Bug 383160 - Crash on showing investment price chart
Summary: Crash on showing investment price chart
Status: RESOLVED WORKSFORME
Alias: None
Product: kdiagram
Classification: Applications
Component: KChart (show other bugs)
Version: unspecified
Platform: Other Linux
: NOR crash
Target Milestone: ---
Assignee: Dag Andersen
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-05 08:51 UTC by Ralf Habacker
Modified: 2021-01-16 04:36 UTC (History)
2 users (show)

See Also:
Latest Commit: https://commits.kde.org/kmymoney/751e731ac783224e2b8d55d734aa0c203f41ded9
Version Fixed In: 4.8.1

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Ralf Habacker 2017-08-05 08:51:21 UTC 
After updating kdchart to 2.6 in 4.8 branch (see bug 382427) kmymoney crashes on generating investment price chart. 

How to reproduce: 
1. compile kmymoney from 4.8 branch
2. download attachment 106680 [details] from bug 382378
3. start kmymoney and open kmymoney downloaded from 2
4. Choose Reports -> investment price char

What happens ?
kmymoney crashes

What is expected ?
kmymoney should not crash
Comment 1 Ralf Habacker 2017-08-05 08:53:13 UTC 
Stacktrace: 

Application: KMyMoney (kmymoney), signal: Aborted
Using host libthread_db library "/lib64/libthread_db.so.1".
[Current thread is 1 (Thread 0x7f9e93c39900 (LWP 25110))]

Thread 2 (Thread 0x7f9e745b1700 (LWP 25118)):
#0  0x00007f9e8af58468 in pthread_cond_timedwait@@GLIBC_2.3.2 () at /lib64/libpthread.so.0
#1  0x00007f9e8edc1134 in QWaitCondition::wait(QMutex*, unsigned long) (time=30000, this=0x3249a10) at thread/qwaitcondition_unix.cpp:84
#2  0x00007f9e8edc1134 in QWaitCondition::wait(QMutex*, unsigned long) (this=this@entry=0x3caff00, mutex=mutex@entry=0x3c49a48, time=30000) at thread/qwaitcondition_unix.cpp:158
#3  0x00007f9e8edb4b9a in QThreadPoolThread::run() (this=0x3cafef0) at concurrent/qthreadpool.cpp:142
#4  0x00007f9e8edc0c6f in QThreadPrivate::start(void*) (arg=0x3cafef0) at thread/qthread_unix.cpp:352
#5  0x00007f9e8af53744 in start_thread () at /lib64/libpthread.so.0
#6  0x00007f9e8df6baad in clone () at /lib64/libc.so.6

