(reporting upstream from https://bugzilla.redhat.com/show_bug.cgi?id=1105867 as suggested). fedora RPMs for kde components are by default compiled with (among others) option -fstack-protector-strong enabled. This option seems to cause crash of kig immediately after the creation of a locus. Presumably the crash is due to some overflow somewhere and should be fixed in the source code. Reproducible: Always Steps to Reproduce: In the source directory: 1. $ export CXXFLAGS="-fstack-protector-strong" 2. $ cmake . -DCMAKE_INSTALL_PREFIX=/usr 3. $ make 4. $ sudo make install 5. $ kig 6. [create a locus] Actual Results: kig crashes as soon as the mouse is moved Expected Results: Shouldn't crash! drkonqi isn't useful because for some reason (somehow related to the version (v1.0) of kig) it is not able to send the report. Anyway this is the backtrace. $ *** stack smashing detected ***: kig terminated ======= Backtrace: ========= /lib/libc.so.6(+0x6e133)[0xb75d7133] /lib/libc.so.6(__fortify_fail+0x45)[0xb76723f5] /lib/libc.so.6(+0x1093aa)[0xb76723aa] /usr/lib/kde4/kigpart.so(_fini+0x0)[0xb4f0d934] /usr/lib/kde4/kigpart.so(+0x4057e)[0xb4e0157e] /usr/lib/kde4/kigpart.so(+0x405cc)[0xb4e015cc] /usr/lib/kde4/kigpart.so(+0x4c637)[0xb4e0d637] /usr/lib/kde4/kigpart.so(+0x4c6c4)[0xb4e0d6c4] /usr/lib/kde4/kigpart.so(+0x4e55a)[0xb4e0f55a] /usr/lib/kde4/kigpart.so(+0x527ec)[0xb4e137ec] /usr/lib/kde4/kigpart.so(+0x111b33)[0xb4ed2b33] /usr/lib/kde4/kigpart.so(+0xb4258)[0xb4e75258] /usr/lib/kde4/kigpart.so(+0x11c1b2)[0xb4edd1b2] /lib/libQtGui.so.4(_ZN7QWidget5eventEP6QEvent+0x1037)[0x4e7af157] /lib/libQtGui.so.4(_ZN19QApplicationPrivate13notify_helperEP7QObjectP6QEvent+0xa4)[0x4e750b74] /lib/libQtGui.so.4(_ZN12QApplication6notifyEP7QObjectP6QEvent+0x1fb6)[0x4e759816] /lib/libkdeui.so.5(_ZN12KApplication6notifyEP7QObjectP6QEvent+0x40)[0x471aca30] /lib/libQtCore.so.4(_ZN16QCoreApplication14notifyInternalEP7QObjectP6QEvent+0x96)[0x4e274226] /lib/libQtGui.so.4(_ZN19QApplicationPrivate14sendMouseEventEP7QWidgetP11QMouseEventS1_S1_PS1_R8QPointerIS0_Eb+0x142)[0x4e757262] /lib/libQtGui.so.4[0x4e7dccb8] /lib/libQtGui.so.4(_ZN12QApplication15x11ProcessEventEP7_XEvent+0x6c3)[0x4e7db3a3] /lib/libQtGui.so.4[0x4e80709b] /lib/libglib-2.0.so.0(g_main_context_dispatch+0x166)[0x41dac556] /lib/libglib-2.0.so.0[0x41dac920] /lib/libglib-2.0.so.0(g_main_context_iteration+0x39)[0x41dac9e9] /lib/libQtCore.so.4(_ZN20QEventDispatcherGlib13processEventsE6QFlagsIN10QEventLoop17ProcessEventsFlagEE+0x74)[0x4e2a5da4] /lib/libQtGui.so.4[0x4e80725c] /lib/libQtCore.so.4(_ZN10QEventLoop13processEventsE6QFlagsINS_17ProcessEventsFlagEE+0x50)[0x4e272ac0] /lib/libQtCore.so.4(_ZN10QEventLoop4execE6QFlagsINS_17ProcessEventsFlagEE+0x1a1)[0x4e272e51] /lib/libQtCore.so.4(_ZN16QCoreApplication4execEv+0x9b)[0x4e278c7b] /lib/libQtGui.so.4(_ZN12QApplication4execEv+0x25)[0x4e74ee95] kig[0x804dd76] /lib/libc.so.6(__libc_start_main+0xf3)[0xb7582b73] kig[0x804dfd5]
