Bug#909366: marked as done (libqt5webkit5: segfault in JSC::Structure::globalObject())

To: Dmitry Shachnev <mitya57@debian.org>
Subject: Bug#909366: marked as done (libqt5webkit5: segfault in JSC::Structure::globalObject())
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Fri, 22 Mar 2019 17:51:05 +0000
Message-id: <[🔎] handler.909366.D909366.155327699126986.ackdone@bugs.debian.org>
Reply-to: 909366@bugs.debian.org
References: <E1h7OIe-000Czp-Qe@fasolo.debian.org> <20180922160601.4gqqnpjch2tszcwt@jwilk.net>

Your message dated Fri, 22 Mar 2019 17:49:48 +0000
with message-id <E1h7OIe-000Czp-Qe@fasolo.debian.org>
and subject line Bug#909366: fixed in qtwebkit-opensource-src 5.212.0~alpha2-21
has caused the Debian Bug report #909366,
regarding libqt5webkit5: segfault in JSC::Structure::globalObject()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
909366: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909366
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: libqt5webkit5: segfault in JSC::Structure::globalObject()
From: Jakub Wilk <jwilk@jwilk.net>
Date: Sat, 22 Sep 2018 18:06:01 +0200
Message-id: <20180922160601.4gqqnpjch2tszcwt@jwilk.net>

Package: libqt5webkit5
Version: 5.212.0~alpha2-15

Programs that use QtWebKit (at least wkhtmltopdf and arora) crash on theattached HTML file:


  $ wkhtmltopdf --quiet crash.html tmp.pdf
  QApplication: invalid style override passed, ignoring it.
  libpng warning: iCCP: known incorrect sRGB profile
  libpng warning: iCCP: known incorrect sRGB profile
  Segmentation fault

Backtrace:

