Bug 486195 - Kate crashes when opening a file with 10002 or more 0xff bytes
Summary: Kate crashes when opening a file with 10002 or more 0xff bytes
Status: RESOLVED FIXED
Alias: None
Product: kate
Classification: Applications
Component: application (show other bugs)
Version: 24.02.2
Platform: Arch Linux Linux
: NOR crash
Target Milestone: ---
Assignee: KWrite Developers
URL:
Keywords:
: 486414 (view as bug list)
Depends on:
Blocks:
 
Reported: 2024-04-27 12:15 UTC by Foxite
Modified: 2024-05-01 19:07 UTC (History)
2 users (show)

See Also:
Latest Commit: https://invent.kde.org/frameworks/ktexteditor/-/commit/990d5a34a699b61bbf321b4081afc9deb2f00f9b
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Foxite 2024-04-27 12:15:09 UTC 
SUMMARY
When opening a file that consists only of 10002 or more 0xFF bytes, Kate either freezes and rapidly leaks memory and gets OOM-killed (on Arch, 24.02.2) or crashes (in Flatpak nightly, 24.07.70)

This does not happen on Debian, 22.12.3, where the file is opened normally (with the message about the file having extremely long lines).

If the file is less than 10002 bytes, it will interpret the file as being encoded in ISO-8859-1 and the bytes are displayed as 'ÿ' characters.


STEPS TO REPRODUCE
1. Produce a file consisting entirely of FF bytes and has a length of at least 10002 bytes (`echo -e -n '\xff' > testfile` and then `cat testfile testfile > testfile2` a bunch of times until it's big enough)
2. Open the file in Kate
3. Observe memory leak and/or crash

OBSERVED RESULT
Kate crashes either due to exhausting system memory (Arch) or immediately crashing (Flatpak)

EXPECTED RESULT
Kate should open the file as usual, interpreting the bytes in ISO-8859-1.

SOFTWARE/OS VERSIONS
Arch:
Linux/KDE Plasma: 6.6.27-1-lts (64-bit)
KDE Plasma Version: 6.0.3
KDE Frameworks Version: 6.1.0
Qt Version: 6.7.0

Flatpak:
Same kernel as above.
Installed flatpak package is from https://cdn.kde.org/flatpak/kate-nightly/

ADDITIONAL INFORMATION
When reproducing this bug on 22.04.2 there doesn't seem to be a stack trace because the crash eventually happens because of the OOM-killer.

On Flatpak however it crashes immediately and so there is a stack trace. I went through the effort of getting a useful (I hope) stack trace when running in Flatpak, here is the output from gdb after reproducing the crash:

(gdb) run --block
Starting program: /app/bin/kate-bin --block
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffeffff6c0 (LWP 415)]
[New Thread 0x7fffee9566c0 (LWP 416)]
[New Thread 0x7fffee1556c0 (LWP 417)]
[New Thread 0x7fffed8156c0 (LWP 418)]
[New Thread 0x7fffeced36c0 (LWP 419)]
[New Thread 0x7fffd89ff6c0 (LWP 420)]
[New Thread 0x7fffcbfff6c0 (LWP 421)]
[New Thread 0x7fffcb7fe6c0 (LWP 422)]
[New Thread 0x7fffcaffd6c0 (LWP 423)]
[New Thread 0x7fffca7fc6c0 (LWP 424)]
[New Thread 0x7fffc9ffb6c0 (LWP 425)]
[New Thread 0x7fffc97fa6c0 (LWP 426)]
[New Thread 0x7fffc8ff96c0 (LWP 427)]
[New Thread 0x7fffabfff6c0 (LWP 428)]
[New Thread 0x7fffab7fe6c0 (LWP 429)]
[Thread 0x7fffab7fe6c0 (LWP 429) exited]
[Thread 0x7fffabfff6c0 (LWP 428) exited]
[Thread 0x7fffc8ff96c0 (LWP 427) exited]
[Thread 0x7fffc97fa6c0 (LWP 426) exited]
[Thread 0x7fffc9ffb6c0 (LWP 425) exited]
[Thread 0x7fffca7fc6c0 (LWP 424) exited]
[New Thread 0x7fffca7fc6c0 (LWP 430)]
[New Thread 0x7fffc9ffb6c0 (LWP 431)]
[New Thread 0x7fffc97fa6c0 (LWP 432)]
[New Thread 0x7fffc8ff96c0 (LWP 433)]
[New Thread 0x7fffabfff6c0 (LWP 434)]
[New Thread 0x7fffab7fe6c0 (LWP 435)]
[Thread 0x7fffab7fe6c0 (LWP 435) exited]
[Thread 0x7fffabfff6c0 (LWP 434) exited]
[Thread 0x7fffc8ff96c0 (LWP 433) exited]
[Thread 0x7fffc97fa6c0 (LWP 432) exited]
[Thread 0x7fffc9ffb6c0 (LWP 431) exited]
[Thread 0x7fffca7fc6c0 (LWP 430) exited]
[New Thread 0x7fffca7fc6c0 (LWP 436)]
[New Thread 0x7fffc9ffb6c0 (LWP 437)]
[New Thread 0x7fffc97fa6c0 (LWP 438)]
[New Thread 0x7fffc8ff96c0 (LWP 439)]
[New Thread 0x7fffa9f1d6c0 (LWP 440)]
ASSERT: "pos <= d.size" in file /usr/include/QtCore/qstring.h, line 1059

