[Bug 69443] kdevelop crashes on scrolling upwards
Andrew Coles
andrew_coles at yahoo.co.uk
Mon Dec 1 17:27:06 UTC 2003
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
http://bugs.kde.org/show_bug.cgi?id=69443
------- Additional Comments From andrew_coles at yahoo.co.uk 2003-12-01 17:06 -------
Indeed. I've done a little hunting and the bug can be traced back through katerenderer.cpp. Apologies for the rough line numbers: my copy has some extra couts in it to help trace the bug!
In the function paintTextLine a call to paint.fillRect is made (around line 600) with the colour set to a variable 'cursorColor'.
One of the three ways (the third way) of setting cursorColor
cursorColor = &oldAt->textColor();
(at around line 590) uses a variable oldAt, which is originally set to 0 but is conditionally set to curAt at around line 572. However, it is possible for the conditions for the only way of setting oldAt not to be met AND the condition for using oldAt to be met so:
oldAt can be used before it has been initialised!
Consequently cursorColor is filled with junk and a segfault occurs as soon as it is used.
Hope that is of some help.
More information about the KDevelop-devel
mailing list