Here's one included in downstream report, https://bugzilla.redhat.com/show_bug.cgi?id=1105867 from kcrash: https://bugzilla.redhat.com/show_bug.cgi?id=1105867 (and better, includes line numbers): inline (so searchable): Application: kig (v1.0) KDE Platform Version: 4.12.5 Qt Version: 4.8.6 Operating System: Linux 3.14.4-200.fc20.i686+PAE i686 Distribution: "Fedora release 20 (Heisenbug)" -- Information about the crash: Creating a locus works fine up to the end, but as soon as the cursor is moved after the creation, kig crashes. test case: - open kig - create a circle by center and point - create a constrained point on the circle - create the midpoint between the constrained point and the center of the circle - create a locus with the midpoint as dependent point and the constrained point as the constrained point - move the mouse after the locus construction ---> kig crashes Remark: compiling from the latest git source solves the problem. The crash can be reproduced every time. -- Backtrace: Application: Kig (kig), signal: Aborted Using host libthread_db library "/lib/libthread_db.so.1". [KCrash Handler] #7 0xb773f424 in __kernel_vsyscall () #8 0x418fab96 in __GI_raise (sig=sig@entry=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:56 #9 0x418fc3d3 in __GI_abort () at abort.c:89 #10 0x4193a2f8 in __libc_message (do_abort=do_abort@entry=2, fmt=fmt@entry=0x41a43033 "*** %s ***: %s terminated\n") at ../sysdeps/posix/libc_fatal.c:175 #11 0x419d55c5 in __GI___fortify_fail (msg=msg@entry=0x41a4301b "stack smashing detected") at fortify_fail.c:31 #12 0x419d557a in __stack_chk_fail () at stack_chk_fail.c:28 #13 0xb6427484 in __stack_chk_fail_local () from /usr/lib/kde4/kigpart.so #14 0xb63133fe in CurveImp::getParam (this=this@entry=0x86f3210, p=..., doc=...) at /usr/src/debug/kig-4.12.5/objects/curve_imp.cc:252 #15 0xb631344c in CurveImp::getParam (this=0x86f3210, p=..., doc=...) at /usr/src/debug/kig-4.12.5/objects/curve_imp.cc:165 #16 0xb631f4b7 in LocusImp::internalContainsPoint (this=this@entry=0x86f3210, p=..., threshold=0.051823592949233561, doc=...) at /usr/src/debug/kig-4.12.5/objects/locus_imp.cc:229 #17 0xb631f544 in LocusImp::contains (this=0x86f3210, p=..., width=-1, w=...) at /usr/src/debug/kig-4.12.5/objects/locus_imp.cc:54 #18 0xb63212ba in ObjectDrawer::contains (this=0x86c8de8, imp=..., pt=..., w=..., nv=nv@entry=false) at /usr/src/debug/kig-4.12.5/objects/object_drawer.cc:49 #19 0xb6325d5c in ObjectHolder::contains (this=0x86f1f48, pt=..., w=..., nv=false) at /usr/src/debug/kig-4.12.5/objects/object_holder.cc:85 #20 0xb63ebcb3 in KigDocument::whatAmIOn (this=0x842fb98, p=..., w=...) at /usr/src/debug/kig-4.12.5/kig/kig_document.cc:76 #21 0xb6388908 in BaseMode::mouseMoved (this=0x8445cc8, e=0xbf851164, w=0x83eb7a8) at /usr/src/debug/kig-4.12.5/modes/base_mode.cc:130 #22 0xb63f6422 in KigWidget::mouseMoveEvent (this=0x83eb7a8, e=0xbf851164) at /usr/src/debug/kig-4.12.5/kig/kig_view.cpp:102 #23 0x47969247 in QWidget::event (this=0x83eb7a8, event=0xbf851164) at kernel/qwidget.cpp:8374 #24 0x4790abd4 in QApplicationPrivate::notify_helper (this=0x82c3ad8, receiver=0x83eb7a8, e=0xbf851164) at kernel/qapplication.cpp:4565 #25 0x47913896 in QApplication::notify (this=0xbf8516e8, receiver=0x83eb7a8, e=e@entry=0xbf851164) at kernel/qapplication.cpp:4108 #26 0x43487ec0 in KApplication::notify (this=0xbf8516e8, receiver=0x83eb7a8, event=0xbf851164) at /usr/src/debug/kdelibs-4.12.5/kdeui/kernel/kapplication.cpp:311 #27 0x495dd5f6 in QCoreApplication::notifyInternal (this=0xbf8516e8, receiver=receiver@entry=0x83eb7a8, event=event@entry=0xbf851164) at kernel/qcoreapplication.cpp:953 #28 0x479112e2 in sendEvent (event=<optimized out>, receiver=<optimized out>) at ../../src/corelib/kernel/qcoreapplication.h:231 #29 QApplicationPrivate::sendMouseEvent (receiver=receiver@entry=0x83eb7a8, event=0xbf851164, alienWidget=0x0, nativeWidget=0x83eb7a8, buttonDown=buttonDown@entry=0x482c73e4 <qt_button_down>, lastMouseReceiver=..., spontaneous=spontaneous@entry=true) at kernel/qapplication.cpp:3173 #30 0x47996db8 in QETWidget::translateMouseEvent (this=0x83eb7a8, event=event@entry=0xbf85137c) at kernel/qapplication_x11.cpp:4540 #31 0x479954a3 in QApplication::x11ProcessEvent (this=0xbf8516e8, event=event@entry=0xbf85137c) at kernel/qapplication_x11.cpp:3663 #32 0x479c118b in x11EventSourceDispatch (s=s@entry=0x82c35c0, callback=0x0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:148 #33 0x41dac556 in g_main_dispatch (context=0x82c3c30) at gmain.c:3066 #34 g_main_context_dispatch (context=context@entry=0x82c3c30) at gmain.c:3642 #35 0x41dac920 in g_main_context_iterate (context=context@entry=0x82c3c30, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3713 #36 0x41dac9e9 in g_main_context_iteration (context=0x82c3c30, may_block=1) at gmain.c:3774 #37 0x4960f270 in QEventDispatcherGlib::processEvents (this=this@entry=0x8299e00, flags=...) at kernel/qeventdispatcher_glib.cpp:425 #38 0x479c134c in QGuiEventDispatcherGlib::processEvents (this=0x8299e00, flags=...) at kernel/qguieventdispatcher_glib.cpp:207 #39 0x495dbea0 in QEventLoop::processEvents (this=this@entry=0xbf851644, flags=...) at kernel/qeventloop.cpp:149 #40 0x495dc231 in QEventLoop::exec (this=this@entry=0xbf851644, flags=...) at kernel/qeventloop.cpp:204 #41 0x495e206b in QCoreApplication::exec () at kernel/qcoreapplication.cpp:1225 #42 0x47908ee5 in QApplication::exec () at kernel/qapplication.cpp:3823 #43 0x0804dc86 in main (argc=1, argv=0xbf8517c4) at /usr/src/debug/kig-4.12.5/kig/main.cpp:142 Possible duplicates by query: bug 327574, bug 323830, bug 322782. Report to https://bugs.kde.org/
I can confirm this using the latest version from master and -fstack-protector-all (I don't have -fstack-protector-strong in Gentoo, I guess it is a Fedora thing? https://fedorahosted.org/fesco/ticket/1128)
All affected parties, please try the patch at https://git.reviewboard.kde.org/r/120129/
(In reply to David E. Narvaez from comment #3) > All affected parties, please try the patch at > https://git.reviewboard.kde.org/r/120129/ The proposed patch works fine for me.
Git commit 5e940459d99eab90394372b8c052ff6a8f2ea4d0 by David E. Narvaez. Committed on 12/09/2014 at 14:33. Pushed by narvaez into branch 'master'. Fix Iteration Over Array mm Because of the initial value of j it was missing j = 1, causing Valgrind to report a jump over uninitialized value. Because of the check at the while loop, it was modifying j = N + 1, causing a stack buffer overflow. FIXED-IN: 4.14.2 REVIEW: 120129 M +2 -8 objects/curve_imp.cc http://commits.kde.org/kig/5e940459d99eab90394372b8c052ff6a8f2ea4d0