Timo Jyrinki has proposed merging lp:~timo-jyrinki/kubuntu-packaging/qtdeclarative_crashers_fixes_trigger_CI into lp:~kubuntu-packagers/kubuntu-packaging/qtdeclarative-opensource-src.
Commit message: * debian/patches/Avoid-race-condition-in-QQmlEngine-on-shutdown.patch - Cherry-pick an app shutdown crash fix (LP: #1373039) * debian/patches/Fix-crashes-when-calling-Array.sort-with-imperfect-s.patch - Cherry-pick a fix for a crasher in Array.sort (LP: #1295119) Requested reviews: Kubuntu Packagers (kubuntu-packagers) Related bugs: Bug #1295119 in qtdeclarative-opensource-src (Ubuntu): "qmlscene crashed with SIGSEGV in mark()" https://bugs.launchpad.net/ubuntu/+source/qtdeclarative-opensource-src/+bug/1295119 Bug #1373039 in qtdeclarative-opensource-src (Ubuntu): "Crash in QML compiler if terminated whilst compiling asynchronous components" https://bugs.launchpad.net/ubuntu/+source/qtdeclarative-opensource-src/+bug/1373039 For more details, see: https://code.launchpad.net/~timo-jyrinki/kubuntu-packaging/qtdeclarative_crashers_fixes_trigger_CI/+merge/243974 This MP got released already, MP done to get the CI triggered for updated code coverage numbers. -- Your team Kubuntu Packagers is requested to review the proposed merge of lp:~timo-jyrinki/kubuntu-packaging/qtdeclarative_crashers_fixes_trigger_CI into lp:~kubuntu-packagers/kubuntu-packaging/qtdeclarative-opensource-src.
=== modified file 'debian/changelog' --- debian/changelog 2014-10-27 05:58:19 +0000 +++ debian/changelog 2014-12-08 10:59:26 +0000 @@ -1,3 +1,12 @@ +qtdeclarative-opensource-src (5.3.2-3ubuntu2) vivid; urgency=medium + + * debian/patches/Avoid-race-condition-in-QQmlEngine-on-shutdown.patch + - Cherry-pick an app shutdown crash fix (LP: #1373039) + * debian/patches/Fix-crashes-when-calling-Array.sort-with-imperfect-s.patch + - Cherry-pick a fix for a crasher in Array.sort (LP: #1295119) + + -- Timo Jyrinki <[email protected]> Wed, 03 Dec 2014 08:32:46 +0000 + qtdeclarative-opensource-src (5.3.2-3ubuntu1) vivid; urgency=medium * New upstream release. === added file 'debian/patches/Avoid-race-condition-in-QQmlEngine-on-shutdown.patch' --- debian/patches/Avoid-race-condition-in-QQmlEngine-on-shutdown.patch 1970-01-01 00:00:00 +0000 +++ debian/patches/Avoid-race-condition-in-QQmlEngine-on-shutdown.patch 2014-12-08 10:59:26 +0000 @@ -0,0 +1,84 @@ +From 48d93e0d854b3f9a2486a2393fee38496fd57bd9 Mon Sep 17 00:00:00 2001 +From: Gunnar Sletta <[email protected]> +Date: Tue, 1 Jul 2014 14:48:07 +0200 +Subject: [PATCH] Avoid race condition in QQmlEngine on shutdown. + +The QQmlTypeLoader was deleted (and its thread shut down) when +the QQmlEnginePrivate was destroyed. However, the QQmlTypeLoader +runs a thread which would happiliy make calls on the engine and +its managed data. Fix this by stopping the QQmlTypeLoader's +thread right away in QQmlEngine. + +Task-number: QTBUG-39905 +Change-Id: Ida8e95d083f79237c74b036fd3521133a9fa4ac7 +Reviewed-by: Erik Verbruggen <[email protected]> +--- + src/qml/qml/qqmlengine.cpp | 2 ++ + src/qml/qml/qqmltypeloader.cpp | 15 ++++++++++++--- + src/qml/qml/qqmltypeloader_p.h | 1 + + 3 files changed, 15 insertions(+), 3 deletions(-) + +diff --git a/src/qml/qml/qqmlengine.cpp b/src/qml/qml/qqmlengine.cpp +index 17e5c55..46fc329 