This was already diagnosed and fixed in -current, see
https://marc.info/?l=openbsd-ports&m=170160684730438&w=2
https://github.com/openbsd/ports/blob/e10f7e1a39f85873183c232462850449f777e16f/x11/qt5/qtscript/patches/patch-src_3rdparty_javascriptcore_JavaScriptCore_interpreter_CallFrame_h
On 2023-12-26, Andy Bradford <amb-sendok-1708815687.behabndebgoeldilkfcf@bradfords.org> wrote:
> Hello,
>
> A little over a year ago I reported[1] that qcad started having
> segfaults in 7.0 (or 7.1). I thought I would try to debug it today in
> 7.4 and so enabled DEBUG_PACKAGES and DEBUG variables in the cad/qcad
> Makefile and also the x11/qt5/qtscript Makefile hoping to debug the
> segfault. In the Makefile for both I set:
>
> DEBUG_PACKAGES= ${BUILD_PACKAGES}
> DEBUG= -O0 -g
>
> Then I built the packages, installed them and their debug packages and
> hoped to capture a segfault, but it doesn't crash. Apparently enabling
> -O0 in qtscript's Makefile makes it not crash. To test that hypothesis,
> I commented out the DEBUG line completely and rebuilt qtscript with just
> the defaults that DEBUG_PACKAGES inherits and sure enough, after
> installing that qtscript package built with -O2 qcad again crashes.
>
> (gdb) bt
> #0 0x000003eae2f9a990 in QScriptEnginePrivate::mark (this=0x3eb4af54a80, markStack=...) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:1320
> #1 0x000003eae2f14d6c in QTJSC::Heap::markRoots (this=0x3ea8c2129e8) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:1167
> #2 0x000003eae2f13ac5 in QTJSC::Heap::reset (this=0x3ea8c2129e8) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:1269
> #3 QTJSC::Heap::allocate (this=0x3ea8c2129e8, s=<optimized out>) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:405
> #4 0x000003eae2fa3ac2 in QTJSC::JSCell::operator new (size=56, exec=<optimized out>) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSCell.h:167
> #5 QScriptEnginePrivate::newVariant (this=0x3eb4af54a80, value=...) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:1797
> #6 0x000003eae2fa51b5 in QScriptEngine::newVariant (this=<optimized out>, value=...) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:2233
> #7 0x000003eade54f63f in qtscript_create_Qt_Axis_class (engine=0x3eaf5f91770, clazz=...) at ../../generated_cpp/com_trolltech_qt_core/qtscript_Qt.cpp:4157
> #8 0x000003eade5445ee in qtscript_create_Qt_class (engine=0x3eaf5f91770) at ../../generated_cpp/com_trolltech_qt_core/qtscript_Qt.cpp:8386
> #9 0x000003eade62a327 in qtscript_initialize_com_trolltech_qt_core_bindings (extensionObject=...) at ../../generated_cpp/com_trolltech_qt_core/com_trolltech_qt_core_init.cpp:312
> #10 0x000003eade3a1d9e in com_trolltech_qt_core_ScriptPlugin::initialize (this=0x3eabb1f6100, key=..., engine=0x3eaf5f91770) at plugin.cpp:21
> #11 0x000003eae2fabdf9 in QScriptEngine::importExtension (this=0x3eaf5f91770, extension=...) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:3769
> #12 0x000003ea8abc35ab in RScriptHandlerEcma::RScriptHandlerEcma (this=0x3eabb1e94e0) at RScriptHandlerEcma.cpp:434
> #13 0x000003ea8abd4919 in RScriptHandlerEcma::factory () at RScriptHandlerEcma.cpp:1074
> #14 0x000003ead8eb2c3e in RScriptHandlerRegistry::createScriptHandler (extension=...) at RScriptHandlerRegistry.cpp:67
> #15 0x000003ead8eb2caf in RScriptHandlerRegistry::getGlobalScriptHandler (extension=...) at RScriptHandlerRegistry.cpp:76
> #16 0x000003e87ec05021 in main (argc=1, argv=0x7b524ae78618) at main.cpp:389
> (gdb) list
> 1315 }
> 1316
> 1317 if (q) {
> 1318 QScriptContext *context = q->currentContext();
> 1319
> 1320 while (context) {
> 1321 JSC::ScopeChainNode *node = frameForContext(context)->scopeChain();
> 1322 JSC::ScopeChainIterator it(node);
> 1323 for (it = node->begin(); it != node->end(); ++it) {
> 1324 JSC::JSObject *object = *it;
>
> Stepping through with -O2, it seems to go through one or two iterations of a
> while loop and then crashes:
>
> (gdb) print context
> $8 = (QScriptContext *) 0xf0800cd3288
> (gdb) print *context
> $9 = {d_ptr = 0x100000000}
> (gdb) next
> 1323 for (it = node->begin(); it != node->end(); ++it) {
> (gdb)
> 1324 JSC::JSObject *object = *it;
> (gdb)
> 1325 if (object)
> (gdb)
> 1326 markStack.append(object);
> (gdb)
> 1323 for (it = node->begin(); it != node->end(); ++it) {
> (gdb)
> 1329 context = context->parentContext();
> (gdb)
> 1320 while (context) {
> (gdb) print context
> $10 = (QScriptContext *) 0x1
> (gdb) next
>
> Thread 1 received signal SIGSEGV, Segmentation fault.
> 0x00000f07f754b990 in QScriptEnginePrivate::mark (this=0xf079205c480,
> markStack=...)
> at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:1320
> 1320 while (context) {
> (gdb) print context
> $11 = (QScriptContext *) 0x1
>
> When I run it compiled with -O0 the value of that context pointer is 0x0
> at this same moment in execution. Is 0x1 something unique to the
> compiler that is trying to protect against bad code?
>
> Is there other useful information that I can try to obtain to figure out
> why it's crashing or what it's doing wrong? Is this perhaps a question
> for the QCad community?
>
> Thanks,
>
> Andy
>
> [1] https://marc.info/?l=openbsd-misc&m=166019212130315&w=2
>
>
--
Please keep replies on the mailing list.
No comments:
Post a Comment