Bug 103648 - Codefolding Crash - Reproducable
Summary: Codefolding Crash - Reproducable
Status: RESOLVED FIXED
Alias: None
Product: kate
Classification: Applications
Component: part (show other bugs)
Version: unspecified
Platform: unspecified Linux
: NOR crash
Target Milestone: ---
Assignee: Christoph Cullmann
URL:
Keywords:
: 103995 105258 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-04-11 11:36 UTC by Alexander Denisjuk
Modified: 2006-06-25 23:01 UTC (History)
2 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Denisjuk 2005-04-11 11:36:52 UTC
Version:           1.7.1 (using KDE 3.3.2,  (3.1))
Compiler:          gcc version 3.3.5 (Debian 1:3.3.5-8)
OS:                Linux (i686) release 2.6.11

kile crashs when I replace $$equation$$ with \[equation\] while syntax highlighting (LaTeX) is on. When highliting is off replacement is done without any problem. I tried to replace using replace dialog box and regular expressions as well as "by hand". It crashes in all cases.
Comment 1 Thiago Macieira 2005-04-11 13:32:42 UTC
Can you paste the backtrace?
Comment 2 Alexander Denisjuk 2005-04-11 14:03:22 UTC
On Monday 11 of April 2005 13:33, Thiago Macieira wrote:
[bugs.kde.org quoted mail]


(no debugging symbols found)
Using host libthread_db library "/lib/tls/libthread_db.so.1".
(no debugging symbols found)
`system-supplied DSO at 0xffffe000' has disappeared; keeping its symbols.
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[Thread debugging using libthread_db enabled]
[New Thread -1215405408 (LWP 7752)]
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
(no debugging symbols found)
[KCrash handler]
#3  0xb7e2ed58 in QGList::find () from /usr/lib/libqt-mt.so.3
#4  0xb7e2e8d9 in QGList::remove () from /usr/lib/libqt-mt.so.3
#5  0xb737e79c in KateCodeFoldingTree::removeEnding ()
   from /usr/lib/kde3/libkatepart.so
#6  0xb73808b5 in KateCodeFoldingTree::cleanupUnneededNodes ()
   from /usr/lib/kde3/libkatepart.so
#7  0xb737db82 in KateCodeFoldingTree::updateLine ()
   from /usr/lib/kde3/libkatepart.so
#8  0xb731130a in KateBuffer::doHighlight () from /usr/lib/kde3/libkatepart.so
#9  0xb730f095 in KateBuffer::editEnd () from /usr/lib/kde3/libkatepart.so
#10 0xb73326a6 in KateDocument::editEnd () from /usr/lib/kde3/libkatepart.so
#11 0xb733aa13 in KateDocument::typeChars () from /usr/lib/kde3/libkatepart.so
#12 0xb738e1ba in KateViewInternal::keyPressEvent ()
   from /usr/lib/kde3/libkatepart.so
#13 0xb738d5d0 in KateViewInternal::eventFilter ()
   from /usr/lib/kde3/libkatepart.so
#14 0xb7b7404e in QObject::activate_filters () from /usr/lib/libqt-mt.so.3
#15 0xb7b73f7c in QObject::event () from /usr/lib/libqt-mt.so.3
#16 0xb7bacaaf in QWidget::event () from /usr/lib/libqt-mt.so.3
#17 0xb7b19e1f in QApplication::internalNotify () from /usr/lib/libqt-mt.so.3
#18 0xb7b19914 in QApplication::notify () from /usr/lib/libqt-mt.so.3
#19 0x4ccc4e43 in KApplication::notify () from /usr/lib/libkdecore.so.4
#20 0xb7ab0620 in QETWidget::translateKeyEvent () from /usr/lib/libqt-mt.so.3
#21 0xb7aac302 in QApplication::x11ProcessEvent () from /usr/lib/libqt-mt.so.3
#22 0xb7ac3254 in QEventLoop::processEvents () from /usr/lib/libqt-mt.so.3
#23 0xb7b2c1d8 in QEventLoop::enterLoop () from /usr/lib/libqt-mt.so.3
#24 0xb7b2c088 in QEventLoop::exec () from /usr/lib/libqt-mt.so.3
#25 0xb7b1a071 in QApplication::exec () from /usr/lib/libqt-mt.so.3
#26 0x080d2250 in QPtrList<char>::deleteItem ()
#27 0x45a3a904 in __libc_start_main () from /lib/tls/libc.so.6
#28 0x08073541 in ?? ()
Comment 3 Alexander Denisjuk 2005-04-11 14:50:55 UTC
Hi, 

This is the way I can reproduse a bug on my computer. Please, find an example 
of the text (between === lines). 
	Paste it into Kile. 
	Then enable syntax highlighting, LaTeX mode. 
	Delete the first \[ pressing twice "Backspace", insert $$ instead.
	Delete the closing \] pressing twice "Backspace"
        Now try to insert $ after the display equation, i.e. after "\bigr)." 
	My copy of Kile crashes.

Note that it works fine without the theorem or the enumerate or even without 
the text which follows the display.

Yours, Alexander Denisjuk.

PS. Be careful: the theorem is not published yet :-)
A.D.

=====================================================
\[\bigl(\alpha(i_p i_q)f\bigr)_{i_1\dots
i_r}=\frac12\bigl(f_{i_1 \dots i_p \dots i_q\dots i_r}-f_{i_1
\dots i_q \dots i_p\dots i_r}\bigr).\] 
Note that for $m=1$ operator $R$ coincides with the external differentiation.


\begin{theorem}For the finite field~$f\in
C^\infty_0(S^m)$ 
\begin{enumerate}
  \item $If(x,\xi)=0$.
\end{enumerate}
\end{theorem}
=====================================================
On Monday 11 of April 2005 13:33, Thiago Macieira wrote:
[bugs.kde.org quoted mail]
Comment 4 Anders Lund 2005-04-12 14:35:35 UTC
I can't make this happen using cvs HEAD. Anyone else?
Please provide a sample file, and explain what you mean by "by hand".
Comment 5 Alexander Denisjuk 2005-04-12 21:00:07 UTC
The sample and instructions how I reproduce the bug are above (see additional comment #3).

By "by hand" I mean not using replace dialog.
Comment 6 Christoph Cullmann 2005-10-05 18:41:29 UTC
Yeah, too bad, can reproduce it here, too, 3.5 branch from today :/
But, the good thing: 100% reproducable, perfect testcase, thx a lot, will try to hunt it down before 3.5 final
Comment 7 Christoph Cullmann 2005-10-05 18:42:02 UTC
*** Bug 105258 has been marked as a duplicate of this bug. ***
Comment 8 Dominik Haumann 2006-04-22 15:41:54 UTC
*** Bug 103995 has been marked as a duplicate of this bug. ***
Comment 9 Dominik Haumann 2006-04-28 22:55:51 UTC
Comment #3 still reproducable. This is a nasty bug :(
Comment 10 Christian Spiel 2006-05-29 14:28:03 UTC
I think I tried to debug this thing five times now...
The problem is: i can reproduce it on my machine at work (64 Bit Suse 10.0 KDE 3.5.2) and also on my home machine (32 Bit Gentoo KDE 3.5.2 compiled with -Os -fomit-frame-pointer gcc 3.4.5). Every time I recompile kdelibs from sources with debugging flags (-g, no optimization) I cannot reproduce it anymore. So in my opinion this is some kind of miscompilition issue...
Comment 11 Andreas Kling 2006-06-23 16:06:09 UTC
SVN commit 554198 by kling:

Remove nodes from `markedForDeleting' when deleting them now.
Fixes issues with cleanupUnneededNodes() working on dangling pointers.

BUG: 89042
BUG: 103648


 M  +17 -5     katecodefoldinghelpers.cpp  


--- branches/KDE/3.5/kdelibs/kate/part/katecodefoldinghelpers.cpp #554197:554198
@@ -559,7 +559,9 @@
   uint endCol=node->endCol;
 
   // removes + deletes
-  delete parent->takeChild(mypos);
+  KateCodeFoldingNode *child = parent->takeChild(mypos);
+  markedForDeleting.removeRef(child);
+  delete child;
 
   if ((type>0) && (endLineValid))
     correctEndings(-type, parent, line+endLineRel/*+1*/,endCol, mypos); // why the hell did I add a +1 here ?
@@ -583,7 +585,11 @@
     // removes + deletes
     int i = parent->findChild (node);
     if (i >= 0)
-      delete parent->takeChild (i);
+    {
+      KateCodeFoldingNode *child = parent->takeChild(i);
+      markedForDeleting.removeRef(child);
+      delete child;
+    }
 
     return true;
   }
@@ -598,7 +604,9 @@
       node->endLineValid = true;
       node->endLineRel = parent->child(i)->startLineRel - node->startLineRel;
 
-      delete parent->takeChild(i);
+      KateCodeFoldingNode *child = parent->takeChild(i);
+      markedForDeleting.removeRef(child);
+      delete child;
 
       count = i-mypos-1;
       if (count > 0)
@@ -831,7 +839,9 @@
                 node->endLineValid = true;
                 node->endLineRel = getStartLine(parent->child(i))-line;
                 node->endCol = parent->child(i)->endCol;
-                delete parent->takeChild(i);
+                KateCodeFoldingNode *child = parent->takeChild(i);
+                markedForDeleting.removeRef( child );
+                delete child;
                 break;
               }
             }
@@ -907,7 +917,9 @@
               count = node->childCount() - i - 1;
               newNode->endLineValid = true;
               newNode->endLineRel = line - getStartLine(node->child(i));
-              delete node->takeChild(i);
+              KateCodeFoldingNode *child = node->takeChild(i);
+              markedForDeleting.removeRef( child );
+              delete child;
               break;
             }
           }
Comment 12 Dominik Haumann 2006-06-25 23:01:00 UTC
SVN commit 554957 by dhaumann:

forward port: SVN commit 554198 by kling:

Remove nodes from `markedForDeleting' when deleting them now.
Fixes issues with cleanupUnneededNodes() working on dangling pointers.

CCBUG: 89042
CCBUG: 103648


 M  +17 -5     katecodefoldinghelpers.cpp  


--- trunk/KDE/kdelibs/kate/part/katecodefoldinghelpers.cpp #554956:554957
@@ -558,7 +558,9 @@
   uint endCol=node->endCol;
 
   // removes + deletes
-  delete parent->takeChild(mypos);
+  KateCodeFoldingNode *child = parent->takeChild(mypos);
+  markedForDeleting.removeAll(child);
+  delete child;
 
   if ((type>0) && (endLineValid))
     correctEndings(-type, parent, line+endLineRel/*+1*/,endCol, mypos); // why the hell did I add a +1 here ?
@@ -582,7 +584,11 @@
     // removes + deletes
     int i = parent->findChild (node);
     if (i >= 0)
-      delete parent->takeChild (i);
+    {
+      KateCodeFoldingNode *child = parent->takeChild(i);
+      markedForDeleting.removeAll(child);
+      delete child;
+    }
 
     return true;
   }
@@ -597,7 +603,9 @@
       node->endLineValid = true;
       node->endLineRel = parent->child(i)->startLineRel - node->startLineRel;
 
-      delete parent->takeChild(i);
+      KateCodeFoldingNode *child = parent->takeChild(i);
+      markedForDeleting.removeAll(child);
+      delete child;
 
       count = i-mypos-1;
       if (count > 0)
@@ -829,7 +837,9 @@
                 node->endLineValid = true;
                 node->endLineRel = getStartLine(parent->child(i))-line;
                 node->endCol = parent->child(i)->endCol;
-                delete parent->takeChild(i);
+                KateCodeFoldingNode *child = parent->takeChild(i);
+                markedForDeleting.removeAll( child );
+                delete child;
                 break;
               }
             }
@@ -905,7 +915,9 @@
               count = node->childCount() - i - 1;
               newNode->endLineValid = true;
               newNode->endLineRel = line - getStartLine(node->child(i));
-              delete node->takeChild(i);
+              KateCodeFoldingNode *child = node->takeChild(i);
+              markedForDeleting.removeAll( child );
+              delete child;
               break;
             }
           }