Bug 154348

Summary: kmplot crashes when adding a second parametric function
Product: [Applications] kmplot Reporter: Stefan Majewsky <majewsky>
Component: generalAssignee: Klaus-Dieter M <kd.moeller>
Status: RESOLVED FIXED    
Severity: crash CC: Regnaron
Priority: NOR    
Version First Reported In: unspecified   
Target Milestone: ---   
Platform: openSUSE   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description Stefan Majewsky 2007-12-19 22:00:54 UTC 
Version:            (using KDE KDE 3.97.0)
Installed from:    SuSE RPMs

KmPlot crashes immediately when adding a second parametric function to the list of defined functions.

This error also appears when other types of plots are in the function list, if the function which is being added is the second parametric plot. It also seems to not depend on what properties the other functions have.

Sadly, I can't provide you a stack trace, as my hard drive has not enough space to install debug symbols, but it should be easily reproduceable.
Comment 1 Oliver Putz 2008-01-28 21:36:55 UTC 
I can confirm this crash with kdeedu r764029. I'll attach a GDB and Valgrind log for this crash.

GDB:
Starting program: /usr/kde/svn/bin/kmplot 
[Thread debugging using libthread_db enabled]
[New Thread 0xb64f3a40 (LWP 6922)]

Program received signal SIGABRT, Aborted.
[Switching to Thread 0xb64f3a40 (LWP 6922)]
0xffffe410 in __kernel_vsyscall ()
#0  0xffffe410 in __kernel_vsyscall ()
#1  0xb67151f1 in *__GI_raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#2  0xb67169b8 in *__GI_abort () at abort.c:88
#3  0xb670e7d5 in *__GI___assert_fail (assertion=0xb50b58e8 "m_functionID != -1", 
    file=0xb50b516c "/var/tmp/portage/kde-base/kdeedu-9999.4/work/kdeedu-9999.4/kmplot/kmplot/functioneditor.cpp", 
    line=535, function=0xb50b6340 "void FunctionEditor::createFunction(const QString&, const QString&, Function::Type)")
    at assert.c:78
#4  0xb50389ce in FunctionEditor::createFunction (this=0x6, eq0=@0xbfdcf3d0, eq1=@0xbfdcf3cc, type=Function::Parametric)
    at /var/tmp/portage/kde-base/kdeedu-9999.4/work/kdeedu-9999.4/kmplot/kmplot/functioneditor.cpp:535
#5  0xb5039115 in FunctionEditor::createParametric (this=0x81233b8)
    at /var/tmp/portage/kde-base/kdeedu-9999.4/work/kdeedu-9999.4/kmplot/kmplot/functioneditor.cpp:494
#6  0xb503a525 in FunctionEditor::qt_metacall (this=0x81233b8, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbfdcf90c)
    at /var/tmp/portage/kde-base/kdeedu-9999.4/work/kdeedu_build/kmplot/kmplot/functioneditor.moc:87
#7  0xb7e8f1f4 in QMetaObject::activate (sender=0x82d1580, from_signal_index=5, to_signal_index=6, 
    argv=<value optimized out>) at kernel/qobject.cpp:3081
#8  0xb7e8f5e2 in QMetaObject::activate (sender=0x82d1580, m=0xb719e4c0, from_local_signal_index=1, 
