Bug 336195

Summary: Kate crash when pasting from clipboard
Product: [Applications] kate Reporter: Colin <colin>
Component: generalAssignee: KWrite Developers <kwrite-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: christoph, m00n.silv3r, slakware, walch.martin
Priority: NOR Keywords: drkonqi
Version First Reported In: 3.13.0   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: somewhat minimalistic testcase

Description Colin 2014-06-13 23:11:37 UTC 
Application: kate (3.13.0)
KDE Platform Version: 4.13.0
Qt Version: 4.8.6
Operating System: Linux 3.13.0-24-generic x86_64
Distribution: Ubuntu 14.04 LTS

-- Information about the crash:
- What I was doing when the application crashed:

Opened CSS file, pasted from clipboard (ctrl+v) the string ".techTags" 3 or 4 times in a row in different parts of the document

- Custom settings of the application:

Set Highlighting to "none" for the CSS file because CSS highlighting is broken in CSS files that use media queries.

The crash can be reproduced every time.

-- Backtrace:
Application: Kate (kate), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7fe1799cd7c0 (LWP 12619))]

Thread 3 (Thread 0x7fe1643e5700 (LWP 12620)):
#0  pthread_cond_wait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185
#1  0x00007fe1662bfffb in ?? () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#2  0x00007fe1662c0039 in ?? () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#3  0x00007fe176928182 in start_thread (arg=0x7fe1643e5700) at pthread_create.c:312
#4  0x00007fe17931830d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 2 (Thread 0x7fe0e193a700 (LWP 12621)):
#0  0x00007fe17648a62a in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#1  0x00007fe17648a989 in g_mutex_lock () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007fe1764480b0 in g_main_context_acquire () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007fe176448ea5 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#4  0x00007fe1764490ec in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#5  0x00007fe1772287be in QEventDispatcherGlib::processEvents (this=0x7fe0dc0008c0, flags=...) at kernel/qeventdispatcher_glib.cpp:436
#6  0x00007fe1771fa0af in QEventLoop::processEvents (this=this@entry=0x7fe0e1939de0, flags=...) at kernel/qeventloop.cpp:149
#7  0x00007fe1771fa3a5 in QEventLoop::exec (this=this@entry=0x7fe0e1939de0, flags=...) at kernel/qeventloop.cpp:204
#8  0x00007fe1770f6c5f in QThread::exec (this=this@entry=0x2e81e10) at thread/qthread.cpp:537
#9  0x00007fe1771db823 in QInotifyFileSystemWatcherEngine::run (this=0x2e81e10) at io/qfilesystemwatcher_inotify.cpp:265
#10 0x00007fe1770f932f in QThreadPrivate::start (arg=0x2e81e10) at thread/qthread_unix.cpp:349
#11 0x00007fe176928182 in start_thread (arg=0x7fe0e193a700) at pthread_create.c:312
#12 0x00007fe17931830d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111

