338624 – Sometimes crashes when modifying text [QTextLine::cursorToX]

Bug 338624 - Sometimes crashes when modifying text [QTextLine::cursorToX]

Summary: Sometimes crashes when modifying text [QTextLine::cursorToX]

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	frameworks-ktexteditor
Classification:	Frameworks and Libraries
Component:	general (other bugs)
Version First Reported In:	unspecified
Platform:	Other Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	KWrite Developers

URL:
Keywords:

Duplicates (1):	339255 (view as bug list)
Depends on:
Blocks:

Reported:	2014-08-28 12:57 UTC by Kevin Funk
Modified:	2014-10-29 20:13 UTC (History)
CC List:	1 user (show)

See Also:	https://bugreports.qt-project.org/browse/QTBUG-40753
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Kevin Funk 2014-08-28 12:57:02 UTC

Happens sometimes in KDevelop when inserting code. I don't see a pattern yet.

Upstream bug is here:
https://bugreports.qt-project.org/browse/QTBUG-40753 -- I'm not entirely sure if we can sanitize our input to cursorToX better in order to not trigger the crash.

Backtrace:
#0  0x00007ffff513af89 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1  0x00007ffff513e398 in __GI_abort () at abort.c:89
#2  0x00007ffff58d1291 in qt_message_fatal (context=..., message="ASSERT failure in QVector<T>::operator[]: \"index out of range\", file ../../include/QtCore/../../../../../src/qt5/qtbase/src/corelib/tools/qvector.h, line 404") at /home/krf/devel/src/qt5/qtbase/src/coreli
b/global/qlogging.cpp:1427
#3  0x00007ffff58cd9e6 in QMessageLogger::fatal (this=0x7fffffffb2d0, msg=0x7ffff5c961e8 "ASSERT failure in %s: \"%s\", file %s, line %d") at /home/krf/devel/src/qt5/qtbase/src/corelib/global/qlogging.cpp:614
#4  0x00007ffff58c7d54 in qt_assert_x (where=0x7ffff6381852 "QVector<T>::operator[]", what=0x7ffff638183f "index out of range", file=0x7ffff63817f0 "../../include/QtCore/../../../../../src/qt5/qtbase/src/corelib/tools/qvector.h", line=404) at /home/krf/devel/src/qt5/qtbas
e/src/corelib/global/qglobal.cpp:2824
#5  0x00007ffff608d883 in QVector<QScriptItem>::operator[] (this=0x5134260, i=-1) at ../../include/QtCore/../../../../../src/qt5/qtbase/src/corelib/tools/qvector.h:404
#6  0x00007ffff609e052 in QTextLine::cursorToX (this=0x7fffffffba18, cursorPos=0x7fffffffb9b4, edge=QTextLine::Leading) at /home/krf/devel/src/qt5/qtbase/src/gui/text/qtextlayout.cpp:2598
#7  0x00007ffff443448a in QTextLine::cursorToX (this=0x7fffffffba18, cursorPos=74, edge=QTextLine::Leading) at /home/krf/devel/src/qt5/qtbase/src/gui/text/qtextlayout.h:233
#8  0x00007ffff44993aa in KateViewInternal::cursorToCoordinate (this=0x5760f40, cursor=[1632, 74], realCursor=true, includeBorder=false) at /home/krf/devel/src/kf5/frameworks/ktexteditor/src/view/kateviewinternal.cpp:768
#9  0x00007ffff44be67f in KateTextAnimation::rectForText (this=0x5f5c950) at /home/krf/devel/src/kf5/frameworks/ktexteditor/src/view/katetextanimation.cpp:66
#10 0x00007ffff44be8b2 in KateTextAnimation::draw (this=0x5f5c950, painter=...) at /home/krf/devel/src/kf5/frameworks/ktexteditor/src/view/katetextanimation.cpp:91
#11 0x00007ffff44a2eb7 in KateViewInternal::paintEvent (this=0x5760f40, e=0x7fffffffc1f0) at /home/krf/devel/src/kf5/frameworks/ktexteditor/src/view/kateviewinternal.cpp:3001
#12 0x00007ffff72c81a0 in QWidget::event (this=0x5760f40, event=0x7fffffffc1f0) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qwidget.cpp:8769
#13 0x00007ffff727a67a in QApplicationPrivate::notify_helper (this=0x4bd6e0, receiver=0x5760f40, e=0x7fffffffc1f0) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qapplication.cpp:3720
#14 0x00007ffff727a4de in QApplication::notify (this=0x7fffffffd500, receiver=0x5760f40, e=0x7fffffffc1f0) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qapplication.cpp:3685
#15 0x00007ffff5b5ea6c in QCoreApplication::notifyInternal (this=0x7fffffffd500, receiver=0x5760f40, event=0x7fffffffc1f0) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:940
#16 0x00007ffff727d3f1 in QCoreApplication::sendSpontaneousEvent (receiver=0x5760f40, event=0x7fffffffc1f0) at ../../include/QtCore/../../../../../src/qt5/qtbase/src/corelib/kernel/qcoreapplication.h:239
#17 0x00007ffff72bf9ce in QWidgetPrivate::sendPaintEvent (this=0x57611b0, toBePainted=...) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qwidget.cpp:5597
#18 0x00007ffff72bf52e in QWidgetPrivate::drawWidget (this=0x57611b0, pdev=0x4a5da00, rgn=..., offset=..., flags=36, sharedPainter=0x0, backingStore=0xa363d0) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qwidget.cpp:5537
#19 0x00007ffff728a491 in QWidgetBackingStore::doSync (this=0xa363d0) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qwidgetbackingstore.cpp:1222
#20 0x00007ffff7289429 in QWidgetBackingStore::sync (this=0xa363d0) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qwidgetbackingstore.cpp:1035
#21 0x00007ffff72b62e1 in QWidgetPrivate::syncBackingStore (this=0x9cacd0) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qwidget.cpp:1894
#22 0x00007ffff72c87bf in QWidget::event (this=0x96bd50, event=0x6196e80) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qwidget.cpp:8908
#23 0x00007ffff7432b7c in QMainWindow::event (this=0x96bd50, event=0x6196e80) at /home/krf/devel/src/qt5/qtbase/src/widgets/widgets/qmainwindow.cpp:1503
#24 0x00007ffff4ff5300 in KMainWindow::event (this=0x96bd50, ev=0x6196e80) at /home/krf/devel/src/kf5/frameworks/kxmlgui/src/kmainwindow.cpp:819
#25 0x00007ffff503138d in KXmlGuiWindow::event (this=0x96bd50, ev=0x6196e80) at /home/krf/devel/src/kf5/frameworks/kxmlgui/src/kxmlguiwindow.cpp:118
#26 0x00007ffff727a67a in QApplicationPrivate::notify_helper (this=0x4bd6e0, receiver=0x96bd50, e=0x6196e80) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qapplication.cpp:3720
#27 0x00007ffff727a4de in QApplication::notify (this=0x7fffffffd500, receiver=0x96bd50, e=0x6196e80) at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qapplication.cpp:3685
#28 0x00007ffff5b5ea6c in QCoreApplication::notifyInternal (this=0x7fffffffd500, receiver=0x96bd50, event=0x6196e80) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:940
#29 0x00007ffff7c90903 in QCoreApplication::sendEvent (receiver=0x96bd50, event=0x6196e80) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qcoreapplication.h:236
#30 0x00007ffff5b5fd82 in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x430430) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1544
#31 0x00007ffff5b5f724 in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1402
#32 0x00007ffff5bd6fcc in postEventSourceDispatch (s=0x5149a0) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:279
#33 0x00007ffff1711e04 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#34 0x00007ffff1712048 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#35 0x00007ffff17120ec in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#36 0x00007ffff5bd776d in QEventDispatcherGlib::processEvents (this=0x5131f0, flags=...) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:426
#37 0x00007fffe3208e50 in QPAEventDispatcherGlib::processEvents (this=0x5131f0, flags=...) at /home/krf/devel/src/qt5/qtbase/src/platformsupport/eventdispatchers/qeventdispatcher_glib.cpp:123
#38 0x00007ffff5b5b718 in QEventLoop::processEvents (this=0x7fffffffd190, flags=...) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qeventloop.cpp:136
#39 0x00007ffff5b5b9e3 in QEventLoop::exec (this=0x7fffffffd190, flags=...) at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qeventloop.cpp:212
#40 0x00007ffff5b5f152 in QCoreApplication::exec () at /home/krf/devel/src/qt5/qtbase/src/corelib/kernel/qcoreapplication.cpp:1193
#41 0x00007ffff5fa0532 in QGuiApplication::exec () at /home/krf/devel/src/qt5/qtbase/src/gui/kernel/qguiapplication.cpp:1515
#42 0x00007ffff7277469 in QApplication::exec () at /home/krf/devel/src/qt5/qtbase/src/widgets/kernel/qapplication.cpp:2964
#43 0x00000000004152ec in main (argc=2, argv=0x7fffffffd678) at /home/krf/devel/src/kf5/extragear/kdevelop/kdevelop/app/main.cpp:565

