Bug 491327

Summary: KCalc segfault, index out of bounds in KCalculator::commit_Input_
Product: [Applications] kcalc Reporter: LaughingMan <lingm+kdebugs>
Component: generalAssignee: Gabriel Barrantes <gabriel.barrantes.dev>
Status: RESOLVED FIXED    
Severity: crash CC: gabriel.barrantes.dev, olib141
Priority: NOR    
Version First Reported In: 24.05.2   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: https://invent.kde.org/utilities/kcalc/-/commit/4776dc3cd662bf704480a0e02cd7a74fdff516db Version Fixed/Implemented In:
Sentry Crash Report: https://crash-reports.kde.org/organizations/kde/issues/44094/?project=739
Attachments: Backtrace

Description LaughingMan 2024-08-05 20:28:16 UTC 
Created attachment 172321 [details]
Backtrace

SUMMARY
KCalc segfaulted while typing. The coredump gave me this as a hint:
> #0  0x000056fad5980195 in QList<KCalcToken>::at (this=<optimized out>, i=<optimized out>) at /usr/include/qt6/QtCore/qlist.h:435
> #1  KCalculator::commit_Input_() [clone .isra.0] (this=<optimized out>) at /usr/src/debug/kcalc/kcalc-24.05.2/kcalc.cpp:2359
>#2  0x000056fad594b295 in KCalculator::slotInputChanged (this=0x56faef014fc0) at /usr/src/debug/kcalc/kcalc-24.05.2/kcalc.cpp:1418

The full backtrace is attached.

STEPS TO REPRODUCE
Didn't manage to reproduce. Only have the core dump to go by. The segfault happened while entering "()" into an empty KCalc instance. Not sure if on the first or second parenthesis or if I pressed an arrow key afterwards. Might be entirely irrelevant anyway.

OBSERVED RESULT
> [24197.608659] kcalc[56773]: segfault at 56f737227ee4 ip 000056fad5980195 sp 00007fff060bf780 error 4 in kcalc[67195,56fad5930000+51000] likely on CPU 3 (core 3, socket 0)
> [24197.608667] Code: 03 00 00 01 00 00 00 0f 85 a5 ea ff ff 49 63 95 00 04 00 00 48 8d 04 d5 00 00 00 00 48 29 d0 49 8b 95 d0 03 00 00 48 8d 04 c2 <8b> 40 34 41 c6 85 f5 03 00 00 01 41 89 85 fc 03 00 00 e9 e9 ea ff

EXPECTED RESULT
No segfault

SOFTWARE/OS VERSIONS
Operating System: EndeavourOS 
KDE Plasma Version: 6.1.3
KDE Frameworks Version: 6.4.0
Qt Version: 6.7.2

ADDITIONAL INFORMATION
Comment 1 Gabriel Barrantes 2024-08-05 23:44:57 UTC 
i could not reproduce it, however I think it can be related to: 
  https://invent.kde.org/utilities/kcalc/-/merge_requests/99
that is already fixed on the next version (24.08) so for now I will leave it as confirmed but shouldn't be a problem.
Comment 2 LaughingMan 2024-08-05 23:54:25 UTC 
Tested a bit more. It takes a few tries but reproduction steps are:
1. Open KCalc
2. Either type "(" on the keyboard or click the "("  button.
3. Segfault

Reproduces ~50% of the time with the keyboard and ~20% of the time when clicking the button with the mouse.
Comment 3 Bug Janitor Service 2024-08-06 20:06:46 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/utilities/kcalc/-/merge_requests/138
Comment 4 Gabriel Barrantes 2024-08-06 20:18:31 UTC 
(In reply to LaughingMan from comment #2)
> Tested a bit more. It takes a few tries but reproduction steps are:
> 1. Open KCalc
> 2. Either type "(" on the keyboard or click the "("  button.
> 3. Segfault
> 
> Reproduces ~50% of the time with the keyboard and ~20% of the time when
> clicking the button with the mouse.
 
UB, quite hard to reach for sure, great catch.
Comment 5 Gabriel Barrantes 2024-08-06 20:49:52 UTC 
Git commit 4776dc3cd662bf704480a0e02cd7a74fdff516db by Gabriel Barrantes.
Committed on 06/08/2024 at 20:05.
Pushed by gabrielbarrantes into branch 'master'.

Set error Index for edge cases

Set error index to last token as a workaround for cases that escape
initial error parsing. This does not sets the exact index where the
error is located but for now avoids unexpected seg-fault erros.

M  +5    -0    kcalc_core.cpp

https://invent.kde.org/utilities/kcalc/-/commit/4776dc3cd662bf704480a0e02cd7a74fdff516db
Comment 6 LaughingMan 2024-08-07 00:07:37 UTC 
> UB, quite hard to reach for sure, great catch.

Thanks for the quick fix!