Bug 69443

Summary: kdevelop crashes on scrolling upwards
Product: [Applications] kate Reporter: Andrew Coles <andrew.i.coles>
Component: generalAssignee: KDevelop Developers <kdevelop-devel>
Status: RESOLVED FIXED    
Severity: crash    
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: backtrace
Console output
One of the source files that causes the crash

Description Andrew Coles 2003-12-01 16:22:52 UTC 
Version:            (using KDE KDE 3.1.94)
Installed from:    Compiled From Sources
Compiler:          gcc 3.3.2 (Debian) Compiled with configure --enable-debug=full
OS:          Linux

KDevelop crashes (reproducably) when scrolling upwards in certain source files, whether opened as part of a project or individually.  Attached is a source file which causes the crash, a Dr Konqi backtrace and a console log obtained by running

kdevelop >& kdeveloplog.
Comment 1 Andrew Coles 2003-12-01 16:23:37 UTC 
Created attachment 3495 [details]
backtrace

Backtrace from Dr. Konqi
Comment 2 Andrew Coles 2003-12-01 16:24:30 UTC 
Created attachment 3496 [details]
Console output

Console output from running

kdevelop >& kdeveloplog
Comment 3 Andrew Coles 2003-12-01 16:25:35 UTC 
Created attachment 3497 [details]
One of the source files that causes the crash

One of the source files that can cause the crash.
Comment 4 Amilcar do Carmo Lucas 2003-12-01 16:45:50 UTC 
Looks kate to me!
Comment 5 Andrew Coles 2003-12-01 17:06:10 UTC 
Indeed.  I've done a little hunting and the bug can be traced back through katerenderer.cpp.   Apologies for the rough line numbers: my copy has some extra couts in it to help trace the bug!

In the function paintTextLine a call to paint.fillRect is made (around line 600) with the colour set to a variable 'cursorColor'.

One of the three ways (the third way) of setting cursorColor

cursorColor = &oldAt->textColor();

(at around line 590)  uses a variable oldAt, which is originally set to 0 but is conditionally set to curAt at around line 572.  However, it is possible for the conditions for the only way of setting oldAt not to be met AND the condition for using oldAt to be met so:

oldAt can be used before it has been initialised!

Consequently cursorColor is filled with junk and a segfault occurs as soon as it is used.

Hope that is of some help.
Comment 6 Hamish Rodda 2003-12-02 00:24:51 UTC 
Subject: kdelibs/kate/part

CVS commit by rodda: 

Fix crash.  I discovered this one myself independantly last night...

CCMAIL:69443-done@bugs.kde.org


  M +2 -1      katerenderer.cpp   1.37


--- kdelibs/kate/part/katerenderer.cpp  #1.36:1.37
@@ -315,5 +315,5 @@ void KateRenderer::paintTextLine(QPainte
   uint xPosAfter = xPos;
 
-  KateAttribute* oldAt = 0;
+  KateAttribute* oldAt = &at[0];
 
   const QColor *curColor = 0;