[Bug 1046724] New: Qt5WebKit crashes on JS string operations

http://bugzilla.opensuse.org/show_bug.cgi?id=1046724 Bug ID: 1046724 Summary: Qt5WebKit crashes on JS string operations Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: Other Status: NEW Severity: Critical Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs@opensuse.org Reporter: cfeck@kde.org QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) Otter/0.9.91 Build Identifier: Since libicu was updated to v59, I get crashes in applications that use JavaScript with libQt5WebKit. According to openSUSE KDE maintainers, this is caused by local patches to stay compatible with newest icu. Reproducible: Always Steps to Reproduce: 1. Press Ctrl+Esc in Plasma 5 2. Right-click on 'plasmashell' process 3. Select 'Detailed Memory Information' Actual Results: Crash, see backtrace below. Expected Results: No crash. This also affects browsers that are based on QtWebKit, such as Konqueror and Otter browser when compiled using the QtWebKit backend. Suggested resolutions: - keep a local copy of older icu in qtwebkit - trying to update to newer qtwebkit (annulen's branch) - fix the patches :) Backtrace: Thread 1 "systemmonitor" received signal SIGSEGV, Segmentation fault. WTF::StringImpl::copyChars () at ../WTF/wtf/text/StringImpl.h:644 644 ../WTF/wtf/text/StringImpl.h: No such file or directory. (gdb) bt #0 0x00007ffff305bd97 in WTF::StringImpl::copyChars(char16_t*, char16_t const*, unsigned int) () at ../WTF/wtf/text/StringImpl.h:644 #1 0x00007ffff305bd97 in JSC::JSRopeString::resolveRopeSlowCase(char16_t*) const () at runtime/JSString.cpp:212 #2 0x00007ffff305ccfb in JSC::JSRopeString::resolveRope(JSC::ExecState*) const () at runtime/JSString.cpp:127 #3 0x00007ffff2c60417 in JSC::JSString::value(JSC::ExecState*) const () at ../JavaScriptCore/runtime/JSString.h:378 #4 0x00007ffff2c60417 in WebCore::valueToStringWithNullCheck(JSC::ExecState*, JSC::JSValue) () at bindings/js/JSDOMBinding.cpp:109 #5 0x00007ffff233cef7 in WebCore::setJSHTMLElementInnerHTML(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) () at generated/JSHTMLElement.cpp:592 #6 0x00007ffff233f517 in JSC::putEntryWebCore::JSHTMLElement(JSC::ExecState*, JSC::HashEntry const*, JSC::PropertyName, JSC::JSValue, WebCore::JSHTMLElement*, bool) () at ../JavaScriptCore/runtime/Lookup.h:363 #7 0x00007ffff233f517 in JSC::lookupPutWebCore::JSHTMLElement(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, bool) () at ../JavaScriptCore/runtime/Lookup.h:381 #8 0x00007ffff233f517 in JSC::lookupPut(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, JSC::PutPropertySlot&) () at ../JavaScriptCore/runtime/Lookup.h:394 #9 0x00007ffff233f517 in WebCore::JSHTMLElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) () at generated/JSHTMLElement.cpp:463 #10 0x00007ffff23f3d8f in JSC::lookupPut(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLTableSectionElement*, JSC::PutPropertySlot&) () at ../JavaScriptCore/runtime/Lookup.h:395 #11 0x00007ffff23f3d8f in WebCore::JSHTMLTableSectionElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) () at generated/JSHTMLTableSectionElement.cpp:209 #12 0x00007ffff2f07484 in JSC::JSValue::put(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) () at runtime/JSCJSValueInlines.h:678 #13 0x00007ffff2f07484 in cti_op_put_by_id() () at jit/JITStubs.cpp:1592 -- You are receiving this mail because: You are on the CC list for the bug.