Bug#781194: marked as done (libqt5webkit5: Reproducibly crashes with segfault due to missing checks for `HTMLUnknownElement`)

To: Felix Geyer <fgeyer@debian.org>
Subject: Bug#781194: marked as done (libqt5webkit5: Reproducibly crashes with segfault due to missing checks for `HTMLUnknownElement`)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Wed, 01 Apr 2015 18:51:10 +0000
Message-id: <[🔎] handler.781194.D781194.14279141661100.ackdone@bugs.debian.org>
References: <E1YdNhb-00045u-0K@franck.debian.org> <1427322871.19649.160.camel@googlemail.com>

Your message dated Wed, 01 Apr 2015 18:49:23 +0000
with message-id <E1YdNhb-00045u-0K@franck.debian.org>
and subject line Bug#781194: fixed in qtwebkit-opensource-src 5.3.2+dfsg-4
has caused the Debian Bug report #781194,
regarding libqt5webkit5: Reproducibly crashes with segfault due to missing checks for `HTMLUnknownElement`
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
781194: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781194
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libqt5webkit5: Reproducibly crashes with segfault due to missing checks for `HTMLUnknownElement`
From: Paul Menzel <pm.debian@googlemail.com>
Date: Wed, 25 Mar 2015 23:34:31 +0100
Message-id: <1427322871.19649.160.camel@googlemail.com>

Package: libqt5webkit5
Version: 5.3.2+dfsg-3
Severity: grave
Tags: upstream fixed-upstream
Justification: causes non-serious data loss
Control: affects -1 wkhtmltopdf arora
Control: forwarded -1 https://bugreports.qt.io/browse/QTBUG-41360

Dear Debian folks,


Wkhtmltopdf reproducibly terminates with a segmentation fault in
`libqt5webkit5` [1].

        (gdb) bt
        #0  0x0000000000000000 in ?? ()
        #1  0x00007ffff6182ffc in WebCore::JSNodeOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void*, JSC::SlotVisitor&) ()
            at ../WTF/wtf/Vector.h:912
        #2  0x00007ffff62e4234 in JSC::WeakBlock::visit (this=0x67cd40, heapRootVisitor=0x7fffe406ecf0) at heap/WeakBlock.cpp:108
        #3  0x00007ffff62f695b in JSC::MarkedSpace::visitWeakSets (this=0x7fffe40e5268, heapRootVisitor=0x7fffffff6250) at heap/WeakSet.h:104
        #4  0x00007ffff62e92bf in JSC::Heap::markRoots (this=0x7fffe40e5018) at heap/Heap.cpp:569
        #5  0x00007ffff62ed8bf in JSC::Heap::collect (this=0x7fffe40e5018, sweepToggle=3825659120) at heap/Heap.cpp:727
        #6  0x00007ffff651542a in JSC::DefaultGCActivityCallback::doWork (this=0x67cd40) at runtime/GCActivityCallback.cpp:96
        #7  0x00007ffff62f0917 in JSC::HeapTimer::timerEvent (this=0x7fffe40a11c0) at heap/HeapTimer.cpp:159
        #8  0x00007ffff33a7773 in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
        #9  0x00007ffff43a4f3c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
        #10 0x00007ffff43aa380 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
        #11 0x00007ffff3377f1b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
        #12 0x00007ffff33ce465 in QTimerInfoList::activateTimers() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
        #13 0x00007ffff33ce891 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
        #14 0x00007ffff030bc5d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
        #15 0x00007ffff030bf48 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
        #16 0x00007ffff030bffc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
        #17 0x00007ffff33cf54c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
           from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
        #18 0x000000000042560c in wkhtmltopdf::ConverterPrivate::convert (this=0x6bfd10) at ../lib/converter.cc:94
        #19 0x000000000042584b in wkhtmltopdf::Converter::convert (this=0x7fffffff75e0) at ../lib/converter.cc:149
        #20 0x000000000043b288 in main (argc=3, argv=0x7fffffffebe8) at wkhtmltopdf.cc:187

This is a bug in QtWebKit (QTBUG-41360 [2]) and has been fixed upstream
[3].

