Bug 473529 - Crash when toggling code folding tags
Summary: Crash when toggling code folding tags
Status: RESOLVED FIXED
Alias: None
Product: kate
Classification: Applications
Component: general (show other bugs)
Version: Git
Platform: Other Linux
: NOR crash
Target Milestone: ---
Assignee: KWrite Developers
URL:
Keywords: qt6
Depends on:
Blocks:
 
Reported: 2023-08-19 10:52 UTC by Justin Zobel
Modified: 2023-09-13 17:42 UTC (History)
2 users (show)

See Also:
Latest Commit: https://invent.kde.org/frameworks/ktexteditor/-/commit/87e58382ef17115703b739bdb97026d6c7da3f51
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Justin Zobel 2023-08-19 10:52:04 UTC 
#0  QList<QScriptLine>::size (this=<optimized out>) at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/corelib/tools/qlist.h:378
#1  QTextLayout::lineCount (this=0x0) at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/gui/text/qtextlayout.cpp:826
#2  0x00007f6ecf990a05 in KateLayoutCache::updateViewCache(KTextEditor::Cursor, int, int) () from /lib64/libKF6TextEditor.so.6
#3  0x00007f6ecf9f3d82 in KateViewInternal::updateView(bool, int) () from /lib64/libKF6TextEditor.so.6
#4  0x00007f6ecf9f4a02 in KateViewInternal::slotRegionVisibilityChanged() () from /lib64/libKF6TextEditor.so.6
#5  0x00007f6ed01de394 in QtPrivate::QSlotObjectBase::call (a=0x7fff8dc2ae18, r=0x55d493c25380, this=0x55d493c391f0)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/corelib/kernel/qobjectdefs_impl.h:363
#6  doActivate<false> (sender=0x55d493c24628, signal_index=3, argv=0x7fff8dc2ae18) at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/corelib/kernel/qobject.cpp:3992
#7  0x00007f6ecf8c9dd6 in Kate::TextFolding::updateFoldedRangesForNewRange(Kate::TextFolding::FoldingRange*) [clone .part.0] () from /lib64/libKF6TextEditor.so.6
#8  0x00007f6ecf8cf76b in Kate::TextFolding::newFoldingRange(KTextEditor::Range, QFlags<Kate::TextFolding::FoldingRangeFlag>) () from /lib64/libKF6TextEditor.so.6
#9  0x00007f6ecf9cd155 in KTextEditor::ViewPrivate::foldLine(int) () from /lib64/libKF6TextEditor.so.6
#10 0x00007f6ecf9cd1ae in KTextEditor::ViewPrivate::slotFoldToplevelNodes() () from /lib64/libKF6TextEditor.so.6
#11 0x00007f6ed01de394 in QtPrivate::QSlotObjectBase::call (a=0x7fff8dc2b0f0, r=0x55d493c24460, this=0x55d4942c3570)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/corelib/kernel/qobjectdefs_impl.h:363
#12 doActivate<false> (sender=0x55d4942c2f40, signal_index=7, argv=0x7fff8dc2b0f0) at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/corelib/kernel/qobject.cpp:3992
#13 0x00007f6ed01d4e17 in QMetaObject::activate (sender=sender@entry=0x55d4942c2f40, m=m@entry=0x7f6ed110e580 <QAction::staticMetaObject>, local_signal_index=local_signal_index@entry=4, 
    argv=argv@entry=0x7fff8dc2b0f0) at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/corelib/kernel/qobject.cpp:4052
#14 0x00007f6ed0e16be4 in QAction::triggered (this=this@entry=0x55d4942c2f40, _t1=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/redhat-linux-build/src/gui/Gui_autogen/include/moc_qaction.cpp:638
#15 0x00007f6ed0e19d2b in QAction::activate (this=0x55d4942c2f40, event=<optimized out>) at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/gui/kernel/qaction.cpp:1104
#16 0x00007f6ed159f654 in QMenuPrivate::activateCausedStack (this=0x55d49434b780, causedStack=..., action=0x55d4942c2f40, action_e=QAction::Trigger, self=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/widgets/widgets/qmenu.cpp:1398
#17 0x00007f6ed15a7a50 in QMenuPrivate::activateAction (this=0x55d49434b780, action=0x55d4942c2f40, action_e=QAction::Trigger, self=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/widgets/widgets/qmenu.cpp:1480
#18 0x00007f6ed141cdd0 in QWidget::event (this=0x55d493d49a70, event=0x7fff8dc2b7f0) at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/widgets/kernel/qwidget.cpp:9317
#19 0x00007f6ed13c0af8 in QApplicationPrivate::notify_helper (this=this@entry=0x55d492f0fba0, receiver=receiver@entry=0x55d493d49a70, e=e@entry=0x7fff8dc2b7f0)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/widgets/kernel/qapplication.cpp:3287
#20 0x00007f6ed13cab5e in QApplication::notify (this=<optimized out>, receiver=0x55d493d49a70, e=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/widgets/kernel/qapplication.cpp:2774
#21 0x00007f6ed017cdb8 in QCoreApplication::notifyInternal2 (receiver=0x55d493d49a70, event=0x7fff8dc2b7f0)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/corelib/kernel/qcoreapplication.cpp:1118
#22 0x00007f6ed017cfcd in QCoreApplication::sendSpontaneousEvent (receiver=<optimized out>, event=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/corelib/kernel/qcoreapplication.cpp:1550
#23 0x00007f6ed13c961e in QApplicationPrivate::sendMouseEvent (receiver=0x55d493d49a70, event=event@entry=0x7fff8dc2b7f0, alienWidget=0x0, nativeWidget=0x55d493d49a70, 
    buttonDown=buttonDown@entry=0x7f6ed19b2830 <qt_button_down>, lastMouseReceiver=..., spontaneous=true, onlyDispatchEnterLeave=false)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/widgets/kernel/qapplication.cpp:2358
#24 0x00007f6ed14309e3 in QWidgetWindow::handleMouseEvent (this=0x55d494545e20, event=event@entry=0x7fff8dc2bab0)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/widgets/kernel/qwidgetwindow.cpp:519
#25 0x00007f6ed1432e20 in QWidgetWindow::event (this=0x55d494545e20, event=0x7fff8dc2bab0) at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/widgets/kernel/qwidgetwindow.cpp:241
#26 0x00007f6ed13c0af8 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x55d494545e20, e=0x7fff8dc2bab0)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/widgets/kernel/qapplication.cpp:3287
#27 0x00007f6ed017cdb8 in QCoreApplication::notifyInternal2 (receiver=0x55d494545e20, event=0x7fff8dc2bab0)
--Type <RET> for more, q to quit, c to continue without paging--c
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/corelib/kernel/qcoreapplication.cpp:1118
#28 0x00007f6ed017cfcd in QCoreApplication::sendSpontaneousEvent (receiver=<optimized out>, event=<optimized out>)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/corelib/kernel/qcoreapplication.cpp:1550
#29 0x00007f6ed0a09ad7 in QGuiApplicationPrivate::processMouseEvent (e=0x7f6eb0002ff0) at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/gui/kernel/qguiapplication.cpp:2299
#30 0x00007f6ed0a63aac in QWindowSystemInterface::sendWindowSystemEvents (flags=...) at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/gui/kernel/qwindowsysteminterface.cpp:1094
#31 0x00007f6ed0f40534 in userEventSourceDispatch (source=<optimized out>) at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/gui/platform/unix/qeventdispatcher_glib.cpp:38
#32 0x00007f6ecea6e48c in g_main_dispatch (context=0x7f6eb8000f10) at ../glib/gmain.c:3460
#33 g_main_context_dispatch (context=0x7f6eb8000f10) at ../glib/gmain.c:4200
#34 0x00007f6eceacc648 in g_main_context_iterate.isra.0 (context=0x7f6eb8000f10, block=1, dispatch=1, self=<optimized out>) at ../glib/gmain.c:4276
#35 0x00007f6ecea6bb13 in g_main_context_iteration (context=0x7f6eb8000f10, may_block=1) at ../glib/gmain.c:4343
#36 0x00007f6ed042092f in QEventDispatcherGlib::processEvents (this=0x55d492f12f50, flags=...)
    at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/corelib/kernel/qeventdispatcher_glib.cpp:393
#37 0x00007f6ed01899f3 in QEventLoop::exec (this=this@entry=0x7fff8dc2bed0, flags=..., flags@entry=...) at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/corelib/global/qflags.h:34
#38 0x00007f6ed018569d in QCoreApplication::exec () at /usr/src/debug/qt6-qtbase-6.5.2-1.fc38.x86_64/src/corelib/global/qflags.h:74
#39 0x000055d4913b9b71 in main ()
Comment 1 Christoph Cullmann 2023-08-21 18:53:36 UTC 
Hmm, bad, can you reproduce that? Reading the code I can't see where we might have an unchecked real nullptr.
Comment 2 Justin Zobel 2023-09-08 01:47:11 UTC 
I haven't seen this again to my knowledge, so unless the source of the crash is super obvious I think we can probably close it.
Comment 3 Waqar Ahmed 2023-09-11 15:10:52 UTC 
No, this is a real crash so no closing it please until we have some fix for it.