Thread 1 (Thread 0x7f9e93c39900 (LWP 25110)):
[KCrash Handler]
#6  0x00007f9e8deb68d7 in raise () at /lib64/libc.so.6
#7  0x00007f9e8deb7caa in abort () at /lib64/libc.so.6
#8  0x00007f9e8edb6694 in qt_message_output(QtMsgType, char const*) (msgType=msgType@entry=QtFatalMsg, buf=<optimized out>) at global/qglobal.cpp:2423
#9  0x00007f9e8edb6819 in qt_message(QtMsgType, const char *, typedef __va_list_tag __va_list_tag *) (msgType=msgType@entry=QtFatalMsg, msg=msg@entry=0x7f9e8ef239a0 "ASSERT failure in %s: \"%s\", file %s, line %d", ap=ap@entry=0x7ffc94c524a8) at global/qglobal.cpp:2469
#10 0x00007f9e8edb7024 in qFatal(char const*, ...) (msg=msg@entry=0x7f9e8ef239a0 "ASSERT failure in %s: \"%s\", file %s, line %d") at global/qglobal.cpp:2652
#11 0x00007f9e8edb708e in qt_assert_x(char const*, char const*, char const*, int) (where=where@entry=0x7f9e93615fc1 "QVector<T>::operator[]", what=what@entry=0x7f9e93615fae "index out of range", file=file@entry=0x7f9e93614ca0 "/usr/include/QtCore/qvector.h", line=line@entry=359) at global/qglobal.cpp:2126
#12 0x00007f9e935d8077 in QVector<KDChart::CartesianDiagramDataCompressor::DataPoint>::operator[](int) (this=0xbdbff78, i=i@entry=105) at /usr/include/QtCore/qvector.h:359
#13 0x00007f9e935d4613 in KDChart::CartesianDiagramDataCompressor::invalidate(KDChart::CartesianDiagramDataCompressor::CachePosition const&) (this=this@entry=0x7357058, position=...) at /home/ralf/src/kmymoney-4.8/libkdchart/src/KDChart/Cartesian/KDChartCartesianDiagramDataCompressor_p.cpp:606
#14 0x00007f9e935d47fc in KDChart::CartesianDiagramDataCompressor::slotModelDataChanged(QModelIndex const&, QModelIndex const&) (this=0x7357058, topLeftIndex=..., bottomRightIndex=...) at /home/ralf/src/kmymoney-4.8/libkdchart/src/KDChart/Cartesian/KDChartCartesianDiagramDataCompressor_p.cpp:257
#15 0x00007f9e8eed62da in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=sender@entry=0x74ac0f0, m=m@entry=0x7f9e8f2266a0 <QAbstractItemModel::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffc94c527a0) at kernel/qobject.cpp:3576
#16 0x00007f9e8ef20497 in QAbstractItemModel::dataChanged(QModelIndex const&, QModelIndex const&) (this=this@entry=0x74ac0f0, _t1=..., _t2=...) at .moc/release-shared/moc_qabstractitemmodel.cpp:163
#17 0x00007f9e93593237 in KDChart::AttributesModel::slotDataChanged(QModelIndex const&, QModelIndex const&) (this=0x74ac0f0, topLeft=..., bottomRight=...) at /home/ralf/src/kmymoney-4.8/libkdchart/src/KDChart/KDChartAttributesModel.cpp:691
#18 0x00007f9e8eed62da in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=sender@entry=0x7350890, m=m@entry=0x7f9e8f2266a0 <QAbstractItemModel::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffc94c52940) at kernel/qobject.cpp:3576
#19 0x00007f9e8ef20497 in QAbstractItemModel::dataChanged(QModelIndex const&, QModelIndex const&) (this=this@entry=0x7350890, _t1=..., _t2=...) at .moc/release-shared/moc_qabstractitemmodel.cpp:163
#20 0x00007f9e8fe4e540 in QStandardItemModelPrivate::itemChanged(QStandardItem*) (this=<optimized out>, item=item@entry=0xbdbfc20) at itemviews/qstandarditemmodel.cpp:501
#21 0x00007f9e8fe4efdd in QStandardItem::setData(QVariant const&, int) (this=0xbdbfc20, value=..., role=<optimized out>) at itemviews/qstandarditemmodel.cpp:829
#22 0x00007f9e8fe51b70 in QStandardItemModel::setData(QModelIndex const&, QVariant const&, int) (this=this@entry=0x7350890, index=..., value=..., role=role@entry=0) at itemviews/qstandarditemmodel.cpp:2824
#23 0x0000000000579cf7 in reports::KReportChartView::setDataCell(int, int, double) (this=this@entry=0x7350850, row=row@entry=105, column=column@entry=1, data=3.6499999999999999) at /home/ralf/src/kmymoney-4.8/kmymoney/reports/kreportchartview.cpp:562
#24 0x000000000057a204 in reports::KReportChartView::drawPivotRowSet(int, reports::PivotGridRowSet const&, reports::ERowType, QString const&, int, int) (this=this@entry=0x7350850, rowNum=rowNum@entry=1, rowSet=..., rowType=reports::ePrice, legendText=..., startColumn=startColumn@entry=1, endColumn=endColumn@entry=367) at /home/ralf/src/kmymoney-4.8/kmymoney/reports/kreportchartview.cpp:541
#25 0x000000000057b06f in reports::KReportChartView::drawPivotChart(reports::PivotGrid const&, MyMoneyReport const&, int, QStringList const&, QList<reports::ERowType> const&, QStringList const&) (this=0x7350850, grid=..., config=..., numberColumns=<optimized out>, columnHeadings=..., rowTypeList=..., columnTypeHeaderList=...) at /home/ralf/src/kmymoney-4.8/kmymoney/reports/kreportchartview.cpp:296
#26 0x000000000058240a in reports::PivotTable::drawChart(reports::KReportChartView&) const (this=<optimized out>, chartView=...) at /home/ralf/src/kmymoney-4.8/kmymoney/reports/pivottable.cpp:1897
#27 0x000000000052284a in KReportsView::KReportTab::updateReport() (this=this@entry=0x6667660) at /home/ralf/src/kmymoney-4.8/kmymoney/views/kreportsview.cpp:195
#28 0x0000000000522962 in KReportsView::KReportTab::showEvent(QShowEvent*) (this=0x6667660, event=0x7ffc94c533d0) at /home/ralf/src/kmymoney-4.8/kmymoney/views/kreportsview.cpp:159
#29 0x00007f9e8f91edb5 in QWidget::event(QEvent*) (this=0x6667660, event=0x7ffc94c533d0) at kernel/qwidget.cpp:8607
#30 0x00007f9e8f8cca5c in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x2b499a0, receiver=receiver@entry=0x6667660, e=e@entry=0x7ffc94c533d0) at kernel/qapplication.cpp:4565
#31 0x00007f9e8f8d2f9d in QApplication::notify(QObject*, QEvent*) (this=this@entry=0x2b26b30, receiver=receiver@entry=0x6667660, e=e@entry=0x7ffc94c533d0) at kernel/qapplication.cpp:4351
#32 0x00007f9e905e8e9a in KApplication::notify(QObject*, QEvent*) (this=0x2b26b30, receiver=0x6667660, event=0x7ffc94c533d0) at /usr/src/debug/kdelibs-4.14.34/kdeui/kernel/kapplication.cpp:311
#33 0x00007f9e8eec236d in QCoreApplication::notifyInternal(QObject*, QEvent*) (this=0x2b26b30, receiver=receiver@entry=0x6667660, event=event@entry=0x7ffc94c533d0) at kernel/qcoreapplication.cpp:955
#34 0x00007f9e8f91c51f in QWidgetPrivate::show_helper() (event=0x7ffc94c533d0, receiver=0x6667660) at ../../src/corelib/kernel/qcoreapplication.h:231
#35 0x00007f9e8f91c51f in QWidgetPrivate::show_helper() (this=this@entry=0x6506bc0) at kernel/qwidget.cpp:7569
