Summary: | sporadic kate crash when dragging text | ||
---|---|---|---|
Product: | [Frameworks and Libraries] frameworks-ktexteditor | Reporter: | Cyrille Dunant <cyrille.dunant> |
Component: | general | Assignee: | KWrite Developers <kwrite-bugs-null> |
Status: | RESOLVED FIXED | ||
Severity: | crash | CC: | christoph, igorkuo, nate |
Priority: | NOR | Keywords: | drkonqi |
Version: | 5.80.0 | ||
Target Milestone: | --- | ||
Platform: | openSUSE | ||
OS: | Linux | ||
Latest Commit: | https://invent.kde.org/frameworks/ktexteditor/commit/189a2e0c86334dcec82f9812a2c555a805437025 | Version Fixed In: | 5.82.0 |
Sentry Crash Report: |
Description
Cyrille Dunant
2021-04-08 10:04:00 UTC
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/ktexteditor/-/merge_requests/134 Git commit 4775bd1ffe272a1e3367510ff6d440bf1b8f2a13 by Waqar Ahmed. Committed on 08/04/2021 at 12:33. Pushed by cullmann into branch 'master'. Attempt fix crash on dragging While I have been unable to reproduce it myself, the only possible reason behind this could be a cursor with cursor.line() > doc->lines(), I think. M +4 -3 src/render/katelayoutcache.cpp M +12 -2 src/view/kateviewinternal.cpp https://invent.kde.org/frameworks/ktexteditor/commit/4775bd1ffe272a1e3367510ff6d440bf1b8f2a13 Is a frameworks patch, it will work as soon as frameworks 5.82 is released. Got the same crash in KDevelop. 100%-reproducible when I drag a specific half-line of code in one of my C++ projects. Qt 5.15.2, ktexteditor 5.80.0-1, X11, Manjaro stable. After I applied the fix as a patch, the crash is still 100% reproducible in the same way, but the backtrace is different. Without the patch: -- Backtrace: Application: KDevelop (kdevelop), signal: Segmentation fault [KCrash Handler] #4 KateLineLayout::viewLineCount() const (this=0x0) at /home/Mint14_home/igor/Install/abs/ktexteditor/src/ktexteditor-5.80.0/src/render/katelinelayout.cpp:165 #5 0x00007f9efa8d7896 in KateLayoutCache::viewLine(KTextEditor::Cursor const&) (this=this@entry=0x56406b36cef0, realCursor=...) at /usr/include/qt/QtCore/qshareddata.h:160 #6 0x00007f9efa8d7937 in KateLayoutCache::textLayout(KTextEditor::Cursor const&) (this=0x56406b36cef0, realCursor=...) at /home/Mint14_home/igor/Install/abs/ktexteditor/src/ktexteditor-5.80.0/src/render/katelayoutcache.cpp:328 #7 0x00007f9efa9318db in KateViewInternal::doDrag() (this=0x564068599b50) at /home/Mint14_home/igor/Install/abs/ktexteditor/src/ktexteditor-5.80.0/src/view/kateviewinternal.cpp:3522 #8 0x00007f9efd1beb0e in QWidget::event(QEvent*) (this=0x564068599b50, event=0x7ffda979f6f0) at kernel/qwidget.cpp:9019 #9 0x00007f9efd17d752 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x564068597c40, receiver=receiver@entry=0x564068599b50, e=e@entry=0x7ffda979f6f0) at kernel/qapplication.cpp:3632 #10 0x00007f9efd18487b in QApplication::notify(QObject*, QEvent*) (this=0x7ffda979f3f0, receiver=0x564068599b50, e=0x7ffda979f6f0) at kernel/qapplication.cpp:3076 #11 0x00007f9efc4dcafa in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x564068599b50, event=0x7ffda979f6f0) at kernel/qcoreapplication.cpp:1063 #12 0x00007f9efd18387e in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool) (receiver=receiver@entry=0x564068599b50, event=event@entry=0x7ffda979f6f0, alienWidget=alienWidget@entry=0x564068599b50, nativeWidget=0x564068d79b60, buttonDown=buttonDown@entry=0x7f9efd6b6350 <qt_button_down>, lastMouseReceiver=..., spontaneous=true, onlyDispatchEnterLeave=false) at kernel/qapplication.cpp:2614 #13 0x00007f9efd1d7249 in