Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-39289

Regression: JavaScript Crash on ARM, release build only.

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • P1: Critical
    • None
    • 5.3.0
    • QML: Declarative and Javascript Engine
    • None
    • Tested on iMX6 and Beablebone Black both running embedded linux.
    • [qtdeclarative] d8b276a59402cbbe6d070ba38805350e7f3dd8a1

    Description

      Running the following JS expression:

      "yoo".replace(/([^&]*)&(.)([^&]*)/g, function(match, p1, p2, p3) { return p1.concat(p2, p3) })

      with the "qmljs" tool from /qtdeclarative/tools/qmljs results in a segmentation fault.

      This crash was discovered while developing qml application, where it crashed with the following error message:

      Error in `/data/user/launchersettings/launchersettings': free(): invalid pointer: 0x0108183c ***
Crashed
Process stopped

      and the following backtrace:

      #0  0x75c3f5f8 in free () from /lib/libc.so.6
#1  0x76c6c91a in QV4::StringPrototype::method_replace(QV4::CallContext*) ()
   from /usr/local/Qt-5.3.0/lib/libQt5Qml.so.5
#2  0x76c58e1e in QV4::BuiltinFunction::call(QV4::Managed*, QV4::CallData*) ()
   from /usr/local/Qt-5.3.0/lib/libQt5Qml.so.5
#3  0x76c8d35c in QV4::Runtime::callProperty(QV4::ExecutionContext*, QV4::StringRef, QV4::CallDataRef) () from /usr/local/Qt-5.3.0/lib/libQt5Qml.so.5
#4  0x76ff8d62 in ?? ()
#5  0x76ff8d62 in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

      The output of QV4_SHOW_IR=1 is the attachment (out.txt), it crashes with or without this envvar being set. Crashes also when QV4_NO_SSA is set.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-38692 android: Controls TextEditor example crashes on android

          • P1: Critical - Urgent and Important, will STOP the release if matched with set FixVersion field. This includes regressions from the last version that are not edge cases; Data loss; Build issues; All but the most unlikely crashes/lockups/hanging; Serious usability issues and embarrassing bugs & Bugs critical to a deliverable. This is the highest possible priority for requirements.
          • Closed
          replaces

          Bug - A problem which impairs or prevents the functions of the product. QTBUG-39255 The split() method aborts when used with regexp

          • Not Evaluated - Not yet evaluated/prioritized
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              erikv Erik Verbruggen
              paeglis Gatis Paeglis
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes