Bug 89042

Summary: while pressing "del" key kate crashes (crash, bt)
Product: [Applications] kate Reporter: Marco Krohn <marco.krohn>
Component: generalAssignee: KWrite Developers <kwrite-bugs-null>
Status: RESOLVED FIXED    
Severity: crash CC: Admin, calvin, jtamate, kde, kde_bugzilla_2, krzysiek, lacogubik, missive, Norbert, pavel.simerda, toby.e.cox, vlegacy
Priority: NOR    
Version: 2.2   
Target Milestone: ---   
Platform: unspecified   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Marco Krohn 2004-09-07 23:41:56 UTC
Version:           2.2 (using KDE 3.3.0, compiled sources)
Compiler:          gcc version 3.3.4 (Debian 1:3.3.4-9)
OS:                Linux (i686) release 2.6.7-1-k7

Can't exactly say what happened. I was editing a python file, several other files were open. I deleted two characters using the "del" key and suddenly kate crashed. This is not reproducable for me, kate never crashed until now ;-)

Here is the bt:

Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread 1103797248 (LWP 2928)]
[KCrash handler]
#3  0x40f10688 in QGList::find () from /opt/qt-new/lib/libqt-mt.so.3
#4  0x40f10209 in QGList::remove () from /opt/qt-new/lib/libqt-mt.so.3
#5  0x4214e6c8 in QPtrList<KateCodeFoldingNode>::remove (this=0x4, 
    d=0x8673018) at qptrlist.h:85
#6  0x4214b811 in KateCodeFoldingTree::removeEnding (this=0x86ef000, 
    node=0x8673018) at katecodefoldinghelpers.cpp:431
#7  0x4214d163 in KateCodeFoldingTree::cleanupUnneededNodes (this=0x86ef000, 
    line=51) at katecodefoldinghelpers.cpp:1124
#8  0x4214b5f1 in KateCodeFoldingTree::updateLine (this=0x86ef000, line=51, 
    regionChanges=0xbfffe810, updated=0xbfffe7b3, changed=true)
    at katecodefoldinghelpers.cpp:367
#9  0x420d4895 in KateBuffer::doHighlight (this=0x86eefa8, buf=0x869e630, 
    startLine=51, endLine=53, invalidate=true) at katebuffer.cpp:994
#10 0x420d2669 in KateBuffer::editEnd (this=0x86eefa8) at katebuffer.cpp:319
#11 0x420f8a42 in KateDocument::editEnd (this=0x8667ff8)
    at katedocument.cpp:1021
#12 0x420f8395 in KateDocument::removeText (this=0x8667ff8, startLine=52, 
    startCol=0, endLine=52, endCol=1, blockwise=false) at katedocument.cpp:849
#13 0x420f7fc3 in KateDocument::removeText (this=0x8667ff8, startLine=52, 
    startCol=0, endLine=52, endCol=1) at katedocument.cpp:767
#14 0x421004fd in KateDocument::del (this=0x8667ff8, c=@0x87249b4)
    at katedocument.cpp:3170
#15 0x42154af8 in KateViewInternal::doDelete (this=0x87248e8)
    at kateviewinternal.cpp:903
#16 0x42139b7f in KateView::keyDelete (this=0x84f36d8) at kateview.h:226
#17 0x4215b0f2 in KateViewInternal::keyPressEvent (this=0x87248e8, 
    e=0xbffff0f0) at kateviewinternal.cpp:2394
#18 0x4215a8ab in KateViewInternal::eventFilter (this=0x87248e8, 
    obj=0x87248e8, e=0xbffff0f0) at kateviewinternal.cpp:2287
#19 0x40c59a3e in QObject::activate_filters ()
   from /opt/qt-new/lib/libqt-mt.so.3
#20 0x40c5996c in QObject::event () from /opt/qt-new/lib/libqt-mt.so.3
#21 0x40c920ef in QWidget::event () from /opt/qt-new/lib/libqt-mt.so.3
#22 0x40bffa1f in QApplication::internalNotify ()
   from /opt/qt-new/lib/libqt-mt.so.3
#23 0x40bff514 in QApplication::notify () from /opt/qt-new/lib/libqt-mt.so.3
#24 0x407b93ef in KApplication::notify (this=0xbffff520, receiver=0x87248e8, 
    event=0xbffff0f0) at kapplication.cpp:495
#25 0x40b96600 in QETWidget::translateKeyEvent ()
   from /opt/qt-new/lib/libqt-mt.so.3
#26 0x40b92292 in QApplication::x11ProcessEvent ()
   from /opt/qt-new/lib/libqt-mt.so.3
#27 0x40ba95c4 in QEventLoop::processEvents ()
   from /opt/qt-new/lib/libqt-mt.so.3
#28 0x40c11d88 in QEventLoop::enterLoop () from /opt/qt-new/lib/libqt-mt.so.3
#29 0x40c11c38 in QEventLoop::exec () from /opt/qt-new/lib/libqt-mt.so.3
#30 0x40bffc71 in QApplication::exec () from /opt/qt-new/lib/libqt-mt.so.3
#31 0x41e08b73 in kdemain (argc=3, argv=0x8084d88) at katemain.cpp:106
#32 0x41e059a8 in kdeinitmain (argc=3, argv=0x8084d88) at kate_dummy.cpp:2
#33 0x0804e2c5 in launch (argc=3, _name=0x8083bec "kate", args=0x8083c32 "", 
    cwd=0x0, envc=0, envs=0x8083c36 "", reset_env=false, tty=0x0, 
    avoid_loops=false, startup_id_str=0x8052f87 "0") at kinit.cpp:599
#34 0x0804f5d8 in handle_launcher_request (sock=8) at kinit.cpp:1163
#35 0x0804fccb in handle_requests (waitForPid=0) at kinit.cpp:1364
#36 0x08051335 in main (argc=3, argv=0xbffffcd4, envp=0xbffffce4)
    at kinit.cpp:1817

