Bug 463627

Summary: open! / /path/to/file.xml from integrated terminal results in a crash
Product: [Applications] kdevelop Reporter: Parag W <parag.lkml>
Component: generalAssignee: kdevelop-bugs-null
Status: CONFIRMED ---    
Severity: crash CC: giecrilj, igorkuo
Priority: NOR Keywords: drkonqi
Version First Reported In: git master   
Target Milestone: ---   
Platform: Fedora RPMs   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: New crash information added by DrKonqi

Description Parag W 2022-12-30 18:19:40 UTC 
Application: kdevelop (5.9.220803 (22.08.3))

Qt Version: 5.15.7
Frameworks Version: 5.101.0
Operating System: Linux 6.0.15-300.fc37.x86_64 x86_64
Windowing System: X11
Distribution: Fedora Linux 37 (KDE Plasma)
DrKonqi: 5.26.4 [KCrashBackend]

-- Information about the crash:
1. Open, say the KWin project in KDevelop
2. Open the integrated terminal
3. Type open! / /path/to/some/file 

KDevelop crashes reliably every time.

The crash can be reproduced every time.

-- Backtrace:
Application: KDevelop (kdevelop), signal: Segmentation fault

[KCrash Handler]
#4  0x00007f1b9bed486e in Sublime::Container::views() const () at /lib64/libKDevPlatformSublime.so.59
#5  0x00007f1b9de02f6e in KDevelop::MainWindow::updateAllTabColors() () at /lib64/libKDevPlatformShell.so.59
#6  0x00007f1b9c2dbc26 in void doActivate<false>(QObject*, int, void**) () at /lib64/libQt5Core.so.5
#7  0x00007f1b9bedbde6 in Sublime::MainWindow::viewAdded(Sublime::View*) () at /lib64/libKDevPlatformSublime.so.59
#8  0x00007f1b9bedf3ae in Sublime::MainWindowPrivate::viewAdded(Sublime::AreaIndex*, Sublime::View*) () at /lib64/libKDevPlatformSublime.so.59
#9  0x00007f1b9c2dbc26 in void doActivate<false>(QObject*, int, void**) () at /lib64/libQt5Core.so.5
#10 0x00007f1b9bec9828 in Sublime::Area::viewAdded(Sublime::AreaIndex*, Sublime::View*) () at /lib64/libKDevPlatformSublime.so.59
#11 0x00007f1b9de42dab in KDevelop::DocumentController::openDocumentsWithSplitSeparators(Sublime::AreaIndex*, QStringList, bool&) () at /lib64/libKDevPlatformShell.so.59
#12 0x00007f1b9de4288e in KDevelop::DocumentController::openDocumentsWithSplitSeparators(Sublime::AreaIndex*, QStringList, bool&) () at /lib64/libKDevPlatformShell.so.59
#13 0x00007f1b9de43530 in KDevelop::DocumentController::openDocumentsSimple(QStringList) () at /lib64/libKDevPlatformShell.so.59
#14 0x00007f1b9de43f9c in KDevelop::DocumentController::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) () at /lib64/libKDevPlatformShell.so.59
#15 0x00007f1b9de44373 in KDevelop::DocumentController::qt_metacall(QMetaObject::Call, int, void**) () at /lib64/libKDevPlatformShell.so.59
#16 0x00007f1b9d5920bb in QDBusConnectionPrivate::deliverCall(QObject*, int, QDBusMessage const&, QVector<int> const&, int) () at /lib64/libQt5DBus.so.5
#17 0x00007f1b9d595cc0 in QDBusConnectionPrivate::activateCall(QObject*, int, QDBusMessage const&) [clone .part.0] () at /lib64/libQt5DBus.so.5
#18 0x00007f1b9d59653e in QDBusConnectionPrivate::activateObject(QDBusConnectionPrivate::ObjectTreeNode&, QDBusMessage const&, int) () at /lib64/libQt5DBus.so.5
#19 0x00007f1b9d598a0c in QDBusActivateObjectEvent::placeMetaCall(QObject*) () at /lib64/libQt5DBus.so.5
#20 0x00007f1b9c2d2ec4 in QObject::event(QEvent*) () at /lib64/libQt5Core.so.5
#21 0x00007f1b9cfaed12 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /lib64/libQt5Widgets.so.5
#22 0x00007f1b9c2a8278 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /lib64/libQt5Core.so.5
#23 0x00007f1b9c2ab5e4 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /lib64/libQt5Core.so.5
#24 0x00007f1b9c2f9897 in postEventSourceDispatch(_GSource*, int (*)(void*), void*) () at /lib64/libQt5Core.so.5
#25 0x00007f1b98066cbf in g_main_context_dispatch () at /lib64/libglib-2.0.so.0
#26 0x00007f1b980bc598 in g_main_context_iterate.constprop () at /lib64/libglib-2.0.so.0
#27 0x00007f1b98063f40 in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#28 0x00007f1b9c2f938a in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQt5Core.so.5
#29 0x00007f1b9c2a6cca in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /lib64/libQt5Core.so.5
#30 0x00007f1b9c2aed92 in QCoreApplication::exec() () at /lib64/libQt5Core.so.5
#31 0x000055ba6f9d72a3 in main ()
[Inferior 1 (process 12718) detached]