    to_local_signal_index=2, argv=0xbfdcf90c) at kernel/qobject.cpp:3160
#9  0xb6a489c3 in QAction::triggered (this=0x82d1580, _t1=false) at .moc/debug-shared/moc_qaction.cpp:208
#10 0xb6a494bd in QAction::activate (this=0x82d1580, event=QAction::Trigger) at kernel/qaction.cpp:1114
#11 0xb6e30264 in QMenuPrivate::activateAction (this=0x8154990, action=0x82d1580, action_e=QAction::Trigger, self=true)
    at widgets/qmenu.cpp:915
#12 0xb6e328e2 in QMenu::mouseReleaseEvent (this=0x81657a0, e=0xbfdd0184) at widgets/qmenu.cpp:2054
#13 0xb7abcb98 in KMenu::mouseReleaseEvent (this=0x81657a0, e=0xbfdd0184)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdeui/widgets/kmenu.cpp:423
#14 0xb6aa29a5 in QWidget::event (this=0x81657a0, event=0xbfdd0184) at kernel/qwidget.cpp:6138
#15 0xb6e2dccf in QMenu::event (this=0x81657a0, e=0xbfdd0184) at widgets/qmenu.cpp:2149
#16 0xb6a4fe8a in QApplicationPrivate::notify_helper (this=0x8067d50, receiver=0x81657a0, e=0xbfdd0184)
    at kernel/qapplication.cpp:3556
#17 0xb6a51a2c in QApplication::notify (this=0xbfdd18b4, receiver=0x81657a0, e=0xbfdd0184) at kernel/qapplication.cpp:3255
#18 0xb7a00543 in KApplication::notify (this=0xbfdd18b4, receiver=0x81657a0, event=0xbfdd0184)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdeui/kernel/kapplication.cpp:310
#19 0xb7e7bd7b in QCoreApplication::notifyInternal (this=0xbfdd18b4, receiver=0x81657a0, event=0xbfdd0184)
    at kernel/qcoreapplication.cpp:530
#20 0xb6ab5e89 in QETWidget::translateMouseEvent (this=0x81657a0, event=0xbfdd0548)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:203
#21 0xb6ab3e8e in QApplication::x11ProcessEvent (this=0xbfdd18b4, event=0xbfdd0548) at kernel/qapplication_x11.cpp:2913
#22 0xb6ad9c45 in QEventDispatcherX11::processEvents (this=0x8067140, flags=@0xbfdd0634)
    at kernel/qeventdispatcher_x11.cpp:125
#23 0xb7e7b191 in QEventLoop::processEvents (this=0xbfdd069c, flags=@0xbfdd0668) at kernel/qeventloop.cpp:140
#24 0xb7e7b29a in QEventLoop::exec (this=0xbfdd069c, flags=@0xbfdd06a8) at kernel/qeventloop.cpp:186
#25 0xb6e32b75 in QMenu::exec (this=0x81657a0, p=@0xbfdd074c, action=0x0) at widgets/qmenu.cpp:1817
#26 0xb6e3e6f4 in QPushButtonPrivate::_q_popupPressed (this=0x8126340) at widgets/qpushbutton.cpp:614
#27 0xb6e3eb85 in QPushButton::qt_metacall (this=0x814bfd0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0xbfdd0c14)
    at .moc/debug-shared/moc_qpushbutton.cpp:72
#28 0xb7e8f1f4 in QMetaObject::activate (sender=0x814bfd0, from_signal_index=27, to_signal_index=27, 
    argv=<value optimized out>) at kernel/qobject.cpp:3081
#29 0xb7e8fd94 in QMetaObject::activate (sender=0x814bfd0, m=0xb71acea4, local_signal_index=0, argv=0x0)
    at kernel/qobject.cpp:3140
#30 0xb70156d3 in QAbstractButton::pressed (this=0x814bfd0) at .moc/debug-shared/moc_qabstractbutton.cpp:167
