Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: P1: Critical
Fix Version/s: 6.10
Affects Version/s: 6.9.1
Component/s: QML: Declarative and Javascript Engine
Labels:
None
Environment:
Windows 11 Qt 6.9.1 MSVC 2022 64bit
Windows 11 Qt dev branch MSVC 2022 64bit
Ubuntu Qt 6.9.1 GCC

Platform/s:

Windows
Platform/s Migration:

Linux/X11, Windows

Description

A crash occurs when a JavaScript exception is thrown inside a StateChangeScript or ScriptAction, and garbage collection is triggered during the exception handling process.

This can happen if the exception handling path allocates a new object, which in turn triggers a GC pass. During this GC run, the JS stack may contain invalid or stale values, leading to a crash.

Steps to Reproduce:

Extract and build the attached qt_gc_crash.zip project.

Run the application.

The application crashes during execution.

The issue appears specifically when a script defined in StateChangeScript or ScriptAction throws an exception and GC is triggered within the exception handler.

Expected Behavior:

The runtime should safely handle GC even if an exception is thrown inside the script, without leaving invalid values on the JS stack.

Actual Behavior:

The GC encounters invalid values on the JS stack, causing a crash.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List

qt_gc_crash.zip
2 kB
04 Jul '25 04:58

Gerrit Reviews

- Issue Only
- Show All Reviews
- Show Open Reviews

For Gerrit Dashboard: QTBUG-138242
#	Subject	Branch	Project	Status	CR	V
658653,1	v4: Rewind JS stack before exception handling to avoid GC crash	dev	qt/qtdeclarative	Status: NEW	0	0

Activity

People

Assignee:: Luca Di Sera

Reporter:: Atsushi Yamamoto

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2 days ago 10:25

Updated:: 2 days ago 10:45

Gerrit Reviews

There is 1 open Gerrit change

v4: Rewind JS stack before exception handling to avoid GC crash

+1 Gerrit Review: