[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#781194: libqt5webkit5: Reproducibly crashes with segfault due to missing checks for `HTMLUnknownElement`

Package: libqt5webkit5
Version: 5.3.2+dfsg-3
Severity: grave
Tags: upstream fixed-upstream
Justification: causes non-serious data loss
Control: affects -1 wkhtmltopdf arora
Control: forwarded -1 https://bugreports.qt.io/browse/QTBUG-41360

Dear Debian folks,


Wkhtmltopdf reproducibly terminates with a segmentation fault in
`libqt5webkit5` [1].

        (gdb) bt
        #0  0x0000000000000000 in ?? ()
        #1  0x00007ffff6182ffc in WebCore::JSNodeOwner::isReachableFromOpaqueRoots(JSC::Handle<JSC::Unknown>, void*, JSC::SlotVisitor&) ()
            at ../WTF/wtf/Vector.h:912
        #2  0x00007ffff62e4234 in JSC::WeakBlock::visit (this=0x67cd40, heapRootVisitor=0x7fffe406ecf0) at heap/WeakBlock.cpp:108
        #3  0x00007ffff62f695b in JSC::MarkedSpace::visitWeakSets (this=0x7fffe40e5268, heapRootVisitor=0x7fffffff6250) at heap/WeakSet.h:104
        #4  0x00007ffff62e92bf in JSC::Heap::markRoots (this=0x7fffe40e5018) at heap/Heap.cpp:569
        #5  0x00007ffff62ed8bf in JSC::Heap::collect (this=0x7fffe40e5018, sweepToggle=3825659120) at heap/Heap.cpp:727
        #6  0x00007ffff651542a in JSC::DefaultGCActivityCallback::doWork (this=0x67cd40) at runtime/GCActivityCallback.cpp:96
        #7  0x00007ffff62f0917 in JSC::HeapTimer::timerEvent (this=0x7fffe40a11c0) at heap/HeapTimer.cpp:159
        #8  0x00007ffff33a7773 in QObject::event(QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
        #9  0x00007ffff43a4f3c in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
        #10 0x00007ffff43aa380 in QApplication::notify(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Widgets.so.5
        #11 0x00007ffff3377f1b in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
        #12 0x00007ffff33ce465 in QTimerInfoList::activateTimers() () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
        #13 0x00007ffff33ce891 in ?? () from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
        #14 0x00007ffff030bc5d in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
        #15 0x00007ffff030bf48 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
        #16 0x00007ffff030bffc in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
        #17 0x00007ffff33cf54c in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
           from /usr/lib/x86_64-linux-gnu/libQt5Core.so.5
        #18 0x000000000042560c in wkhtmltopdf::ConverterPrivate::convert (this=0x6bfd10) at ../lib/converter.cc:94
        #19 0x000000000042584b in wkhtmltopdf::Converter::convert (this=0x7fffffff75e0) at ../lib/converter.cc:149
        #20 0x000000000043b288 in main (argc=3, argv=0x7fffffffebe8) at wkhtmltopdf.cc:187

This is a bug in QtWebKit (QTBUG-41360 [2]) and has been fixed upstream
[3].

It’d be great if you applied that patch to the Debian package and get it
into Debian Jessie before its release, as this issue has been set to P2
– important upstream and as the crashes might cause non-serious data
loss, when Arora crashed while I typed in a message in a Web interface
or Wkhtmltopdf, often used by other applications, does not create the
PDF.

The work-around of installing the package `gstreamer0.10-plugins-base`
is not feasible, as the user wastes their time figuring out the cause
for the crash – a note in the release notes would be necessary – and
there is a patch available. Depending on `gstreamer0.10-plugins-base`
would be possible too, but applying the patch seems the better choice.


Thanks,

Paul


[1] https://github.com/wkhtmltopdf/wkhtmltopdf/issues/2259
[2] https://bugreports.qt.io/browse/QTBUG-41360
[3] https://codereview.qt-project.org/#/c/95151

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.19.0-trunk-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)

Versions of packages libqt5webkit5 depends on:
ii  dpkg                                  1.17.24
ii  libc6                                 2.19-17
ii  libgcc1                               1:4.9.2-10
ii  libgl1-mesa-glx [libgl1]              10.4.2-2
ii  libglib2.0-0                          2.42.1-1
ii  libgstreamer-plugins-base0.10-0       0.10.36-2
ii  libgstreamer0.10-0                    0.10.36-1.5
ii  libicu52                              52.1-8
ii  libjpeg62-turbo                       1:1.3.1-8
ii  libpng12-0                            1.2.50-2+b2
ii  libqt5core5a [qtbase-abi-5-3-2]       5.3.2+dfsg-4+b1
ii  libqt5gui5                            5.3.2+dfsg-4+b1
ii  libqt5network5                        5.3.2+dfsg-4+b1
ii  libqt5opengl5                         5.3.2+dfsg-4+b1
ii  libqt5printsupport5                   5.3.2+dfsg-4+b1
ii  libqt5qml5 [qtdeclarative-abi-5-3-2]  5.3.2-4
ii  libqt5quick5                          5.3.2-4
ii  libqt5sql5                            5.3.2+dfsg-4+b1
ii  libqt5widgets5                        5.3.2+dfsg-4+b1
ii  libsqlite3-0                          3.8.7.4-1
ii  libstdc++6                            4.9.2-10
ii  libwebp5                              0.4.1-1.2+b2
ii  libx11-6                              2:1.6.2-3
ii  libxcomposite1                        1:0.4.4-1
ii  libxml2                               2.9.2+dfsg1-3
ii  libxrender1                           1:0.9.8-1+b1
ii  libxslt1.1                            1.1.28-2+b2
ii  multiarch-support                     2.19-17
ii  zlib1g                                1:1.2.8.dfsg-2+b1

libqt5webkit5 recommends no packages.

libqt5webkit5 suggests no packages.

-- no debconf information

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: