Bug 1220831

Summary: plotyy crashes octave due to problem in the default graphics engine (FLTK)
Product: [Fedora] Fedora Reporter: Przemek Klosowski <przemek>
Component: octaveAssignee: Jaromír Cápík <jcapik>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 21CC: alex, fkluknav, jcapik, mmahut, orion, ovasik, rakesh.pandit, susi.lehtola
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-05-12 15:50:56 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Przemek Klosowski 2015-05-12 14:56:26 UTC 
Description of problem:
plotyy crashes octave due to problem in the default graphics engine (FLTK)

Version-Release number of selected component (if applicable):
octave-3.8.2-9.fc21.x86_64

How reproducible: every time

Steps to Reproduce:
1. run octave
2. x=1:10; plotyy(x,x,x,x);

Actual results: Octave crashes with SEGV

Expected results: Octave does not crash and displays a graph
Comment 1 Przemek Klosowski 2015-05-12 14:57:18 UTC 
This is caused by FLTK because 

graphics_toolkit("gnuplot")
x=1:10;plotyy(x,x,x,x);

works fine and gives expected plot
Comment 2 Przemek Klosowski 2015-05-12 15:02:04 UTC 
The crash is caused by a corrupted 'overlay' variable  in Fl_Gl_Window::show (this=0xd0e180) at Fl_Gl_Window.cxx:87 :

 if (overlay && overlay != this) ((Fl_Gl_Window*)overlay)->show();

p overlay
$1 = (void *) 0x3ff0000000000000

p *(Fl_Gl_Window*)overlay
Cannot access memory at address 0x3ff0000000000000
Comment 3 Przemek Klosowski 2015-05-12 15:07:26 UTC 
Just for completeness, I have fltk-1.3.3-2.fc21.x86_64
Comment 4 Orion Poplawski 2015-05-12 15:50:56 UTC 

*** This bug has been marked as a duplicate of bug 1218360 ***
Comment 5 Przemek Klosowski 2015-05-12 15:56:32 UTC 
There seems to be a problem with the multiple definition of overlay. When Octave crashes, overlay as seen in the crashing leaf procedure Fl_Gl_Window::show is corrupted to (void *) 0x3ff0000000000000 (see comment 2), but up in the call stack it is different: 

up
 #1  0x00007fffeef98a90 in Fl_Window::handle (this=this@entry=0xcd7f30, 
    ev=ev@entry=16) at Fl.cxx:1613

p overlay
  $6 = {int (const WINDOW *, WINDOW *)} 0x330a6121e0 <overlay>

which happens to be identical to the definition of overlay just after Octave starts.