Bug 342512

Summary: Crash during code folding, embedded in KDevelop [KateLineLayout::viewLineCount]
Product: [Applications] kate Reporter: Nicolai Hähnle <nhaehnle>
Component: foldingAssignee: KWrite Developers <kwrite-bugs-null>
Status: RESOLVED FIXED    
Severity: crash    
Priority: NOR    
Version: Git   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: http://commits.kde.org/ktexteditor/46bae1d04176fe966e2cd973eef07581ec1ef92a Version Fixed In:
Sentry Crash Report:

Description Nicolai Hähnle 2015-01-05 13:59:28 UTC 
A crash can be triggered during code folding in KDevelop (ktexteditor, kdevplatform, and kdevelop all from current Git master). The stacktrace leads me to believe that the blame is with Kate, which is why I'm filing it here (see below for some explanation).

Roughly speaking, a specific but reliably reproducable set of circumstances appears to cause the following scenario:

1. While code folding is happening, the signal KTextEditor::View::verticalScrollPositionChanged is emitted.
2. The code in KDevelop receives this signal and takes it as a cue to try to reposition a popup.
3. In doing so, it calls back into Kate to translate the current cursor position into screen coordinates, which segfaults because (according to the debugger) the KateLineLayoutPtr retrieved inside KateLayoutCache::lastViewLine is null.

What KDevelop is trying to do here seems perfectly reasonable. Kate should guarantee that benign methods like cursorCoordinates() don't fail when called from slots connected to signals that Kate itself emits.

Reproducible: Always

Steps to Reproduce:
1. Open a moderately sized source file in KDevelop; ideally, set a breakpoint on AssistantPopup::updatePosition if you have debug symbols (this is helpful for reproducibility).
2. Move the cursor in the source file onto a problem that triggers an assistant popup (e.g. missing method or variable).
3. Hit the "Fold Toplevel Nodes" keyboard shortcut (default Ctrl+Shift+-).
4. If you set the breakpoint, you hit the keyboard shortcut while the program was stopped; continue in the debugger until you hit the segfault.

Actual Results:  
Segmentation fault, with a null KateLineLayout pointer, see stacktrace below.

Expected Results:  
No crash :)

#0 KateLineLayout::viewLineCount() at /home/haehnle/software/kdevelop/ktexteditor/src/render/katelinelayout.cpp:178
#1 KateLayoutCache::lastViewLine() at /home/haehnle/software/kdevelop/ktexteditor/src/render/katelayoutcache.cpp:500
#2 lastViewLine() at /home/haehnle/software/kdevelop/ktexteditor/src/render/katelayoutcache.cpp:504
#3 KateLayoutCache::viewLineCount() at /home/haehnle/software/kdevelop/ktexteditor/src/render/katelayoutcache.cpp:505
#4 KateLayoutCache::displayViewLine() at /home/haehnle/software/kdevelop/ktexteditor/src/render/katelayoutcache.cpp:461
#5 KateViewInternal::cursorToCoordinate() at /home/haehnle/software/kdevelop/ktexteditor/src/view/kateviewinternal.cpp:753
#6 KateViewInternal::cursorCoordinates() at /home/haehnle/software/kdevelop/ktexteditor/src/view/kateviewinternal.cpp:782
#7 KTextEditor::ViewPrivate::cursorPositionCoordinates() at /home/haehnle/software/kdevelop/ktexteditor/src/view/kateview.cpp:2524
#8 AssistantPopup::updatePosition() at /home/haehnle/software/kdevelop/kdevplatform/shell/assistantpopup.cpp:322
#9 QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1>, QtPrivate::List<KTextEditor::View*, KTextEditor::Cursor const&>, void, void (AssistantPopup::*)(KTextEditor::View*, KTextEditor::Cursor const&)>::call() at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:508
#10 QtPrivate::FunctionPointer<void (AssistantPopup::*)(KTextEditor::View*, KTextEditor::Cursor const&)>::call<QtPrivate::List<KTextEditor::View*, KTextEditor::Cursor const&>, void>() at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobjectdefs_impl.h:527
#11 QtPrivate::QSlotObject<void (AssistantPopup::*)(KTextEditor::View*, KTextEditor::Cursor const&), QtPrivate::List<KTextEditor::View*, KTextEditor::Cursor const&>, void>::impl() at /usr/include/x86_64-linux-gnu/qt5/QtCore/qobject_impl.h:151
#12 call() at /build/buildd/qtbase-opensource-src-5.3.0+dfsg/src/corelib/kernel/qobject_impl.h:132
#13 QMetaObject::activate() at /build/buildd/qtbase-opensource-src-5.3.0+dfsg/src/corelib/kernel/qobject.cpp:3666
#14 QMetaObject::activate() at /build/buildd/qtbase-opensource-src-5.3.0+dfsg/src/corelib/kernel/qobject.cpp:3546
#15 KTextEditor::View::verticalScrollPositionChanged() at /home/haehnle/software/kdevelop/ktexteditor/build/src/moc_view.cpp:395
#16 KateViewInternal::scrollPos() at /home/haehnle/software/kdevelop/ktexteditor/src/view/kateviewinternal.cpp:513
#17 KateViewInternal::slotRegionVisibilityChanged() at /home/haehnle/software/kdevelop/ktexteditor/src/view/kateviewinternal.cpp:702
#18 KateViewInternal::qt_static_metacall() at /home/haehnle/software/kdevelop/ktexteditor/build/src/moc_kateviewinternal.cpp:191
#19 QMetaObject::activate() at /build/buildd/qtbase-opensource-src-5.3.0+dfsg/src/corelib/kernel/qobject.cpp:3680
#20 QMetaObject::activate() at /build/buildd/qtbase-opensource-src-5.3.0+dfsg/src/corelib/kernel/qobject.cpp:3546
#21 Kate::TextFolding::foldingRangesChanged() at /home/haehnle/software/kdevelop/ktexteditor/build/src/moc_katetextfolding.cpp:131
#22 Kate::TextFolding::updateFoldedRangesForNewRange() at /home/haehnle/software/kdevelop/ktexteditor/src/buffer/katetextfolding.cpp:825
#23 Kate::TextFolding::newFoldingRange() at /home/haehnle/software/kdevelop/ktexteditor/src/buffer/katetextfolding.cpp:150
#24 KTextEditor::ViewPrivate::foldLine() at /home/haehnle/software/kdevelop/ktexteditor/src/view/kateview.cpp:1245
#25 KTextEditor::ViewPrivate::slotFoldToplevelNodes() at /home/haehnle/software/kdevelop/ktexteditor/src/view/kateview.cpp:1180
#26 KTextEditor::ViewPrivate::qt_static_metacall() at /home/haehnle/software/kdevelop/ktexteditor/build/src/moc_kateview.cpp:739
Comment 1 Nicolai Hähnle 2015-01-05 15:05:26 UTC 
By the way, the stacktrace looks somewhat similar to bug #330221. The underlying cause is definitely different, but it appears that the eventual crash has the same "flavor".
Comment 2 Christoph Cullmann 2016-01-31 20:47:48 UTC 
Git commit 46bae1d04176fe966e2cd973eef07581ec1ef92a by Christoph Cullmann.
Committed on 31/01/2016 at 20:47.
Pushed by cullmann into branch 'master'.

delay emitting of verticalScrollPositionChanged until all stuff is consistent for folding

M  +14   -8    src/view/kateviewinternal.cpp
M  +1    -1    src/view/kateviewinternal.h

http://commits.kde.org/ktexteditor/46bae1d04176fe966e2cd973eef07581ec1ef92a