We have unchecked nullptrs, in this case QTextLayout*, basically everywhere. The code used to be different before, but in master I changed the internal line(int) function so that it *never* returns a nullptr. It will return an KateLineLayout but never null. However, what I did miss was
1. Adapting all of the code to this new reality. Previously a lot of code didn't bother that line(...) could return null, some did..
2. Making sure that the KateLineLayout::invalid(...) has an empty QTextLayout and a non-nulll Kate::TextLine so that accessing it doesn't crash us.  (not even sure why layout stuff needs to store the Kate::TextLine instance).

If we don't crash, it will probably result in some weird behaviour. The weird behaviour can often be easily noticeable and might actually be reproducible by the user which can then be fixed. If we crash quickly, the user will most likely not remember what kind of steps they were doing that triggered the crash.
Comment 4 Bug Janitor Service 2023-09-11 16:02:48 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/frameworks/ktexteditor/-/merge_requests/597
Comment 5 Waqar Ahmed 2023-09-13 17:42:42 UTC 
Git commit 87e58382ef17115703b739bdb97026d6c7da3f51 by Waqar Ahmed.
Committed on 13/09/2023 at 09:08.
Pushed by waqar into branch 'master'.

Check KateLineLayout* for nullness everywhere

No more asserts or assumptions that it will be valid.

Removed a couple of overloads to simplify the internal apis and make it
easy to find usages of KateLineLayout.

M  +9    -10   src/render/katelayoutcache.cpp
M  +2    -2    src/render/katelayoutcache.h
M  +0    -6    src/render/katelinelayout.cpp
M  +0    -2    src/render/katelinelayout.h
M  +2    -2    src/render/katerenderer.cpp
M  +2    -9    src/view/kateview.cpp
M  +0    -1    src/view/kateview.h
M  +18   -8    src/view/kateviewinternal.cpp
M  +24   -6    src/vimode/modes/modebase.cpp

https://invent.kde.org/frameworks/ktexteditor/-/commit/87e58382ef17115703b739bdb97026d6c7da3f51