Ubuntu
qtdeclarative-opensource-src package

com.ubuntu.developer.andrewsomething.stackbrowser_stackbrowser_0.2.2 causes qmlscene to segfault under Qt5.2

Bug #1291602 reported by Ricardo Salveti
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
qtdeclarative-opensource-src (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Just install Qt5.2 and try opening com.ubuntu.developer.andrewsomething.stackbrowser_stackbrowser_0.2.2, that is enough to create the crash.

Stack trace:
Program terminated with signal SIGSEGV, Segmentation fault.
#0 engine (this=<optimized out>) at ../../include/QtQml/5.2.1/QtQml/private/../../../../../src/qml/jsruntime/qv4object_p.h:171
171 ../../include/QtQml/5.2.1/QtQml/private/../../../../../src/qml/jsruntime/qv4object_p.h: No such file or directory.
(gdb) bt full
#0 engine (this=<optimized out>) at ../../include/QtQml/5.2.1/QtQml/private/../../../../../src/qml/jsruntime/qv4object_p.h:171
No locals.
#1 ListModel::set (this=this@entry=0x1ca0bd0, elementIndex=elementIndex@entry=0, object=object@entry=..., eng=eng@entry=0x15d7338) at types/qqmllistmodel.cpp:490
        e = <optimized out>
        propertyName = <optimized out>
        o = {ptr = 0x1ca0bd0}
        a = <optimized out>
        date = <optimized out>
        scope = {engine = 0x7fff8001, mark = 0xb5f9a6ed <__GI___libc_malloc+76>}
        it = {object = {ptr = 0xb1101a00}, current = {ptr = 0x0}, arrayNode = 0x0, arrayIndex = 0, memberIndex = 16, flags = 3053039089, tmpDynamicProperty = {{value = {{val = 2816055968, dbl = 1.3913165105550167e-314, {{uint_32 = 2816055968, int_32 = -1478911328,
                      m = 0xa7d99aa0, o = 0xa7d99aa0, s = 0xa7d99aa0}, tag = 0}}}, {get = 0xa7d99aa0, set = 0x0}}}}
        propertyValue = <optimized out>
#2 0xb6cc87b0 in ListModel::append (this=this@entry=0x1ca0bd0, object=..., eng=eng@entry=0x15d7338) at types/qqmllistmodel.cpp:589
No locals.
#3 0xb6cc869e in ListModel::set (this=this@entry=0x16da7a8, elementIndex=elementIndex@entry=0, object=..., object@entry=..., eng=eng@entry=0x15d7338) at types/qqmllistmodel.cpp:523
        j = 0
        subModel = 0x1ca0bd0
        arrayLength = 2
        r = @0x1c9e528: {name = {static null = {<No data fields>}, d = 0x1afd1d8}, type = ListLayout::Role::List, blockIndex = 0, blockOffset = 0, index = 0, subLayout = 0x1ca1610}
        e = 0x1ca0b58
        propertyName = {ptr = 0xb11019f0}
        o = {ptr = 0xb1101a00}
        a = {ptr = 0xb1101a08}
        date = {ptr = 0xb1101a10}
        scope = {engine = 0x15d9d08, mark = 0xb11019e0}
        it = {object = {ptr = 0xb11019e0}, current = {ptr = 0xb11019e8}, arrayNode = 0x0, arrayIndex = 0, memberIndex = 1, flags = 3, tmpDynamicProperty = {{value = {{val = 9222386874436288512, dbl = nan(0xc800000000000), {{uint_32 = 0, int_32 = 0, m = 0x0, o = 0x0,
                      s = 0x0}, tag = 2147254272}}}, {get = 0x0, set = 0x7ffc8000}}}}
        propertyValue = {ptr = 0xb11019f8}
#4 0xb6cc87b0 in ListModel::append (this=0x16da7a8, object=object@entry=..., eng=0x15d7338) at types/qqmllistmodel.cpp:589
No locals.
#5 0xb6cca9c4 in QQmlListModel::append (this=0x16dca40, args=0xbebc1310) at types/qqmllistmodel.cpp:2079
        index = <optimized out>
        scope = {engine = 0x15d9d08, mark = 0xb11019d0}
        argObject = {ptr = 0xb11019d0}
        objectArray = {ptr = 0xb11019d8}
#6 0xb6cd89e2 in QQmlListModel::qt_static_metacall (_o=_o@entry=0x16dca40, _c=_c@entry=QMetaObject::InvokeMetaMethod, _id=_id@entry=3, _a=_a@entry=0xbebc12e0) at .moc/moc_qqmllistmodel_p.cpp:123
        _t = 0x16dca40
#7 0xb6cd8b2a in QQmlListModel::qt_metacall (this=0x16dca40, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0xbebc12e0) at .moc/moc_qqmllistmodel_p.cpp:186
No locals.
#8 0xb6c10ea8 in QQmlVMEMetaObject::metaCall (this=0x16dcb18, c=<optimized out>, _id=34, a=<optimized out>) at qml/qqmlvmemetaobject.cpp:980
        id = 34
#9 0xb62da40c in QMetaObject::metacall(QObject*, QMetaObject::Call, int, void**) () from /usr/lib/arm-linux-gnueabihf/libQt5Core.so.5
No symbol table info available.
#10 0xb6c001c6 in QV4::QObjectMethod::callInternal (this=<optimized out>, callData=0xb1101970) at jsruntime/qv4qobjectwrapper.cpp:1831
        rv = {ptr = 0xb11019c0}
        qmlGlobal = <optimized out>
        func = {callData = 0xb1101970, retVal = {ptr = 0xb11019c0}, ctx = 0x16dc8d0, e = 0x15d7338}
        funcptr = 0xbebc1310
        args = {0x0, 0xbebc12d0}
        v8Engine = 0x15d7338
        scope = {engine = 0x15d9d08, mark = 0xb11019c0}
        method = {<QQmlPropertyRawData> = {{propType = 43, propTypeName = 0x2b <error: Cannot access memory at address 0x2b>}, coreIndex = 34, {notifyIndex = 0, arguments = 0x0}, {{revision = 0, metaObjectOffset = 3, {{valueTypeFlags = 65534, valueTypePropType = 65535,
                    valueTypeCoreIndex = 116}, {overrideIndexIsProperty = 0, overrideIndex = -1}}}, {accessors = 0x30000, accessorData = -2}}, flags = 4718912}, <No data fields>}
#11 0xb6bb2152 in call (callData=0xb1101970, this=<optimized out>) at jsruntime/qv4functionobject_p.h:133
No locals.
#12 QV4::__qmljs_call_activation_property (context=0xbebc144c, name=..., callData=...) at jsruntime/qv4runtime.cpp:889
        scope = {engine = 0x15d9d08, mark = 0xb11019b0}
        base = {ptr = 0xb11019b0}
        func = <optimized out>
#13 0xb0e4cf0e in ?? ()
No symbol table info available.
Backtrace stopped: previous frame identical to this frame (corrupt stack?)

