304825 – Crash when entering some non-alphabetical characters in formula

Bug 304825 - Crash when entering some non-alphabetical characters in formula

Summary: Crash when entering some non-alphabetical characters in formula

Status:	RESOLVED FIXED

Alias:	None

Product:	calligrasheets
Classification:	Applications
Component:	general (show other bugs)
Version:	2.4.1
Platform:	Debian testing Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Calligra Sheets (KSpread) Bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2012-08-08 20:52 UTC by Luigi Toscano
Modified:	2012-09-13 02:11 UTC (History)
CC List:	1 user (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Luigi Toscano 2012-08-08 20:52:33 UTC

Application: calligrasheets (2.6 Pre-Alpha)
KDE Platform Version: 4.8.4 (4.8.4)
Qt Version: 4.8.2
Operating System: Linux 3.4-trunk-amd64 x86_64
Distribution (Platform): Debian testing

-- Information about the crash:
Open a new (blank) sheet, try to type in a cell the following:
=COMPARE("
it should crash when you type the double quote.
or even
=SHEETS(Sheet2!
it should crash when you type the exclamation mark.

Tested on calligrasheets 2.4.3 from Debian testing packages and self-compiled sources from 2.5 branch from 2012-08-02.

The crash can be reproduced every time.

-- Backtrace:
Application: Calligra Sheets (calligrasheets), signal: Segmentation fault
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[Current thread is 1 (Thread 0x7efeff6f5780 (LWP 7182))]

Thread 2 (Thread 0x7efeda389700 (LWP 7184)):
#0  0x00007efef892ea93 in *__GI___poll (fds=<optimized out>, nfds=<optimized out>, timeout=-1) at ../sysdeps/unix/sysv/linux/poll.c:87
#1  0x00007efef23464d4 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#2  0x00007efef23465f4 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#3  0x00007efef97af2e6 in QEventDispatcherGlib::processEvents (this=0x22b6450, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#4  0x00007efef977f92f in QEventLoop::processEvents (this=this@entry=0x7efeda388df0, flags=...) at kernel/qeventloop.cpp:149
#5  0x00007efef977fbb8 in QEventLoop::exec (this=0x7efeda388df0, flags=...) at kernel/qeventloop.cpp:204
#6  0x00007efef9682d70 in QThread::exec (this=<optimized out>) at thread/qthread.cpp:501
#7  0x00007efef976023f in QInotifyFileSystemWatcherEngine::run (this=0x22b2b60) at io/qfilesystemwatcher_inotify.cpp:248
#8  0x00007efef9685d0b in QThreadPrivate::start (arg=0x22b2b60) at thread/qthread_unix.cpp:307
#9  0x00007efef4438b50 in start_thread (arg=<optimized out>) at pthread_create.c:304
#10 0x00007efef89396dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#11 0x0000000000000000 in ?? ()

Thread 1 (Thread 0x7efeff6f5780 (LWP 7182)):
[KCrash Handler]
#6  0x00007efef88d6dbd in malloc_consolidate (av=0x7efef8be3e60) at malloc.c:5169
#7  0x00007efef88d92a4 in _int_malloc (av=0x7efef8be3e60, bytes=55746) at malloc.c:4373
#8  0x00007efef88db960 in *__GI___libc_malloc (bytes=55746) at malloc.c:3660
#9  0x00007efef96d2069 in QString::realloc (this=0x7fffa1886e78, alloc=27857) at tools/qstring.cpp:1346
#10 0x00007efee575a593 in QString::detach (this=0x7fffa1886e78) at /usr/include/qt4/QtCore/qstring.h:715
#11 0x00007efee5750aac in Calligra::Sheets::Token::Token (this=0x7fffa1886e70, type=Calligra::Sheets::Token::String, text=..., pos=8) at /home/prova/kde-svn/git.kde.org/calligra/sheets/Formula.cpp:365
#12 0x00007efee5753442 in Calligra::Sheets::Formula::scan (this=0x7fffa18870a0, expr=..., locale=0x0) at /home/prova/kde-svn/git.kde.org/calligra/sheets/Formula.cpp:986
#13 0x00007efee5c8d5d5 in Calligra::Sheets::FormulaEditorHighlighter::highlightBlock (this=0x2be1020, text=...) at /home/prova/kde-svn/git.kde.org/calligra/sheets/ui/FormulaEditorHighlighter.cpp:84
#14 0x00007efefa6a4a65 in QSyntaxHighlighterPrivate::reformatBlock (this=this@entry=0x25687f0, block=...) at text/qsyntaxhighlighter.cpp:225
#15 0x00007efefa6a4bc7 in QSyntaxHighlighterPrivate::reformatBlocks (this=0x25687f0, from=<optimized out>, charsRemoved=<optimized out>, charsAdded=<optimized out>) at text/qsyntaxhighlighter.cpp:206
#16 0x00007efef97965cf in QMetaObject::activate (sender=0x2e959c0, m=<optimized out>, local_signal_index=<optimized out>, argv=0x7fffa1887320) at kernel/qobject.cpp:3547
#17 0x00007efefaa4d33a in QTextDocument::contentsChange (this=<optimized out>, _t1=9, _t2=0, _t3=1) at .moc/release-shared/moc_qtextdocument.cpp:202
#18 0x00007efefa66bbba in QTextDocumentPrivate::finishEdit (this=this@entry=0x2e959e0) at text/qtextdocument_p.cpp:1217
#19 0x00007efefa66e840 in QTextDocumentPrivate::insert (this=0x2e959e0, pos=9, strPos=10, strLength=1, format=3) at text/qtextdocument_p.cpp:473
#20 0x00007efefa692e1b in QTextCursor::insertText (this=this@entry=0x2e958e8, text=..., _format=...) at text/qtextcursor.cpp:1473
#21 0x00007efefa69318a in QTextCursor::insertText (this=0x2e958e8, text=...) at text/qtextcursor.cpp:1402
#22 0x00007efefa633872 in QTextControlPrivate::keyPressEvent (this=this@entry=0x2e95850, e=e@entry=0x7fffa18880b0) at text/qtextcontrol.cpp:1306
#23 0x00007efefa635f9b in QTextControl::processEvent (this=<optimized out>, e=0x7fffa18880b0, matrix=..., contextWidget=<optimized out>) at text/qtextcontrol.cpp:946
#24 0x00007efefa62aea3 in QTextControl::processEvent (this=0x2e95830, e=0x7fffa18880b0, coordinateOffset=..., contextWidget=0x2e8e1c0) at text/qtextcontrol.cpp:906
#25 0x00007efefa84d6e5 in sendControlEvent (e=0x7fffa18880b0, this=0x2e914a0) at widgets/qtextedit_p.h:99
#26 QTextEdit::keyPressEvent (this=<optimized out>, e=0x7fffa18880b0) at widgets/qtextedit.cpp:1296
#27 0x00007efefb1f92c7 in keyPressEvent (event=0x7fffa18880b0, this=0x2e8fa50) at ../../kdeui/widgets/ktextedit.cpp:1079
#28 KTextEdit::keyPressEvent (this=0x2e8fa50, event=0x7fffa18880b0) at ../../kdeui/widgets/ktextedit.cpp:1070
#29 0x00007efee5c8fcb2 in Calligra::Sheets::ExternalEditor::keyPressEvent (this=0x2e8fa50, event=0x7fffa18880b0) at /home/prova/kde-svn/git.kde.org/calligra/sheets/ui/ExternalEditor.cpp:151
#30 0x00007efefa438f5b in QWidget::event (this=0x2e8fa50, event=0x7fffa18880b0) at kernel/qwidget.cpp:8406
