Bug 307005

Summary: Pasting a long string into the ctags lookup box causes a crash
Product: [Applications] kate Reporter: Steven Holte <sholte>
Component: generalAssignee: KWrite Developers <kwrite-bugs-null>
Status: RESOLVED DUPLICATE    
Severity: crash CC: kare.sars
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Steven Holte 2012-09-18 21:37:00 UTC 
Application: kate (3.6.5)
KDE Platform Version: 4.6.5 (4.6.5)
Qt Version: 4.7.2
Operating System: Linux 2.6.38-15-generic x86_64
Distribution: Ubuntu 11.04

-- Information about the crash:
- What I was doing when the application crashed:

With the ctags panel open, in the lookup tab, I pasted a long string in to the search box next to the "update index" button, and kate crashed.  This seems to happend every time and doesn't matter what the string is. I was able to duplicate with a string of 163 "a"s.

The crash can be reproduced every time.

-- Backtrace:
Application: Kate (kate), signal: Aborted
[Current thread is 1 (Thread 0x7fdb5730e780 (LWP 8661))]

Thread 2 (Thread 0x7fdb44a74700 (LWP 8662)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:162
#1  0x00007fdb45ade2a2 in ?? () from /usr/lib/libQtScript.so.4
#2  0x00007fdb45ade2d9 in ?? () from /usr/lib/libQtScript.so.4
#3  0x00007fdb542eed8c in start_thread (arg=0x7fdb44a74700) at pthread_create.c:304
#4  0x00007fdb56c78c2d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#5  0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7fdb5730e780 (LWP 8661)):
[KCrash Handler]
#6  0x00007fdb56bc5d05 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#7  0x00007fdb56bc9ab6 in abort () at abort.c:92
#8  0x00007fdb56bff87b in __libc_message (do_abort=2, fmt=0x7fdb56ce67c3 "*** %s ***: %s terminated\n") at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
#9  0x00007fdb56c90db7 in __fortify_fail (msg=0x7fdb56ce675a "buffer overflow detected") at fortify_fail.c:32
#10 0x00007fdb56c8fcd0 in __chk_fail () at chk_fail.c:29
#11 0x00007fdb56c8f149 in _IO_str_chk_overflow (fp=0x21d5, c=8661) at vsprintf_chk.c:35
#12 0x00007fdb56c07698 in _IO_default_xsputn (f=0x7fffa5da2c50, data=<value optimized out>, n=90) at genops.c:485
#13 0x00007fdb56bda371 in _IO_vfprintf_internal (s=<value optimized out>, format=<value optimized out>, ap=<value optimized out>) at vfprintf.c:1623
#14 0x00007fdb56c8f1e4 in ___vsprintf_chk (s=0x7fffa5da2fc0 "http://ausdvs.nvidia.com/Submission?which_changelist=1378899612907798.4&which_p", flags=1, slen=80, format=0x7fdb44ce447f "%s", args=0x7fffa5da2d70) at vsprintf_chk.c:86
#15 0x00007fdb56c8f12a in ___sprintf_chk (s=<value optimized out>, flags=<value optimized out>, slen=<value optimized out>, format=<value optimized out>) at sprintf_chk.c:33
#16 0x00007fdb44cda1d3 in ?? () from /usr/lib/kde4/katectagsplugin.so
#17 0x00007fdb44cda760 in ?? () from /usr/lib/kde4/katectagsplugin.so
#18 0x00007fdb44cdf46c in ?? () from /usr/lib/kde4/katectagsplugin.so
#19 0x00007fdb44cd89d4 in ?? () from /usr/lib/kde4/katectagsplugin.so
#20 0x00007fdb54bb25a8 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#21 0x00007fdb54bb1179 in QObject::event(QEvent*) () from /usr/lib/libQtCore.so.4
#22 0x00007fdb560aa9f4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#23 0x00007fdb560af3ba in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#24 0x00007fdb553856c6 in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#25 0x00007fdb54b9d44c in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#26 0x00007fdb54bcaec2 in ?? () from /usr/lib/libQtCore.so.4
#27 0x00007fdb54bc7ca4 in ?? () from /usr/lib/libQtCore.so.4
#28 0x00007fdb53e22bcd in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#29 0x00007fdb53e233a8 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#30 0x00007fdb53e23639 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#31 0x00007fdb54bc839f in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#32 0x00007fdb561544de in ?? () from /usr/lib/libQtGui.so.4
#33 0x00007fdb54b9c832 in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#34 0x00007fdb54b9ca6c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#35 0x00007fdb54ba0e7b in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#36 0x00007fdb56f2e295 in kdemain () from /usr/lib/kde4/libkdeinit/libkdeinit4_kate.so
#37 0x00007fdb56bb0eff in __libc_start_main (main=0x400730 <_start+256>, argc=1, ubp_av=0x7fffa5da50d8, init=<value optimized out>, fini=<value optimized out>, rtld_fini=<value optimized out>, stack_end=0x7fffa5da50c8) at libc-start.c:226
#38 0x0000000000400659 in _start ()

Possible duplicates by query: bug 303502, bug 301541, bug 299471, bug 297031.

Reported using DrKonqi
Comment 1 Kåre Särs 2012-09-19 06:34:41 UTC 
Thanks for the report.

I just tried it in the master branch and I did not get a crash. I think this has been fixed already. If you still get the problem with newer versions please reopen.

/Kåre

*** This bug has been marked as a duplicate of bug 301093 ***