[kate] [Bug 520168] New: Crash restoring saved session in plugins (KConfigPrivate::lookupInternalEntry in a free'd config)

Thu, 14 May 2026 13:50:03 -0700 

https://bugs.kde.org/show_bug.cgi?id=520168

            Bug ID: 520168
           Summary: Crash restoring saved session in plugins
                    (KConfigPrivate::lookupInternalEntry in a free'd
                    config)
    Classification: Applications
           Product: kate
      Version First 25.12.3
       Reported In:
          Platform: Gentoo Packages
                OS: Linux
            Status: REPORTED
          Severity: crash
          Priority: NOR
         Component: sessions
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

DESCRIPTION/STEPS TO REPRODUCE

Saved my session, re-logged in, Kate crashed restoring the session

SOFTWARE/OS VERSIONS
Operating System: Gentoo Linux 2.18
KDE Plasma Version: 6.6.4
KDE Frameworks Version: 6.25.0
Qt Version: 6.10.3

ADDITIONAL INFORMATION
Application: Kate (kate), signal: Segmentation fault
Content of s_kcrashErrorMessage: std::unique_ptr<char []> = {get() = 0x0}
[KCrash Handler]
#7  0x00007fa8cf369c11 in KConfigPrivate::lookupInternalEntry
(this=this@entry=0x3, group=..., key=..., flags=...) at
/var/tmp/portage/kde-frameworks/kconfig-6.25.0/work/kconfig-6.25.0/src/core/kconfig.cpp:1059
#8  0x00007fa8cf369cc2 in KConfigPrivate::lookupData (this=this@entry=0x3,
group=<optimized out>, key=..., flags=..., flags@entry=...) at
/var/tmp/portage/kde-frameworks/kconfig-6.25.0/work/kconfig-6.25.0/src/core/kconfig.cpp:1054
#9  0x00007fa8cf38a897 in KConfigGroup::readEntry
(this=this@entry=0x7ffea3185c10, key=key@entry=0x7fa8b141d105 "url navigator
editable", aDefault=...) at
/var/tmp/portage/kde-frameworks/kconfig-6.25.0/work/kconfig-6.25.0/src/core/kconfiggroup.cpp:690
#10 0x00007fa8d232a2ee in KConfigGroup::readEntry<bool> (this=0x7ffea3185c10,
key=0x7fa8b141d105 "url navigator editable", defaultValue=<optimized out>) at
/usr/include/KF6/KConfigCore/kconfiggroup.h:944
#11 0x00007fa8b14191dd in KateFileBrowser::readSessionConfig
(this=0x555cb66ab320, cg=...) at
/var/tmp/portage/kde-apps/kate-addons-25.12.3/work/kate-25.12.3/addons/filebrowser/katefilebrowser.cpp:174
#12 0x00007fa8d23978d6 in KatePluginManager::enablePluginGUI
(item=item@entry=0x555cb5d0a460, win=win@entry=0x555cb61f6d70,
config=config@entry=0x555cb5aca910) at
/var/tmp/portage/kde-apps/kate-lib-25.12.3/work/kate-25.12.3/apps/lib/katepluginmanager.cpp:249
#13 0x00007fa8d2397bda in KatePluginManager::enableAllPluginsGUI
(this=<optimized out>, win=win@entry=0x555cb61f6d70,
config=config@entry=0x555cb5aca910) at
/var/tmp/portage/kde-apps/kate-lib-25.12.3/work/kate-25.12.3/apps/lib/katepluginmanager.cpp:185
#14 0x00007fa8d2372a91 in KateMainWindow::KateMainWindow
(this=this@entry=0x555cb61f6d70, sconfig=sconfig@entry=0x555cb5aca910,
sgroup=..., userTriggered=userTriggered@entry=false, __in_chrg=<optimized out>,
__vtt_parm=<optimized out>) at
/var/tmp/portage/kde-apps/kate-lib-25.12.3/work/kate-25.12.3/apps/lib/katemainwindow.cpp:188
#15 0x00007fa8d233ce22 in KateApp::newMainWindow
(sconfig_=sconfig_@entry=0x555cb5aca910, sgroup_=...,
userTriggered=userTriggered@entry=false) at
/var/tmp/portage/kde-apps/kate-lib-25.12.3/work/kate-25.12.3/apps/lib/kateapp.cpp:793
#16 0x00007fa8d2342fec in KateApp::restoreKate (this=this@entry=0x7ffea3186e80)
at
/var/tmp/portage/kde-apps/kate-lib-25.12.3/work/kate-25.12.3/apps/lib/kateapp.cpp:489
#17 0x00007fa8d2344281 in KateApp::init (this=this@entry=0x7ffea3186e80) at
/var/tmp/portage/kde-apps/kate-lib-25.12.3/work/kate-25.12.3/apps/lib/kateapp.cpp:449
#18 0x0000555c7d9b2c0e in main (argc=<optimized out>, argv=<optimized out>) at
/var/tmp/portage/kde-apps/kate-25.12.3/work/kate-25.12.3/apps/kate/main.cpp:581
[Inferior 1 (process 4622) detached]

Valgrind identifies the real issue: the config object was freed already.