It’d be great if you applied that patch to the Debian package and get it
into Debian Jessie before its release, as this issue has been set to P2
– important upstream and as the crashes might cause non-serious data
loss, when Arora crashed while I typed in a message in a Web interface
or Wkhtmltopdf, often used by other applications, does not create the
PDF.

The work-around of installing the package `gstreamer0.10-plugins-base`
is not feasible, as the user wastes their time figuring out the cause
for the crash – a note in the release notes would be necessary – and
there is a patch available. Depending on `gstreamer0.10-plugins-base`
would be possible too, but applying the patch seems the better choice.


Thanks,

Paul


[1] https://github.com/wkhtmltopdf/wkhtmltopdf/issues/2259
[2] https://bugreports.qt.io/browse/QTBUG-41360
[3] https://codereview.qt-project.org/#/c/95151

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.19.0-trunk-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages libqt5webkit5 depends on:
ii  dpkg                                  1.17.24
ii  libc6                                 2.19-17
ii  libgcc1                               1:4.9.2-10
ii  libgl1-mesa-glx [libgl1]              10.4.2-2
ii  libglib2.0-0                          2.42.1-1
ii  libgstreamer-plugins-base0.10-0       0.10.36-2
ii  libgstreamer0.10-0                    0.10.36-1.5
ii  libicu52                              52.1-8
ii  libjpeg62-turbo                       1:1.3.1-8
ii  libpng12-0                            1.2.50-2+b2
ii  libqt5core5a [qtbase-abi-5-3-2]       5.3.2+dfsg-4+b1
ii  libqt5gui5                            5.3.2+dfsg-4+b1
ii  libqt5network5                        5.3.2+dfsg-4+b1
ii  libqt5opengl5                         5.3.2+dfsg-4+b1
ii  libqt5printsupport5                   5.3.2+dfsg-4+b1
ii  libqt5qml5 [qtdeclarative-abi-5-3-2]  5.3.2-4
ii  libqt5quick5                          5.3.2-4
ii  libqt5sql5                            5.3.2+dfsg-4+b1
ii  libqt5widgets5                        5.3.2+dfsg-4+b1
ii  libsqlite3-0                          3.8.7.4-1
ii  libstdc++6                            4.9.2-10
ii  libwebp5                              0.4.1-1.2+b2
ii  libx11-6                              2:1.6.2-3
ii  libxcomposite1                        1:0.4.4-1
ii  libxml2                               2.9.2+dfsg1-3
ii  libxrender1                           1:0.9.8-1+b1
ii  libxslt1.1                            1.1.28-2+b2
ii  multiarch-support                     2.19-17
ii  zlib1g                                1:1.2.8.dfsg-2+b1

libqt5webkit5 recommends no packages.

libqt5webkit5 suggests no packages.

-- no debconf information

Attachment: signature.asc
Description: This is a digitally signed message part

--- End Message ---

--- Begin Message ---

To: 781194-close@bugs.debian.org
Subject: Bug#781194: fixed in qtwebkit-opensource-src 5.3.2+dfsg-4
From: Felix Geyer <fgeyer@debian.org>
Date: Wed, 01 Apr 2015 18:49:23 +0000
Message-id: <E1YdNhb-00045u-0K@franck.debian.org>

