STEPS TO REPRODUCE 1. Open Overview effect 2. Type "4000 yen" into search field 3. Navigate to a result and press enter OBSERVED RESULT #0 0x7f923c06b137 in __interceptor_memmove ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:882 #1 0x7f91da159b9f (/lib64/libqalculate.so.22+0x159b9f) (BuildId: c44d8756e576c054984f0ecf66619b474ac6d734) #2 0x7f91da150971 in Calculator::nameChanged(ExpressionItem*, bool) (/lib64/libqalculate.so.22+0x150971) (BuildId: c44d8756e576c054984f0ecf66619b474ac6d734) #3 0x7f91da218956 in ExpressionItem::addName(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, unsigned long, bool) (/lib64/libqalculate.so.22+0x218956) (BuildId: c44d8756e576c054984f0ecf66619b474ac6d734) #4 0x7f91da14d09a in Calculator::addBuiltinVariables() (/lib64/libqalculate.so.22+0x14d09a) (BuildId: c44d8756e576c054984f0ecf66619b474ac6d734) #5 0x7f91da14320a in Calculator::Calculator() (/lib64/libqalculate.so.22+0x14320a) (BuildId: c44d8756e576c054984f0ecf66619b474ac6d734) #6 0x7f9201159993 in QalculateEngine::QalculateEngine(QObject*) /home/nico/kde6/src/plasma-workspace/runners/calculator/qalculate_engine.cpp:60 #7 0x7f9201172521 in std::__detail::_MakeUniq<QalculateEngine>::__single_object std::make_unique<QalculateEngine>() /usr/include/c++/13/bits/unique_ptr.h:1070 #8 0x7f920116e835 in CalculatorRunner::calculate(QString const&, bool*, int, QString const&) /home/nico/kde6/src/plasma-workspace/runners/calculator/calculatorrunner.cpp:153 #9 0x7f920116dcb7 in CalculatorRunner::match(KRunner::RunnerContext&) /home/nico/kde6/src/plasma-workspace/runners/calculator/calculatorrunner.cpp:133 #10 0x7f920baaef72 in KRunner::AbstractRunner::matchInternal(KRunner::RunnerContext) /home/nico/kde6/src/krunner/src/abstractrunner.cpp:177 #11 0x7f920baaf316 in KRunner::AbstractRunner::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) /home/nico/kde6/build/krunner/src/KF6Runner_autogen/include/moc_abstractrunner.cpp:173 #12 0x7f92347cb2ad in QObject::event(QEvent*) (/lib64/libQt6Core.so.6+0x1cb2ad) (BuildId: da7667e446842b4ec5e606c6775afb0da17fb3fa) #13 0x7f92365c094d in QApplicationPrivate::notify_helper(QObject*, QEvent*) /usr/src/debug/qtbase-everywhere-src-6.6.1/src/widgets/kernel/qapplication.cpp:3296 #14 0x7f92347878b7 in QCoreApplication::notifyInternal2(QObject*, QEvent*) /usr/src/debug/qtbase-everywhere-src-6.6.1/src/corelib/kernel/qcoreapplication.cpp:1121 #15 0x7f9234787c16 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) /usr/src/debug/qtbase-everywhere-src-6.6.1/src/corelib/kernel/qcoreapplication.cpp:1901 #16 0x7f92349ad9e2 in postEventSourceDispatch /usr/src/debug/qtbase-everywhere-src-6.6.1/src/corelib/kernel/qeventdispatcher_glib.cpp:243 #17 0x7f9232513f2f in g_main_dispatch ../glib/gmain.c:3476 #18 0x7f9232513f2f in g_main_context_dispatch_unlocked ../glib/gmain.c:4284 #19 0x7f9232515b57 in g_main_context_iterate_unlocked ../glib/gmain.c:4349 #20 0x7f923251620b in g_main_context_iteration ../glib/gmain.c:4414 #21 0x7f92349abc6b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (/lib64/libQt6Core.so.6+0x3abc6b) (BuildId: da7667e446842b4ec5e606c6775afb0da17fb3fa) #22 0x7f923479211a in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) (/lib64/libQt6Core.so.6+0x19211a) (BuildId: da7667e446842b4ec5e606c6775afb0da17fb3fa) #23 0x7f92348674a3 in QThread::exec() (/lib64/libQt6Core.so.6+0x2674a3) (BuildId: da7667e446842b4ec5e606c6775afb0da17fb3fa) #24 0x7f92348e62c8 in terminate_on_exception<QThreadPrivate::start(void*)::<lambda()> > /usr/src/debug/qtbase-everywhere-src-6.6.1/src/corelib/thread/qthread_unix.cpp:324 #25 0x7f92348e62c8 in