491327 – KCalc segfault, index out of bounds in KCalculator::commit_Input_

Bug 491327 - KCalc segfault, index out of bounds in KCalculator::commit_Input_

Summary: KCalc segfault, index out of bounds in KCalculator::commit_Input_

Status:	RESOLVED FIXED

Alias:	None

Product:	kcalc
Classification:	Applications
Component:	general (show other bugs)
Version:	24.05.2
Platform:	Other Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Gabriel Barrantes

URL:
Keywords:

Depends on:
Blocks:

Reported:	2024-08-05 20:28 UTC by LaughingMan
Modified:	2024-08-07 00:07 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:	https://invent.kde.org/utilities/kcalc/-/commit/4776dc3cd662bf704480a0e02cd7a74fdff516db
Version Fixed In:
Sentry Crash Report:	https://crash-reports.kde.org/organizations/kde/issues/44094/?project=739

Attachments
Backtrace (5.39 KB, text/plain) 2024-08-05 20:28 UTC, LaughingMan	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description LaughingMan 2024-08-05 20:28:16 UTC

Created attachment 172321 [details]
Backtrace

SUMMARY
KCalc segfaulted while typing. The coredump gave me this as a hint:
> #0  0x000056fad5980195 in QList<KCalcToken>::at (this=<optimized out>, i=<optimized out>) at /usr/include/qt6/QtCore/qlist.h:435
> #1  KCalculator::commit_Input_() [clone .isra.0] (this=<optimized out>) at /usr/src/debug/kcalc/kcalc-24.05.2/kcalc.cpp:2359
>#2  0x000056fad594b295 in KCalculator::slotInputChanged (this=0x56faef014fc0) at /usr/src/debug/kcalc/kcalc-24.05.2/kcalc.cpp:1418

The full backtrace is attached.

STEPS TO REPRODUCE
Didn't manage to reproduce. Only have the core dump to go by. The segfault happened while entering "()" into an empty KCalc instance. Not sure if on the first or second parenthesis or if I pressed an arrow key afterwards. Might be entirely irrelevant anyway.

OBSERVED RESULT
> [24197.608659] kcalc[56773]: segfault at 56f737227ee4 ip 000056fad5980195 sp 00007fff060bf780 error 4 in kcalc[67195,56fad5930000+51000] likely on CPU 3 (core 3, socket 0)
> [24197.608667] Code: 03 00 00 01 00 00 00 0f 85 a5 ea ff ff 49 63 95 00 04 00 00 48 8d 04 d5 00 00 00 00 48 29 d0 49 8b 95 d0 03 00 00 48 8d 04 c2 <8b> 40 34 41 c6 85 f5 03 00 00 01 41 89 85 fc 03 00 00 e9 e9 ea ff

EXPECTED RESULT
No segfault

SOFTWARE/OS VERSIONS
Operating System: EndeavourOS 
KDE Plasma Version: 6.1.3
KDE Frameworks Version: 6.4.0
Qt Version: 6.7.2

ADDITIONAL INFORMATION

Comment 1 Gabriel Barrantes 2024-08-05 23:44:57 UTC

i could not reproduce it, however I think it can be related to: 
  https://invent.kde.org/utilities/kcalc/-/merge_requests/99
that is already fixed on the next version (24.08) so for now I will leave it as confirmed but shouldn't be a problem.

Comment 2 LaughingMan 2024-08-05 23:54:25 UTC

Tested a bit more. It takes a few tries but reproduction steps are:
1. Open KCalc
2. Either type "(" on the keyboard or click the "("  button.
3. Segfault

Reproduces ~50% of the time with the keyboard and ~20% of the time when clicking the button with the mouse.

Comment 3 Bug Janitor Service 2024-08-06 20:06:46 UTC

A possibly relevant merge request was started @ https://invent.kde.org/utilities/kcalc/-/merge_requests/138

Comment 4 Gabriel Barrantes 2024-08-06 20:18:31 UTC

(In reply to LaughingMan from comment #2)
> Tested a bit more. It takes a few tries but reproduction steps are:
> 1. Open KCalc
> 2. Either type "(" on the keyboard or click the "("  button.
> 3. Segfault
> 
> Reproduces ~50% of the time with the keyboard and ~20% of the time when
> clicking the button with the mouse.
 
UB, quite hard to reach for sure, great catch.

Comment 5 Gabriel Barrantes 2024-08-06 20:49:52 UTC

Git commit 4776dc3cd662bf704480a0e02cd7a74fdff516db by Gabriel Barrantes.
Committed on 06/08/2024 at 20:05.
Pushed by gabrielbarrantes into branch 'master'.

Set error Index for edge cases

Set error index to last token as a workaround for cases that escape
initial error parsing. This does not sets the exact index where the
error is located but for now avoids unexpected seg-fault erros.

M  +5    -0    kcalc_core.cpp

https://invent.kde.org/utilities/kcalc/-/commit/4776dc3cd662bf704480a0e02cd7a74fdff516db

Comment 6 LaughingMan 2024-08-07 00:07:37 UTC

> UB, quite hard to reach for sure, great catch.

Thanks for the quick fix!