Application: kdiff3 (1.10.1 (64 bit)) Qt Version: 5.15.8 Frameworks Version: 5.104.0 Operating System: Linux 6.2.10-1-MANJARO x86_64 Windowing System: X11 Distribution: Manjaro Linux DrKonqi: 5.27.4 [KCrashBackend] -- Information about the crash: I've configured KDiff3 as diff.tool and merge.tool in my Git configuration. When KDiff3 is started via 'git mergetool' it chrashes. The crash can be reproduced every time. -- Backtrace: Application: KDiff3 (kdiff3), signal: Segmentation fault [KCrash Handler] #4 0x00005626c66f89ee in std::_Sp_counted_base<(__gnu_cxx::_Lock_policy)2>::_M_release (this=0x5080000) at /usr/include/c++/12.2.1/bits/shared_ptr_base.h:337 #5 0x00005626c6747a8a in std::__shared_count<(__gnu_cxx::_Lock_policy)2>::operator= (__r=..., this=0x5626c84ce9d0) at /usr/include/c++/12.2.1/bits/shared_ptr_base.h:1090 #6 std::__shared_ptr<Diff3Line, (__gnu_cxx::_Lock_policy)2>::operator= (this=0x5626c84ce9c8) at /usr/include/c++/12.2.1/bits/shared_ptr_base.h:1523 #7 std::shared_ptr<Diff3Line>::operator= (this=0x5626c84ce9c8) at /usr/include/c++/12.2.1/bits/shared_ptr.h:414 #8 DiffTextWindow::recalcWordWrapHelper (this=this@entry=0x5626c8437c60, wrapLineVectorSize=wrapLineVectorSize@entry=832, visibleTextWidth=490, visibleTextWidth@entry=-1, cacheListIdx=cacheListIdx@entry=0) at /usr/src/debug/kdiff3/kdiff3-1.10.1/src/difftextwindow.cpp:1751 #9 0x00005626c674894f in DiffTextWindow::recalcWordWrap (this=0x5626c8437c60, bWordWrap=<optimized out>, wrapLineVectorSize=832, visibleTextWidth=-1) at /usr/src/debug/kdiff3/kdiff3-1.10.1/src/difftextwindow.cpp:1639 #10 0x00005626c6733d72 in KDiff3App::slotFinishRecalcWordWrap (this=0x5626c7e19940, visibleTextWidthForPrinting=-1) at /usr/src/debug/kdiff3/kdiff3-1.10.1/src/pdiff.cpp:1533 #11 0x00007f11b80b1bb0 in QObject::event(QEvent*) () from /usr/lib/libQt5Core.so.5 #12 0x00007f11b8d78b5c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/libQt5Widgets.so.5 #13 0x00007f11b808df48 in QCoreApplication::notifyInternal2(QObject*, QEvent*) () from /usr/lib/libQt5Core.so.5 #14 0x00007f11b808ea53 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/lib/libQt5Core.so.5 #15 0x00007f11b80d4e88 in ?? () from /usr/lib/libQt5Core.so.5 #16 0x00007f11b6b0f53b in g_main_dispatch (context=0x7f11ac000ee0) at ../glib/glib/gmain.c:3460 #17 g_main_context_dispatch (context=0x7f11ac000ee0) at ../glib/glib/gmain.c:4200 #18 0x00007f11b6b6c219 in g_main_context_iterate.constprop.0 (context=0x7f11ac000ee0, block=1, dispatch=1, self=<optimized out>) at ../glib/glib/gmain.c:4276 #19 0x00007f11b6b0e1a2 in g_main_context_iteration (context=0x7f11ac000ee0, may_block=1) at ../glib/glib/gmain.c:4343 #20 0x00007f11b80d8c6c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5 #21 0x00007f11b80866ec in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/lib/libQt5Core.so.5 #22 0x00007f11b8091219 in QCoreApplication::exec() () from /usr/lib/libQt5Core.so.5 #23 0x00005626c66eee2f in main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/kdiff3/kdiff3-1.10.1/src/main.cpp:204 [Inferior 1 (process 7566) detached] Reported using DrKonqi