Thread 1 "kate-bin" received signal SIGABRT, Aborted.
__pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
44            return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;


(gdb) backtrace
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
#1  0x00007ffff58a3e83 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007ffff5851dce in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3  0x00007ffff583983f in __GI_abort () at abort.c:79
#4  0x00007ffff5ec4359 in qAbort () at /run/build-runtime/qt6-qtbase/src/corelib/global/qglobal.cpp:161
#5  0x00007ffff5f0a609 in qt_message_fatal<QString&> (message=..., context=...) at /run/build-runtime/qt6-qtbase/src/corelib/global/qlogging.cpp:2025
#6  qt_message(QtMsgType, const QMessageLogContext &, const char *, typedef __va_list_tag __va_list_tag *) (msgType=msgType@entry=QtFatalMsg, context=..., 
    msg=msg@entry=0x7ffff62a8cf0 "ASSERT: \"%s\" in file %s, line %d", ap=ap@entry=0x7fffffffb090)
    at /run/build-runtime/qt6-qtbase/src/corelib/global/qlogging.cpp:374
#7  0x00007ffff5ec522d in QMessageLogger::fatal (this=this@entry=0x7fffffffb178, msg=msg@entry=0x7ffff62a8cf0 "ASSERT: \"%s\" in file %s, line %d")
    at /run/build-runtime/qt6-qtbase/src/corelib/global/qlogging.cpp:889
#8  0x00007ffff5ec42ae in qt_assert (assertion=assertion@entry=0x7ffff55aadcf "pos <= d.size", 
    file=file@entry=0x7ffff55aac40 "/usr/include/QtCore/qstring.h", line=line@entry=1059)
    at /run/build-runtime/qt6-qtbase/src/corelib/global/qassert.cpp:68
#9  0x00007ffff52d56a3 in QString::verify (n=<optimized out>, pos=<optimized out>, this=<optimized out>) at /usr/include/QtCore/qstring.h:1059
#10 QString::operator[] (i=<optimized out>, this=<optimized out>) at /usr/include/QtCore/qstring.h:1271
#11 Kate::TextLoader::readLine(int&, int&, bool&, int&)::{lambda(int, int)#1}::operator()(int, int) const (__closure=__closure@entry=0x7fffffffb2b0, 
    lineStart=0, textLength=<optimized out>) at /run/build-runtime/ktexteditor/src/buffer/katetextloader.h:209
#12 0x00007ffff52d58ae in Kate::TextLoader::readLine (this=this@entry=0x7fffffffb4b0, offset=@0x7fffffffb3c8: 0, length=@0x7fffffffb3cc: 0, 
    tooLongLinesWrapped=@0x555555fbf0d1: true, longestLineLoaded=@0x555555fbf0d4: 10001) at /run/build-runtime/ktexteditor/src/buffer/katetextloader.h:231
#13 0x00007ffff52d3ea8 in Kate::TextBuffer::load (this=this@entry=0x555555fbefb0, filename=..., encodingErrors=@0x555555fbf0d0: false, 
    tooLongLinesWrapped=@0x555555fbf0d1: true, longestLineLoaded=@0x555555fbf0d4: 10001, enforceTextCodec=enforceTextCodec@entry=false)
    at /run/build-runtime/ktexteditor/src/buffer/katetextbuffer.cpp:631
#14 0x00007ffff537c352 in KateBuffer::openFile (this=this@entry=0x555555fbefb0, m_file=..., enforceTextCodec=enforceTextCodec@entry=false)
    at /run/build-runtime/ktexteditor/src/document/katebuffer.cpp:154
#15 0x00007ffff536458d in KTextEditor::DocumentPrivate::openFile (this=0x555555f35360) at /run/build-runtime/ktexteditor/src/document/katedocument.cpp:2332
#16 0x00007ffff783bf52 in KParts::ReadOnlyPartPrivate::openLocalFile (this=this@entry=0x5555566fb4b0) at /run/build-runtime/kparts/src/readonlypart.cpp:157
#17 0x00007ffff783d3bf in KParts::ReadOnlyPart::openUrl (this=this@entry=0x555555f35360, url=...) at /run/build-runtime/kparts/src/readonlypart.cpp:118
#18 0x00007ffff53475a6 in KTextEditor::DocumentPrivate::openUrl (this=0x555555f35360, url=...)
    at /run/build-runtime/ktexteditor/src/document/katedocument.cpp:2770
#19 0x00007ffff7cbdf37 in KateDocManager::openUrl(QUrl const&, QString const&, KateDocumentInfo const&) () from /app/lib/libkateprivate.so.24.07.70
#20 0x00007ffff7cbe05f in KateDocManager::openUrls(QList<QUrl> const&, QString const&, KateDocumentInfo const&) () from /app/lib/libkateprivate.so.24.07.70
#21 0x00007ffff7d0f046 in KateViewManager::openUrls(QList<QUrl> const&, QString const&, KateDocumentInfo const&) ()
   from /app/lib/libkateprivate.so.24.07.70
#22 0x00007ffff7d13db3 in KateViewManager::slotDocumentOpen() () from /app/lib/libkateprivate.so.24.07.70
#23 0x00007ffff5fe6b31 in QtPrivate::QSlotObjectBase::call (a=0x7fffffffbe70, r=0x555555ba4a30, this=0x555555f3ead0)
    at /run/build-runtime/qt6-qtbase/src/corelib/kernel/qobjectdefs_impl.h:469
#24 doActivate<false> (sender=0x555555d02c20, signal_index=7, argv=0x7fffffffbe70) at /run/build-runtime/qt6-qtbase/src/corelib/kernel/qobject.cpp:4078
#25 0x00007ffff5fdc967 in QMetaObject::activate (sender=sender@entry=0x555555d02c20, m=m@entry=0x7ffff6f04280 <QAction::staticMetaObject>, 
    local_signal_index=local_signal_index@entry=4, argv=argv@entry=0x7fffffffbe70) at /run/build-runtime/qt6-qtbase/src/corelib/kernel/qobject.cpp:4138
#26 0x00007ffff6c0aa34 in QAction::triggered (this=this@entry=0x555555d02c20, _t1=<optimized out>)
    at /run/build-runtime/qt6-qtbase/src/gui/Gui_autogen/include/moc_qaction.cpp:480
#27 0x00007ffff6c0d9eb in QAction::activate (this=0x555555d02c20, event=<optimized out>) at /run/build-runtime/qt6-qtbase/src/gui/kernel/qaction.cpp:1102
#28 0x00007ffff737c714 in QMenuPrivate::activateCausedStack (this=0x555555dc6ce0, causedStack=..., action=0x555555d02c20, action_e=QAction::Trigger, 
    self=<optimized out>) at /run/build-runtime/qt6-qtbase/src/widgets/widgets/qmenu.cpp:1413
#29 0x00007ffff7384a80 in QMenuPrivate::activateAction (this=0x555555dc6ce0, action=0x555555d02c20, action_e=QAction::Trigger, self=<optimized out>)
    at /run/build-runtime/qt6-qtbase/src/widgets/widgets/qmenu.cpp:1495
#30 0x00007ffff71fd0e8 in QWidget::event (this=0x555555ed2670, event=0x7fffffffc450) at /run/build-runtime/qt6-qtbase/src/widgets/kernel/qwidget.cpp:9402
#31 0x00007ffff719e258 in QApplicationPrivate::notify_helper (this=this@entry=0x55555559e010, receiver=receiver@entry=0x555555ed2670, 
    e=e@entry=0x7fffffffc450) at /run/build-runtime/qt6-qtbase/src/widgets/kernel/qapplication.cpp:3287
