Bug 457915

Summary: Reproducible crash after undoing twice in a new window
Product: [Applications] kolourpaint Reporter: marc00077
Component: generalAssignee: kolourpaint-support
Status: CONFIRMED ---    
Severity: normal CC: martin
Priority: NOR    
Version First Reported In: 22.04.3   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description marc00077 2022-08-15 13:22:17 UTC 
SUMMARY
Reproducible crash after Undoing twice in a new window

STEPS TO REPRODUCE
1. Copy any image to the clipboard
2. Open kolourpaint
3. Paste the image using Edit -> Paste in New Window (or Ctrl + Shift + V)
4. Use the text tool and draw a text area in the image
5. Undo (Ctrl + Z)
6. Use the text tool and draw a text area in the image (again)
7. Undo (Ctrl + Z)


OBSERVED RESULT
Application crashes. Stack trace:
#0  0x00005555555be943 in  ()
#1  0x00005555555bf761 in  ()
#2  0x00005555555ac61c in  ()
#3  0x00005555555abe64 in  ()
#4  0x00005555555ac4f0 in  ()
#5  0x00007ffff64bd341 in QtPrivate::QSlotObjectBase::call(QObject*, void**) (a=0x7fffffffdcc0, r=<optimized out>, this=0x555555ed7ce0, this=<optimized out>, r=<optimized out>, a=<optimized out>) at ../../include/QtCore/../../src/corelib/kernel/qobjectdefs_impl.h:398
#6  doActivate<false>(QObject*, int, void**) (sender=0x555555ebe920, signal_index=4, argv=0x7fffffffdcc0) at kernel/qobject.cpp:3886
#7  0x00007ffff716bec7 in QAction::triggered(bool) (this=this@entry=0x555555ebe920, _t1=<optimized out>) at .moc/moc_qaction.cpp:376
#8  0x00007ffff71718e7 in QAction::activate(QAction::ActionEvent) (this=0x555555ebe920, event=<optimized out>) at kernel/qaction.cpp:1161
#9  0x00007ffff71719ae in QAction::event(QEvent*) (e=<optimized out>, this=<optimized out>) at kernel/qaction.cpp:1086
#10 QAction::event(QEvent*) (this=<optimized out>, e=<optimized out>) at kernel/qaction.cpp:1075
#11 0x00007ffff7178b3c in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=<optimized out>, receiver=0x555555ebe920, e=0x7fffffffde50) at kernel/qapplication.cpp:3637
#12 0x00007ffff648cad8 in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x555555ebe920, event=0x7fffffffde50) at kernel/qcoreapplication.cpp:1064
#13 0x00007ffff69740cd in QShortcutMap::dispatchEvent(QKeyEvent*) (this=<optimized out>, e=<optimized out>) at kernel/qshortcutmap.cpp:675
#14 0x00007ffff696a947 in QShortcutMap::tryShortcut(QKeyEvent*) (this=0x5555556a9f28, e=0x7fffffffdf10) at kernel/qshortcutmap.cpp:343
#15 0x00007ffff692a0e8 in QWindowSystemInterface::handleShortcutEvent(QWindow*, unsigned long, int, QFlags<Qt::KeyboardModifier>, unsigned int, unsigned int, unsigned int, QString const&, bool, unsigned short) (window=<optimized out>, timestamp=18214209, keyCode=90, modifiers=..., nativeScanCode=52, nativeVirtualKey=122, nativeModifiers=20, text=..., autorepeat=false, count=1) at kernel/qwindowsysteminterface.cpp:477
#16 0x00007ffff693f9e2 in QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*) (e=0x555555e93a40) at kernel/qguiapplication.cpp:2395
#17 0x00007ffff6928935 in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) (flags=flags@entry=...) at kernel/qwindowsysteminterface.cpp:1169
#18 0x00007ffff1130a30 in xcbSourceDispatch(GSource*, GSourceFunc, gpointer) (source=<optimized out>) at /usr/src/debug/qtbase/src/plugins/platforms/xcb/qxcbeventdispatcher.cpp:105
#19 0x00007ffff4b18c6b in g_main_dispatch (context=0x7fffec005010) at ../glib/glib/gmain.c:3417
#20 g_main_context_dispatch (context=0x7fffec005010) at ../glib/glib/gmain.c:4135
#21 0x00007ffff4b6f001 in g_main_context_iterate.constprop.0 (context=context@entry=0x7fffec005010, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at ../glib/glib/gmain.c:4211
#22 0x00007ffff4b16392 in g_main_context_iteration (context=0x7fffec005010, may_block=1) at ../glib/glib/gmain.c:4276
#23 0x00007ffff64d732c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x5555557d9670, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#24 0x00007ffff648527c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x7fffffffe2c0, flags=...) at ../../include/QtCore/../../src/corelib/global/qflags.h:69
#25 0x00007ffff648fda9 in QCoreApplication::exec() () at ../../include/QtCore/../../src/corelib/global/qflags.h:121
#26 0x0000555555595072 in  ()
#27 0x00007ffff5c3c2d0 in __libc_start_call_main (main=main@entry=0x555555594520, argc=argc@entry=1, argv=argv@entry=0x7fffffffe518) at ../sysdeps/nptl/libc_start_call_main.h:58
#28 0x00007ffff5c3c38a in __libc_start_main_impl (main=0x555555594520, argc=1, argv=0x7fffffffe518, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe508) at ../csu/libc-start.c:381
#29 0x0000555555595525 in  ()


EXPECTED RESULT
No crash.

SOFTWARE/OS VERSIONS
Linux: 5.18.16-arch1-1
Kolourpaint version: 22.04.3
KDE Frameworks Version: 5.96.0
Qt Version: 5.15.5

ADDITIONAL INFORMATION
Bug is very easy to reproduce in less than a minute. I can attach a coredump if needed.
The problem can only be reproduced when pasting to a new window and does not happen when using only the main window.
Comment 1 marc00077 2022-08-15 13:31:29 UTC 
This may be the same bug as described in 2010 in https://bugs.kde.org/show_bug.cgi?id=236464, which was marked as a duplicate of https://bugs.kde.org/show_bug.cgi?id=211481 which was closed as Fixed in 2010. This could be an edge case or a regression of that bug.
Comment 2 Martin Koller 2023-04-29 14:15:40 UTC 
A current backtrace from Version 23.07.70

ASSERT: "!document ()->selection ()" in file /home/KDE5/source/kolourpaint/environments/document/kpDocumentEnvironment.cpp, line 127

Thread 1 "kolourpaint" received signal SIGABRT, Aborted.
0x00007ffff0d67c6b in raise () from /lib64/libc.so.6
(gdb) bt
#0  0x00007ffff0d67c6b in raise () from /lib64/libc.so.6
#1  0x00007ffff0d69305 in abort () from /lib64/libc.so.6
#2  0x00007ffff175856b in QMessageLogger::fatal(char const*, ...) const () from /usr/lib64/libQt5Core.so.5
#3  0x00007ffff1757d61 in qt_assert(char const*, char const*, int) () from /usr/lib64/libQt5Core.so.5
#4  0x000000000046ea8f in kpDocumentEnvironment::switchToCompatibleTool (this=0xd3b370, selection=..., 
    isTextChanged=0x7fffffffc73f) at /home/KDE5/source/kolourpaint/environments/document/kpDocumentEnvironment.cpp:127
#5  0x000000000046d74f in kpDocument::setSelection (this=0xcef6f0, selection=...)
    at /home/KDE5/source/kolourpaint/document/kpDocument_Selection.cpp:93
#6  0x000000000047f9b7 in SetDocumentToSelectionImageCommand::unexecute (this=0xd26320)
    at /home/KDE5/source/kolourpaint/imagelib/transforms/kpTransformCrop_ImageSelection.cpp:201
#7  0x000000000044dee7 in kpMacroCommand::unexecute (this=0xe06540)
    at /home/KDE5/source/kolourpaint/commands/kpMacroCommand.cpp:119
#8  0x000000000044a0b7 in kpCommandHistoryBase::undoInternal (this=0x935b50)
    at /home/KDE5/source/kolourpaint/commands/kpCommandHistoryBase.cpp:314
#9  0x000000000044a2d9 in kpCommandHistoryBase::undo (this=0x935b50)
    at /home/KDE5/source/kolourpaint/commands/kpCommandHistoryBase.cpp:378
#10 0x000000000044d85c in kpCommandHistory::undo (this=0x935b50) at /home/KDE5/source/kolourpaint/commands/kpCommandHistory.cpp:107
#11 0x000000000044c05b in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (kpCommandHistoryBase::*)()>::call(void (kpCommandHistoryBase::*)(), kpCommandHistoryBase*, void**) (f=&virtual kpCommandHistoryBase::undo(), o=0x935b50, 
--Type <RET> for more, q to quit, c to continue without paging--
    x7fffffffca80) at /usr/include/qt5/QtCore/qobjectdefs_impl.h:152