#31 0xb6d96a59 in QAbstractButtonPrivate::emitPressed (this=0x8126340) at widgets/qabstractbutton.cpp:544
#32 0xb6d96b4f in QAbstractButton::mousePressEvent (this=0x814bfd0, e=0xbfdd1324) at widgets/qabstractbutton.cpp:1078
#33 0xb6aa29be in QWidget::event (this=0x814bfd0, event=0xbfdd1324) at kernel/qwidget.cpp:6134
#34 0xb6d974e3 in QAbstractButton::event (this=0x814bfd0, e=0x1b0a) at widgets/qabstractbutton.cpp:1063
#35 0xb6e3e982 in QPushButton::event (this=0x814bfd0, e=0xbfdd1324) at widgets/qpushbutton.cpp:665
#36 0xb6a4fe8a in QApplicationPrivate::notify_helper (this=0x8067d50, receiver=0x814bfd0, e=0xbfdd1324)
    at kernel/qapplication.cpp:3556
#37 0xb6a51a2c in QApplication::notify (this=0xbfdd18b4, receiver=0x814bfd0, e=0xbfdd1324) at kernel/qapplication.cpp:3255
#38 0xb7a00543 in KApplication::notify (this=0xbfdd18b4, receiver=0x814bfd0, event=0xbfdd1324)
    at /var/tmp/portage/kde-base/kdelibs-9999.4/work/kdelibs-9999.4/kdeui/kernel/kapplication.cpp:310
#39 0xb7e7bd7b in QCoreApplication::notifyInternal (this=0xbfdd18b4, receiver=0x814bfd0, event=0xbfdd1324)
    at kernel/qcoreapplication.cpp:530
#40 0xb6ab5628 in QETWidget::translateMouseEvent (this=0x814bfd0, event=0xbfdd16e8)
    at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:203
#41 0xb6ab3e8e in QApplication::x11ProcessEvent (this=0xbfdd18b4, event=0xbfdd16e8) at kernel/qapplication_x11.cpp:2913
#42 0xb6ad9c45 in QEventDispatcherX11::processEvents (this=0x8067140, flags=@0xbfdd17d4)
    at kernel/qeventdispatcher_x11.cpp:125
#43 0xb7e7b191 in QEventLoop::processEvents (this=0xbfdd1840, flags=@0xbfdd1808) at kernel/qeventloop.cpp:140
#44 0xb7e7b29a in QEventLoop::exec (this=0xbfdd1840, flags=@0xbfdd1848) at kernel/qeventloop.cpp:186
#45 0xb7e7d626 in QCoreApplication::exec () at kernel/qcoreapplication.cpp:759
#46 0xb6a4f487 in QApplication::exec () at kernel/qapplication.cpp:3053
#47 0x0804fed2 in main (argc=Cannot access memory at address 0x1b0a
) at /var/tmp/portage/kde-base/kdeedu-9999.4/work/kdeedu-9999.4/kmplot/kmplot/main.cpp:79
#48 0xb6701fdc in __libc_start_main (main=0x804f720 <main>, argc=1, ubp_av=0xbfdd1a34, init=0x8059210 <__libc_csu_init>, 
    fini=0x8059200 <__libc_csu_fini>, rtld_fini=0xb7f3f100 <_dl_fini>, stack_end=0xbfdd1a2c) at libc-start.c:229
#49 0x0804f691 in _start ()


Valgrind:
==6937== Memcheck, a memory error detector.
==6937== Copyright (C) 2002-2007, and GNU GPL'd, by Julian Seward et al.
==6937== Using LibVEX rev 1732, a library for dynamic binary translation.
==6937== Copyright (C) 2004-2007, and GNU GPL'd, by OpenWorks LLP.
==6937== Using valgrind-3.2.3, a dynamic binary instrumentation framework.
==6937== Copyright (C) 2000-2007, and GNU GPL'd, by Julian Seward et al.
==6937== 
==6937== My PID = 6937, parent PID = 6910.  Prog and args are:
==6937==    kmplot
==6937== 
[...]