Thread 1 (Thread 0x7fe1799cd7c0 (LWP 12619)):
[KCrash Handler]
#6  0x00007fe16693d655 in ~KSharedPtr (this=<optimized out>, __in_chrg=<optimized out>) at /usr/include/ksharedptr.h:90
#7  KateScriptDocument::anchor (this=0x38d8780, line=<optimized out>, column=<optimized out>, character=...) at ../../part/script/katescriptdocument.cpp:265
#8  0x00007fe1668b6b13 in KateScriptDocument::qt_static_metacall (_o=0x38d8780, _id=-6, _id@entry=78, _a=0x7fffca45cb60, _c=<optimized out>) at moc_katescriptdocument.cpp:381
#9  0x00007fe1668b7963 in qt_static_metacall (_a=0x7fffca45cb60, _id=78, _c=QMetaObject::InvokeMetaMethod, _o=0x38d8780) at moc_katescriptdocument.cpp:466
#10 KateScriptDocument::qt_metacall (this=0x38d8780, _c=QMetaObject::InvokeMetaMethod, _id=78, _a=0x7fffca45cb60) at moc_katescriptdocument.cpp:467
#11 0x00007fe16632bb32 in ?? () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#12 0x00007fe16632cc59 in ?? () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#13 0x00007fe16632cee9 in ?? () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#14 0x00007fe166232118 in ?? () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#15 0x00007fe16620ffc0 in ?? () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#16 0x00007fe0e3b8cf7a in ?? ()
#17 0xffff800035ba31a1 in ?? ()
#18 0x00007fe0d8d47900 in ?? ()
#19 0x00007fe00000001a in ?? ()
#20 0xffff000000000004 in ?? ()
#21 0x00007fe0d8d43ec0 in ?? ()
#22 0x0000000000000002 in ?? ()
#23 0x0000009b02d48540 in ?? ()
#24 0x00007fe1662c0996 in ?? () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#25 0x00007fe0e329a540 in ?? ()
#26 0x0000000003ce9d18 in ?? ()
#27 0x00007fe0d8d9c060 in ?? ()
#28 0x00007fe0e329ba50 in ?? ()
#29 0x00007fe1661c91f6 in ?? () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#30 0x00007fe16625e286 in ?? () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#31 0x00007fe16623213f in ?? () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#32 0x00007fe16631963e in QScriptValue::call(QScriptValue const&, QList<QScriptValue> const&) () from /usr/lib/x86_64-linux-gnu/libQtScript.so.4
#33 0x00007fe166933b09 in KateIndentScript::indent (this=0x2531460, view=view@entry=0x3a4be50, position=..., typedCharacter=..., typedCharacter@entry=..., indentWidth=<optimized out>) at ../../part/script/kateindentscript.cpp:73
#34 0x00007fe166a22120 in KateAutoIndent::scriptIndent (this=this@entry=0x3936af0, view=view@entry=0x3a4be50, position=..., typedChar=typedChar@entry=...) at ../../part/utils/kateautoindent.cpp:268
#35 0x00007fe166a22c2f in KateAutoIndent::indent (this=0x3936af0, view=view@entry=0x3a4be50, range=...) at ../../part/utils/kateautoindent.cpp:429
#36 0x00007fe1669251d1 in KateDocument::paste (this=0x393a250, view=view@entry=0x3a4be50, text=...) at ../../part/document/katedocument.cpp:2891
#37 0x00007fe166987d95 in KateView::paste (this=0x3a4be50, textToPaste=<optimized out>) at ../../part/view/kateview.cpp:2379
#38 0x00007fe17720f87a in QMetaObject::activate (sender=sender@entry=0x38d5c30, m=m@entry=0x7fe1791ddde0 <QAction::staticMetaObject>, local_signal_index=local_signal_index@entry=1, argv=argv@entry=0x7fffca45d400) at kernel/qobject.cpp:3539
#39 0x00007fe17872da62 in QAction::triggered (this=this@entry=0x38d5c30, _t1=false) at .moc/release-shared/moc_qaction.cpp:276
#40 0x00007fe17872f433 in QAction::activate (this=0x38d5c30, event=event@entry=QAction::Trigger) at kernel/qaction.cpp:1257
#41 0x00007fe17872f58c in QAction::event (this=<optimized out>, e=e@entry=0x7fffca45d7a0) at kernel/qaction.cpp:1183
#42 0x00007fe177929e9f in KAction::event (this=<optimized out>, event=0x7fffca45d7a0) at ../../kdeui/actions/kaction.cpp:131
#43 0x00007fe178733e2c in QApplicationPrivate::notify_helper (this=this@entry=0x2458650, receiver=receiver@entry=0x38d5c30, e=e@entry=0x7fffca45d7a0) at kernel/qapplication.cpp:4567
