Version: (using KDE 4.1.2) Installed from: Ubuntu Packages When I use kate to edit long html file and try to delete some divs (in the middle of file), the kate crash. Here is backtaces: Application: Kate (kate), signal SIGABRT (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread 0xb5dec720 (LWP 3015)] [KCrash handler] #6 0xb7f5a410 in __kernel_vsyscall () #7 0xb7e0f085 in raise () from /lib/tls/i686/cmov/libc.so.6 #8 0xb7e10a01 in abort () from /lib/tls/i686/cmov/libc.so.6 #9 0xb7086367 in qt_message_output (msgType=QtFatalMsg, buf=0xbfbe16ec "ASSERT: \"m_textLine\" in file /build/buildd/kde4libs-4.1.2/kate/render/katelinelayout.cpp, line 68") at global/qglobal.cpp:2061 #10 0xb7086458 in qFatal (msg=0xb71cd498 "ASSERT: \"%s\" in file %s, line %d") at global/qglobal.cpp:2263 #11 0xb7086505 in qt_assert (assertion=0xb468f4cd "m_textLine", file=0xb468f50c "/build/buildd/kde4libs-4.1.2/kate/render/katelinelayout.cpp", line=68) at global/qglobal.cpp:1831 #12 0xb45e5e60 in KateLineLayout::textLine (this=0x86cbaa8) at /build/buildd/kde4libs-4.1.2/kate/render/katelinelayout.cpp:68 #13 0xb45e5ecb in KateLineLayout::isValid (this=0x86cbaa8) at /build/buildd/kde4libs-4.1.2/kate/render/katelinelayout.cpp:120 #14 0xb45e1647 in KateLayoutCache::line (this=0x83416d0, realLine=3, virtualLine=3) at /build/buildd/kde4libs-4.1.2/kate/render/katelayoutcache.cpp:273 #15 0xb45e23b4 in KateLayoutCache::updateViewCache (this=0x83416d0, startPos=@0x825d0e0, newViewLineCount=35, viewLinesScrolled=0) at /build/buildd/kde4libs-4.1.2/kate/render/katelayoutcache.cpp:258 #16 0xb4627e4c in KateViewInternal::doUpdateView (this=0x825cff8, changed=false, viewLinesScrolled=0) at /build/buildd/kde4libs-4.1.2/kate/view/kateviewinternal.cpp:564 #17 0xb4628619 in KateViewInternal::updateView (this=0x825cff8, changed=false, viewLinesScrolled=0) at /build/buildd/kde4libs-4.1.2/kate/view/kateviewinternal.cpp:543 #18 0xb4629211 in KateViewInternal::slotRegionVisibilityChangedAt ( this=0x825cff8) at /build/buildd/kde4libs-4.1.2/kate/view/kateviewinternal.cpp:676 #19 0xb4632469 in KateViewInternal::qt_metacall (this=0x825cff8, _c=QMetaObject::InvokeMetaMethod, _id=17, _a=0xbfbe3adc) at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/kate/kateviewinternal.moc:134 #20 0xb718ef79 in QMetaObject::activate (sender=0x81f9944, from_signal_index=4, to_signal_index=4, argv=0xbfbe3adc) at kernel/qobject.cpp:3016 #21 0xb718f642 in QMetaObject::activate (sender=0x81f9944, m=0xb46a136c, local_signal_index=0, argv=0xbfbe3adc) at kernel/qobject.cpp:3086 #22 0xb460e4b3 in KateCodeFoldingTree::regionVisibilityChangedAt ( this=0x81f9944, _t1=1) at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/kate/katecodefolding.moc:104 #23 0xb460e826 in KateCodeFoldingTree::toggleRegionVisibility ( this=0x81f9944, line=1) at /build/buildd/kde4libs-4.1.2/kate/syntax/katecodefolding.cpp:1375 #24 0xb460ee39 in KateCodeFoldingTree::removeOpening (this=0x81f9944, node=0x8812828, line=2) at /build/buildd/kde4libs-4.1.2/kate/syntax/katecodefolding.cpp:547 #25 0xb460f0c6 in KateCodeFoldingTree::cleanupUnneededNodes (this=0x81f9944, line=2) at /build/buildd/kde4libs-4.1.2/kate/syntax/katecodefolding.cpp:1291 #26 0xb460f36b in KateCodeFoldingTree::updateLine (this=0x81f9944, line=2, regionChanges=0xbfbe3e60, updated=0xbfbe3e7a, changed=false, colsChanged=false) at /build/buildd/kde4libs-4.1.2/kate/syntax/katecodefolding.cpp:529 #27 0xb45c0d50 in KateBuffer::doHighlight (this=0x81f9918, startLine=2, endLine=2, invalidate=false) at /build/buildd/kde4libs-4.1.2/kate/document/katebuffer.cpp:1026 #28 0xb45c1d7f in KateBuffer::line (this=0x81f9918, line=2) at /build/buildd/kde4libs-4.1.2/kate/document/katebuffer.cpp:551 #29 0xb460e5ee in KateCodeFoldingTree::toggleRegionVisibility ( this=0x81f9944, line=1) at /build/buildd/kde4libs-4.1.2/kate/syntax/katecodefolding.cpp:1338 #30 0xb460ee39 in KateCodeFoldingTree::removeOpening (this=0x81f9944, node=0x8812828, line=1) at /build/buildd/kde4libs-4.1.2/kate/syntax/katecodefolding.cpp:547 #31 0xb460f0c6 in KateCodeFoldingTree::cleanupUnneededNodes (this=0x81f9944, line=1) at /build/buildd/kde4libs-4.1.2/kate/syntax/katecodefolding.cpp:1291 #32 0xb460f1c4 in KateCodeFoldingTree::lineHasBeenRemoved (this=0x81f9944, line=1) at /build/buildd/kde4libs-4.1.2/kate/syntax/katecodefolding.cpp:1053 #33 0xb45bfb9f in KateBuffer::removeLine (this=0x81f9918, i=1) at /build/buildd/kde4libs-4.1.2/kate/document/katebuffer.cpp:647 #34 0xb45af124 in KateDocument::editUnWrapLine (this=0x81a39c0, line=0, removeLine=true, length=0) at /build/buildd/kde4libs-4.1.2/kate/document/katedocument.cpp:1459 #35 0xb45b2a1b in KateDocument::removeText (this=0x81a39c0, _range=@0xbfbe421c, block=false) at /build/buildd/kde4libs-4.1.2/kate/document/katedocument.cpp:871 #36 0xb4616eec in KateView::removeSelectedText (this=0x825a8d0) at /build/buildd/kde4libs-4.1.2/kate/view/kateview.cpp:1505 #37 0xb45a1c58 in KateDocument::del (this=0x81a39c0, view=0x825a8d0, c=@0x825d04c) at /build/buildd/kde4libs-4.1.2/kate/document/katedocument.cpp:4224 #38 0xb462763e in KateViewInternal::doDelete (this=0x825cff8) at /build/buildd/kde4libs-4.1.2/kate/view/kateviewinternal.cpp:748 #39 0xb46134a3 in KateView::keyDelete (this=0x825a8d0) at /build/buildd/kde4libs-4.1.2/kate/view/kateview.cpp:2222 #40 0xb4622091 in KateView::qt_metacall (this=0x825a8d0, _c=QMetaObject::InvokeMetaMethod, _id=45, _a=0xbfbe43cc) at /build/buildd/kde4libs-4.1.2/obj-i486-linux-gnu/kate/kateview.moc:331 #41 0xb718ef79 in QMetaObject::activate (sender=0x85270b8, from_signal_index=5, to_signal_index=6, argv=0xbfbe43cc) at kernel/qobject.cpp:3016 #42 0xb718f3b0 in QMetaObject::activate (sender=0x85270b8, m=0xb7d55558, from_local_signal_index=1, to_local_signal_index=2, argv=0xbfbe43cc) at kernel/qobject.cpp:3106 #43 0xb7575151 in QAction::triggered (this=0x85270b8, _t1=false) at .moc/release-shared/moc_qaction.cpp:216 #44 0xb7575b2f in QAction::activate (this=0x85270b8, event=QAction::Trigger) at kernel/qaction.cpp:1119 #45 0xb7577689 in QAction::event (this=0x85270b8, e=0xbfbe47f4) at kernel/qaction.cpp:1038 #46 0xb75d6416 in QWidgetAction::event (this=0x85270b8, event=0xbfbe47f4) at kernel/qwidgetaction.cpp:236 #47 0xb757bf9c in QApplicationPrivate::notify_helper (this=0x805c770, receiver=0x85270b8, e=0xbfbe47f4) at kernel/qapplication.cpp:3800 #48 0xb7580bf9 in QApplication::notify (this=0xbfbe5744, receiver=0x85270b8, e=0xbfbe47f4) at kernel/qapplication.cpp:3392 #49 0xb67d1483 in KApplication::notify (this=0xbfbe5744, receiver=0x85270b8, event=0xbfbe47f4) at /build/buildd/kde4libs-4.1.2/kdeui/kernel/kapplication.cpp:311 #50 0xb717a0b9 in QCoreApplication::notifyInternal (this=0xbfbe5744, receiver=0x85270b8, event=0xbfbe47f4) at kernel/qcoreapplication.cpp:591 #51 0xb75b3375 in QShortcutMap::dispatchEvent (this=0x805c80c, e=0xbfbe4bb4) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215 #52 0xb75b4347 in QShortcutMap::tryShortcutEvent (this=0x805c80c, w=0x825cff8, e=0xbfbe4bb4) at kernel/qshortcutmap.cpp:365 #53 0xb7581dff in QApplication::notify (this=0xbfbe5744, receiver=0x825cff8, e=0xbfbe4bb4) at kernel/qapplication.cpp:3429 #54 0xb67d1483 in KApplication::notify (this=0xbfbe5744, receiver=0x825cff8, event=0xbfbe4bb4) at /build/buildd/kde4libs-4.1.2/kdeui/kernel/kapplication.cpp:311 #55 0xb717a0b9 in QCoreApplication::notifyInternal (this=0xbfbe5744, receiver=0x825cff8, event=0xbfbe4bb4) at kernel/qcoreapplication.cpp:591 #56 0xb75d7a5e in qt_sendSpontaneousEvent (receiver=0x825cff8, event=0xbfbe4bb4) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:218 #57 0xb760c75b in QKeyMapper::sendKeyEvent (keyWidget=0x825cff8, grab=false, type=QEvent::KeyPress, code=16777223, modifiers=@0xbfbe4d20, text=@0xbfbe4d54, autorepeat=<value optimized out>, count=1, nativeScanCode=107, nativeVirtualKey=65535, nativeModifiers=0) at kernel/qkeymapper_x11.cpp:1658 #58 0xb760e83e in QKeyMapperPrivate::translateKeyEvent (this=0x80802b8, keyWidget=0x825cff8, event=0xbfbe5288, grab=<value optimized out>) at kernel/qkeymapper_x11.cpp:1629 #59 0xb75e6d15 in QApplication::x11ProcessEvent (this=0xbfbe5744, event=0xbfbe5288) at kernel/qapplication_x11.cpp:3059 #60 0xb760fc2a in x11EventSourceDispatch (s=0x805fb20, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:148 #61 0xb64ebdd6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #62 0xb64ef193 in ?? () from /usr/lib/libglib-2.0.so.0 #63 0xb64ef74e in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #64 0xb71a59f8 in QEventDispatcherGlib::processEvents (this=0x805c828, flags=@0xbfbe5428) at kernel/qeventdispatcher_glib.cpp:325 #65 0xb760fa25 in QGuiEventDispatcherGlib::processEvents (this=0x805c828, flags=@0xbfbe5458) at kernel/qguieventdispatcher_glib.cpp:204 #66 0xb717933d in QEventLoop::processEvents (this=0xbfbe54d0, flags=@0xbfbe5494) at kernel/qeventloop.cpp:149 #67 0xb71794cd in QEventLoop::exec (this=0xbfbe54d0, flags=@0xbfbe54d8) at kernel/qeventloop.cpp:200 #68 0xb717b74d in QCoreApplication::exec () at kernel/qcoreapplication.cpp:849 #69 0xb757b897 in QApplication::exec () at kernel/qapplication.cpp:3330 #70 0xb7f5418b in kdemain () from /usr/lib/kde4/lib/libkdeinit4_kate.so #71 0x08048582 in _start () #0 0xb7f5a410 in __kernel_vsyscall ()
Can you reproduce this bug with any HTML file deleting any DIV ? Here: Kate Version 3.1.2 Using KDE 4.1.2 (KDE 4.1.2) (KDEmod) in ArchLinux i686: Trying to delete some DIVs and another random characters from a random HTML file didn't crash Kate. (I'm using a plain default Kate configuration. Are you using a special feature/plugin/configuration) ?)
Ok, I I find a way to reproduce this crash. 1- download the test case and make sure it save as html file. 2- collapse all the div and delete the last 6 divs ( see the photo.) By the way, I do not use any special feature or configuration.