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400A9B5: _dl_relocate_object (do-rel.h:65)
==6937==    by 0x400454C: dl_main (rtld.c:2214)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==6937== 
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400A9BD: _dl_relocate_object (do-rel.h:68)
==6937==    by 0x400454C: dl_main (rtld.c:2214)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==6937== 
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400B053: _dl_relocate_object (do-rel.h:104)
==6937==    by 0x400454C: dl_main (rtld.c:2214)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==6937== 
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400AAF3: _dl_relocate_object (do-rel.h:117)
==6937==    by 0x400454C: dl_main (rtld.c:2214)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==6937== 
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400A9B5: _dl_relocate_object (do-rel.h:65)
==6937==    by 0x4004169: dl_main (rtld.c:2284)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==6937== 
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400A9BD: _dl_relocate_object (do-rel.h:68)
==6937==    by 0x4004169: dl_main (rtld.c:2284)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==6937== 
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400AAF3: _dl_relocate_object (do-rel.h:117)
==6937==    by 0x4004169: dl_main (rtld.c:2284)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
--6937-- REDIR: 0x57A5980 (memset) redirected to 0x40226B8 (memset)
--6937-- REDIR: 0x57A5E20 (memcpy) redirected to 0x4022241 (memcpy)
--6937-- REDIR: 0x57A4AB0 (rindex) redirected to 0x4021E66 (rindex)
--6937-- REDIR: 0x57A46F0 (strlen) redirected to 0x402203B (strlen)
--6937-- REDIR: 0x56D1540 (operator new(unsigned)) redirected to 0x4021986 (operator new(unsigned))
--6937-- REDIR: 0x57A1080 (calloc) redirected to 0x4020754 (calloc)
--6937-- REDIR: 0x57A1400 (malloc) redirected to 0x4021303 (malloc)
--6937-- REDIR: 0x57A1810 (realloc) redirected to 0x40213A5 (realloc)
--6937-- REDIR: 0x57A5910 (memmove) redirected to 0x40226D5 (memmove)
--6937-- REDIR: 0x57A4900 (strncmp) redirected to 0x402214E (strncmp)
--6937-- REDIR: 0x57A41A0 (strcmp) redirected to 0x4022193 (strcmp)
--6937-- REDIR: 0x56D1680 (operator new[](unsigned)) redirected to 0x40216A2 (operator new[](unsigned))
--6937-- REDIR: 0x579F7B0 (free) redirected to 0x4020F6B (free)
--6937-- REDIR: 0x56CFFF0 (operator delete(void*)) redirected to 0x4020CC3 (operator delete(void*))
--6937-- REDIR: 0x57A4030 (index) redirected to 0x4021EFC (index)
--6937-- REDIR: 0x57A59E0 (mempcpy) redirected to 0x4022740 (mempcpy)
--6937-- Reading syms from /usr/lib/gconv/UTF-16.so (0x41E4000)
--6937-- Reading debug info from /usr/lib/debug/usr/lib/gconv/UTF-16.so.debug...
--6937-- REDIR: 0x57A4210 (strcpy) redirected to 0x4022074 (strcpy)
--6937-- REDIR: 0x56D0050 (operator delete[](void*)) redirected to 0x4020993 (operator delete[](void*))
--6937-- REDIR: 0x57A3E80 (strcat) redirected to 0x4021F4A (strcat)
--6937-- REDIR: 0x57A5620 (bcmp) redirected to 0x4022543 (bcmp)
--6937-- REDIR: 0x57A4A00 (strncpy) redirected to 0x40220CE (strncpy)
--6937-- REDIR: 0x57A5480 (memchr) redirected to 0x402221D (memchr)
--6937-- memcheck GC: 1024 nodes, 1024 survivors (100.0%)
--6937-- memcheck GC: increase table size to 2048
--6937-- memcheck GC: 2048 nodes, 2048 survivors (100.0%)
--6937-- memcheck GC: increase table size to 4096
--6937-- REDIR: 0x57A47A0 (strnlen) redirected to 0x4022021 (strnlen)
--6937-- memcheck GC: 4096 nodes, 3402 survivors ( 83.0%)
--6937-- memcheck GC: increase table size to 8192
--6937-- Reading syms from /usr/kde/svn/lib/kde4/plugins/styles/oxygen.so (0x61B4000)
--6937-- Reading debug info from /usr/lib/debug/usr/kde/svn/lib/kde4/plugins/styles/oxygen.so.debug...
--6937-- REDIR: 0x57A66E0 (rawmemchr) redirected to 0x402272E (rawmemchr)
--6937-- REDIR: 0x57A5B70 (stpcpy) redirected to 0x4022595 (stpcpy)
--6937-- memcheck GC: 8192 nodes, 7491 survivors ( 91.4%)
--6937-- memcheck GC: increase table size to 16384
--6937-- Reading syms from /usr/kde/svn/lib/kde4/libkmplotpart.so (0x7990000)
--6937-- Reading debug info from /usr/lib/debug/usr/kde/svn/lib/kde4/libkmplotpart.so.debug...
