominik. The problem was not that line = -1. The root node is placed on line -1 in order to be above all the other nodes all the time. The problem is that the root node should not be iterated in that loop because it is just a "fictive" node.

The problem appeared with Kate's new highlighting look. I was testing on an older version earlier and it was working OK. :)

Adrian
Comment 9 Dominik Haumann 2011-09-20 21:04:19 UTC 
Ok, that is great to hear and what I hoped: to fix the real thing here and not work around it by catching the case earlier.

Maybe for the future: You usually develop with assumptions. In this case: "We assume "line >= 0" or so. Then a line
  Q_ASSERT(line >=0); // root node is line -1
should be added there or similar.

In this way, a crash (in debug mode) will tell me immediately that the function is not supposed to be called with negative lines, or at least you assumed this would not be the case.

Anyway, thanks for looking into this so quickly!