#44 0x00007fe17873a4a0 in QApplication::notify (this=this@entry=0x7fffca45e680, receiver=receiver@entry=0x38d5c30, e=e@entry=0x7fffca45d7a0) at kernel/qapplication.cpp:4353
#45 0x00007fe1779ffbaa in KApplication::notify (this=0x7fffca45e680, receiver=0x38d5c30, event=0x7fffca45d7a0) at ../../kdeui/kernel/kapplication.cpp:311
#46 0x00007fe1771fb4dd in QCoreApplication::notifyInternal (this=0x7fffca45e680, receiver=0x38d5c30, event=event@entry=0x7fffca45d7a0) at kernel/qcoreapplication.cpp:953
#47 0x00007fe1787652a6 in sendEvent (event=0x7fffca45d7a0, receiver=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:231
#48 QShortcutMap::dispatchEvent (this=this@entry=0x2458778, e=e@entry=0x7fffca45dae0) at kernel/qshortcutmap.cpp:887
#49 0x00007fe1787653dc in QShortcutMap::tryShortcutEvent (this=0x2458778, o=o@entry=0x2f08c40, e=e@entry=0x7fffca45dae0) at kernel/qshortcutmap.cpp:367
#50 0x00007fe17873b773 in QApplication::notify (this=this@entry=0x7fffca45e680, receiver=receiver@entry=0x2f08c40, e=e@entry=0x7fffca45dae0) at kernel/qapplication.cpp:3991
#51 0x00007fe1779ffbaa in KApplication::notify (this=0x7fffca45e680, receiver=0x2f08c40, event=0x7fffca45dae0) at ../../kdeui/kernel/kapplication.cpp:311
#52 0x00007fe1771fb4dd in QCoreApplication::notifyInternal (this=0x7fffca45e680, receiver=receiver@entry=0x2f08c40, event=event@entry=0x7fffca45dae0) at kernel/qcoreapplication.cpp:953
#53 0x00007fe178732556 in sendSpontaneousEvent (event=event@entry=0x7fffca45dae0, receiver=receiver@entry=0x2f08c40) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:234
#54 qt_sendSpontaneousEvent (receiver=receiver@entry=0x2f08c40, event=event@entry=0x7fffca45dae0) at kernel/qapplication.cpp:5565
#55 0x00007fe1787d2ff7 in QKeyMapper::sendKeyEvent (keyWidget=keyWidget@entry=0x2f08c40, grab=grab@entry=false, type=QEvent::KeyPress, code=86, modifiers=..., text=..., autorepeat=autorepeat@entry=false, count=1, nativeScanCode=55, nativeVirtualKey=118, nativeModifiers=4) at kernel/qkeymapper_x11.cpp:1866
#56 0x00007fe1787d3399 in QKeyMapperPrivate::translateKeyEvent (this=0x24b3750, keyWidget=keyWidget@entry=0x2f08c40, event=event@entry=0x7fffca45e070, grab=grab@entry=false) at kernel/qkeymapper_x11.cpp:1836
#57 0x00007fe1787ad3f7 in QApplication::x11ProcessEvent (this=0x7fffca45e680, event=event@entry=0x7fffca45e070) at kernel/qapplication_x11.cpp:3642
#58 0x00007fe1787d5b02 in x11EventSourceDispatch (s=0x2459110, callback=0x0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#59 0x00007fe176448e04 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#60 0x00007fe176449048 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#61 0x00007fe1764490ec in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#62 0x00007fe1772287a1 in QEventDispatcherGlib::processEvents (this=0x2412b50, flags=...) at kernel/qeventdispatcher_glib.cpp:434
#63 0x00007fe1787d5bb6 in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#64 0x00007fe1771fa0af in QEventLoop::processEvents (this=this@entry=0x7fffca45e440, flags=...) at kernel/qeventloop.cpp:149
#65 0x00007fe1771fa3a5 in QEventLoop::exec (this=this@entry=0x7fffca45e440, flags=...) at kernel/qeventloop.cpp:204
#66 0x00007fe1771ffb79 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1225
#67 0x00007fe17873237c in QApplication::exec () at kernel/qapplication.cpp:3828
#68 0x00007fe1795e9d15 in kdemain (argc=<optimized out>, argv=<optimized out>) at ../../../kate/app/katemain.cpp:381
#69 0x00007fe17923eec5 in __libc_start_main (main=0x4006d0 <main(int, char**)>, argc=1, argv=0x7fffca45e808, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffca45e7f8) at libc-start.c:287
#70 0x00000000004006fe in _start ()