QWidgetWindow::handleMouseEvent(QMouseEvent*) (this=0x564069514c90, event=0x7ffda979f9b0) at kernel/qwidgetwindow.cpp:683 #14 0x00007f9efd1da63f in QWidgetWindow::event(QEvent*) (this=0x564069514c90, event=0x7ffda979f9b0) at kernel/qwidgetwindow.cpp:300 #15 0x00007f9efd17d752 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x564069514c90, e=0x7ffda979f9b0) at kernel/qapplication.cpp:3632 #16 0x00007f9efc4dcafa in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x564069514c90, event=0x7ffda979f9b0) at kernel/qcoreapplication.cpp:1063 #17 0x00007f9efc9a4594 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) (e=0x56406cc2d490) at kernel/qguiapplication.cpp:2282 #18 0x00007f9efc979bb5 in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (flags=flags@entry=...) at kernel/qwindowsysteminterface.cpp:1169 #19 0x00007f9ee833216c in xcbSourceDispatch(GSource*, GSourceFunc, gpointer) (source=<optimized out>) at qxcbeventdispatcher.cpp:105 #20 0x00007f9ef706cf9c in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0 #21 0x00007f9ef70c0a49 in () at /usr/lib/libglib-2.0.so.0 #22 0x00007f9ef706a6f1 in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0 #23 0x00007f9efc535761 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x56406865bac0, flags=...) at kernel/qeventdispatcher_glib.cpp:423 #24 0x00007f9efc4db47c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffda979fce0, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69 #25 0x00007f9efc4e3914 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121 #26 0x00007f9efc99784e in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1867 #27 0x00007f9efd17d6c6 in QApplication::exec() () at kernel/qapplication.cpp:2824 #28 0x000056406793d3bf in main(int, char**) (argc=<optimized out>, argv=0x7ffda979fe48) at /usr/src/debug/kdevelop/app/main.cpp:855 [Inferior 1 (process 201082) detached] With the 4775bd1ffe272a1e3367510ff6d440bf1b8f2a13.patch applied: -- Backtrace: Application: KDevelop (kdevelop), signal: Segmentation fault [KCrash Handler] #4 std::__atomic_base<int>::operator++() (this=0x0) at /usr/include/c++/10.2.0/bits/atomic_base.h:325 #5 QAtomicOps<int>::ref<int>(std::atomic<int>&) (_q_value=...) at /usr/include/qt/QtCore/qatomic_cxx11.h:283 #6 QBasicAtomicInteger<int>::ref() (this=0x0) at /usr/include/qt/QtCore/qbasicatomic.h:118 #7 QExplicitlySharedDataPointer<KateLineLayout>::QExplicitlySharedDataPointer(KateLineLayout*) (adata=0x0, this=0x7ffe6dc83140) at /usr/include/qt/QtCore/qshareddata.h:285 #8 KateLineLayout::viewLine(int) const (this=this@entry=0x0, viewLine=0) at /home/Mint14_home/igor/Install/abs/ktexteditor/src/ktexteditor-5.80.0/src/render/katelinelayout.cpp:175 #9 0x00007f6904d94965 in KateLayoutCache::textLayout(KTextEditor::Cursor const&) (this=0x55d01786dc00, realCursor=...) at /home/Mint14_home/igor/Install/abs/ktexteditor/src/ktexteditor-5.80.0/src/render/katelayoutcache.cpp:328 #10 0x00007f6904dee8a8 in KateViewInternal::doDrag() (this=0x55d016481560) at /home/Mint14_home/igor/Install/abs/ktexteditor/src/ktexteditor-5.80.0/src/view/kateviewinternal.cpp:3527 #11 0x00007f690767bb0e in QWidget::event(QEvent*) (this=0x55d016481560, event=0x7ffe6dc83760) at kernel/qwidget.cpp:9019 #12 0x00007f690763a752 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x55d014a99c40, receiver=receiver@entry=0x55d016481560, e=e@entry=0x7ffe6dc83760) at kernel/qapplication.cpp:3632 #13 0x00007f690764187b in QApplication::notify(QObject*, QEvent*) (this=0x7ffe6dc83460, receiver=0x55d016481560, e=0x7ffe6dc83760) at kernel/qapplication.cpp:3076 #14 0x00007f6906999afa in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x55d016481560, event=0x7ffe6dc83760) at kernel/qcoreapplication.cpp:1063 #15 0x00007f690764087e in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool, bool) (receiver=receiver@entry=0x55d016481560, event=event@entry=0x7ffe6dc83760, alienWidget=alienWidget@entry=0x55d016481560, nativeWidget=0x55d01527a930, buttonDown=buttonDown@entry=0x7f6907b73350 <qt_button_down>, lastMouseReceiver=..., spontaneous=true, onlyDispatchEnterLeave=false) at kernel/qapplication.cpp:2614 #16 0x00007f6907694249 in QWidgetWindow::handleMouseEvent(QMouseEvent*) (this=0x55d015a182c0, event=0x7ffe6dc83a20) at kernel/qwidgetwindow.cpp:683 #17 0x00007f690769763f in QWidgetWindow::event(QEvent*) (this=0x55d015a182c0, event=0x7ffe6dc83a20) at kernel/qwidgetwindow.cpp:300 #18 0x00007f690763a752 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x55d015a182c0, e=0x7ffe6dc83a20) at kernel/qapplication.cpp:3632 #19 0x00007f6906999afa in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x55d015a182c0, event=0x7ffe6dc83a20) at kernel/qcoreapplication.cpp:1063 #20 0x00007f6906e61594 in QGuiApplicationPrivate::processMouseEvent(QWindowSystemInterfacePrivate::MouseEvent*) (e=0x55d019dad9c0) at kernel/qguiapplication.cpp:2282 #21 0x00007f6906e36bb5 in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (flags=flags@entry=...) at kernel/qwindowsysteminterface.cpp:1169 #22 0x00007f68f27ef16c in xcbSourceDispatch(GSource*, GSourceFunc, gpointer) (source=<optimized out>) at qxcbeventdispatcher.cpp:105 #23 0x00007f6901529f9c in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0 #24 0x00007f690157da49 in () at /usr/lib/libglib-2.0.so.0 #25 0x00007f69015276f1 in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0 #26 0x00007f69069f2761 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x55d014b9a230, flags=...) at kernel/qeventdispatcher_glib.cpp:423 #27 0x00007f690699847c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffe6dc83d50, flags=..., flags@entry=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69 #28 0x00007f69069a0914 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121 #29 0x00007f6906e5484e in QGuiApplication::exec() () at kernel/qguiapplication.cpp:1867 #30 0x00007f690763a6c6 in QApplication::exec() () at kernel/qapplication.cpp:2824 #31 0x000055d0145e63bf in main(int, char**) (argc=<optimized out>, argv=0x7ffe6dc83eb8) at /usr/src/debug/kdevelop/app/main.cpp:855 [Inferior 1 (process 207004) detached] I reproduce the bug with the following steps: 1) reopen the crashy KDevelop session; 2) recover the .cpp file from its .kate-swp file; 3) select and drag the ending of the specific line close to the end of the document. I don't experiment in any other way with this session to preserve the sure way to reproduce the crash. When I copy the entire project, along with the .kate-swp file, open the project-copy in another KDevelop session and repeat the steps above, the crash does not happen. Could some session-specific configuration option be at fault? Looks like rc is not valid for cache()->textLayout() in the following code at (patched) ktexteditor-5.80.0/src/view/kateviewinternal.cpp:3527: auto rc = toRealCursor(startCur); sX = renderer()->cursorToX(cache()->textLayout(rc), rc, !view()->wrapCursor()); Could the cache be stale here? Could you print the value of rc? Applied two QDebug patches (see below) on top of the incomplete 4775bd1ffe272a1e3367510ff6d440bf1b8f2a13.patch fix. None of the assertions in KateLayoutCache::line(int