Bug#895375: marked as done (libqt5qml5: segfault in QV4::ExecutionContext::newCallContext on x32)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Wed, 23 Oct 2019 18:11:10 +0200 (CEST)
with message-id <alpine.DEB.2.21.1910231810330.14977@tglase.lan.tarent.de>
and subject line no longer causes other libraries to FTBFS
has caused the Debian Bug report #895375,
regarding libqt5qml5: segfault in QV4::ExecutionContext::newCallContext on x32
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
895375: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895375
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: libqt5qml5: segfault in QV4::ExecutionContext::newCallContext on x32
• From: Thorsten Glaser <t.glaser@tarent.de>
• Date: Tue, 10 Apr 2018 21:10:35 +0200 (CEST)
• Message-id: <alpine.DEB.2.21.1804102105050.16325@tglase.lan.tarent.de>

Package: libqt5qml5
Version: 5.10.1-3

Hi,

during package build of, for example, qtwebsockets-opensource-src
(5.10.1-2) its testsuite gets a segfault.

I can get a backtrace; unfortunately, most values for inspection
are optimised out though:

(gdb) bt
#0  0xf7f96035 in ?? ()
#1  0x02290450 in ?? ()
#2  0xf4a345f7 in memcpy (__len=<optimized out>, __src=0xffe44df0, __dest=<optimized out>)
    at /usr/include/x86_64-linux-gnux32/bits/string_fortified.h:34
#3  QV4::ExecutionContext::newCallContext (this=<optimized out>, function=<optimized out>,
    callData=<optimized out>) at jsruntime/qv4context.cpp:94
#4  0xf4a37204 in QV4::ExecutionContext::call (this=<optimized out>, scope=..., callData=<optimized out>,
    function=<optimized out>, f=f@entry=0x0) at jsruntime/qv4context.cpp:274
#5  0xf4a8a648 in QV4::Script::run (this=<optimized out>) at jsruntime/qv4script.cpp:178
#6  0xf4b36b5d in QQmlScriptData::scriptValueForContext (this=<optimized out>, parentCtxt=<optimized out>)
    at qml/qqmltypeloader.cpp:2923
#7  0xf4ba74ed in QQmlObjectCreator::create (this=<optimized out>, subComponentIndex=<optimized out>,
    parent=<optimized out>, interrupt=<optimized out>) at qml/qqmlobjectcreator.cpp:196
#8  0xf4ba65ae in QQmlObjectCreator::createInstance (this=this@entry=0x22aa940, index=3,
    parent=<optimized out>, isContextObject=isContextObject@entry=false) at qml/qqmlobjectcreator.cpp:1183
#9  0xf4ba47d6 in QQmlObjectCreator::setPropertyBinding (this=this@entry=0x22aa940,
    property=property@entry=0xe85723f8, binding=binding@entry=0xf7f97630) at qml/qqmlobjectcreator.cpp:827
#10 0xf4ba5114 in QQmlObjectCreator::setupBindings (this=this@entry=0x22aa940,
    applyDeferredBindings=applyDeferredBindings@entry=false) at qml/qqmlobjectcreator.cpp:779
#11 0xf4ba5973 in QQmlObjectCreator::populateInstance (this=this@entry=0x22aa940, index=-1, index@entry=0,
    instance=0x0, bindingTarget=0x0, valueTypeProperty=valueTypeProperty@entry=0x0)
    at qml/qqmlobjectcreator.cpp:1408
#12 0xf4ba672b in QQmlObjectCreator::createInstance (this=this@entry=0x22aa940, index=index@entry=0,
    parent=parent@entry=0x0, isContextObject=isContextObject@entry=true) at qml/qqmlobjectcreator.cpp:1272
#13 0xf4ba72cb in QQmlObjectCreator::create (this=<optimized out>, subComponentIndex=<optimized out>,
    parent=parent@entry=0x0, interrupt=interrupt@entry=0x0) at qml/qqmlobjectcreator.cpp:202
#14 0xf4b18269 in QQmlComponentPrivate::beginCreate (this=<optimized out>, context=<optimized out>)
    at qml/qqmlcomponent.cpp:864
