[Webkit-unassigned] [Bug 108398] New: [Qt] webkit crashes with sigsegv at JSC::CopyWorkList at ARM with qt5-final

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 30 16:07:41 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=108398

           Summary: [Qt] webkit crashes with sigsegv at JSC::CopyWorkList
                    at ARM with qt5-final
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Other
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P3
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rsalveti at rsalveti.net


Using Ubuntu 12.10 at Nexus 7 (or any other ARM device), and Qt 5 final packages from https://launchpad.net/~canonical-qt5-edgers/+archive/qt5-proper/, I get a segfault when browsing with a sample Qml based browser when navigating at websites such www.cnn.com.

Steps:
1 - Install the Qt 5 proper ppa at a running Ubuntu 12.10 based ARM device (such as nexus 7, or pandaboard);
2 - Use the following sample qml to open cnn.com by default http://paste.ubuntu.com/1591367/
3 - Run with 'qmlscene browser.qml' and navigate at the website, by clicking into a few links (it usually happens when loading the second link).
4 - Wait for the crash.

Backtrace (http://paste.ubuntu.com/1586241/):

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x46eff460 (LWP 654)]
JSC::CopyWorkList::~CopyWorkList (this=0xfffffffb, __in_chrg=<optimized out>) at heap/CopyWorkList.h:139
139    heap/CopyWorkList.h: No such file or directory.
(gdb) 
(gdb) bt full
#0  JSC::CopyWorkList::~CopyWorkList (this=0xfffffffb, __in_chrg=<optimized out>) at heap/CopyWorkList.h:139
No locals.
#1  0x40eaf550 in deleteOwnedPtr<JSC::CopyWorkList> (ptr=0xfffffffb) at ../WTF/wtf/OwnPtrCommon.h:60
No locals.
#2  clear (this=0x5146400c) at ../WTF/wtf/OwnPtr.h:119
        ptr = 0xfffffffb
#3  pin (this=0x51464000) at heap/CopiedBlock.h:163
No locals.
#4  pin (block=0x51464000, this=<optimized out>) at heap/CopiedSpaceInlines.h:57
No locals.
#5  copyLater (ptr=0x514645b0, this=<optimized out>, owner=<optimized out>, bytes=<optimized out>) at heap/SlotVisitorInlines.h:167
No locals.
#6  copyLater (bytes=4294967272, ptr=0x514645b0, owner=0x501c71b0, this=<optimized out>) at runtime/JSObject.cpp:204
No locals.
#7  visitButterfly (storageSize=<optimized out>, butterfly=0x51464588, visitor=..., this=0x501c71b0) at runtime/JSObject.cpp:187
        preCapacity = <optimized out>
        propertyCapacity = 4294967291
        indexingPayloadSizeInBytes = <optimized out>
        capacityInBytes = 4294967272
#8  JSC::JSObject::visitChildren (cell=0x501c71b0, visitor=...) at runtime/JSObject.cpp:217
        butterfly = 0x51464588
#9  0x40d5b3c0 in visitChildren (cell=<optimized out>, visitor=...) at heap/SlotVisitor.cpp:90
No locals.
#10 JSC::SlotVisitor::drain (this=0x453618f0) at heap/SlotVisitor.cpp:147
No locals.
#11 0x40d52576 in donateAndDrain (this=0x453618f0) at heap/SlotVisitorInlines.h:161
No locals.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list