==16445== Invalid read of size 8
==16445==    at 0x79CD820: d_func (kconfig.h:368)
==16445==    by 0x79CD820: KConfigGroup::readEntry(char const*, QVariant
const&) const (kconfiggroup.cpp:690)
==16445==    by 0x49282ED: bool KConfigGroup::readEntry<bool>(char const*, bool
const&) const (kconfiggroup.h:944)
==16445==    by 0x1FD281DC: KateFileBrowser::readSessionConfig(KConfigGroup
const&) (katefilebrowser.cpp:174)
==16445==    by 0x49958D5: KatePluginManager::enablePluginGUI(KatePluginInfo*,
KateMainWindow*, KConfigBase*) (katepluginmanager.cpp:249)
==16445==    by 0x4995BD9:
KatePluginManager::enableAllPluginsGUI(KateMainWindow*, KConfigBase*)
(katepluginmanager.cpp:185)
==16445==    by 0x4970A90: KateMainWindow::KateMainWindow(KConfig*, QString
const&, bool) (katemainwindow.cpp:188)
==16445==    by 0x493AE21: KateApp::newMainWindow(KConfig*, QString const&,
bool) (kateapp.cpp:793)
==16445==    by 0x4940FEB: KateApp::restoreKate() (kateapp.cpp:489)
==16445==    by 0x4942280: KateApp::init() (kateapp.cpp:449)
==16445==    by 0x400AC0D: main (main.cpp:581)
==16445==  Address 0x10eaf538 is 8 bytes inside a block of size 16 free'd
==16445==    at 0x4864C72: operator delete(void*, unsigned long)
(vg_replace_malloc.c:1184)
==16445==    by 0x7962BDC: KConfigGui::setSessionConfig(QString const&, QString
const&) (kconfiggui.cpp:40)
==16445==    by 0x73571E8: KMWSessionManager::saveState(QSessionManager&)
(kmainwindow.cpp:129)
==16445==    by 0x62B08BE: call (qobjectdefs_impl.h:461)
==16445==    by 0x62B08BE: void doActivate<false>(QObject*, int, void**)
(qobject.cpp:4273)
==16445==    by 0x57E617C: activate<void, QSessionManager> (qobjectdefs.h:319)
==16445==    by 0x57E617C: saveStateRequest (moc_qguiapplication.cpp:361)
==16445==    by 0x57E617C: QGuiApplicationPrivate::saveState()
(qguiapplication.cpp:4230)
==16445==    by 0xE4118B0: sm_performSaveYourself(QXcbSessionManager*)
(qxcbsessionmanager.cpp:214)
==16445==    by 0xE4119E2: sm_saveYourselfCallback (qxcbsessionmanager.cpp:150)
==16445==    by 0xE4119E2: sm_saveYourselfCallback(_SmcConn*, void*, int, int,
int, int) (qxcbsessionmanager.cpp:133)
==16445==    by 0xE498F9A: _SmcProcessMessage (sm_process.c:354)
==16445==    by 0xE4B0BA4: IceProcessMessages (process.c:386)
==16445==    by 0x62B07AA: void doActivate<false>(QObject*, int, void**)
(qobject.cpp:4285)
==16445==    by 0x635A43A: activate<void, QSocketDescriptor,
QSocketNotifier::Type, QSocketNotifier::QPrivateSignal> (qobjectdefs.h:319)
==16445==    by 0x635A43A: activated (moc_qsocketnotifier.cpp:161)
==16445==    by 0x635A43A: QSocketNotifier::event(QEvent*)
(qsocketnotifier.cpp:324)
==16445==    by 0x5457651: QApplicationPrivate::notify_helper(QObject*,
QEvent*) (qapplication.cpp:3305)
==16445==  Block was alloc'd at
==16445==    at 0x4860287: operator new(unsigned long)
(vg_replace_malloc.c:488)
==16445==    by 0x7962AA4: KConfigGui::sessionConfig() (kconfiggui.cpp:30)
==16445==    by 0x4940EE1: KateApp::restoreKate() (kateapp.cpp:475)
==16445==    by 0x4942280: KateApp::init() (kateapp.cpp:449)
==16445==    by 0x400AC0D: main (main.cpp:581)

This is a freshly booted system, so I'm not sure why sm_saveYourselfCallback is
getting called. If I use gdb to make that return without doing anything, Kate
starts successfully and loads the session.

-- 
You are receiving this mail because:
You are watching all bug changes.

Reply via email to