realLine, int virtualLine) has been triggered because m_lineLayouts.contains(realLine) was false. The crash with the same backtrace occurred. journalctl --user --since today | tail -n 5 Apr 13 10:44:12 Igor-Manjaro kdevelop[265803]: 1060 1064 Apr 13 10:44:12 Igor-Manjaro kdevelop[265803]: 1061 1064 Apr 13 10:44:12 Igor-Manjaro kdevelop[265803]: 1062 1064 Apr 13 10:44:12 Igor-Manjaro kdevelop[265803]: 1063 1064 Apr 13 10:44:12 Igor-Manjaro kdevelop[265803]: (1058, 51) (1058, 90) (1194, 51) 1057 KateLayoutCache(0x559f82899850) Output analysis: m_renderer->doc()->buffer().lines() equals 1064, startCur and endCur are valid, but toRealCursor(startCur) increases the line from 1058 to 1194, which is out of range. The patches: --- kateviewinternal.cpp 2021-04-12 15:11:20.921123962 +0300 +++ kateviewinternal-patched.cpp 2021-04-13 10:35:04.875816568 +0300 @@ -42,6 +42,7 @@ #include <QAccessible> #include <QApplication> #include <QClipboard> +#include <QDebug> #include <QKeyEvent> #include <QLayout> #include <QMimeData> @@ -3524,6 +3525,7 @@ int sX = 0; if (startLine == startCur.line()) { auto rc = toRealCursor(startCur); + qCritical() << startCur << endCur << rc << endLine << cache(); sX = renderer()->cursorToX(cache()->textLayout(rc), rc, !view()->wrapCursor()); } --- katelayoutcache.cpp 2021-04-12 15:11:20.921123962 +0300 +++ katelayoutcache-patched.cpp 2021-04-13 10:39:17.911636773 +0300 @@ -5,6 +5,8 @@ SPDX-License-Identifier: LGPL-2.0-or-later */ +#define QT_FORCE_ASSERTS + #include "katelayoutcache.h" #include <QtAlgorithms> @@ -15,6 +17,8 @@ #include "katerenderer.h" #include "kateview.h" +#include <QDebug> + namespace { bool enableLayoutCache = false; @@ -271,6 +275,7 @@ KateLineLayoutPtr l = m_lineLayouts[realLine]; // ensure line is OK + qCritical() << l->line() << m_renderer->doc()->buffer().lines(); Q_ASSERT(l->line() == realLine); Q_ASSERT(realLine < m_renderer->doc()->buffer().lines()); Looks like the two "// get visible selected lines" loops in KateViewInternal::doDrag() do not work as intended before the crash: they make endLine < startLine. Added one more qCritical() line to debug this further: auto rc = toRealCursor(startCur); qCritical() << startCur << endCur << rc << endLine << cache(); qCritical() << this->startLine() << this->endLine() << w << h << m_view->width() << m_view->height() << scale; sX = renderer()->cursorToX(cache()->textLayout(rc), rc, !view()->wrapCursor()); journalctl --user --since today | tail -n 4 Apr 13 11:19:48 Igor-Manjaro kdevelop[278245]: 1062 1064 Apr 13 11:19:48 Igor-Manjaro kdevelop[278245]: 1063 1064 Apr 13 11:19:48 Igor-Manjaro kdevelop[278245]: (1058, 52) (1058, 90) (1194, 52) 1057 KateLayoutCache(0x5603f71080d0) Apr 13 11:19:48 Igor-Manjaro kdevelop[278245]: 917 927 0 0 1656 287 1 A possibly relevant merge request was started @ https://invent.kde.org/frameworks/ktexteditor/-/merge_requests/136 Git commit 189a2e0c86334dcec82f9812a2c555a805437025 by Waqar Ahmed. Committed on 13/04/2021 at 13:08. Pushed by cullmann into branch 'master'. Fix dragging when folding stuff is around This will likely fix 435500 as well. We were using selection cursors as if they were virtual cursors, which lead to incorrect values and cases where "end < start". This will be fixed now. Pixmap position was incorrect, it would appear below the screen and not attached to the "mouse cursor" as it should. This should also be fixed now. M +27 -13 src/view/kateviewinternal.cpp https://invent.kde.org/frameworks/ktexteditor/commit/189a2e0c86334dcec82f9812a2c555a805437025 |