#31 0x00007efefa7e4076 in QFrame::event (this=0x2e8fa50, e=0x7fffa18880b0) at widgets/qframe.cpp:557
#32 0x00007efefa863cfb in QAbstractScrollArea::event (this=0x2e8fa50, e=0x7fffa18880b0) at widgets/qabstractscrollarea.cpp:996
#33 0x00007efefa8508f1 in QTextEdit::event (this=0x2e8fa50, e=0x7fffa18880b0) at widgets/qtextedit.cpp:1070
#34 0x00007efefa3e970c in QApplicationPrivate::notify_helper (this=this@entry=0x1e6f070, receiver=receiver@entry=0x2e8fa50, e=e@entry=0x7fffa18880b0) at kernel/qapplication.cpp:4556
#35 0x00007efefa3ee704 in QApplication::notify (this=<optimized out>, receiver=0x2e8fa50, e=0x7fffa18880b0) at kernel/qapplication.cpp:3997
#36 0x00007efefb11c8a6 in KApplication::notify (this=0x7fffa1888ee0, receiver=0x2e8fa50, event=0x7fffa18880b0) at ../../kdeui/kernel/kapplication.cpp:311
#37 0x00007efef9780bde in QCoreApplication::notifyInternal (this=0x7fffa1888ee0, receiver=0x2e8fa50, event=0x7fffa18880b0) at kernel/qcoreapplication.cpp:915
#38 0x00007efefa486bca in QKeyMapper::sendKeyEvent (keyWidget=keyWidget@entry=0x2e8fa50, grab=grab@entry=false, type=QEvent::KeyPress, code=34, modifiers=..., text=..., autorepeat=autorepeat@entry=false, count=1, nativeScanCode=11, nativeVirtualKey=34, nativeModifiers=1) at kernel/qkeymapper_x11.cpp:1866
#39 0x00007efefa487001 in QKeyMapperPrivate::translateKeyEvent (this=0x1ea6990, keyWidget=0x2e8fa50, event=0x7fffa1888ad0, grab=false) at kernel/qkeymapper_x11.cpp:1836
#40 0x00007efefa463c58 in QApplication::x11ProcessEvent (this=0x7fffa1888ee0, event=0x7fffa1888ad0) at kernel/qapplication_x11.cpp:3539
#41 0x00007efefa48acf2 in x11EventSourceDispatch (s=0x1e71670, callback=0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#42 0x00007efef2346205 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#43 0x00007efef2346538 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#44 0x00007efef23465f4 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#45 0x00007efef97af2e6 in QEventDispatcherGlib::processEvents (this=0x1dd4ad0, flags=...) at kernel/qeventdispatcher_glib.cpp:424
#46 0x00007efefa48a96e in QGuiEventDispatcherGlib::processEvents (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#47 0x00007efef977f92f in QEventLoop::processEvents (this=this@entry=0x7fffa1888ea0, flags=...) at kernel/qeventloop.cpp:149
#48 0x00007efef977fbb8 in QEventLoop::exec (this=0x7fffa1888ea0, flags=...) at kernel/qeventloop.cpp:204
#49 0x00007efef9784d78 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1187
#50 0x00007efeff30e8aa in kdemain (argc=1, argv=0x7fffa18890d8) at /home/prova/kde-svn/git.kde.org/calligra/sheets/part/Main.cpp:43
#51 0x0000000000400a0e in main (argc=1, argv=0x7fffa18890d8) at /opt/build/build-calligra/sheets/calligrasheets_dummy.cpp:3

Reported using DrKonqi

Comment 1 Marijn Kruisselbrink 2012-09-13 02:11:16 UTC

> Git commit 8d91c11ccbe80367e1960db6309c294d2d92f69b by Marijn Kruisselbrink.
> Committed on 13/08/2012 at 03:56.
> Pushed by mkruisselbrink into branch 'master'.
>
> fix tokenizing of invalid formulas.
>
> Not all states in the parsing loop have a check to make sure we're not at the end of the string yet, so re-introduce this check as part of the main loop condition. Commit 85efba919173bf8badddae4093f16cbe7b704915 incorrectly removed this check.
>
> M  +5    -4    sheets/Formula.cpp
> M  +5    -1    sheets/tests/TestFormula.cpp
>
> http://commits.kde.org/calligra/8d91c11ccbe80367e1960db6309c294d2d92f69b