Floating point numbers cause KJS to get caught in an infinite loop

Bug #623633 reported by Michael Vincent
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kdelibs (Ubuntu)

Bug Description

Binary package hint: kdelibs4c2a

I listed a binary package because this appears to be some kind of build or optimization issue (the source package is kdelibs). I rebuilt kdelibs on my local machine without optimization and was no longer able to reproduce the problem. I'll try another rebuild with optimization to see if it's the build or the optimization that is the problem.

I'm testing on this virtual machine: http://www.quotrader.org/vm/ubuntu1004t/
I applied all of the available updates using apt-get.

Steps to reproduce:
1. Install Kst:
    sudo apt-get install kst
2. Launch Kst:
    Applications -> Accessories -> Kst
3. Enable Kst JavaScript extension:
    Settings -> Extensions -> Javascript Extension
4. Open a terminal and execute the following command to evaluate a simple floating point number in JavaScript:
    echo "3.14" | kstcmd
5. KJS will get stuck in an infinite loop with the following backtrace. I haven't analyzed why it's getting stuck.

#0 mult (a=<value optimized out>, b=<value optimized out>) at /build/buildd/kdelibs-3.5.10.dfsg.1/./kjs/dtoa.cpp:802
#1 0x02a45634 in pow5mult (b=<value optimized out>, k=-2048) at /build/buildd/kdelibs-3.5.10.dfsg.1/./kjs/dtoa.cpp:915
#2 0x02a45b8f in kjs_dtoa (d=3.1400000000000001, mode=0, ndigits=0, decpt=0xbfffde88, sign=0xbfffde84, rve=0x0) at /build/buildd/kdelibs-3.5.10.dfsg.1/./kjs/dtoa.cpp:3065
#3 0x02a4b02f in KJS::UString::from (d=3.1400000000000001) at /build/buildd/kdelibs-3.5.10.dfsg.1/./kjs/ustring.cpp:396
#4 0x02a4b329 in KJS::NumberImp::toString (this=0x86840a0) at /build/buildd/kdelibs-3.5.10.dfsg.1/./kjs/internal.cpp:275
#5 0x02a53a1a in KJS::ValueImp::dispatchToString (this=0xadd8b2d4, exec=0x83aa3c0) at /build/buildd/kdelibs-3.5.10.dfsg.1/./kjs/value.cpp:202
#6 0x02451a81 in JSIfaceImpl::evaluate(QString const&) () from /usr/lib/kde3/kstextension_js.so

Large integers also cause issues. Values bigger than 536870911 and smaller than -536870912 (29 bits) produce weird ASCII character output (and then segfaults with bigger numbers).

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: kdelibs4c2a 4:3.5.10.dfsg.1-3ubuntu2
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic
Uname: Linux 2.6.32-21-generic i686
Architecture: i386
Date: Tue Aug 24 16:21:09 2010
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100427.1)
SourcePackage: kdelibs

Revision history for this message
Michael Vincent (vyncebox) wrote :
tags: added: javascript kde kjs kst
Revision history for this message
Michael Vincent (vyncebox) wrote :

As a quick reference, it gets stuck in the do... while() loop on line 739 here:

Revision history for this message
Michael Vincent (vyncebox) wrote :

Rebuilding normally (with optimization) causes the problem to occur again. So this bug is related to the optimization level.

It works when I build kdelibs like this:
DEB_BUILD_OPTIONS="nostrip noopt" dpkg-buildpackage

It doesn't work when I build kdelibs like this:

Revision history for this message
Jonathan Thomas (echidnaman) wrote :

KDE3 is unmaintained by upstream and has been removed from the archive for Kubuntu 11.10 and beyond. As such, bugfixes will no longer be provided.

Changed in kdelibs (Ubuntu):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers