http://bugzilla.opensuse.org/show_bug.cgi?id=1046724
Bug ID: 1046724
Summary: Qt5WebKit crashes on JS string operations
Classification: openSUSE
Product: openSUSE Tumbleweed
Version: Current
Hardware: x86-64
OS: Other
Status: NEW
Severity: Critical
Priority: P5 - None
Component: KDE Workspace (Plasma)
Assignee: opensuse-kde-bugs@opensuse.org
Reporter: cfeck@kde.org
QA Contact: qa-bugs@suse.de
Found By: ---
Blocker: ---
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML,
like Gecko) Otter/0.9.91
Build Identifier:
Since libicu was updated to v59, I get crashes in applications that use
JavaScript with libQt5WebKit.
According to openSUSE KDE maintainers, this is caused by local patches to stay
compatible with newest icu.
Reproducible: Always
Steps to Reproduce:
1. Press Ctrl+Esc in Plasma 5
2. Right-click on 'plasmashell' process
3. Select 'Detailed Memory Information'
Actual Results:
Crash, see backtrace below.
Expected Results:
No crash.
This also affects browsers that are based on QtWebKit, such as Konqueror and
Otter browser when compiled using the QtWebKit backend.
Suggested resolutions:
- keep a local copy of older icu in qtwebkit
- trying to update to newer qtwebkit (annulen's branch)
- fix the patches :)
Backtrace:
Thread 1 "systemmonitor" received signal SIGSEGV, Segmentation fault.
WTF::StringImpl::copyChars () at ../WTF/wtf/text/StringImpl.h:644
644 ../WTF/wtf/text/StringImpl.h: No such file or directory.
(gdb) bt
#0 0x00007ffff305bd97 in WTF::StringImpl::copyChars(char16_t*,
char16_t const*, unsigned int) () at ../WTF/wtf/text/StringImpl.h:644
#1 0x00007ffff305bd97 in JSC::JSRopeString::resolveRopeSlowCase(char16_t*)
const () at runtime/JSString.cpp:212
#2 0x00007ffff305ccfb in JSC::JSRopeString::resolveRope(JSC::ExecState*) const
() at runtime/JSString.cpp:127
#3 0x00007ffff2c60417 in JSC::JSString::value(JSC::ExecState*) const () at
../JavaScriptCore/runtime/JSString.h:378
#4 0x00007ffff2c60417 in WebCore::valueToStringWithNullCheck(JSC::ExecState*,
JSC::JSValue) () at bindings/js/JSDOMBinding.cpp:109
#5 0x00007ffff233cef7 in WebCore::setJSHTMLElementInnerHTML(JSC::ExecState*,
JSC::JSObject*, JSC::JSValue) ()
at generated/JSHTMLElement.cpp:592
#6 0x00007ffff233f517 in
JSC::putEntryWebCore::JSHTMLElement(JSC::ExecState*, JSC::HashEntry const*,
JSC::PropertyName, JSC::JSValue, WebCore::JSHTMLElement*, bool) () at
../JavaScriptCore/runtime/Lookup.h:363
#7 0x00007ffff233f517 in
JSC::lookupPutWebCore::JSHTMLElement(JSC::ExecState*, JSC::PropertyName,
JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, bool) () at
../JavaScriptCore/runtime/Lookup.h:381
#8 0x00007ffff233f517 in JSC::lookupPut(JSC::ExecState*, JSC::PropertyName, JSC::JSValue,
JSC::HashTable const*, WebCore::JSHTMLElement*, JSC::PutPropertySlot&) () at
../JavaScriptCore/runtime/Lookup.h:394
#9 0x00007ffff233f517 in WebCore::JSHTMLElement::put(JSC::JSCell*,
JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) ()
at generated/JSHTMLElement.cpp:463
#10 0x00007ffff23f3d8f in JSC::lookupPut(JSC::ExecState*, JSC::PropertyName, JSC::JSValue,
JSC::HashTable const*, WebCore::JSHTMLTableSectionElement*,
JSC::PutPropertySlot&) () at ../JavaScriptCore/runtime/Lookup.h:395
#11 0x00007ffff23f3d8f in WebCore::JSHTMLTableSectionElement::put(JSC::JSCell*,
JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) () at
generated/JSHTMLTableSectionElement.cpp:209
#12 0x00007ffff2f07484 in JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName,
JSC::JSValue, JSC::PutPropertySlot&) ()
at runtime/JSCJSValueInlines.h:678
#13 0x00007ffff2f07484 in cti_op_put_by_id() () at jit/JITStubs.cpp:1592
--
You are receiving this mail because:
You are on the CC list for the bug.