#32 0x00007ffff71a7dca in QApplication::notify (this=<optimized out>, receiver=0x555555ed2670, e=<optimized out>)
    at /run/build-runtime/qt6-qtbase/src/widgets/kernel/qapplication.cpp:2765
#33 0x00007ffff5f84700 in QCoreApplication::notifyInternal2 (receiver=0x555555ed2670, event=0x7fffffffc450)
    at /run/build-runtime/qt6-qtbase/src/corelib/kernel/qcoreapplication.cpp:1134
#34 0x00007ffff5f8494d in QCoreApplication::sendEvent (receiver=<optimized out>, event=<optimized out>)
    at /run/build-runtime/qt6-qtbase/src/corelib/kernel/qcoreapplication.cpp:1575
#35 0x00007ffff7385752 in QMenuPrivate::mouseEventTaken (this=this@entry=0x555555a2cdd0, e=e@entry=0x7fffffffca90)
    at /run/build-runtime/qt6-qtbase/src/widgets/widgets/qmenu.cpp:1393
#36 0x00007ffff7385b6e in QMenu::mouseReleaseEvent (this=0x555555af3700, e=0x7fffffffca90)
    at /run/build-runtime/qt6-qtbase/src/widgets/widgets/qmenu.cpp:2904
#37 0x00007ffff71fd0e8 in QWidget::event (this=0x555555af3700, event=0x7fffffffca90) at /run/build-runtime/qt6-qtbase/src/widgets/kernel/qwidget.cpp:9402
#38 0x00007ffff719e258 in QApplicationPrivate::notify_helper (this=this@entry=0x55555559e010, receiver=receiver@entry=0x555555af3700, 
    e=e@entry=0x7fffffffca90) at /run/build-runtime/qt6-qtbase/src/widgets/kernel/qapplication.cpp:3287
#39 0x00007ffff71a7dca in QApplication::notify (this=<optimized out>, receiver=0x555555af3700, e=<optimized out>)
    at /run/build-runtime/qt6-qtbase/src/widgets/kernel/qapplication.cpp:2765
#40 0x00007ffff5f84700 in QCoreApplication::notifyInternal2 (receiver=0x555555af3700, event=0x7fffffffca90)
    at /run/build-runtime/qt6-qtbase/src/corelib/kernel/qcoreapplication.cpp:1134
#41 0x00007ffff5f8495d in QCoreApplication::sendSpontaneousEvent (receiver=<optimized out>, event=<optimized out>)
    at /run/build-runtime/qt6-qtbase/src/corelib/kernel/qcoreapplication.cpp:1589
#42 0x00007ffff71a65b3 in QApplicationPrivate::sendMouseEvent (receiver=0x555555af3700, event=event@entry=0x7fffffffca90, alienWidget=<optimized out>, 
    nativeWidget=0x555555af3700, buttonDown=buttonDown@entry=0x7ffff77998a0 <qt_button_down>, lastMouseReceiver=..., spontaneous=true, 
    onlyDispatchEnterLeave=false) at /run/build-runtime/qt6-qtbase/src/widgets/kernel/qapplication.cpp:2347
#43 0x00007ffff7210d50 in QWidgetWindow::handleMouseEvent (this=0x555555fbe4e0, event=0x7fffffffcd50)
    at /run/build-runtime/qt6-qtbase/src/widgets/kernel/qwidgetwindow.cpp:545
#44 0x00007ffff72131b0 in QWidgetWindow::event (this=0x555555fbe4e0, event=0x7fffffffcd50)
    at /run/build-runtime/qt6-qtbase/src/widgets/kernel/qwidgetwindow.cpp:263
#45 0x00007ffff719e258 in QApplicationPrivate::notify_helper (this=<optimized out>, receiver=0x555555fbe4e0, e=0x7fffffffcd50)
    at /run/build-runtime/qt6-qtbase/src/widgets/kernel/qapplication.cpp:3287
#46 0x00007ffff5f84700 in QCoreApplication::notifyInternal2 (receiver=0x555555fbe4e0, event=0x7fffffffcd50)
