Bug 337863 - Crash when a navigation widget is displayed for a declaration in a file containing only one line
Summary: Crash when a navigation widget is displayed for a declaration in a file conta...
Status: RESOLVED FIXED
Alias: None
Product: kate
Classification: Applications
Component: general (other bugs)
Version First Reported In: Git
Platform: Compiled Sources Linux
: VHI crash
Target Milestone: ---
Assignee: KWrite Developers
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-28 17:30 UTC by Denis Steckelmacher
Modified: 2014-07-29 19:13 UTC (History)
0 users

See Also:
Latest Commit: http://commits.kde.org/ktexteditor/8584937cc3a454541120843b1306c55a39005848
Version Fixed/Implemented In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Denis Steckelmacher 2014-07-28 17:30:44 UTC 
I have a file that contains only one line:

int a;

There is no newline at the end of this line. Once opened in KDevelop, there is only one line number: 1. When I put my cursor on "a" in such a file, KDevelop crashes with this stack trace:

#0  0x00007fff4bc6d000 in ?? () from /usr/lib64/libkatepartinterfaces.so.4
#1  0x00007fff4bc6a91e in ?? () from /usr/lib64/libkatepartinterfaces.so.4
#2  0x00007fff4bc6aed4 in ?? () from /usr/lib64/libkatepartinterfaces.so.4
#3  0x00007fff4bcabe60 in ?? () from /usr/lib64/libkatepartinterfaces.so.4
#4  0x00007fff4bc987da in KateView::cursorToCoordinate(KTextEditor::Cursor const&) const () from /usr/lib64/libkatepartinterfaces.so.4
#5  0x00007fff4a709a99 in getLineHeight (view=<optimized out>, curLine=<optimized out>, view=<optimized out>, curLine=<optimized out>)
    at /run/media/steckdenis/22bf9818-cf8f-40f9-948d-9ab473a158c2/kdevplatform/plugins/contextbrowser/contextbrowser.cpp:442
#6  getItemBoundingRect (viewUrl=..., view=<optimized out>, itemPosition=..., viewUrl=..., view=<optimized out>, itemPosition=...)
    at /run/media/steckdenis/22bf9818-cf8f-40f9-948d-9ab473a158c2/kdevplatform/plugins/contextbrowser/contextbrowser.cpp:451
#7  ContextBrowserPlugin::showToolTip (this=0x2ce1160, view=0x3df6510, position=...)
    at /run/media/steckdenis/22bf9818-cf8f-40f9-948d-9ab473a158c2/kdevplatform/plugins/contextbrowser/contextbrowser.cpp:504
#8  0x00007fff4a709579 in ContextBrowserPlugin::textHintRequested (this=0x2ce1160, cursor=...)
    at /run/media/steckdenis/22bf9818-cf8f-40f9-948d-9ab473a158c2/kdevplatform/plugins/contextbrowser/contextbrowser.cpp:408
#9  0x00007fff4a705266 in ContextBrowserPlugin::qt_static_metacall (_o=0x2ce1160, _c=<optimized out>, _id=<optimized out>, _a=0x7fffffffbf30)
    at /run/media/steckdenis/22bf9818-cf8f-40f9-948d-9ab473a158c2/kdevplatform/build/plugins/contextbrowser/moc_contextbrowser.cpp:122
#10 0x00007ffff3f2a978 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib64/libQtCore.so.4
#11 0x00007fff4bc985fa in KateView::needTextHint(KTextEditor::Cursor const&, QString&) () from /usr/lib64/libkatepartinterfaces.so.4
#12 0x00007fff4bcb11a7 in ?? () from /usr/lib64/libkatepartinterfaces.so.4
#13 0x00007fff4bcb7ec5 in ?? () from /usr/lib64/libkatepartinterfaces.so.4
#14 0x00007ffff3f2a978 in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib64/libQtCore.so.4
#15 0x00007ffff3f2eb41 in QObject::event(QEvent*) () from /usr/lib64/libQtCore.so.4

I've looked at the code and the problem seems to be in plugins/contextbrowser/contextbrowser.cpp on lines 438-440: this piece of code tries to compute two line numbers that will be passed to KTextEditor in order to find how high a line of text is. The problem is that when the document being edited is only one line long, it is impossible to find two lines that exist (curLine+1 does not exist and curLine-1 is "-1"). I think that passing "-1" to view->cursorToCoordinate is the cause of the crash.