#0  0xf5f6bb65 in JSC::Structure::globalObject() const () at ../Source/JavaScriptCore/runtime/Structure.h:247
#1  0xf5f6bb65 in JSC::JSObject::globalObject() const () at ../Source/JavaScriptCore/runtime/JSObject.h:648
#2  0xf5f6bb65 in WebCore::JSDOMObject::globalObject() const () at ../Source/WebCore/bindings/js/JSDOMWrapper.h:40
#3  0xf5f6bb65 in WebCore::JSDOMObject::scriptExecutionContext() const () at ../Source/WebCore/bindings/js/JSDOMWrapper.h:41
#4  0xf5f6bb65 in WebCore::DOMConstructorWithDocument::document() const () at ../Source/WebCore/bindings/js/DOMConstructorWithDocument.h:35
#5  0xf5f6bb65 in WebCore::JSDOMNamedConstructor<WebCore::JSHTMLImageElement>::construct(JSC::ExecState*) () at ../Source/WebCore/bindings/js/JSImageConstructor.cpp:50
#6  0xf586a3ea in handleHostCall() () at ../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1131
#7  0xf5874e04 in JSC::LLInt::genericCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind) () at ../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1238
#8  0xf5874e04 in llint_slow_path_construct() () at ../Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:1250
#9  0xf56a892f in llint_entry () at /usr/lib/i386-linux-gnu/libQt5WebKit.so.5
#10 0xf56a3e9c in vmEntryToJavaScript () at /usr/lib/i386-linux-gnu/libQt5WebKit.so.5
#11 0xf564133c in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) () at ../Source/JavaScriptCore/jit/JITCode.cpp:80
#12 0xf560a1a1 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) () at ../Source/JavaScriptCore/interpreter/Interpreter.cpp:971
#13 0xf53a54dc in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () at ../Source/JavaScriptCore/runtime/Completion.cpp:106
#14 0xf53a574a in JSC::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () at ../Source/JavaScriptCore /runtime/Completion.cpp:121
#15 0xf6018477 in WebCore::JSMainThreadExecState::profiledEvaluate(JSC::ExecState*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) () at ../Source/WebCore/bindings/js/JSMainThreadExecState.h:80
#16 0xf6018477 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&, WebCore::ExceptionDetails*) () at ../Source/WebCore/bindings/js/ScriptController.cpp:164
#17 0xf60187a8 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&, WebCore::ExceptionDetails*) () at ../Source/WebCore/bindings/js/ScriptController.cpp:180
#18 0xf5e16c35 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) () at ../Source/WebCore/dom/ScriptElement.cpp:314
#19 0xf5e170de in WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) () at ../Source/WebCore/dom/ScriptElement.cpp:245
#20 0xf60ae292 in WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) () at ../Source/WebCore/html/parser/HTMLScriptRunner.cpp:302
#21 0xf60aec5a in WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) () at ../Source/WebCore/html/parser/HTMLScriptRunner.cpp:175
#22 0xf60a23c9 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() () at ../Source/WebCore/html/parser/HTMLDocumentParser.cpp:195
#23 0xf60a24ac in WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) () at ../Source/WebCore/html/parser/HTMLDocumentParser.cpp:213
#24 0xf60a443e in WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) () at ../Source/WebCore/html/parser/HTMLDocumentParser.cpp:201
#25 0xf60a443e in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) () at ../Source/WebCore/html/parser/HTMLDocumentParser.cpp:252
#26 0xf60a57cb in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) () at ../Source/WebCore/html/parser/HTMLDocumentParser.cpp:382
#27 0xf5dac513 in WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) () at ../Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#28 0xf60fa1d7 in WebCore::DocumentWriter::end() () at ../Source/WebCore/loader/DocumentWriter.cpp:260
#29 0xf60f00cd in WebCore::DocumentLoader::finishedLoading(double) () at ../Source/WebCore/loader/DocumentLoader.cpp:435
#30 0xf60f029d in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) () at ../Source/WebCore/loader/DocumentLoader.cpp:382
#31 0xf6161311 in WebCore::CachedResource::checkNotify() () at ../Source/WebCore/loader/cache/CachedResource.cpp:296
#32 0xf615c621 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) () at ../Source/WebCore/loader/cache/CachedRawResource.cpp:103
#33 0xf61450c9 in WebCore::SubresourceLoader::didFinishLoading(double) () at ../Source/WebCore/loader/SubresourceLoader.cpp:428
#34 0xf6430fc3 in WebCore::QNetworkReplyHandler::finish() () at ../Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:524
#35 0xf6430915 in WebCore::QNetworkReplyHandlerCallQueue::flush() () at ../Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:258
#36 0xf6430b1b in WebCore::QNetworkReplyHandlerCallQueue::flush() () at ../Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:252
#37 0xf6430b1b in WebCore::QNetworkReplyHandlerCallQueue::push(void (WebCore::QNetworkReplyHandler::*)()) () at ../Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:218
#38 0xf6430b1b in WebCore::QNetworkReplyWrapper::didReceiveFinished() () at ../Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:417
#39 0xf3b5490f in QMetaObject::activate(QObject*, int, int, void**) (sender=<optimized out>, signalOffset=<optimized out>, local_signal_index=<optimized out>, argv=<optimized out>) at kernel/qobject.cpp:3771
#40 0xf3b54eed in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) (sender=0x5775f2d0, m=0xf3fe3da8 <QNetworkReply::staticMetaObject>, local_signal_index=1, argv=0x0) at kernel/qobject.cpp:3633
#41 0xf3f3a702 in QNetworkReply::finished() (this=0x5775f2d0) at .moc/moc_qnetworkreply.cpp:380
#42 0xf3f3ab79 in QNetworkReply::qt_static_metacall(QObject*, QMetaObject::Call, int, void**) (_o=0x5775f2d0, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x57784530) at .moc/moc_qnetworkreply.cpp:222
#43 0xf3b51796 in QMetaCallEvent::placeMetaCall(QObject*) (this=0x57784550, object=0x5775f2d0) at kernel/qobject.cpp:506
#44 0xf3b551ab in QObject::event(QEvent*) (this=0x5775f2d0, e=0x57784550) at kernel/qobject.cpp:1251
#45 0xf4a310a6 in QApplicationPrivate::notify_helper(QObject*, QEvent*) (this=0x576d32b0, receiver=0x5775f2d0, e=0x57784550) at kernel/qapplication.cpp:3727
#46 0xf4a38fd9 in QApplication::notify(QObject*, QEvent*) (this=0xffd1414c, receiver=0x5775f2d0, e=0x57784550) at kernel/qapplication.cpp:3486
#47 0xf3b28aaa in QCoreApplication::notifyInternal2(QObject*, QEvent*) (receiver=0x5775f2d0, event=0x57784550) at ../../include/QtCore/../../src/corelib/kernel/qobject.h:142
#48 0xf3b2bdb9 in QCoreApplication::sendEvent(QObject*, QEvent*) (event=0x57784550, receiver=<optimized out>) at kernel/qcoreapplication.h:234
#49 0xf3b2bdb9 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) (receiver=<optimized out>, event_type=<optimized out>, data=0x576badb0) at kernel/qcoreapplication.cpp:1745
#50 0xf3b2c1c7 in QCoreApplication::sendPostedEvents(QObject*, int) (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1599
#51 0xf3b81b13 in postEventSourceDispatch(GSource*, GSourceFunc, gpointer) (s=0x576fc0c0) at kernel/qeventdispatcher_glib.cpp:276
#52 0xf1d92b2d in g_main_context_dispatch () at /usr/lib/i386-linux-gnu/libglib-2.0.so.0
#53 0xf1d92de9 in  () at /usr/lib/i386-linux-gnu/libglib-2.0.so.0
#54 0xf1d92e94 in g_main_context_iteration () at /usr/lib/i386-linux-gnu/libglib-2.0.so.0
#55 0xf3b810d8 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x576fa360, flags=...) at kernel/qeventdispatcher_glib.cpp:423
#56 0xee929373 in QPAEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (this=0x576fa360, flags=...) at qeventdispatcher_glib.cpp:69
#57 0xf3b28bf0 in QCoreApplication::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) (flags=...) at /usr/include/c++/8/bits/atomic_base.h:707
#58 0x5658bf7a in wkhtmltopdf::ConverterPrivate::convert() (this=0x576fbc00) at ../lib/converter.cc:94
#59 0x56572984 in main(int, char**) (argc=<optimized out>, argv=0xffd145a4) at wkhtmltopdf.cc:234


-- System Information:
Architecture: i386

Versions of packages libqt5webkit5 depends on:
ii  dpkg                                   1.19.0.5+b1
ii  libc6                                  2.27-6
ii  libgcc1                                1:8.2.0-7
ii  libglib2.0-0                           2.58.1-2
ii  libgstreamer-plugins-base1.0-0         1.14.3-2
ii  libgstreamer1.0-0                      1.14.3-1
ii  libhyphen0                             2.8.8-5
ii  libicu60                               60.2-6
ii  libjpeg62-turbo                        1:1.5.2-2+b1
ii  libpng16-16                            1.6.34-2
ii  libqt5core5a [qtbase-abi-5-11-0]       5.11.1+dfsg-8
ii  libqt5gui5                             5.11.1+dfsg-8
ii  libqt5network5                         5.11.1+dfsg-8
ii  libqt5positioning5                     5.11.1+dfsg-4
ii  libqt5printsupport5                    5.11.1+dfsg-8
ii  libqt5qml5 [qtdeclarative-abi-5-11-0]  5.11.1-5
ii  libqt5quick5                           5.11.1-5
ii  libqt5sensors5                         5.11.1-3
ii  libqt5webchannel5                      5.11.1-3
ii  libqt5widgets5                         5.11.1+dfsg-8
ii  libsqlite3-0                           3.25.1-1
ii  libstdc++6                             8.2.0-7
ii  libwebp6                               0.6.1-2
ii  libwoff1                               1.0.2-1
ii  libxml2                                2.9.4+dfsg1-7+b1
ii  libxslt1.1                             1.1.32-2
ii  zlib1g                                 1:1.2.11.dfsg-1

--
Jakub Wilk

--- End Message ---

--- Begin Message ---

To: 909366-close@bugs.debian.org
Subject: Bug#909366: fixed in qtwebkit-opensource-src 5.212.0~alpha2-21
From: Dmitry Shachnev <mitya57@debian.org>
Date: Fri, 22 Mar 2019 17:49:48 +0000
Message-id: <E1h7OIe-000Czp-Qe@fasolo.debian.org>

Source: qtwebkit-opensource-src
Source-Version: 5.212.0~alpha2-21

We believe that the bug you reported is fixed in the latest version of
qtwebkit-opensource-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 909366@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Dmitry Shachnev <mitya57@debian.org> (supplier of updated qtwebkit-opensource-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 22 Mar 2019 11:42:38 +0300
Source: qtwebkit-opensource-src
Architecture: source
Version: 5.212.0~alpha2-21
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Dmitry Shachnev <mitya57@debian.org>
Closes: 909366 924402
Changes:
 qtwebkit-opensource-src (5.212.0~alpha2-21) unstable; urgency=medium
 .
   * Add fastcall attribute to JSImageConstructor::construct method.
     This fixes crash on i386 (closes: #909366, #924402). Thanks Bernhard
     Übelacker for the patch!
   * Remove -fpermissive from build flags. It was wrong and not needed
     with the applied patch.
Checksums-Sha1:
 61baa9a5198e77b28961ba283606b624997d88a8 3256 qtwebkit-opensource-src_5.212.0~alpha2-21.dsc
 eb4a6f4c517cb5b3bf7a78cb762a61a1b700bcf1 68792 qtwebkit-opensource-src_5.212.0~alpha2-21.debian.tar.xz
 163263b28181c91ed1050fe6955ef76684424910 15217 qtwebkit-opensource-src_5.212.0~alpha2-21_source.buildinfo
Checksums-Sha256:
 5d7d72debd191cec311b8a0cf83cc6b9f0147728103813e6423b6f131b55dcb9 3256 qtwebkit-opensource-src_5.212.0~alpha2-21.dsc
 15963e7f8966fb2ff258ee7373a086040a69a53e480e775bda4efac6789e70ce 68792 qtwebkit-opensource-src_5.212.0~alpha2-21.debian.tar.xz
 2a7dbd5cb0395cf3e0a88e2c65465efa36a351e672451da4c883889c6af62ac1 15217 qtwebkit-opensource-src_5.212.0~alpha2-21_source.buildinfo
Files:
 5b777a115de81b327144d9fc88933405 3256 libs optional qtwebkit-opensource-src_5.212.0~alpha2-21.dsc
 2d0c40bff65830712e507994cc628c5e 68792 libs optional qtwebkit-opensource-src_5.212.0~alpha2-21.debian.tar.xz
 5fe301353b56f284f3e59067bfdd0bd8 15217 libs optional qtwebkit-opensource-src_5.212.0~alpha2-21_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCgAxFiEE8kKZ/xu8kBi5BqTLYCaTbS8ciuAFAlyVHBgTHG1pdHlhNTdA
ZGViaWFuLm9yZwAKCRBgJpNtLxyK4KUjEACI5H3Ec4W6eA5uMfiN+23g061rlTIW
1H1NiQDeLTCBe8SRZpgHf8FUWnxrLvJTw5waH7edEfU4FaW1CLGv2iw/6TapSVBF
dOlT6ElQ1Kpxq4Ans8xrNnx8G0KojTJYd8FNOzdLtu7/46HDoV8Y63w2AYXzvSwm
lC7gQhYrlKNMzi5XCM5EGiMGkQnCp/vh6H5KP7C9ldfyBXA5ya5ab7KnbvOrTJFR
55LiKdWhYzndpezDNkyam3r0U38FYQgkQc5n480YzwThzRHgH0QCSsZR1+vsVR9l
ORXWRpvh6t45YJdg+AdG+iS592bhayJ60ppVZSODSGWd5lmS3kjJWWtRAVqQMp1a
pTzABugH+FKQtd6toDbGBO5J2FG3A8C6juiOitFFbHNYQq62LigfQBLlmO5WMBuC
Vk0ZH/MyIv6D7WaOlTAynPEJ9a9i5OnKzQ9dI0tjx7kz5lXJDdhizYix7zWwDqbv
MOVtr+Zg7t/O9EoiGCjEV1uYj/eg59hWQAeze8hmLoVIH6NzNTGt4Fm5QzQnUmz+
NsC7oxsvI8zH2f/q5L6hq+NqQixB0pYuxhEn0BYdumd49TmYLyrFieSUwQuW2S/i
MO2qwjBW2xVDVZ3f75JCwrR1f6iwaAs5DyxisTwSR5Nxc1teXegHGk82twdmzk6u
SlSCheW3F0I1rw==
=81tc
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Processed: Re: Bug#924402: spyder3 Segmentation fault just after console comes up
Next by Date: Bug#924402: marked as done (spyder3 Segmentation fault just after console comes up)
Previous by thread: Bug#909366: libqt5webkit5: segfault in JSC::Structure::globalObject()
Next by thread: Bug#924402: marked as done (spyder3 Segmentation fault just after console comes up)
Index(es):
- Date
- Thread