-
Bug
-
Resolution: Fixed
-
P1: Critical
-
6.9.1
-
None
-
Windows 11 Qt 6.2.12 MSVC 2019 64bit
Windows 11 Qt 6.9.1 MSVC 2022 64bit
Windows 11 Qt dev branch MSVC 2022 64bit
Ubuntu Qt 6.9.1 GCC
-
Windows
-
27feb8ba8 (dev), 98f488af5 (6.10), 4f1de9f3f (6.9), 35bfbf1ae (tqtc/lts-6.8), bd801b6fa (tqtc/lts-6.5)
A crash occurs when a JavaScript exception is thrown inside a StateChangeScript or ScriptAction, and garbage collection is triggered during the exception handling process.
This can happen if the exception handling path allocates a new object, which in turn triggers a GC pass. During this GC run, the JS stack may contain invalid or stale values, leading to a crash.
Steps to Reproduce:
- Extract and build the attached qt_gc_crash.zip project.
- Run the application.
- The application crashes during execution.
The issue appears specifically when a script defined in StateChangeScript or ScriptAction throws an exception and GC is triggered within the exception handler.
Expected Behavior:
The runtime should safely handle GC even if an exception is thrown inside the script, without leaving invalid values on the JS stack.
Actual Behavior:
The GC encounters invalid values on the JS stack, causing a crash.