#36 0x00007f9e8f91e1c4 in QWidget::setVisible(bool) (this=0x6667660, visible=<optimized out>) at kernel/qwidget.cpp:7791
#37 0x00007f9e8f901fa2 in QStackedLayout::setCurrentIndex(int) (this=0x6667660) at ../../src/gui/kernel/qwidget.h:497
#38 0x00007f9e8f901fa2 in QStackedLayout::setCurrentIndex(int) (this=0x3683450, index=index@entry=1) at kernel/qstackedlayout.cpp:313
#39 0x00007f9e8fd13550 in QStackedWidget::setCurrentIndex(int) (this=<optimized out>, index=index@entry=1) at widgets/qstackedwidget.cpp:261
#40 0x00007f9e8fd20626 in QTabWidgetPrivate::_q_showTab(int) (this=0x3675ff0, index=1) at widgets/qtabwidget.cpp:744
#41 0x00007f9e8eed62da in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=0x36eee40, m=m@entry=0x7f9e90385320 <QTabBar::staticMetaObject>, local_signal_index=local_signal_index@entry=0, argv=argv@entry=0x7ffc94c53630) at kernel/qobject.cpp:3576
#42 0x00007f9e8fd160ce in QTabBar::currentChanged(int) (this=<optimized out>, _t1=1) at .moc/release-shared/moc_qtabbar.cpp:214
#43 0x00007f9e8eed62da in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=0x36e17b0, m=m@entry=0x7f9e90392e60 <QTreeWidget::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7ffc94c53760) at kernel/qobject.cpp:3576
#44 0x00007f9e8fe34b40 in QTreeWidget::itemDoubleClicked(QTreeWidgetItem*, int) (this=<optimized out>, _t1=0x75b3660, _t2=0) at .moc/release-shared/moc_qtreewidget.cpp:227
#45 0x00007f9e8eed62da in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=sender@entry=0x36e17b0, m=m@entry=0x7f9e90390220 <QAbstractItemView::staticMetaObject>, local_signal_index=local_signal_index@entry=2, argv=argv@entry=0x7ffc94c53890) at kernel/qobject.cpp:3576
#46 0x00007f9e8fdc2b45 in QAbstractItemView::doubleClicked(QModelIndex const&) (this=this@entry=0x36e17b0, _t1=...) at .moc/release-shared/moc_qabstractitemview.cpp:354
#47 0x00007f9e8fe08d13 in QTreeView::mouseDoubleClickEvent(QMouseEvent*) (this=0x36e17b0, event=0x7ffc94c54040) at itemviews/qtreeview.cpp:1867
#48 0x00007f9e8f91f15e in QWidget::event(QEvent*) (this=this@entry=0x36e17b0, event=event@entry=0x7ffc94c54040) at kernel/qwidget.cpp:8393
#49 0x00007f9e8fcbc3ce in QFrame::event(QEvent*) (this=0x36e17b0, e=0x7ffc94c54040) at widgets/qframe.cpp:557
#50 0x00007f9e8fdcbe83 in QAbstractItemView::viewportEvent(QEvent*) (this=this@entry=0x36e17b0, event=event@entry=0x7ffc94c54040) at itemviews/qabstractitemview.cpp:1644
#51 0x00007f9e8fe0ab40 in QTreeView::viewportEvent(QEvent*) (this=0x36e17b0, event=0x7ffc94c54040) at itemviews/qtreeview.cpp:1252
#52 0x00007f9e8eec24d6 in QCoreApplicationPrivate::sendThroughObjectEventFilters(QObject*, QEvent*) (this=this@entry=0x2b499a0, receiver=receiver@entry=0x3675f70, event=event@entry=0x7ffc94c54040) at kernel/qcoreapplication.cpp:1065
#53 0x00007f9e8f8cca3c in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=this@entry=0x2b499a0, receiver=receiver@entry=0x3675f70, e=e@entry=0x7ffc94c54040) at kernel/qapplication.cpp:4561