I don't know how this bug could be solved, though. I don't even know if it has to be solved in KDevelop or in KTextEditor (that should clamp the line number to 0 if negative, for instance).
Comment 1 Milian Wolff 2014-07-28 21:24:26 UTC 
confirmed, updated backtrace:

Application: KDevelop (kdevelop), signal: Aborted
Using host libthread_db library "/usr/lib/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f021eaab800 (LWP 2546))]

Thread 12 (Thread 0x7f0217567700 (LWP 2547)):
#0  0x00007f022e73bb2f in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f022b7d0fab in ?? () from /usr/lib/libQtScript.so.4
#2  0x00007f022b7d0fe9 in ?? () from /usr/lib/libQtScript.so.4
#3  0x00007f022e737124 in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007f022dc424bd in clone () from /usr/lib/libc.so.6

Thread 11 (Thread 0x7f0195f98700 (LWP 2548)):
#0  0x00007f022e73bed8 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f022e9c9384 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4
#2  0x00007f022cd3fc58 in KDevelop::DUChainPrivate::CleanupThread::run (this=0x44b6030) at /home/milian/projects/kde4/kdevplatform/language/duchain/duchain.cpp:283
#3  0x00007f022e9c8ebf in ?? () from /usr/lib/libQtCore.so.4
#4  0x00007f022e737124 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007f022dc424bd in clone () from /usr/lib/libc.so.6

Thread 10 (Thread 0x7f0189998700 (LWP 2549)):
#0  0x00007f022dc3981d in poll () from /usr/lib/libc.so.6
#1  0x00007f02292e0d64 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007f02292e0e6c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#3  0x00007f022eaf82a5 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#4  0x00007f022eaca15f in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#5  0x00007f022eaca455 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#6  0x00007f022e9c67ef in QThread::exec() () from /usr/lib/libQtCore.so.4
#7  0x00007f022e9c8ebf in ?? () from /usr/lib/libQtCore.so.4
#8  0x00007f022e737124 in start_thread () from /usr/lib/libpthread.so.0
#9  0x00007f022dc424bd in clone () from /usr/lib/libc.so.6

Thread 9 (Thread 0x7f0189197700 (LWP 2550)):
#0  0x00007f022dc3b553 in select () from /usr/lib/libc.so.6
#1  0x00007f022eaa8293 in ?? () from /usr/lib/libQtCore.so.4
#2  0x00007f022e9c8ebf in ?? () from /usr/lib/libQtCore.so.4
#3  0x00007f022e737124 in start_thread () from /usr/lib/libpthread.so.0
#4  0x00007f022dc424bd in clone () from /usr/lib/libc.so.6

Thread 8 (Thread 0x7f01820bc700 (LWP 2556)):
#0  0x00007f022dc3981d in poll () from /usr/lib/libc.so.6
#1  0x00007f02292e0d64 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007f02292e0e6c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#3  0x00007f022eaf82a5 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#4  0x00007f022eaca15f in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#5  0x00007f022eaca455 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#6  0x00007f022e9c67ef in QThread::exec() () from /usr/lib/libQtCore.so.4
#7  0x00007f022ce6754d in KDevelop::CompletionWorkerThread::run (this=0x4c31e60) at /home/milian/projects/kde4/kdevplatform/language/codecompletion/codecompletionmodel.cpp:84
#8  0x00007f022e9c8ebf in ?? () from /usr/lib/libQtCore.so.4
#9  0x00007f022e737124 in start_thread () from /usr/lib/libpthread.so.0
#10 0x00007f022dc424bd in clone () from /usr/lib/libc.so.6

Thread 7 (Thread 0x7f016dd00700 (LWP 2563)):
#0  0x00007f022dc3981d in poll () from /usr/lib/libc.so.6
#1  0x00007f02292e0d64 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007f02292e0e6c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#3  0x00007f022eaf82c6 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#4  0x00007f022eaca15f in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#5  0x00007f022eaca455 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#6  0x00007f022e9c67ef in QThread::exec() () from /usr/lib/libQtCore.so.4
#7  0x00007f022eaab943 in ?? () from /usr/lib/libQtCore.so.4
#8  0x00007f022e9c8ebf in ?? () from /usr/lib/libQtCore.so.4
#9  0x00007f022e737124 in start_thread () from /usr/lib/libpthread.so.0
#10 0x00007f022dc424bd in clone () from /usr/lib/libc.so.6

Thread 6 (Thread 0x7f016d4ff700 (LWP 2576)):
#0  0x00007f022dc3981d in poll () from /usr/lib/libc.so.6
#1  0x00007f02292e0d64 in ?? () from /usr/lib/libglib-2.0.so.0
#2  0x00007f02292e0e6c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#3  0x00007f022eaf82a5 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#4  0x00007f022eaca15f in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#5  0x00007f022eaca455 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#6  0x00007f022e9c67ef in QThread::exec() () from /usr/lib/libQtCore.so.4
#7  0x00007f022eaab943 in ?? () from /usr/lib/libQtCore.so.4
#8  0x00007f022e9c8ebf in ?? () from /usr/lib/libQtCore.so.4
#9  0x00007f022e737124 in start_thread () from /usr/lib/libpthread.so.0
#10 0x00007f022dc424bd in clone () from /usr/lib/libc.so.6

Thread 5 (Thread 0x7f016ccfe700 (LWP 2578)):
#0  0x00007f022e73bb2f in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f022e9c93a6 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4
#2  0x00007f02313d9bbc in ?? () from /usr/lib/libthreadweaver.so.4
#3  0x00007f02313dcab3 in ?? () from /usr/lib/libthreadweaver.so.4
#4  0x00007f02313db59f in ThreadWeaver::Thread::run() () from /usr/lib/libthreadweaver.so.4
#5  0x00007f022e9c8ebf in ?? () from /usr/lib/libQtCore.so.4
#6  0x00007f022e737124 in start_thread () from /usr/lib/libpthread.so.0
#7  0x00007f022dc424bd in clone () from /usr/lib/libc.so.6

Thread 4 (Thread 0x7f0177fff700 (LWP 2579)):
#0  0x00007f022e73bed8 in pthread_cond_timedwait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f022e9c9384 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4
#2  0x00007f022e9bcf0a in ?? () from /usr/lib/libQtCore.so.4
#3  0x00007f022e9c8ebf in ?? () from /usr/lib/libQtCore.so.4
#4  0x00007f022e737124 in start_thread () from /usr/lib/libpthread.so.0
#5  0x00007f022dc424bd in clone () from /usr/lib/libc.so.6

Thread 3 (Thread 0x7f01777fe700 (LWP 2649)):
#0  0x00007f022e73bb2f in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f022e9c93a6 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4
#2  0x00007f02313d9bbc in ?? () from /usr/lib/libthreadweaver.so.4
#3  0x00007f02313dcab3 in ?? () from /usr/lib/libthreadweaver.so.4
#4  0x00007f02313db59f in ThreadWeaver::Thread::run() () from /usr/lib/libthreadweaver.so.4
#5  0x00007f022e9c8ebf in ?? () from /usr/lib/libQtCore.so.4
#6  0x00007f022e737124 in start_thread () from /usr/lib/libpthread.so.0
#7  0x00007f022dc424bd in clone () from /usr/lib/libc.so.6

Thread 2 (Thread 0x7f0176ffd700 (LWP 2650)):
#0  0x00007f022e73bb2f in pthread_cond_wait@@GLIBC_2.3.2 () from /usr/lib/libpthread.so.0
#1  0x00007f022e9c93a6 in QWaitCondition::wait(QMutex*, unsigned long) () from /usr/lib/libQtCore.so.4
#2  0x00007f02313d9bbc in ?? () from /usr/lib/libthreadweaver.so.4
#3  0x00007f02313dcab3 in ?? () from /usr/lib/libthreadweaver.so.4
#4  0x00007f02313dcacc in ?? () from /usr/lib/libthreadweaver.so.4
#5  0x00007f02313db59f in ThreadWeaver::Thread::run() () from /usr/lib/libthreadweaver.so.4
#6  0x00007f022e9c8ebf in ?? () from /usr/lib/libQtCore.so.4
#7  0x00007f022e737124 in start_thread () from /usr/lib/libpthread.so.0
#8  0x00007f022dc424bd in clone () from /usr/lib/libc.so.6

Thread 1 (Thread 0x7f021eaab800 (LWP 2546)):
[KCrash Handler]
#5  0x00007f022db8cd67 in raise () from /usr/lib/libc.so.6
#6  0x00007f022db8e118 in abort () from /usr/lib/libc.so.6
#7  0x00007f022e9be9ff in qt_message_output(QtMsgType, char const*) () from /usr/lib/libQtCore.so.4
#8  0x00007f022e9beb89 in ?? () from /usr/lib/libQtCore.so.4
#9  0x00007f022e9bf394 in qFatal(char const*, ...) () from /usr/lib/libQtCore.so.4
#10 0x00007f018a351dab in Kate::TextFolding::visibleLineToLine (this=0x5be2858, visibleLine=-1) at /home/milian/projects/kde4/kate/part/buffer/katetextfolding.cpp:427
#11 0x00007f018a4135ab in KateLayoutCache::displayViewLine (this=0x5be1ab0, virtualCursor=..., limitToVisible=true) at /home/milian/projects/kde4/kate/part/render/katelayoutcache.cpp:445
#12 0x00007f018a467626 in KateViewInternal::cursorToCoordinate (this=0x5be1b00, cursor=..., realCursor=true, includeBorder=true) at /home/milian/projects/kde4/kate/part/view/kateviewinternal.cpp:744
#13 0x00007f018a45e5a3 in KateView::cursorToCoordinate (this=0x5be26b0, cursor=...) at /home/milian/projects/kde4/kate/part/view/kateview.cpp:2435
#14 0x00007f018869a73e in getLineHeight (view=0x5be26b0, curLine=0) at /home/milian/projects/kde4/kdevplatform/plugins/contextbrowser/contextbrowser.cpp:442
#15 0x00007f018869a8a7 in getItemBoundingRect (viewUrl=..., view=0x5be26b0, itemPosition=...) at /home/milian/projects/kde4/kdevplatform/plugins/contextbrowser/contextbrowser.cpp:451
#16 0x00007f018869af78 in ContextBrowserPlugin::showToolTip (this=0x4a8fb50, view=0x5be26b0, position=...) at /home/milian/projects/kde4/kdevplatform/plugins/contextbrowser/contextbrowser.cpp:504
#17 0x00007f018869a5eb in ContextBrowserPlugin::startDelayedBrowsing (this=0x4a8fb50, view=0x5be26b0) at /home/milian/projects/kde4/kdevplatform/plugins/contextbrowser/contextbrowser.cpp:421
#18 0x00007f0188696ddf in ContextBrowserPlugin::qt_static_metacall (_o=0x4a8fb50, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0x7fff772b9010) at /home/milian/projects/.build/kde4/kdevplatform/plugins/contextbrowser/moc_contextbrowser.cpp:110
#19 0x00007f022eadf30a in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#20 0x00007f0188696cc5 in BrowseManager::startDelayedBrowsing (this=0x49e06c0, _t1=0x5be26b0) at /home/milian/projects/.build/kde4/kdevplatform/plugins/contextbrowser/moc_browsemanager.cpp:187
#21 0x00007f01886abf86 in BrowseManager::eventuallyStartDelayedBrowsing (this=0x49e06c0) at /home/milian/projects/kde4/kdevplatform/plugins/contextbrowser/browsemanager.cpp:93
#22 0x00007f0188696b80 in BrowseManager::qt_static_metacall (_o=0x49e06c0, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0x7fff772b9110) at /home/milian/projects/.build/kde4/kdevplatform/plugins/contextbrowser/moc_browsemanager.cpp:138
#23 0x00007f022eadf30a in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/libQtCore.so.4
#24 0x00007f022eae34c1 in QObject::event(QEvent*) () from /usr/lib/libQtCore.so.4
#25 0x00007f022eff9f0c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#26 0x00007f022f00048d in QApplication::notify(QObject*, QEvent*) () from /usr/lib/libQtGui.so.4
#27 0x00007f02301fc42a in KApplication::notify(QObject*, QEvent*) () from /usr/lib/libkdeui.so.5
#28 0x00007f022eacb58d in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/libQtCore.so.4
#29 0x00007f022eafad63 in ?? () from /usr/lib/libQtCore.so.4
#30 0x00007f022eaf80a9 in ?? () from /usr/lib/libQtCore.so.4
#31 0x00007f02292e0b84 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#32 0x00007f02292e0dc8 in ?? () from /usr/lib/libglib-2.0.so.0
#33 0x00007f02292e0e6c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0
#34 0x00007f022eaf82a5 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#35 0x00007f022f096fb6 in ?? () from /usr/lib/libQtGui.so.4
#36 0x00007f022eaca15f in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#37 0x00007f022eaca455 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQtCore.so.4
#38 0x00007f022eacf719 in QCoreApplication::exec() () from /usr/lib/libQtCore.so.4
#39 0x00000000004169f6 in main (argc=3, argv=0x7fff772bb3d8) at /home/milian/projects/kde4/kdevelop/app/main.cpp:564
Comment 2 Milian Wolff 2014-07-29 18:30:45 UTC 
Git commit e5272a11ca691b39efa554a95cc7050758ae3ad3 by Milian Wolff.
Committed on 29/07/2014 at 18:29.
Pushed by mwolff into branch 'KDE/4.14'.

Do not crash when encountering invalid cursor in cursorToCoordinate.

This only hit so far when dyn word wrap was enabled. Now we catch it
always and prevent early to prevent the assertion.

M  +3    -0    part/render/katelayoutcache.cpp
M  +16   -0    tests/kateview_test.cpp
M  +1    -0    tests/kateview_test.h

http://commits.kde.org/kate/e5272a11ca691b39efa554a95cc7050758ae3ad3
Comment 3 Milian Wolff 2014-07-29 19:13:59 UTC 
Git commit 8584937cc3a454541120843b1306c55a39005848 by Milian Wolff.
Committed on 29/07/2014 at 19:13.
Pushed by mwolff into branch 'master'.

Do not crash when encountering invalid cursor in cursorToCoordinate.

This only hit so far when dyn word wrap was enabled. Now we catch it
always and prevent early to prevent the assertion.

forward-port of commit e5272a11ca691b39efa554a95cc7050758ae3ad3

M  +15   -0    autotests/src/kateview_test.cpp
M  +1    -0    autotests/src/kateview_test.h
M  +4    -0    src/render/katelayoutcache.cpp

http://commits.kde.org/ktexteditor/8584937cc3a454541120843b1306c55a39005848