--6937-- REDIR: 0x40158A0 (stpcpy) redirected to 0x40225F6 (stpcpy)
--6937-- memcheck GC: 16384 nodes, 15643 survivors ( 95.4%)
--6937-- memcheck GC: increase table size to 32768
--6937-- memcheck GC: 32768 nodes, 29911 survivors ( 91.2%)
--6937-- memcheck GC: increase table size to 65536
==6937== 
==6937== Source and destination overlap in mempcpy(0x6072278, 0x6072278, 21)
==6937==    at 0x4021E3A: (within /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==6937==    by 0x4022781: mempcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==6937==    by 0x579C1D2: _IO_default_xsputn (genops.c:463)
==6937==    by 0x577721E: vfprintf (vfprintf.c:1568)
==6937==    by 0x5790CBA: vsprintf (iovsprintf.c:43)
==6937==    by 0x577CADD: sprintf (sprintf.c:34)
==6937==    by 0x4A3B942: parse_fontdata (omGeneric.c:618)
==6937==    by 0x4A3BAE2: parse_vw (omGeneric.c:1095)
==6937==    by 0x4A3C301: create_oc (omGeneric.c:1233)
==6937==    by 0x49FBC0A: XCreateOC (OCWrap.c:53)
==6937==    by 0x49F20A9: XCreateFontSet (FSWrap.c:185)
==6937==    by 0x541469D: getFontSet(QFont const&) (qximinputcontext_x11.cpp:319)
--6937-- REDIR: 0x57A67B0 (strchrnul) redirected to 0x4022716 (strchrnul)
--6937-- Reading syms from /lib/libnss_compat-2.6.1.so (0x7DF2000)
--6937-- Reading debug info from /usr/lib/debug/lib/libnss_compat-2.6.1.so.debug...
--6937-- Reading syms from /lib/libnsl-2.6.1.so (0x7DFA000)
--6937-- Reading debug info from /usr/lib/debug/lib/libnsl-2.6.1.so.debug...
--6937-- Reading syms from /lib/libnss_nis-2.6.1.so (0x7E11000)
--6937-- Reading debug info from /usr/lib/debug/lib/libnss_nis-2.6.1.so.debug...
--6937-- Reading syms from /lib/libnss_files-2.6.1.so (0x7E1B000)
--6937-- Reading debug info from /usr/lib/debug/lib/libnss_files-2.6.1.so.debug...
--6937-- memcheck GC: 65536 nodes, 60426 survivors ( 92.2%)
--6937-- memcheck GC: increase table size to 131072
--6937-- memcheck GC: 131072 nodes, 121919 survivors ( 93.0%)
--6937-- memcheck GC: increase table size to 262144
--6937-- REDIR: 0x57A4840 (strncat) redirected to 0x4021FAC (strncat)
==6937== Warning: invalid file descriptor -1 in syscall write()
==6937==    at 0x420CF83: __write_nocancel (in /lib/libpthread-2.6.1.so)
==6937==    by 0x45FE66E: KCrash::startDrKonqi(char const**, int) (kcrash.cpp:349)
==6937==    by 0x45FECEA: KCrash::defaultCrashHandler(int) (kcrash.cpp:287)
==6937==    by 0x5761287: (within /lib/libc-2.6.1.so)
==6937==    by 0x57629B7: abort (abort.c:88)
==6937==    by 0x575A7D4: __assert_fail (assert.c:78)
==6937==    by 0x79B69CD: FunctionEditor::createFunction(QString const&, QString const&, Function::Type) (functioneditor.cpp:535)
==6937==    by 0x79B7114: FunctionEditor::createParametric() (functioneditor.cpp:494)
==6937==    by 0x79B8524: FunctionEditor::qt_metacall(QMetaObject::Call, int, void**) (functioneditor.moc:87)
==6937==    by 0x413C1F3: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3081)
==6937==    by 0x413C5E1: QMetaObject::activate(QObject*, QMetaObject const*, int, int, void**) (qobject.cpp:3160)
==6937==    by 0x4E9C9C2: QAction::triggered(bool) (moc_qaction.cpp:208)
==6937== Warning: invalid file descriptor -1 in syscall write()
==6937==    at 0x420CF83: __write_nocancel (in /lib/libpthread-2.6.1.so)
==6937==    by 0x45FE681: KCrash::startDrKonqi(char const**, int) (kcrash.cpp:350)