Source: qtwebkit-opensource-src
Source-Version: 5.3.2+dfsg-4

We believe that the bug you reported is fixed in the latest version of
qtwebkit-opensource-src, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 781194@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <fgeyer@debian.org> (supplier of updated qtwebkit-opensource-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 01 Apr 2015 19:44:29 +0200
Source: qtwebkit-opensource-src
Binary: libqt5webkit5-dev libqt5webkit5 qml-module-qtwebkit libqt5webkit5-dbg qtwebkit5-doc-html
Architecture: source all
Version: 5.3.2+dfsg-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Felix Geyer <fgeyer@debian.org>
Description:
 libqt5webkit5 - Web content engine library for Qt
 libqt5webkit5-dbg - Web content engine library for Qt - debugging symbols
 libqt5webkit5-dev - Web content engine library for Qt - development files
 qml-module-qtwebkit - Qt WebKit QML module
 qtwebkit5-doc-html - Qt 5 webkit HTML documentation
Closes: 780748 781194
Changes:
 qtwebkit-opensource-src (5.3.2+dfsg-4) unstable; urgency=medium
 .
   [ Dmitry Shachnev ]
   * Backport upstream fix that adds missing checks for HTMLUnknownElement.
     Closes: #781194.
 .
   [ Felix Geyer ]
   * Backport upstream fix that prevents recording visited URLs to its favicon
     database while using private browsing mode.
     Closes: #780748.
Checksums-Sha1:
 5b97ff4f86b0ada995e70cd233fc120b7d740750 3151 qtwebkit-opensource-src_5.3.2+dfsg-4.dsc
 7d79c490a9784d718dbc932d9f06a1eaae2fc2ab 97136 qtwebkit-opensource-src_5.3.2+dfsg-4.debian.tar.xz
 812830f2f48ab45887f53ba73854dc97f7cc4fce 677660 qtwebkit5-doc-html_5.3.2+dfsg-4_all.deb
Checksums-Sha256:
 604f06d3a01cfe848fa281d59ffb1567268669a3ac29adc4efe9d782ca98a6d7 3151 qtwebkit-opensource-src_5.3.2+dfsg-4.dsc
 f001cd8fd70a18ccc9ec403060765d44b42d1063511314ed1b807211e27f4d12 97136 qtwebkit-opensource-src_5.3.2+dfsg-4.debian.tar.xz
 e991fb04a848f91e9e20ba9c53d70efe76a34026949906e0f7eb43d3691fa5f9 677660 qtwebkit5-doc-html_5.3.2+dfsg-4_all.deb
Files:
 a3437840ebe4247101a18f12b59bff4e 3151 libs optional qtwebkit-opensource-src_5.3.2+dfsg-4.dsc
 e36c3109303c922521daeec0a0dbb12f 97136 libs optional qtwebkit-opensource-src_5.3.2+dfsg-4.debian.tar.xz
 6fde08075d7f4df734683033b426f906 677660 doc extra qtwebkit5-doc-html_5.3.2+dfsg-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVHDoZAAoJEP4ixv2DE11FSggP/0/n6j8pQKWl7ewBDzAI6kzm
Ji0UdHGSowL2VQman0M1VCql7j8/FuV0qZFiLzSqKpk3QyQW39/VlhnufDoqAjOF
HTKj3vEFqX0ppioSvSGWxL8NOKVIFmHQmJztrIN8GNpVInO1nvA/u9oB2gGSt5Gl
YNTciOIntgTTbL9NWH2l5MsgkML1YJgsLT4cfUXksbNg3mf5ZR9b1xWniSRgYBbb
tMZpfBbTRNVGoeFv2k2S+PgfqZbOPSMnUJbbT94/7n/Ql4KkZ7wma4TxxGKtoZFb
wDi2DwxiaEKWPhWE13QO7IWA2awxSuHKw1O7c5SUQTh8YTTXHYRj0uYCIGC+WSwF
PW3OZb9goOlgUgn43wQFszqw0H5HUplVYkUh9iBPggKKiMqCAyFhhq7/mzB1/4T0
EGsVYZtJVUKGWawcuoKDT7WV8w8WH2fwLyncwNWUD/87B14Lx8jpX2Okk1kJH4P6
gOes4LpTFfOpKx/dpSpXSXOdyEghg+WZm5chwrwccw1aFcKdNPreXXbGWgcKCTGl
11tovZnxZtfKqpvYQb/fPqAb06kBfLEwLciDDLHWyS7rIGr6vff2lhW3vA6IjdRY
ZxnAI8/0g2Y1OI7L8j1ihy85ftZS9vO4Tcpz8UJzkbixmTrJbwt9llX17aiY3SdU
pFGCj6LeDi5tAc4LFIL8
=0Xpj
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: Bug#780748: marked as done (libqt5webkit5: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode)
Next by Date: Processing of qtwebkit-opensource-src_5.3.2+dfsg-4_all.changes
Previous by thread: Bug#780748: marked as done (libqt5webkit5: QtWebKit logs visited URLs to WebpageIcons.db in private browsing mode)
Next by thread: Processing of qtwebkit-opensource-src_5.3.2+dfsg-4_all.changes
Index(es):
- Date
- Thread