#12 0x000000000044bfbd in QtPrivate::FunctionPointer<void (kpCommandHistoryBase::*)()>::call<QtPrivate::List<>, void>(void (kpCommandHistoryBase::*)(), kpCommandHistoryBase*, void**) (f=&virtual kpCommandHistoryBase::undo(), o=0x935b50, arg=0x7fffffffca80)
    at /usr/include/qt5/QtCore/qobjectdefs_impl.h:185
#13 0x000000000044bec2 in QtPrivate::QSlotObject<void (kpCommandHistoryBase::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=1, this_=0x712cd0, r=0x935b50, a=0x7fffffffca80, ret=0x0)
    at /usr/include/qt5/QtCore/qobjectdefs_impl.h:418
#14 0x00007ffff19b31c7 in ?? () from /usr/lib64/libQt5Core.so.5
#15 0x00007ffff2bd3e12 in QAction::triggered(bool) () from /usr/lib64/libQt5Widgets.so.5
#16 0x00007ffff2bd647c in QAction::activate(QAction::ActionEvent) () from /usr/lib64/libQt5Widgets.so.5
#17 0x00007ffff2bd6e11 in QAction::event(QEvent*) () from /usr/lib64/libQt5Widgets.so.5
#18 0x00007ffff2bda3bc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib64/libQt5Widgets.so.5
#19 0x00007ffff2be11a0 in QApplication::notify(QObject*, QEvent*) () from /usr/lib64/libQt5Widgets.so.5
#20 0x00007ffff1975c23 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib64/libQt5Core.so.5
#21 0x00007ffff22b5d86 in QShortcutMap::dispatchEvent(QKeyEvent*) () from /usr/lib64/libQt5Gui.so.5
#22 0x00007ffff22b67fa in QShortcutMap::tryShortcut(QKeyEvent*) () from /usr/lib64/libQt5Gui.so.5
#23 0x00007ffff2263dc3 in QWindowSystemInterface::handleShortcutEvent(QWindow*, unsigned long, int, QFlags<Qt::KeyboardModifier>, unsigned int, unsigned int, unsigned int, QString const&, bool, unsigned short) () from /usr/lib64/libQt5Gui.so.5
#24 0x00007ffff2283c77 in QGuiApplicationPrivate::processKeyEvent(QWindowSystemInterfacePrivate::KeyEvent*) ()
   from /usr/lib64/libQt5Gui.so.5
#25 0x00007ffff2288655 in QGuiApplicationPrivate::processWindowSystemEvent(QWindowSystemInterfacePrivate::WindowSystemEvent*) ()
   from /usr/lib64/libQt5Gui.so.5
#26 0x00007ffff226044b in QWindowSystemInterface::sendWindowSystemEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib64/libQt5Gui.so.5
#27 0x00007fffe73c1d0a in ?? () from /usr/lib64/libQt5XcbQpa.so.5
#28 0x00007fffeca4182b in g_main_context_dispatch () from /usr/lib64/libglib-2.0.so.0
#29 0x00007fffeca41bd0 in ?? () from /usr/lib64/libglib-2.0.so.0
#30 0x00007fffeca41c5c in g_main_context_iteration () from /usr/lib64/libglib-2.0.so.0
#31 0x00007ffff19d802c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/lib64/libQt5Core.so.5
--Type <RET> for more, q to quit, c to continue without paging--
#32 0x00007ffff197448a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib64/libQt5Core.so.5
#33 0x00007ffff197dcc7 in QCoreApplication::exec() () from /usr/lib64/libQt5Core.so.5
#34 0x0000000000481547 in main (argc=1, argv=0x7fffffffd838) at /home/KDE5/source/kolourpaint/kolourpaint.cpp:161