I'm getting the same crash when diffing two shell scripts, but a different crash when using KDiff3 as a Git mergetool. The crash occurs on https://invent.kde.org/sdk/kdiff3/-/blob/1.10.1/src/difftextwindow.cpp?ref_type=tags#L1751. After hours of fruitless debugging (https://invent.kde.org/-/snippets/2597), rr, pernosco, asan, I recompiled KDiff3 in debug mode and saw: >ASSERT failure in QVector<T>::operator[]: "index out of range", file /usr/include/qt/QtCore/qvector.h, line 457 All the invalid shared_ptr nonsense is a result of creating an out-of-bounds pointer and interpreting it as a pointer to Diff3WrapLine { std::shared_ptr<Diff3Line> pD3L ... }. Stack trace: ... 5 QMessageLogger::fatal(const char *, ...) const 0x7ffff5c9fede 6 qt_assert_x(const char *, const char *, const char *, int) 0x7ffff5c9ff9d 7 QVector<Diff3WrapLine>::operator[] qvector.h 457 0x55555573713a 8 DiffTextWindow::recalcWordWrapHelper difftextwindow.cpp 1749 0x555555730817 9 DiffTextWindow::recalcWordWrap difftextwindow.cpp 1639 0x55555572ff61 10 KDiff3App::slotFinishRecalcWordWrap pdiff.cpp 1533 0x55555570f099 11 QtPrivate::FunctorCall<QtPrivate::IndexesList<0>, QtPrivate::List<int>, void, void (KDiff3App:: *)(int)>::call qobjectdefs_impl.h 152 0x55555571c5f9 12 QtPrivate::FunctionPointer<void (KDiff3App:: *)(int)>::call<QtPrivate::List<int>, void> qobjectdefs_impl.h 185 0x55555571a2fc 13 QtPrivate::QSlotObject<void (KDiff3App:: *)(int), QtPrivate::List<int>, void>::impl qobjectdefs_impl.h 418 0x5555557189f3 14 QObject::event(QEvent *) 0x7ffff5eb1c80 15 QApplicationPrivate::notify_helper(QObject *, QEvent *) 0x7ffff6b78b5c 16 QCoreApplication::notifyInternal2(QObject *, QEvent *) 0x7ffff5e8e028 17 QCoreApplicationPrivate::sendPostedEvents(QObject *, int, QThreadData *) 0x7ffff5e8eb33 18 ?? 0x7ffff5ed4f58 19 g_main_context_dispatch 0x7ffff490f53b 20 ?? 0x7ffff496c219 ... <More>
Thanks the bug seems only to trigger if wordwrap is on I generally have it off. Which explains why I haven't run into it before.
I can confirm this. If I switch wordwrap off, KDiff3 does not crash anymore. Moreover the crash is not related to Git only. It also happens when using Kdiff3 directly on the command line for instance.
Git commit 7feb8d1cda1a0b5b758fb8808f58b0d0eb02b857 by Michael Reeves. Committed on 18/04/2023 at 20:34. Pushed by mreeves into branch 'master'. Fix wordwrap crashing if enabled Don't generate invalid pointerers in recalcWordWrapHelper FIXED-IN:1.10.1 M +3 -3 src/difftextwindow.cpp https://invent.kde.org/sdk/kdiff3/commit/7feb8d1cda1a0b5b758fb8808f58b0d0eb02b857
Git commit 2f28127628e3cab0faf0b68d993163039bdd7137 by Michael Reeves. Committed on 18/04/2023 at 20:34. Pushed by mreeves into branch '1.10'. Fix wordwrap crashing if enabled Don't generate invalid pointerers in recalcWordWrapHelper FIXED-IN:1.10.1 M +3 -3 src/difftextwindow.cpp https://invent.kde.org/sdk/kdiff3/commit/2f28127628e3cab0faf0b68d993163039bdd7137