QThreadPrivate::start(void*) /usr/src/debug/qtbase-everywhere-src-6.6.1/src/corelib/thread/qthread_unix.cpp:283 #26 0x7f9233e8ff43 in start_thread /usr/src/debug/glibc-2.38/nptl/pthread_create.c:444 #27 0x7f9233f184cb in clone3 ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78 3001f2ea90 is located 14 bytes after 18-byte region [0x603001f2ea70,0x603001f2ea82) cated by thread T58 (calculator) here: #0 0x7f923c0dc03f in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7f923251c94d in g_malloc ../glib/gmem.c:130 ad T33 (calculator) created by T0 here: #0 0x7f923c04b6a6 in __interceptor_pthread_create ../../../../libsanitizer/asan/asan_interceptors.cpp:208 #1 0x7f92348e45ae in QThread::start(QThread::Priority) (/lib64/libQt6Core.so.6+0x2e45ae) (BuildId: da7667e446842b4ec5e606c6775afb0da17fb3fa) #2 0x60400055245f (<unknown module>) ad T58 (calculator) created by T0 here: #0 0x7f923c04b6a6 in __interceptor_pthread_create ../../../../libsanitizer/asan/asan_interceptors.cpp:208 #1 0x7f92348e45ae in QThread::start(QThread::Priority) (/lib64/libQt6Core.so.6+0x2e45ae) (BuildId: da7667e446842b4ec5e606c6775afb0da17fb3fa) #2 0x604000ad661f (<unknown module>) AddressSanitizer: heap-buffer-overflow ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc:882 in __interceptor_memmove SOFTWARE/OS VERSIONS KDE Plasma Version: master KDE Frameworks Version: master Qt Version: 6.6.1 ADDITIONAL INFORMATION
what is the qalculate version?
On latest neon unstable I can trigger the crash if I type anything that triggers the calculator. For example, if I type 22 in the search box in the overview effect, the crash is triggered.
Seems to be caused by the commits removing the mutex in https://invent.kde.org/plasma/plasma-workspace/-/merge_requests/2988
Alternate steps to reproduce: 1. In system settings, only enable calculator in plasma search 2. enable overview effect 3. type 3*3 steps 2-3 may need to be repeated a couple of times to trigger the crash.
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-workspace/-/merge_requests/3740
For me this bug only seems to happen with multiple screens.
Git commit de9d07981e93814e407b05fe7dcebf0312d1e3cf by Alexander Lohnau, on behalf of Yifan Zhu. Committed on 17/01/2024 at 22:09. Pushed by alex into branch 'master'. runners/calculator: add mutex for CALCULATOR creation/destruction When using the search field in the overview effect with multiple monitors, multiple concurrent calls to match(...) are issued. Since Qalculate is initialized on demand, multiple calls to its constructor may be issued at the same time. This can cause race conditions in accessing the global CALCULATOR instance. Add mutex to protect its construction and destruction. M +5 -0 runners/calculator/qalculate_engine.cpp https://invent.kde.org/plasma/plasma-workspace/-/commit/de9d07981e93814e407b05fe7dcebf0312d1e3cf
Git commit e8a7181bcf205d16df3ad10f41e57b42d514206d by Yifan Zhu. Committed on 17/01/2024 at 22:41. Pushed by fanzhuyifan into branch 'Plasma/6.0'. runners/calculator: add mutex for CALCULATOR creation/destruction When using the search field in the overview effect with multiple monitors, multiple concurrent calls to match(...) are issued. Since Qalculate is initialized on demand, multiple calls to its constructor may be issued at the same time. This can cause race conditions in accessing the global CALCULATOR instance. Add mutex to protect its construction and destruction. (cherry picked from commit de9d07981e93814e407b05fe7dcebf0312d1e3cf) M +5 -0 runners/calculator/qalculate_engine.cpp https://invent.kde.org/plasma/plasma-workspace/-/commit/e8a7181bcf205d16df3ad10f41e57b42d514206d