Created attachment 181916 [details]
gdb bt output

SUMMARY
It is possible to trigger an a ASSERT via rapidjson in parseCompletionItem from  ./addons/lspclient/lspclientserver.cpp (specifically, on this line https://sources.debian.org/src/kate/4%3A25.04.0-1/addons/lspclient/lspclientserver.cpp/#L779; I am using the Debian version of kate)


The `FindMember` of rapidjson has as a precondition that the value must be an object or otherwise it will assert (https://salsa.debian.org/debian/rapidjson/-/blob/master/include/rapidjson/document.h#L1139). In other words, it falls to the LSP client plugin to ensure that the value is an object before calling `FindMember`.

I found this bug while working on a language server. By mistake, I included a string in a list of completion items (rather than a real CompletionItem object) and then kate crashed on triggering the completion. I have included the backtrace from gdb, so you can see the crash call stack enters rapidJson on FindMember line from the LSP Client code and there it goes to abort.

STEPS TO REPRODUCE
1. Create a LSP server that does not follow the specs and insert a string rather than a CompletionItem in the list of completion items when asked for completions
2. Attach the LSP server to an open document in kate
3. Request completion, which will immediately crash kate.

OBSERVED RESULT
The kate editor crashes.

EXPECTED RESULT
The kate editor did not crash. Probably, the user should be notified that the LSP server produced unsupported or faulty output (presumably in the LSP Output tab). But preventing the crash would at least avoid the user losing unsaved changes.


SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Debian trixie
KDE Plasma Version: 6.3.4
KDE Frameworks Version: 5.15
Qt Version: 6.8.2

ADDITIONAL INFORMATION