Reported using DrKonqi
Comment 1 Martin Walch 2014-08-14 18:19:34 UTC 
(In reply to Colin from comment #0)
> Set Highlighting to "none" for the CSS file because CSS highlighting is
> broken in CSS files that use media queries.

The broken media queries should be fixed in the 4.14 branch if the problem you encounter is the same as in bug #335744.

Regarding this crash, I just reproduced it with Kate 3.13.3:

#6  0x00007f73dd83644f in KSharedPtr (o=..., this=<synthetic pointer>) at /usr/include/ksharedptr.h:84
#7  KateScriptDocument::anchor (this=this@entry=0x2e628a0, line=1, column=<optimized out>, character=...) at /var/tmp/portage/kde-base/katepart-4.13.3/work/katepart-4.13.3/part/script/katescriptdocument.cpp:254
#8  0x00007f73dd7abd95 in KateScriptDocument::qt_static_metacall (_o=0x2e628a0, _id=<optimized out>, _a=0x7fff96c7a560, _c=<optimized out>) at /var/tmp/portage/kde-base/katepart-4.13.3/work/katepart-4.13.3_build/part/moc_katescriptdocument.cpp:381
#9  0x00007f73dd7acc5a in KateScriptDocument::qt_metacall (this=0x2e628a0, _c=QMetaObject::InvokeMetaMethod, _id=<optimized out>, _a=0x7fff96c7a560) at /var/tmp/portage/kde-base/katepart-4.13.3/work/katepart-4.13.3_build/part/moc_katescriptdocument.cpp:467
#10 0x00007f73dd1fb339 in QScript::callQtMethod (exec=exec@entry=0x7f7355f37248, callType=callType@entry=QMetaMethod::Method, thisQObject=thisQObject@entry=0x2e628a0, scriptArgs=..., meta=meta@entry=0x7f73ddbd0e80 <KateScriptDocument::staticMetaObject>, initialIndex=83, maybeOverloaded=true) at bridge/qscriptqobject.cpp:960
#11 0x00007f73dd1fcc07 in QScript::QtFunction::execute (this=this@entry=0x7f7355eceb40, exec=0x7f7355f37248, thisValue=..., thisValue@entry=..., scriptArgs=...) at bridge/qscriptqobject.cpp:1015
#12 0x00007f73dd1fce0d in QScript::QtFunction::call (exec=0x7f7355f37248, callee=0x7f7355eceb40, thisValue=..., args=...) at bridge/qscriptqobject.cpp:1030
#13 0x00007f73dd100350 in QTJSC::NativeFuncWrapper::operator() (this=this@entry=0x7fff96c7a790, exec=0x7f7355f37248, jsobj=jsobj@entry=0x7f7355eceb40, thisValue=..., argList=...) at ../3rdparty/javascriptcore/JavaScriptCore/runtime/CallData.cpp:46
#14 0x00007f73dd0dd555 in QTJSC::cti_op_call_NotJSFunction (args=0x7fff96c7a7f0) at ../3rdparty/javascriptcore/JavaScriptCore/jit/JITStubs.cpp:1780
#15 0x00007f735abccdac in ?? ()
#16 0x0000000000008000 in ?? ()
#17 0x00007f7355eceb40 in ?? ()
#18 0x00007f730000000e in ?? ()
#19 0xffff000000000004 in ?? ()
#20 0x00007f7355ec3ec0 in ?? ()
#21 0x0000000000000007 in ?? ()
#22 0x0000000000000040 in ?? ()
#23 0x0000000000000008 in ?? ()
#24 0x0000000000000200 in ?? ()
#25 0x00007f735aba18f0 in ?? ()
#26 0x00007f735a2cfc78 in ?? ()
#27 0x00007f7355f37248 in ?? ()
#28 0x00007f735a276688 in ?? ()
#29 0x00007f73dd488da8 in QTJSC::ExecutableAllocator::pageSize () from /usr/lib64/qt4/libQtScript.so.4
#30 0x00007f735a275400 in ?? ()
#31 0x00007f7355f37000 in ?? ()
#32 0x0000000002dcaa48 in ?? ()
#33 0x00007f73dd488da8 in QTJSC::ExecutableAllocator::pageSize () from /usr/lib64/qt4/libQtScript.so.4
#34 0x00007f7355f37060 in ?? ()
#35 0x00007f735a2cfc60 in ?? ()
#36 0x00007fff96c7a920 in ?? ()
#37 0x00007f73dd099770 in execute (exception=0x250dcc8, globalData=0x7f7355f37248, callFrame=0x7f7355f371d8, registerFile=0x20e, this=<optimized out>) at ../3rdparty/javascriptcore/JavaScriptCore/jit/JITCode.h:79
#38 QTJSC::Interpreter::execute (this=0x1f6, functionExecutable=0x7f735a2cfc78, callFrame=0xffff000000000002, function=0x7f735a276688, thisObj=<optimized out>, args=..., scopeChain=0x4000, exception=0x250dcc8) at ../3rdparty/javascriptcore/JavaScriptCore/interpreter/Interpreter.cpp:716
Backtrace stopped: frame did not save the PC
Comment 2 Martin Walch 2014-08-14 19:13:42 UTC 
Created attachment 88257 [details]
somewhat minimalistic testcase