#54 0x00007f9e8f8d30da in QApplication::notify(QObject*, QEvent*) (this=this@entry=0x2b26b30, receiver=receiver@entry=0x3675f70, e=e@entry=0x7ffc94c54040) at kernel/qapplication.cpp:4108
#55 0x00007f9e905e8e9a in KApplication::notify(QObject*, QEvent*) (this=0x2b26b30, receiver=0x3675f70, event=0x7ffc94c54040) at /usr/src/debug/kdelibs-4.14.34/kdeui/kernel/kapplication.cpp:311
#56 0x00007f9e8eec236d in QCoreApplication::notifyInternal(QObject*, QEvent*) (this=0x2b26b30, receiver=receiver@entry=0x3675f70, event=event@entry=0x7ffc94c54040) at kernel/qcoreapplication.cpp:955
#57 0x00007f9e8f8d28d3 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) (event=<optimized out>, receiver=<optimized out>) at ../../src/corelib/kernel/qcoreapplication.h:231
#58 0x00007f9e8f8d28d3 in QApplicationPrivate::sendMouseEvent(QWidget*, QMouseEvent*, QWidget*, QWidget*, QWidget**, QPointer<QWidget>&, bool) (receiver=receiver@entry=0x3675f70, event=event@entry=0x7ffc94c54040, alienWidget=alienWidget@entry=0x3675f70, nativeWidget=nativeWidget@entry=0x3683800, buttonDown=buttonDown@entry=0x7f9e903b02c8 <qt_button_down>, lastMouseReceiver=..., spontaneous=spontaneous@entry=true) at kernel/qapplication.cpp:3173
#59 0x00007f9e8f9470db in QETWidget::translateMouseEvent(_XEvent const*) (this=this@entry=0x3683800, event=event@entry=0x7ffc94c543b0) at kernel/qapplication_x11.cpp:4536
#60 0x00007f9e8f945b4c in QApplication::x11ProcessEvent(_XEvent*) (this=0x2b26b30, event=event@entry=0x7ffc94c543b0) at kernel/qapplication_x11.cpp:3653
#61 0x00007f9e8f96c9e2 in x11EventSourceDispatch(GSource*, GSourceFunc, gpointer) (s=0x2b284e0, callback=0x0, user_data=0x0) at kernel/qguieventdispatcher_glib.cpp:146
#62 0x00007f9e89d29134 in g_main_context_dispatch () at /usr/lib64/libglib-2.0.so.0
#63 0x00007f9e89d29388 in  () at /usr/lib64/libglib-2.0.so.0
#64 0x00007f9e89d2942c in g_main_context_iteration () at /usr/lib64/libglib-2.0.so.0
#65 0x00007f9e8eeef19e in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x2b36ae0, flags=...) at kernel/qeventdispatcher_glib.cpp:450
#66 0x00007f9e8f96ca96 in QGuiEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=<optimized out>, flags=...) at kernel/qguieventdispatcher_glib.cpp:204
#67 0x00007f9e8eec0f2f in QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffc94c54780, flags=...) at kernel/qeventloop.cpp:149
#68 0x00007f9e8eec1225 in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (this=this@entry=0x7ffc94c54780, flags=...) at kernel/qeventloop.cpp:204
#69 0x00007f9e8eec6679 in QCoreApplication::exec() () at kernel/qcoreapplication.cpp:1227
#70 0x00007f9e8f8cb22c in QApplication::exec() () at kernel/qapplication.cpp:3823
#71 0x00000000004bac73 in runKMyMoney(KStartupLogo*, KApplication*) (splash=splash@entry=0x2c70500, a=0x2b26b30) at /home/ralf/src/kmymoney-4.8/kmymoney/main.cpp:286
#72 0x00000000004b82ac in main(int, char**) (argc=1, argv=0x7ffc94c55138) at /home/ralf/src/kmymoney-4.8/kmymoney/main.cpp:185
Comment 2 Ralf Habacker 2017-08-05 08:58:17 UTC 
Git commit 751e731ac783224e2b8d55d734aa0c203f41ded9 by Ralf Habacker.
Committed on 05/08/2017 at 08:57.
Pushed by habacker into branch '4.8'.