Comment 1 Kevin Funk 2014-08-28 13:55:25 UTC

Upstream fix: https://codereview.qt-project.org/#/c/93435/

Comment 2 Dominik Haumann 2014-08-28 14:30:31 UTC

Good catch! You think we need a workaround in Kate's code, too?

Comment 3 Christoph Cullmann 2014-09-23 19:32:10 UTC

*** Bug 339255 has been marked as a duplicate of this bug. ***

Comment 4 Dominik Haumann 2014-10-29 19:50:01 UTC

Kevin, can you confirm the Qt5 fix is in Qt 5.3? As I understand, we don't need a fix in Kate Part then and this issue is resolved?

Comment 5 Kevin Funk 2014-10-29 20:13:24 UTC

Yep. Fix is in 5.3 branch, will be part of v5.3.3.

Commit in qtbase.git:
commit eb447679456336d387bb69a56c164b06fbe83166
Author: Kevin Funk <kfunk@kde.org>
Date:   Thu Aug 28 15:46:03 2014 +0200

    Fix crash in QTextLayout::cursorToX
    
    When 'cursorPos' is out of bounds ([0, lineEnd]), this method crashed.
    
    Change-Id: Ia0540ab3afbffb5c598f7b8515263cce3b3928e4
    Task-number: QTBUG-40753
    Reviewed-by: Dominik Haumann <dhaumann@kde.org>
    Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@digia.com>
    Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com>