==6937==    by 0x45FECEA: KCrash::defaultCrashHandler(int) (kcrash.cpp:287)
==6937==    by 0x5761287: (within /lib/libc-2.6.1.so)
==6937==    by 0x57629B7: abort (abort.c:88)
==6937==    by 0x575A7D4: __assert_fail (assert.c:78)
==6937==    by 0x79B69CD: FunctionEditor::createFunction(QString const&, QString const&, Function::Type) (functioneditor.cpp:535)
==6937==    by 0x79B7114: FunctionEditor::createParametric() (functioneditor.cpp:494)
==6937==    by 0x79B8524: FunctionEditor::qt_metacall(QMetaObject::Call, int, void**) (functioneditor.moc:87)
==6937==    by 0x413C1F3: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3081)
==6937==    by 0x413C5E1: QMetaObject::activate(QObject*, QMetaObject const*, int, int, void**) (qobject.cpp:3160)
==6937==    by 0x4E9C9C2: QAction::triggered(bool) (moc_qaction.cpp:208)
==6937== Warning: invalid file descriptor -1 in syscall read()
==6937==    at 0x420D003: __read_nocancel (in /lib/libpthread-2.6.1.so)
==6937==    by 0x45FE693: KCrash::startDrKonqi(char const**, int) (kcrash.cpp:351)
==6937==    by 0x45FECEA: KCrash::defaultCrashHandler(int) (kcrash.cpp:287)
==6937==    by 0x5761287: (within /lib/libc-2.6.1.so)
==6937==    by 0x57629B7: abort (abort.c:88)
==6937==    by 0x575A7D4: __assert_fail (assert.c:78)
==6937==    by 0x79B69CD: FunctionEditor::createFunction(QString const&, QString const&, Function::Type) (functioneditor.cpp:535)
==6937==    by 0x79B7114: FunctionEditor::createParametric() (functioneditor.cpp:494)
==6937==    by 0x79B8524: FunctionEditor::qt_metacall(QMetaObject::Call, int, void**) (functioneditor.moc:87)
==6937==    by 0x413C1F3: QMetaObject::activate(QObject*, int, int, void**) (qobject.cpp:3081)
==6937==    by 0x413C5E1: QMetaObject::activate(QObject*, QMetaObject const*, int, int, void**) (qobject.cpp:3160)
==6937==    by 0x4E9C9C2: QAction::triggered(bool) (moc_qaction.cpp:208)
--6937-- Discarding syms at 0x41E4000-0x41E8000 in /usr/lib/gconv/UTF-16.so due to munmap()
--6937-- Discarding syms at 0x7DF2000-0x7DFA000 in /lib/libnss_compat-2.6.1.so due to munmap()
--6937-- Discarding syms at 0x7E11000-0x7E1B000 in /lib/libnss_nis-2.6.1.so due to munmap()
--6937-- Discarding syms at 0x7DFA000-0x7E11000 in /lib/libnsl-2.6.1.so due to munmap()
--6937-- Discarding syms at 0x7E1B000-0x7E25000 in /lib/libnss_files-2.6.1.so due to munmap()
==6937== 
==6937== ERROR SUMMARY: 18 errors from 8 contexts (suppressed: 41 from 3)
==6937== 
==6937== 1 errors in context 1 of 8:
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400AAF3: _dl_relocate_object (do-rel.h:117)
==6937==    by 0x4004169: dl_main (rtld.c:2284)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==6937== 
==6937== 1 errors in context 2 of 8:
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400A9BD: _dl_relocate_object (do-rel.h:68)
==6937==    by 0x4004169: dl_main (rtld.c:2284)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==6937== 
==6937== 1 errors in context 3 of 8:
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400A9B5: _dl_relocate_object (do-rel.h:65)
==6937==    by 0x4004169: dl_main (rtld.c:2284)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==6937== 
==6937== 1 errors in context 4 of 8:
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400AAF3: _dl_relocate_object (do-rel.h:117)