The crash does not happen always. I have good chances with

1. Open testcase in kate (CSS mode should be autoselected, i.e. CSS highlighting with C style indentation)
2. Deactivate highlighting, but keep C style indentation
3. Move cursor to the end of the second line
4. Press Enter

Now Kate should have crashed. If it has not crashed, close Kate and re-try. The crash happens for me in about one of two attempts.
Comment 3 Martin Walch 2014-08-15 01:35:41 UTC 
The call to KateScriptDocument::anchor(...) happens in cstyle.js in the function

tryParenthesisBeforeBrace(line, column)

in the line

return document.anchor(line, column, '(');

After investigating the C++ code around the anchor method for several hours I hoped that the fix from bug #337785 might also fix this bug, but this is not the case.

The call to m_document->highlight()->attributes(QString&) gets as QString parameter "kate - Normal" and returns a list of varying size, most times 1 or 2 (I guess this is already suspicious?).

However the call document()->plainKateTextLine(cursor->line())->attribute(cursor->column()) returns 3 and is used as index into attributes. Sometimes this causes a segmentation fault and sometimes not. Chances to trigger the segmentation fault are better when running a fresh instance of Kate and not opening any other documents except the test case.

As I do not really understand what the code is doing there, it is hard for me to track this down. Maybe someone who knows the code better can look into this?
Comment 4 Christoph Cullmann 2014-08-17 20:06:06 UTC 
Perhaps commit 

Git commit c42cbd1e08288848422df09a9a4b98aaba53e21b by Christoph Cullmann.
Committed on 17/08/2014 at 20:04.
Pushed by cullmann into branch 'master'.

fix unit test + try to fix segfault in anchor

M  +1    -1    autotests/src/katedocument_test.cpp
M  +3    -12   src/script/katescriptdocument.cpp

http://commits.kde.org/ktexteditor/c42cbd1e08288848422df09a9a4b98aaba53e21b

helps
Comment 5 Dominik Haumann 2014-09-14 18:05:17 UTC 
Martin, can you please check again so we can eventually close this report? :-)
Comment 6 Martin Walch 2014-09-18 05:15:00 UTC 
(In reply to Dominik Haumann from comment #5)
> Martin, can you please check again so we can eventually close this report?
> :-)

Sorry, so far I cannot. I have not yet accomplished to successfully build KF5 on my computer and I will probably lack the time to investigate this further during the next few weeks.
Comment 7 Christoph Cullmann 2015-06-08 19:26:49 UTC 
I think my patch did help, please reopen, if that still occurs.
Comment 8 Christoph Cullmann 2015-06-08 20:09:33 UTC 
*** Bug 347428 has been marked as a duplicate of this bug. ***
Comment 9 Dominik Haumann 2016-10-03 16:09:41 UTC 
*** Bug 369655 has been marked as a duplicate of this bug. ***