Fix crash accessing wrong data array on investment price graph

The crash happened because position.column is not used to check
the requested data array instead it checks always the first data
array which fails later in case position.row exceeds array
size.

This commit needs to be posted to the KDChart bug tracker too to be
included in further KDChart releases.

FIXED-IN:4.8.1

M  +1    -1    libkdchart/src/KDChart/Cartesian/KDChartCartesianDiagramDataCompressor_p.cpp

https://commits.kde.org/kmymoney/751e731ac783224e2b8d55d734aa0c203f41ded9
Comment 3 Thomas Baumgart 2017-08-05 09:19:41 UTC 
Reopened and moved to KDiagram and assigned to maintainer for upstream handling
Comment 4 NSLW 2017-08-06 16:31:19 UTC 
(In reply to Thomas Baumgart from comment #3)
> Reopened and moved to KDiagram and assigned to maintainer for upstream
> handling

I'm afraid that KChart developers' time may be wasted here, because, it doesn't crash for me on master branch of KMM. Thomas, can you confirm Ralf's crash?
Comment 5 Ralf Habacker 2017-08-07 08:43:34 UTC 
(In reply to NSLW from comment #4)
> (In reply to Thomas Baumgart from comment #3)
it
> doesn't crash for me on master branch of KMM. Thomas, can you confirm Ralf's
> crash?
If it does not crash it does not mean that there is no bug. See the implementation of CartesianDiagramDataCompressor::mapsToModelIndex

My observations shows that m_data is constructed as following:

m_data
  [0]  column 0
     [0]  row 0 of column 0
     [1]  row 1 of column 0
     [m]  row m of column 0
  [1]  column 1
     [0]  row 0 of column 1
     [1]  row 1 of column 1
     [p]  row p of column 1
  [n]  column n
     [0]  row 0 of column n
     [1]  row 1 of column n
     [q]  row q of column n

     return m_model && m_data.size() > 0 && m_data[ 0 ].size() > 0 &&
            position.column >= 0 && 

position.column < m_data.size() &&
-> this checks if the requested column is in m_data

-           position.row >=0 && position.row < m_data[ 0 ].size();
-> this checks if the requested row is in column 0, which may be wrong if 

+           position.row >=0 && position.row < m_data[ position.column ].size();
instead the requested row needs to be checked against m_data[position.column]
Comment 6 Ralf Habacker 2017-08-07 08:50:40 UTC 
(In reply to Ralf Habacker from comment #5)
> -           position.row >=0 && position.row < m_data[ 0 ].size();
> -> this checks if the requested row is in column 0, which may be wrong if 
On the crash I had 

m_data[0].size was 367
m_data[1].size was 110
position.column was 1
position.row was 110

The original codes checkes that position.row < m_data[ 0 ].size() which returns true (where it should return false) but fails later on access to m_data[1][110] with an out of index exception.
Comment 7 Dag Andersen 2018-03-26 09:26:34 UTC 
(In reply to Ralf Habacker from comment #6)
> (In reply to Ralf Habacker from comment #5)
> > -           position.row >=0 && position.row < m_data[ 0 ].size();
> > -> this checks if the requested row is in column 0, which may be wrong if 
> On the crash I had 
> 
> m_data[0].size was 367
> m_data[1].size was 110
> position.column was 1
> position.row was 110
If I understand item models correctly, this should be impossible as all rows with the same parent must have the same column count, so you should get the same number of rows for all columns.
> 
> The original codes checkes that position.row < m_data[ 0 ].size() which
> returns true (where it should return false) but fails later on access to
> m_data[1][110] with an out of index exception.
There are many places in the code it is assumed that all column have the same tow count.

I'm afraid this will just hide a problem eslewhere.
I have tested master branch with the attached file but cannot trigger a crash.
More info will be appricated.
Comment 8 Justin Zobel 2020-12-17 05:35:24 UTC 
Thank you for the crash report.

As it has been a while since this was reported, can you please test and confirm if this issue is still occurring or if this bug report can be marked as resolved.

I have set the bug status to "needsinfo" pending your response, please change back to "reported" or "resolved/worksforme" when you respond, thank you.
Comment 9 Bug Janitor Service 2021-01-01 04:37:15 UTC 
Dear Bug Submitter,

This bug has been in NEEDSINFO status with no change for at least
15 days. Please provide the requested information as soon as
possible and set the bug status as REPORTED. Due to regular bug
tracker maintenance, if the bug is still in NEEDSINFO status with
no change in 30 days the bug will be closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

If you have already provided the requested information, please
mark the bug as REPORTED so that the KDE team knows that the bug is
ready to be confirmed.

Thank you for helping us make KDE software even better for everyone!
Comment 10 Bug Janitor Service 2021-01-16 04:36:11 UTC 
This bug has been in NEEDSINFO status with no change for at least
30 days. The bug is now closed as RESOLVED > WORKSFORME
due to lack of needed information.

For more information about our bug triaging procedures please read the
wiki located here:
https://community.kde.org/Guidelines_and_HOWTOs/Bug_triaging

Thank you for helping us make KDE software even better for everyone!