==6937==    by 0x400454C: dl_main (rtld.c:2214)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==6937== 
==6937== 1 errors in context 5 of 8:
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400B053: _dl_relocate_object (do-rel.h:104)
==6937==    by 0x400454C: dl_main (rtld.c:2214)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==6937== 
==6937== 1 errors in context 6 of 8:
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400A9BD: _dl_relocate_object (do-rel.h:68)
==6937==    by 0x400454C: dl_main (rtld.c:2214)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==6937== 
==6937== 1 errors in context 7 of 8:
==6937== Conditional jump or move depends on uninitialised value(s)
==6937==    at 0x400A9B5: _dl_relocate_object (do-rel.h:65)
==6937==    by 0x400454C: dl_main (rtld.c:2214)
==6937==    by 0x4013C45: _dl_sysdep_start (dl-sysdep.c:239)
==6937==    by 0x400124E: _dl_start (rtld.c:327)
==6937==    by 0x40008A6: (within /lib/ld-2.6.1.so)
==6937== 
==6937== 11 errors in context 8 of 8:
==6937== Source and destination overlap in mempcpy(0x6072278, 0x6072278, 21)
==6937==    at 0x4021E3A: (within /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==6937==    by 0x4022781: mempcpy (in /usr/lib/valgrind/x86-linux/vgpreload_memcheck.so)
==6937==    by 0x579C1D2: _IO_default_xsputn (genops.c:463)
==6937==    by 0x577721E: vfprintf (vfprintf.c:1568)
==6937==    by 0x5790CBA: vsprintf (iovsprintf.c:43)
==6937==    by 0x577CADD: sprintf (sprintf.c:34)
==6937==    by 0x4A3B942: parse_fontdata (omGeneric.c:618)
==6937==    by 0x4A3BAE2: parse_vw (omGeneric.c:1095)
==6937==    by 0x4A3C301: create_oc (omGeneric.c:1233)
==6937==    by 0x49FBC0A: XCreateOC (OCWrap.c:53)
==6937==    by 0x49F20A9: XCreateFontSet (FSWrap.c:185)
==6937==    by 0x541469D: getFontSet(QFont const&) (qximinputcontext_x11.cpp:319)
--6937-- 
--6937-- supp:    2 X11-64bit-padding-2a
--6937-- supp:    5 X11-64bit-padding-1d
--6937-- supp:   34 X11-64bit-padding-1c
==6937== 
==6937== IN SUMMARY: 18 errors from 8 contexts (suppressed: 41 from 3)
==6937== 
==6937== malloc/free: in use at exit: 3,064,241 bytes in 35,945 blocks.
==6937== malloc/free: 398,536 allocs, 362,591 frees, 83,612,589 bytes allocated.
==6937== 
==6937== searching for pointers to 35,945 not-freed blocks.
==6937== checked 23,308,464 bytes.
==6937== 
==6937== LEAK SUMMARY:
==6937==    definitely lost: 11,152 bytes in 420 blocks.
==6937==      possibly lost: 19,804 bytes in 723 blocks.
==6937==    still reachable: 3,033,285 bytes in 34,802 blocks.
==6937==         suppressed: 0 bytes in 0 blocks.
==6937== Rerun with --leak-check=full to see details of leaked memory.
Comment 2 Joey Adams 2008-04-07 00:17:30 UTC 
The cause of the bug is that XParser::findFunctionName in xparser.cpp only looks for f rather than f_x.  Therefore, when the first parametric is created, it is called f_x, f_y.  When the second parametric is created, it looks for f first rather than f_x, f_y first.  It finds no f, so it assumes f_x, f_y is safe to use (which it isn't, thus resulting in a crash).
Comment 3 Eckhart Wörner 2008-12-26 12:37:08 UTC 
SVN commit 901633 by ewoerner:

Make better choice for function name by checking against all used forms of it
BUG: 154348


 M  +1 -1      functioneditor.cpp  
 M  +5 -3      xparser.cpp  
 M  +1 -1      xparser.h  


WebSVN link: http://websvn.kde.org/?view=rev&revision=901633