    at /run/build-runtime/qt6-qtbase/src/corelib/kernel/qcoreapplication.cpp:1134
#47 0x00007ffff5f8495d in QCoreApplication::sendSpontaneousEvent (receiver=<optimized out>, event=<optimized out>)
    at /run/build-runtime/qt6-qtbase/src/corelib/kernel/qcoreapplication.cpp:1589
#48 0x00007ffff67e556f in QGuiApplicationPrivate::processMouseEvent (e=0x7fffe0001b00)
    at /run/build-runtime/qt6-qtbase/src/gui/kernel/qguiapplication.cpp:2327
#49 0x00007ffff684688c in QWindowSystemInterface::sendWindowSystemEvents (flags=...)
    at /run/build-runtime/qt6-qtbase/src/gui/kernel/qwindowsysteminterface.cpp:1114
#50 0x00007ffff6d337b4 in userEventSourceDispatch (source=source@entry=0x5555555bdf40)
    at /run/build-runtime/qt6-qtbase/src/gui/platform/unix/qeventdispatcher_glib.cpp:38
--Type <RET> for more, q to quit, c to continue without paging--c
#51 0x00007ffff4117e59 in g_main_dispatch (context=0x7fffe8000f10) at ../glib/gmain.c:3460
#52 g_main_context_dispatch (context=0x7fffe8000f10) at ../glib/gmain.c:4200
#53 0x00007ffff41752b8 in g_main_context_iterate.isra.0 (context=context@entry=0x7fffe8000f10, block=block@entry=1, dispatch=dispatch@entry=1, 
    self=<optimized out>) at ../glib/gmain.c:4276
#54 0x00007ffff4115513 in g_main_context_iteration (context=0x7fffe8000f10, may_block=1) at ../glib/gmain.c:4343
#55 0x00007ffff627451f in QEventDispatcherGlib::processEvents (this=0x5555555afb40, flags=...)
    at /run/build-runtime/qt6-qtbase/src/corelib/kernel/qeventdispatcher_glib.cpp:394
#56 0x00007ffff5f9120b in QEventLoop::exec (this=this@entry=0x7fffffffd120, flags=..., flags@entry=...)
    at /run/build-runtime/qt6-qtbase/src/corelib/global/qflags.h:34
#57 0x00007ffff5f8d44d in QCoreApplication::exec () at /run/build-runtime/qt6-qtbase/src/corelib/global/qflags.h:74
#58 0x000055555555ff6a in ?? ()
#59 0x00007ffff583b08a in __libc_start_call_main (main=main@entry=0x55555555e760, argc=argc@entry=2, argv=argv@entry=0x7fffffffd838)
    at ../sysdeps/nptl/libc_start_call_main.h:58
#60 0x00007ffff583b14b in __libc_start_main_impl (main=0x55555555e760, argc=2, argv=0x7fffffffd838, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fffffffd828) at ../csu/libc-start.c:360
#61 0x00005555555623d5 in ?? ()
Comment 1 Christoph Cullmann 2024-04-27 18:42:12 UTC 
Git commit 990d5a34a699b61bbf321b4081afc9deb2f00f9b by Christoph Cullmann.
Committed on 27/04/2024 at 18:42.
Pushed by cullmann into branch 'master'.

fix crashs and OOM on load with encoding failures
Related: bug 486134

M  +51   -0    autotests/src/katetextbuffertest.cpp
M  +1    -0    src/buffer/katetextloader.h

https://invent.kde.org/frameworks/ktexteditor/-/commit/990d5a34a699b61bbf321b4081afc9deb2f00f9b
Comment 2 Christoph Cullmann 2024-04-27 18:44:44 UTC 
Thanks for the report, was easy to reproduce, fixed and added some test to avoid regressions.
Comment 3 Christoph Cullmann 2024-05-01 19:07:51 UTC 
*** Bug 486414 has been marked as a duplicate of this bug. ***