Bug 134070

Summary: crash on large result, "exp" operation
Product: [Applications] kcalc Reporter: Ernst Bachmann <ebachmann>
Component: generalAssignee: Klaus Niederkrüger <kniederk>
Status: RESOLVED FIXED    
Severity: crash    
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:
Attachments: Suggested fix

Description Ernst Bachmann 2006-09-14 16:20:05 UTC 
Version:           2.0.4 (using KDE KDE 3.5.4)
Installed from:    Gentoo Packages
Compiler:          gcc-4.1.1 
OS:                Linux

enter a large number (say 1000), then hit "Inv", then "e^x" => Kcalc crashes.

according to GDB the crash occurs in:
#0  0x000000354b90cbd9 in raise () from /lib/libpthread.so.0
#1  0x000000370ea07d0e in __gmp_invalid_operation () from /usr/lib64/libgmp.so.3
#2  0x000000370ea09aed in __gmpf_set_d () from /usr/lib64/libgmp.so.3
#3  0x0000003478158d8c in KNumber::KNumber () from /usr/kde/3.5/lib64/libkdeinit_kcalc.so
#4  0x000000347813c2be in CalcEngine::Exp () from /usr/kde/3.5/lib64/libkdeinit_kcalc.so
#5  0x000000347814abdb in KCalculator::slotLnclicked () from /usr/kde/3.5/lib64/libkdeinit_kcalc.so

Seems like its not generally a problem with the result value, as kcalc can calculate e.g. 10^1000000 just fine.
Comment 1 Philip Rodrigues 2006-09-15 13:26:47 UTC 
Confirmed. Different backtrace though:

#12 0x29460b6c in sigaction () from /usr/lib/libpthread.so.2
#13 0x2952db23 in abort () from /lib/libc.so.6
#14 0x2984dc2f in __gmp_invalid_operation () from /usr/local/lib/libgmp.so.7
#15 0x2984f513 in __gmpf_set_d () from /usr/local/lib/libgmp.so.7
#16 0x2983b28a in _knumfloat (this=0x8245fb8, num=inf) at knumber_priv.h:270
#17 0x298382ea in KNumber (this=0xbfbfdb80, num=inf)
    at /home/phil/kdesrc/kdeutils/kcalc/knumber/knumber.cpp:72
#18 0x29824630 in CalcEngine::Exp (this=0x8168c88, input=
      {static Zero = {static Zero = <same as static member of an already seen type>, static One = {static Zero = <same as static member of an already seen type>, static One = <same as static member of an already seen type>, static MinusOne = {static Zero = <same as static member of an already seen type>, static One = <same as static member of an already seen type>, static MinusOne = <same as static member of an already seen type>, static Pi = {static Zero = <same as static member of an already seen type>, static One = <same as static member of an already seen type>, static MinusOne = <same as static member of an already seen type>, static Pi = <same as static member of an already seen type>, static Euler = {static Zero = <same as static member of an already seen type>, static One = <same as static member of an already seen type>, static MinusOne = <same as static member of an already seen type>, static Pi = <same as static member of an already seen type>, static Euler = <same as static member of an already seen type>, _num = 0x80e3a38, static _float_output = true, static _fraction_input = true, static _splitoffinteger_output = false}, _num = 0x80d0938, static _float_output = true, static _fraction_input = true, static _splitoffinteger_output = false}, static Euler = <same as static member of an already seen type>, _num = 0x80d4fe0, static _float_output = true, static _fraction_input = true, static _splitoffinteger_output = false}, static Pi = <same as static member of an already seen type>, static Euler = <same as static member of an already seen type>, _num = 0x80d0e18, static _float_output = true, static _fraction_input = true, static _splitoffinteger_output = false}, static MinusOne = <same as static member of an already seen type>, static Pi = <same as static member of an already seen type>, static Euler = <same as static member of an already seen type>, _num = 0x80d0b68, static _float_output = true, static _fraction_input = true, static _splitoffinteger_output = false}, static One = <same as static member of an already seen type>, static MinusOne = <same as static member of an already seen type>, static Pi = <same as static member of an already seen type>, static Euler = <same as static member of an already seen type>, _num = 0x82385b0, static _float_output = true, static _fraction_input = true, static _splitoffinteger_output = false}) at /home/phil/kdesrc/kdeutils/kcalc/kcalc_core.cpp:574
#19 0x298168b3 in KCalculator::slotLnclicked (this=0x8168a18)
    at /home/phil/kdesrc/kdeutils/kcalc/kcalc.cpp:1517
#20 0x2981a6a9 in KCalculator::qt_invoke (this=0x8168a18, _id=99, 
    _o=0xbfbfdcc0) at kcalc.moc:333
#21 0x28e141e0 in QObject::activate_signal ()
   from /usr/X11R6/lib/libqt-mt.so.3
Comment 2 Ernst Bachmann 2006-09-15 13:44:00 UTC 
Well, besides the differences caused by 64bit/32bit arch, different library versions, and my version coming from a strip'ed binary, they look quite similar to me.

Basically it looks like libgmp is trying to calculate the result, gets an overflow, and raises a SIGFPE signal, which isn't handled.
Comment 3 Philip Rodrigues 2006-09-16 20:42:44 UTC 
Ah yes, good point. Should've looked more carefully
Comment 4 Philip Rodrigues 2006-09-17 23:15:29 UTC 
Created attachment 17816 [details]
Suggested fix

Change the KNumber initialization to check for NaN and Inf, since passing these
to libgmp causes a crash. Does this also need to be done for other types?
Comment 5 Klaus Niederkrüger 2006-09-19 11:48:34 UTC 
Good idea (the patch).

I try to apply this as soon as I have time.

Klaus
Comment 6 Klaus Niederkrüger 2006-09-23 01:21:34 UTC 
Applied your patch. Thanks a lot

Klaus