Thanks for all your hard work, kate really is a great application.
Comment 1 Adrian Holovaty 2004-10-09 22:50:18 UTC
I get bitten by this bug every once in a while, too. When the crash happens, it's usually when I've been rapidly deleting a bunch of characters. Most of the files I edit in Kate are Python files, but I'm not sure whether that's related to the above case or just a coincidence.

How to reproduce (sometimes):

1. Open a medium-to-large Python file.
2. Go to the beginning of a line in the middle of the file, and hit the "Delete" button.
3. Hit the down arrow.
4. Repeat steps 2 and 3 repeatedly and very quickly (i.e., delete, down, delete, down, delete, down). Kate crashes.

For what it's worth, here's my backtrace:

Using host libthread_db library "/lib/tls/libthread_db.so.1".
[Thread debugging using libthread_db enabled]
[New Thread -151115936 (LWP 2123)]
[KCrash handler]
#4  0x0575ded8 in QGList::find () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#5  0x0575da59 in QGList::remove () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#6  0x00edf22c in KateCodeFoldingTree::removeEnding ()
   from /usr/lib/kde3/libkatepart.so
#7  0x00ee1345 in KateCodeFoldingTree::cleanupUnneededNodes ()
   from /usr/lib/kde3/libkatepart.so
#8  0x00ede612 in KateCodeFoldingTree::updateLine ()
   from /usr/lib/kde3/libkatepart.so
#9  0x00e737ea in KateBuffer::doHighlight () from /usr/lib/kde3/libkatepart.so
#10 0x00e71575 in KateBuffer::editEnd () from /usr/lib/kde3/libkatepart.so
#11 0x00e946c6 in KateDocument::editEnd () from /usr/lib/kde3/libkatepart.so
#12 0x00e937cc in KateDocument::removeText ()
   from /usr/lib/kde3/libkatepart.so
#13 0x00e935b1 in KateDocument::removeText ()
   from /usr/lib/kde3/libkatepart.so
#14 0x00e9dac2 in KateDocument::del () from /usr/lib/kde3/libkatepart.so
#15 0x00ee7b5f in KateViewInternal::doDelete ()
   from /usr/lib/kde3/libkatepart.so
#16 0x00f29305 in KateView::keyDelete () from /usr/lib/kde3/libkatepart.so
#17 0x00eedebe in KateViewInternal::keyPressEvent ()
   from /usr/lib/kde3/libkatepart.so
#18 0x00eed788 in KateViewInternal::eventFilter ()
   from /usr/lib/kde3/libkatepart.so
#19 0x0549fe4e in QObject::activate_filters ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#20 0x0549fd7c in QObject::event () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#21 0x054d853f in QWidget::event () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#22 0x05445fef in QApplication::internalNotify ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#23 0x05445ae4 in QApplication::notify ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#24 0x0046d623 in KApplication::notify () from /usr/lib/libkdecore.so.4
#25 0x053de3d0 in QETWidget::translateKeyEvent ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#26 0x053da2ef in QApplication::x11ProcessEvent ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#27 0x053f10b4 in QEventLoop::processEvents ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#28 0x05458238 in QEventLoop::enterLoop ()
   from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#29 0x054580e8 in QEventLoop::exec () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#30 0x05446241 in QApplication::exec () from /usr/lib/qt-3.3/lib/libqt-mt.so.3
#31 0x00a47814 in kdemain () from /usr/lib/libkdeinit_kate.so
#32 0x0804864b in ?? ()
#33 0x00000001 in ?? ()
#34 0xfef4dde4 in ?? ()
#35 0xfef4ddb8 in ?? ()
#36 0x00ac9ad4 in __libc_start_main () from /lib/tls/libc.so.6
Comment 2 Adrian Holovaty 2004-10-09 22:54:28 UTC
I'll just add to the above comment that I'm using KDE 3.3.0 with Kate 2.3, via RPMs from the KDE-Redhat project (kde-redhat.sourceforge.net).