Reported using DrKonqi
Comment 1 Igor Kushnir 2022-12-31 09:58:12 UTC 
Reproduced in current git master. The backtrace with debug symbols:

Application: KDevelop (kdevelop), signal: Segmentation fault

[KCrash Handler]
#4  QHash<QWidget*, Sublime::View*>::size() const (this=0x55fb0b061378) at /usr/include/qt/QtCore/qhash.h:283
#5  0x00007f351f197f37 in QHash<QWidget*, Sublime::View*>::values() const (this=0x55fb0b061378) at /usr/include/qt/QtCore/qhash.h:723
#6  0x00007f351f192c98 in Sublime::Container::views() const (this=0x55fb0b060e20) at /home/Fast_storage/kdevelop/kdevplatform/sublime/container.cpp:402
#7  0x00007f351eeb04fc in KDevelop::MainWindow::updateAllTabColors() (this=0x55fb09f67640) at /home/Fast_storage/kdevelop/kdevplatform/shell/mainwindow.cpp:486
#8  0x00007f351eeb5d0d in QtPrivate::FunctorCall<QtPrivate::IndexesList<>, QtPrivate::List<>, void, void (KDevelop::MainWindow::*)()>::call(void (KDevelop::MainWindow::*)(), KDevelop::MainWindow*, void**) (f=(void (KDevelop::MainWindow::*)(KDevelop::MainWindow * const)) 0x7f351eeb03f6 <KDevelop::MainWindow::updateAllTabColors()>, o=0x55fb09f67640, arg=0x7fff3cad12d0) at /usr/include/qt/QtCore/qobjectdefs_impl.h:152
#9  0x00007f351eeb510f in QtPrivate::FunctionPointer<void (KDevelop::MainWindow::*)()>::call<QtPrivate::List<>, void>(void (KDevelop::MainWindow::*)(), KDevelop::MainWindow*, void**) (f=(void (KDevelop::MainWindow::*)(KDevelop::MainWindow * const)) 0x7f351eeb03f6 <KDevelop::MainWindow::updateAllTabColors()>, o=0x55fb09f67640, arg=0x7fff3cad12d0) at /usr/include/qt/QtCore/qobjectdefs_impl.h:185
#10 0x00007f351eeb4223 in QtPrivate::QSlotObject<void (KDevelop::MainWindow::*)(), QtPrivate::List<>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=1, this_=0x55fb0a7ecc90, r=0x55fb09f67640, a=0x7fff3cad12d0, ret=0x0) at /usr/include/qt/QtCore/qobjectdefs_impl.h:418
#11 0x00007f351a4bda51 in  () at /usr/lib/libQt5Core.so.5
#12 0x00007f351f1a902c in Sublime::MainWindow::viewAdded(Sublime::View*) (this=0x55fb09f67640, _t1=0x55fb0cfdafe0) at /home/Fast_storage/kdevelop/build/kdevplatform/sublime/KDevPlatformSublime_autogen/include/moc_mainwindow.cpp:302
#13 0x00007f351f1b017a in Sublime::MainWindowPrivate::viewAdded(Sublime::AreaIndex*, Sublime::View*) (this=0x55fb0a05b3b0, index=0x55fb0babfac0, view=0x55fb0cfdafe0) at /home/Fast_storage/kdevelop/kdevplatform/sublime/mainwindow_p.cpp:574
