A reproducible crasher using the attached QML file. From the downstream bug report https://launchpad.net/bugs/1295119 :
--cut--
"When you have an array sort function that is inconsistent (that returns for two given values a and b not always the same value), the new Qml V4 Javascript engine gives you sometimes back a reference to a memory location that doesn't belong to the array (anymore?).

...

I get sometimes something like [-4.528848823629493e-224,1] or errors like
QV4::__qmljs_convert_to_string(QV4::ExecutionContext*, QV4::ValueRef) or
QV4::Value::toString(QV4::ExecutionContext*) const () etc.

Even though the behavior of array sort with an inconsistent function is not defined it should NOT lead to a segmentation fault (or who knows what memory locations it gives back and what can be done with that)."
--cut--