But this bug was also in my previous version (KDE 3.2.0).
Comment 3 Christoph Cullmann 2005-02-26 00:39:39 UTC
*** Bug 100104 has been marked as a duplicate of this bug. ***
Comment 4 Christoph Cullmann 2005-02-26 00:40:16 UTC
*** Bug 96783 has been marked as a duplicate of this bug. ***
Comment 5 Christoph Cullmann 2005-02-26 00:46:17 UTC
*** Bug 97643 has been marked as a duplicate of this bug. ***
Comment 6 Christoph Cullmann 2005-03-20 22:46:30 UTC
should be solved with kde 3.4, as I have fixed some folding issues there
Comment 7 Dominik Haumann 2006-04-22 15:44:41 UTC
not fixed, see #bug 125986.
Comment 8 Dominik Haumann 2006-04-22 15:46:47 UTC
*** Bug 125986 has been marked as a duplicate of this bug. ***
Comment 9 Dominik Haumann 2006-04-22 15:49:50 UTC
*** Bug 118756 has been marked as a duplicate of this bug. ***
Comment 10 Dominik Haumann 2006-04-22 15:51:05 UTC
*** Bug 119570 has been marked as a duplicate of this bug. ***
Comment 11 Dominik Haumann 2006-04-22 15:51:44 UTC
*** Bug 121809 has been marked as a duplicate of this bug. ***
Comment 12 Dominik Haumann 2006-04-22 15:53:28 UTC
The related bugs from comment #8 - #10 include more information and test files.
Comment 13 Dominik Haumann 2006-05-23 17:23:14 UTC
*** Bug 122311 has been marked as a duplicate of this bug. ***
Comment 14 Dominik Haumann 2006-05-23 17:25:54 UTC
*** Bug 124102 has been marked as a duplicate of this bug. ***
Comment 15 Andreas Kling 2006-06-23 16:06:15 UTC
SVN commit 554198 by kling:

Remove nodes from `markedForDeleting' when deleting them now.
Fixes issues with cleanupUnneededNodes() working on dangling pointers.

BUG: 89042
BUG: 103648


 M  +17 -5     katecodefoldinghelpers.cpp  


--- branches/KDE/3.5/kdelibs/kate/part/katecodefoldinghelpers.cpp #554197:554198
@@ -559,7 +559,9 @@
   uint endCol=node->endCol;
 
   // removes + deletes
-  delete parent->takeChild(mypos);
+  KateCodeFoldingNode *child = parent->takeChild(mypos);
+  markedForDeleting.removeRef(child);
+  delete child;
 
   if ((type>0) && (endLineValid))
     correctEndings(-type, parent, line+endLineRel/*+1*/,endCol, mypos); // why the hell did I add a +1 here ?
@@ -583,7 +585,11 @@
     // removes + deletes
     int i = parent->findChild (node);
     if (i >= 0)
-      delete parent->takeChild (i);
+    {
+      KateCodeFoldingNode *child = parent->takeChild(i);
+      markedForDeleting.removeRef(child);
+      delete child;
+    }
 
     return true;
   }
@@ -598,7 +604,9 @@
       node->endLineValid = true;
       node->endLineRel = parent->child(i)->startLineRel - node->startLineRel;
 
-      delete parent->takeChild(i);
+      KateCodeFoldingNode *child = parent->takeChild(i);
+      markedForDeleting.removeRef(child);
+      delete child;
 
       count = i-mypos-1;
       if (count > 0)
@@ -831,7 +839,9 @@
                 node->endLineValid = true;
                 node->endLineRel = getStartLine(parent->child(i))-line;
                 node->endCol = parent->child(i)->endCol;
-                delete parent->takeChild(i);
+                KateCodeFoldingNode *child = parent->takeChild(i);
+                markedForDeleting.removeRef( child );
+                delete child;
                 break;
               }
             }
@@ -907,7 +917,9 @@
               count = node->childCount() - i - 1;
               newNode->endLineValid = true;
               newNode->endLineRel = line - getStartLine(node->child(i));
-              delete node->takeChild(i);
+              KateCodeFoldingNode *child = node->takeChild(i);
+              markedForDeleting.removeRef( child );
+              delete child;
               break;
             }
           }
Comment 16 Dominik Haumann 2006-06-25 23:01:00 UTC
SVN commit 554957 by dhaumann:

forward port: SVN commit 554198 by kling:

Remove nodes from `markedForDeleting' when deleting them now.
Fixes issues with cleanupUnneededNodes() working on dangling pointers.

CCBUG: 89042
CCBUG: 103648


 M  +17 -5     katecodefoldinghelpers.cpp  


--- trunk/KDE/kdelibs/kate/part/katecodefoldinghelpers.cpp #554956:554957
@@ -558,7 +558,9 @@
   uint endCol=node->endCol;
 
   // removes + deletes
-  delete parent->takeChild(mypos);
+  KateCodeFoldingNode *child = parent->takeChild(mypos);
+  markedForDeleting.removeAll(child);
+  delete child;
 
   if ((type>0) && (endLineValid))
     correctEndings(-type, parent, line+endLineRel/*+1*/,endCol, mypos); // why the hell did I add a +1 here ?
@@ -582,7 +584,11 @@
     // removes + deletes
     int i = parent->findChild (node);
     if (i >= 0)
-      delete parent->takeChild (i);
+    {
+      KateCodeFoldingNode *child = parent->takeChild(i);
+      markedForDeleting.removeAll(child);
+      delete child;
+    }
 
     return true;
   }
@@ -597,7 +603,9 @@
       node->endLineValid = true;
       node->endLineRel = parent->child(i)->startLineRel - node->startLineRel;
 
-      delete parent->takeChild(i);
+      KateCodeFoldingNode *child = parent->takeChild(i);
+      markedForDeleting.removeAll(child);
+      delete child;
 
       count = i-mypos-1;
       if (count > 0)
@@ -829,7 +837,9 @@
                 node->endLineValid = true;
                 node->endLineRel = getStartLine(parent->child(i))-line;
                 node->endCol = parent->child(i)->endCol;
-                delete parent->takeChild(i);
+                KateCodeFoldingNode *child = parent->takeChild(i);
+                markedForDeleting.removeAll( child );
+                delete child;
                 break;
               }
             }
@@ -905,7 +915,9 @@
               count = node->childCount() - i - 1;
               newNode->endLineValid = true;
               newNode->endLineRel = line - getStartLine(node->child(i));
-              delete node->takeChild(i);
+              KateCodeFoldingNode *child = node->takeChild(i);
+              markedForDeleting.removeAll( child );
+              delete child;
               break;
             }
           }
Comment 17 Andreas Kling 2006-08-16 12:29:16 UTC
*** Bug 132486 has been marked as a duplicate of this bug. ***
Comment 18 Dominik Haumann 2007-03-08 22:55:43 UTC
*** Bug 142673 has been marked as a duplicate of this bug. ***