#14 0x00007f351f1ac1ce in QtPrivate::FunctorCall<QtPrivate::IndexesList<0, 1>, QtPrivate::List<Sublime::AreaIndex*, Sublime::View*>, void, void (Sublime::MainWindowPrivate::*)(Sublime::AreaIndex*, Sublime::View*)>::call(void (Sublime::MainWindowPrivate::*)(Sublime::AreaIndex*, Sublime::View*), Sublime::MainWindowPrivate*, void**) (f=(void (Sublime::MainWindowPrivate::*)(Sublime::MainWindowPrivate * const, Sublime::AreaIndex *, Sublime::View *)) 0x7f351f1aff70 <Sublime::MainWindowPrivate::viewAdded(Sublime::AreaIndex*, Sublime::View*)>, o=0x55fb0a05b3b0, arg=0x7fff3cad1530) at /usr/include/qt/QtCore/qobjectdefs_impl.h:152
#15 0x00007f351f1abc28 in QtPrivate::FunctionPointer<void (Sublime::MainWindowPrivate::*)(Sublime::AreaIndex*, Sublime::View*)>::call<QtPrivate::List<Sublime::AreaIndex*, Sublime::View*>, void>(void (Sublime::MainWindowPrivate::*)(Sublime::AreaIndex*, Sublime::View*), Sublime::MainWindowPrivate*, void**) (f=(void (Sublime::MainWindowPrivate::*)(Sublime::MainWindowPrivate * const, Sublime::AreaIndex *, Sublime::View *)) 0x7f351f1aff70 <Sublime::MainWindowPrivate::viewAdded(Sublime::AreaIndex*, Sublime::View*)>, o=0x55fb0a05b3b0, arg=0x7fff3cad1530) at /usr/include/qt/QtCore/qobjectdefs_impl.h:185
#16 0x00007f351f1ab6c7 in QtPrivate::QSlotObject<void (Sublime::MainWindowPrivate::*)(Sublime::AreaIndex*, Sublime::View*), QtPrivate::List<Sublime::AreaIndex*, Sublime::View*>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) (which=1, this_=0x55fb09d57b30, r=0x55fb0a05b3b0, a=0x7fff3cad1530, ret=0x0) at /usr/include/qt/QtCore/qobjectdefs_impl.h:418
#17 0x00007f351a4bda51 in  () at /usr/lib/libQt5Core.so.5
#18 0x00007f351f182559 in Sublime::Area::viewAdded(Sublime::AreaIndex*, Sublime::View*) (this=0x55fb09fc0170, _t1=0x55fb0babfac0, _t2=0x55fb0cfdafe0) at /home/Fast_storage/kdevelop/build/kdevplatform/sublime/KDevPlatformSublime_autogen/EWIEGA46WW/moc_area.cpp:285
#19 0x00007f351f1873b2 in Sublime::Area::addView(Sublime::View*, Sublime::AreaIndex*, Sublime::View*) (this=0x55fb09fc0170, view=0x55fb0cfdafe0, index=0x55fb0babfac0, after=0x55fb0b139cb0) at /home/Fast_storage/kdevelop/kdevplatform/sublime/area.cpp:177
#20 0x00007f351ef128f6 in KDevelop::DocumentController::openDocumentsWithSplitSeparators(Sublime::AreaIndex*, QStringList, bool&) (this=0x55fb09fdef10, index=0x55fb0babfac0, urlsWithSeparators=..., isFirstView=@0x7fff3cad1890: true) at /home/Fast_storage/kdevelop/kdevplatform/shell/documentcontroller.cpp:1192
#21 0x00007f351ef12f3c in KDevelop::DocumentController::openDocumentsWithSplitSeparators(Sublime::AreaIndex*, QStringList, bool&) (this=0x55fb09fdef10, index=0x55fb09fc01f0, urlsWithSeparators=..., isFirstView=@0x7fff3cad1890: true) at /home/Fast_storage/kdevelop/kdevplatform/shell/documentcontroller.cpp:1237
#22 0x00007f351ef11dc5 in KDevelop::DocumentController::openDocumentsSimple(QStringList) (this=0x55fb09fdef10, urls=...) at /home/Fast_storage/kdevelop/kdevplatform/shell/documentcontroller.cpp:1114
#23 0x00007f351ef13bcf in KDevelop::DocumentController::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=0x55fb09fdef10, _c=QMetaObject::InvokeMetaMethod, _id=16, _a=0x7fff3cad1a90) at /home/Fast_storage/kdevelop/build/kdevplatform/shell/KDevPlatformShell_autogen/include/moc_documentcontroller.cpp:199
#24 0x00007f351ef14054 in KDevelop::DocumentController::qt_metacall(QMetaObject::Call, int, void**) (this=0x55fb09fdef10, _c=QMetaObject::InvokeMetaMethod, _id=16, _a=0x7fff3cad1a90) at /home/Fast_storage/kdevelop/build/kdevplatform/shell/KDevPlatformShell_autogen/include/moc_documentcontroller.cpp:279
#25 0x00007f351b12e45f in  () at /usr/lib/libQt5DBus.so.5
#26 0x00007f351b0f4a44 in  () at /usr/lib/libQt5DBus.so.5
#27 0x00007f351b0f5586 in  () at /usr/lib/libQt5DBus.so.5
#28 0x00007f351b0f575c in  () at /usr/lib/libQt5DBus.so.5
#29 0x00007f351a4b0be0 in QObject::event(QEvent*) () at /usr/lib/libQt5Core.so.5
#30 0x00007f351b378b1c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () at /usr/lib/libQt5Widgets.so.5
#31 0x00007f351a48cf98 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () at /usr/lib/libQt5Core.so.5
#32 0x00007f351a48daa3 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () at /usr/lib/libQt5Core.so.5
#33 0x00007f351a4d3e68 in  () at /usr/lib/libQt5Core.so.5
#34 0x00007f351871687b in g_main_context_dispatch () at /usr/lib/libglib-2.0.so.0
#35 0x00007f351876dc89 in  () at /usr/lib/libglib-2.0.so.0
#36 0x00007f3518715132 in g_main_context_iteration () at /usr/lib/libglib-2.0.so.0
#37 0x00007f351a4d7c4c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#38 0x00007f351a48573c in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () at /usr/lib/libQt5Core.so.5
#39 0x00007f351a490269 in QCoreApplication::exec() () at /usr/lib/libQt5Core.so.5
#40 0x000055fb09235c36 in main(int, char**) (argc=3, argv=0x7fff3cad2578) at /home/Fast_storage/kdevelop/app/main.cpp:841
[Inferior 1 (process 78477) detached]
Comment 2 Christopher Yeleighton 2023-05-09 19:50:43 UTC 
Created attachment 158810 [details]
New crash information added by DrKonqi

kdevelop (5.11.230400 (23.04.0)) using Qt 5.15.9

I told KDevelop to close a buffer.  KDevelop asked whether to save the content.  I typed the file name and told KDevelop to save.  The buffer closed.  KDevelop crashed.

-- Backtrace (Reduced):
#4  __cxxabiv1::__dynamic_cast (src_ptr=0x56136cde8a80, src_type=0x7fc71cca88f0 <typeinfo for KDevelop::IDocument>, dst_type=0x7fc718ef2c00 <typeinfo for Sublime::Document>, src2dst=-2) at ../../../../libstdc++-v3/libsupc++/dyncast.cc:71
#5  0x00007fc71cdbca1f in KDevelop::DocumentController::openDocuments (this=<optimized out>) at /usr/src/debug/kdevelop-23.04.0/kdevplatform/shell/documentcontroller.cpp:799
#6  0x00007fc6d585926f in ClangUtils::unsavedFiles () at /usr/src/debug/kdevelop-23.04.0/plugins/clang/util/clangutils.cpp:49
#7  0x00007fc6d58ad662 in ClangParseJob::ClangParseJob (this=<optimized out>, url=..., languageSupport=<optimized out>, this=<optimized out>, url=..., languageSupport=<optimized out>) at /usr/src/debug/kdevelop-23.04.0/plugins/clang/clangparsejob.cpp:189
#8  0x00007fc6d58ae055 in non-virtual thunk to ClangSupport::createParseJob(KDevelop::IndexedString const&) () at /usr/src/debug/kdevelop-23.04.0/plugins/clang/clangsupport.h:44
Comment 3 Igor Kushnir 2023-05-10 09:36:07 UTC 
(In reply to Christopher Yeleighton from comment #2)
> I told KDevelop to close a buffer.  KDevelop asked whether to save the
> content.  I typed the file name and told KDevelop to save.  The buffer
> closed.  KDevelop crashed.
You have clearly experienced Bug 424882, not this bug.
Comment 4 Igor Kushnir 2023-07-21 17:41:07 UTC 
I spent some time debugging the crash when running `open! / /path/to/some/file` in Terminal tool view. The bug is probably in DocumentController::openDocumentsWithSplitSeparators(). Specifically, I suspect that it uses the Sublime::Area::addView() API incorrectly, because this API is widely used elsewhere without crashes. What happens is:
1. MainWindowPrivate::viewAdded() destroys the existing Sublime::Container and creates a new one with the following code:
    ViewCreator viewCreator(this);
    area->walkViews(viewCreator, index);
2. MainWindowPrivate::ViewCreator::operator() creates a new Sublime::Container, but replaces the value of only a single element of MainWindow::viewContainers, leaving the values of the remaining elements pointing to the destroyed Sublime::Container.
3. MainWindow::updateAllTabColors() dereferences the pointer to the destroyed Sublime::Container, which causes the reported segmentation fault.

The implementation of DocumentController::openDocumentsWithSplitSeparators() is long and convoluted. Fixing this crash properly requires understanding it, as well as related Sublime code. I am new to this area of KDevelop and don't want to delve deep into it at this time.
Comment 5 Igor Kushnir 2023-07-24 17:39:49 UTC 
When DocumentController::openDocumentsWithSplitSeparators() calls Area::addView() during the steps to reproduce, it first splits a view, then (in a recursive call to itself) inserts a new view at an index with zero views. Usually a new view is inserted at an index with at least one other view. When the user splits views via the tab bar context menu, another overload of Area::addView() is called (with a viewToSplit paramater). Only loadToAreaPrivate() in workingset.cpp appears to do something similarly complicated as openDocumentsWithSplitSeparators(). Christoph Roick overhauled that workingset code 2 years ago in https://invent.kde.org/kdevelop/kdevelop/-/merge_requests/213. Perhaps similar fixes are needed in openDocumentsWithSplitSeparators().