current build number: 234
device name: flo
channel: trusty-proposed
last update: 2014-03-12 17:14:48
version version: 234
version ubuntu: 20140312.1
version device: 20140304

Tags: qt5.2

Related branches

lp:~timo-jyrinki/kubuntu-packaging/qtdeclarative_fix_crash_when_appending_arrays
PS Jenkins bot: Needs Fixing (continuous-integration)
Kubuntu Packagers: Pending requested
Diff: 78 lines (+58/-0)
3 files modified
debian/changelog (+8/-0)
debian/patches/Fix-crash-when-appending-arrays-to-sub-models-in-lis.patch (+49/-0)
debian/patches/series (+1/-0)
lp:ubuntu/trusty-proposed/qtdeclarative-opensource-src
Ricardo Salveti (rsalveti)
summary: com.ubuntu.developer.andrewsomething.stackbrowser_stackbrowser_0.2.2
- caused qmlscene to segfault under Qt5.2
+ causes qmlscene to segfault under Qt5.2
Anders (eddiedog988)
Changed in qtdeclarative-opensource-src (Ubuntu):
status: New → Confirmed
Revision history for this message
Ricardo Salveti (rsalveti) wrote :

Tarball available at http://people.canonical.com/~rsalveti/com.ubuntu.developer.andrewsomething.stackbrowser.tar.bz2, and it seems it can be reproduced on desktop as well:

<tsdgeos> rsalveti: do you know what provides U1db qml module?
<tsdgeos> qtdeclarative5-u1db1.0
<Saviq> tsdgeos, yes
<Saviq> tsdgeos, and you need qtdeclarative5-friends0.2, too
<Saviq> tsdgeos, and yeah, crashed here on desktop
<tsdgeos> yep, installing that one now
<tsdgeos> yep, crash

Revision history for this message
Albert Astals Cid (aacid) wrote :

So this is basically https://bugreports.qt-project.org/browse/QTBUG-35891

Revision history for this message
Albert Astals Cid (aacid) wrote :

Patch at https://codereview.qt-project.org/#change,80934

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package qtdeclarative-opensource-src - 5.2.1-3ubuntu10

---------------
qtdeclarative-opensource-src (5.2.1-3ubuntu10) trusty; urgency=medium

  * debian/patches/Fix-crash-when-appending-arrays-to-sub-models-in-lis.patch
    - Backport from upstream https://codereview.qt-project.org/#change,80934
      (LP: #1291602)
 -- Timo Jyrinki <email address hidden> Fri, 14 Mar 2014 09:37:56 +0000

Changed in qtdeclarative-opensource-src (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.