Created attachment 28159 [details] the test case
Created attachment 28160 [details] collapse the last sixth divs from the test case and delete them
Here: Kate Version 3.1.2 Using KDE 4.1.2 (KDE 4.1.2) (KDEmod) in ArchLinux i686: With the testcase file I can reproduce this bug. (btw, some arrows remain in the same position ("down") even when I collapse it, I don't know if this is a related bug )
The backtrace is similar to the one on bug 161113
Created attachment 29313 [details] Simpler testcase Here's a simpler testcase, its only 14 bytes :) 1- Open with kate. 2- Fold 3- Ctrl+A (to select all) 4- Press delete or backspace
Strage i didn't get the same backtrace, here's the problem: ==4175== Invalid read of size 4 ==4175== at 0x7B290D2: KateCodeFoldingTree::removeOpening(KateCodeFoldingNode*, unsigned) (katecodefolding.cpp:553) ==4175== by 0x7B2964D: KateCodeFoldingTree::cleanupUnneededNodes(unsigned) (katecodefolding.cpp:1296) ==4175== by 0x7B29909: KateCodeFoldingTree::lineHasBeenRemoved(unsigned) (katecodefolding.cpp:1058) ==4175== by 0x7ABCFCA: KateBuffer::removeLine(int) (katebuffer.cpp:882) ==4175== by 0x7AB2E7D: KateDocument::editRemoveLine(int, Kate::EditSource) (katedocument.cpp:1567) ==4175== by 0x7AB4608: KateDocument::removeText(KTextEditor::Range const&, bool) (katedocument.cpp:824) ==4175== by 0x7B346E3: KateView::removeSelectedText() (kateview.cpp:1685) ==4175== by 0x7AB141F: KateDocument::backspace(KateView*, KTextEditor::Cursor const&) (katedocument.cpp:4129) ==4175== by 0x7B45A13: KateViewInternal::doBackspace() (kateviewinternal.cpp:802) ==4175== by 0x7B33D1A: KateView::backspace() (kateview.cpp:2447) ==4175== by 0x7B39920: KateView::qt_metacall(QMetaObject::Call, int, void**) (kateview.moc:357) ==4175== by 0x4FAB2AA: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3028) ==4175== Address 0x6bf83a0 is 0 bytes inside a block of size 32 free'd ==4175== at 0x402266C: operator delete(void*) (vg_replace_malloc.c:342) ==4175== by 0x7B291DE: KateCodeFoldingTree::removeOpening(KateCodeFoldingNode*, unsigned) (katecodefolding.cpp:577) ==4175== by 0x7B2964D: KateCodeFoldingTree::cleanupUnneededNodes(unsigned) (katecodefolding.cpp:1296) ==4175== by 0x7B2A0C8: KateCodeFoldingTree::updateLine(unsigned, QVector<int>*, bool*, bool, bool) (katecodefolding.cpp:530) ==4175== by 0x7ABFFA4: KateBuffer::doHighlight(int, int, bool) (katebuffer.cpp:1261) ==4175== by 0x7AC248D: KateBuffer::ensureHighlighted(int) (katebuffer.cpp:775) ==4175== by 0x7B2852F: KateCodeFoldingTree::toggleRegionVisibility(unsigned) (katecodefolding.cpp:1362) ==4175== by 0x7B29131: KateCodeFoldingTree::removeOpening(KateCodeFoldingNode*, unsigned) (katecodefolding.cpp:549) ==4175== by 0x7B2964D: KateCodeFoldingTree::cleanupUnneededNodes(unsigned) (katecodefolding.cpp:1296) ==4175== by 0x7B29909: KateCodeFoldingTree::lineHasBeenRemoved(unsigned) (katecodefolding.cpp:1058) ==4175== by 0x7ABCFCA: KateBuffer::removeLine(int) (katebuffer.cpp:882) ==4175== by 0x7AB2E7D: KateDocument::editRemoveLine(int, Kate::EditSource) (katedocument.cpp:1567) removeOpening calls toggleRegionVisibility which causes another removeOpening call which will read a freed pointer
@Sergio: I can confirm the crash using the steps you provided (in KDE4.1.3), however it seems to be a different bug (different assert but related situation) . I couldn't find any duplicate of the backtrace you provided. I'm going to test it later in 4.2svn. If it's also in there, you can post a new bug report. I'm marking the original bug report as duplicate of bug 161113 (same backtrace and situation) :) *** This bug has been marked as a duplicate of bug 161113 ***