#15 0xf4b1640f in QQmlComponent::create (this=<optimized out>, context=0x20b3f30) at qml/qqmlcomponent.cpp:773
#16 0xf5121134 in QQuickView::continueExecute() () from /usr/lib/x86_64-linux-gnux32/libQt5Quick.so.5
#17 0xf51216d2 in QQuickViewPrivate::execute() () from /usr/lib/x86_64-linux-gnux32/libQt5Quick.so.5
#18 0xf775f18c in quick_test_main(int, char**, char const*, char const*) ()
   from /usr/lib/x86_64-linux-gnux32/libQt5QuickTest.so.5
#19 0xf632e6a7 in __libc_start_main () from /lib/x86_64-linux-gnux32/libc.so.6
#20 0x004005bb in _start ()
(gdb) frame 3
#3  QV4::ExecutionContext::newCallContext (this=<optimized out>, function=<optimized out>,
    callData=<optimized out>) at jsruntime/qv4context.cpp:94
(gdb) print *c
value has been optimized out
(gdb) print c->callData
value has been optimized out
(gdb) print callData
$8 = <optimized out>
(gdb) print sizeof(CallData)
$9 = 24
(gdb) print sizeof(Value)
$10 = 8
(gdb) print c->locals.values
value has been optimized out
(gdb) print c->locals
value has been optimized out
(gdb) print sizeof(CallContext::Data)
$11 = 64
(gdb) print localsAndFormals
$12 = 0
(gdb) print callData->argc
value has been optimized out
(gdb) frame 2
#2  0xf4a345f7 in memcpy (__len=<optimized out>, __src=0xffe44df0, __dest=<optimized out>)
    at /usr/include/x86_64-linux-gnux32/bits/string_fortified.h:34
34        return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
(gdb) disas
Dump of assembler code for function QV4::ExecutionContext::newCallContext(QV4::Function*, QV4::CallData*):
   0xf4a344e0 <+0>:     push   %r15
[…]
   0xf4a345d7 <+247>:   cmp    %eax,%edi
   0xf4a345d9 <+249>:   jne    0xf4a345d0 <QV4::ExecutionContext::newCallContext(QV4::Function*, QV4::CallData*)+240>
   0xf4a345db <+251>:   mov    %edi,0x4(%ebx)
   0xf4a345df <+255>:   mov    0x0(%ebp),%eax
   0xf4a345e3 <+259>:   mov    %rbp,%rsi
   0xf4a345e6 <+262>:   mov    %ecx,0xc(%esp)
   0xf4a345eb <+267>:   lea    0x10(,%rax,8),%edx
   0xf4a345f2 <+274>:   callq  0xf4927b70 <memcpy@plt>
=> 0xf4a345f7 <+279>:   mov    0xc(%esp),%ecx
   0xf4a345fc <+284>:   mov    0x14(%ecx),%eax
   0xf4a34600 <+288>:   cmp    %eax,0x0(%ebp)
   0xf4a34604 <+292>:   jge    0xf4a34633 <QV4::ExecutionContext::newCallContext(QV4::Function*, QV4::CallData*)+339>
[…]
(gdb) frame 1
#1  0x02290450 in ?? ()
(gdb) disas
No function contains program counter for selected frame.
(gdb) frame 0
#0  0xf7f96035 in ?? ()
(gdb) disas
No function contains program counter for selected frame.

This looks like a jump into nothing… from a call to memcpy?

--- End Message ---

--- Begin Message ---

• To: 895375-done@bugs.debian.org
• Subject: no longer causes other libraries to FTBFS
• From: Thorsten Glaser <t.glaser@tarent.de>
• Date: Wed, 23 Oct 2019 18:11:10 +0200 (CEST)
• Message-id: <alpine.DEB.2.21.1910231810330.14977@tglase.lan.tarent.de>

Hi *,

this seems to work now. I’ll open another bugreport for contemporary
build failures on x32 since they seem to differ from this one.

bye,
//mirabilos
-- 
tarent solutions GmbH
Rochusstraße 2-4, D-53123 Bonn • http://www.tarent.de/
Tel: +49 228 54881-393 • Fax: +49 228 54881-235
HRB 5168 (AG Bonn) • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg

**********

Mit der tarent Academy bieten wir auch Trainings und Schulungen in den
Bereichen Softwareentwicklung, Agiles Arbeiten und Zukunftstechnologien an.

Besuchen Sie uns auf www.tarent.de/academy. Wir freuen uns auf Ihren Kontakt.

**********

--- End Message ---