100644 +--- a/src/qml/qml/qqmlengine.cpp ++++ b/src/qml/qml/qqmlengine.cpp +@@ -904,6 +904,8 @@ QQmlEngine::~QQmlEngine() + if (d->isDebugging) + QQmlDebugServer::instance()->removeEngine(this); + ++ d->typeLoader.invalidate(); ++ + // Emit onDestruction signals for the root context before + // we destroy the contexts, engine, Singleton Types etc. that + // may be required to handle the destruction signal. +diff --git a/src/qml/qml/qqmltypeloader.cpp b/src/qml/qml/qqmltypeloader.cpp +index 1afc5bb..c5a4d65 100644 +--- a/src/qml/qml/qqmltypeloader.cpp ++++ b/src/qml/qml/qqmltypeloader.cpp +@@ -897,11 +897,20 @@ QQmlDataLoader::QQmlDataLoader(QQmlEngine *engine) + /*! \internal */ + QQmlDataLoader::~QQmlDataLoader() + { ++ invalidate(); ++} ++ ++void QQmlDataLoader::invalidate() ++{ + for (NetworkReplies::Iterator iter = m_networkReplies.begin(); iter != m_networkReplies.end(); ++iter) + (*iter)->release(); ++ m_networkReplies.clear(); + +- shutdownThread(); +- delete m_thread; ++ if (m_thread) { ++ shutdownThread(); ++ delete m_thread; ++ m_thread = 0; ++ } + } + + void QQmlDataLoader::lock() +@@ -1228,7 +1237,7 @@ void QQmlDataLoader::setCachedUnit(QQmlDataBlob *blob, const QQmlPrivate::Cached + + void QQmlDataLoader::shutdownThread() + { +- if (!m_thread->isShutdown()) ++ if (m_thread && !m_thread->isShutdown()) + m_thread->shutdown(); + } + +diff --git a/src/qml/qml/qqmltypeloader_p.h b/src/qml/qml/qqmltypeloader_p.h +index b09ac15..3d0b77e 100644 +--- a/src/qml/qml/qqmltypeloader_p.h ++++ b/src/qml/qml/qqmltypeloader_p.h +@@ -233,6 +233,7 @@ public: + + QQmlEngine *engine() const; + void initializeEngine(QQmlExtensionInterface *, const char *); ++ void invalidate(); + + protected: + void shutdownThread(); +-- +2.1.3 + === added file 'debian/patches/Fix-crashes-when-calling-Array.sort-with-imperfect-s.patch' --- debian/patches/Fix-crashes-when-calling-Array.sort-with-imperfect-s.patch 1970-01-01 00:00:00 +0000 +++ debian/patches/Fix-crashes-when-calling-Array.sort-with-imperfect-s.patch 2014-12-08 10:59:26 +0000 @@ -0,0 +1,155 @@ +From 210475565969ca5381174016b47cd32ddc96eaed Mon Sep 17 00:00:00 2001 +From: Lars Knoll <[email protected]> +Date: Thu, 12 Jun 2014 14:35:53 +0200 +Subject: [PATCH] Fix crashes when calling Array.sort with imperfect sort + functions + +We can't use std::sort to implement Array.sort. The reason is that +std::sort expects a conformant compare function, and can do weird +things (esp. crash) when the sort function isn't conformant. + +Falling back to qSort is not possible, as the method has been +deprecated. So add a copy of the qSort implementation here, and +use that one instead. + +Fix the sortint test in tst_qqmlecmascript to have a consistent +sort function for strings, as the result of calling sort is +otherwise undefined according to the ecma standard. + +Task-number: QTBUG-39072 +Change-Id: I0602b3aa1ffa4de5006da58396f166805cf4a5e2 +Reviewed-by: Robin Burchell <[email protected]> +Reviewed-by: Simon Hausmann <[email protected]> +--- + src/qml/jsruntime/qv4arraydata.cpp | 56 +++++++++++++++++++++- + tests/auto/qml/qjsengine/tst_qjsengine.cpp | 19 ++++++++ + .../auto/qml/qqmlecmascript/data/sequenceSort.qml | 2 +- + 3 files changed, 75 insertions(+), 2 deletions(-) + +diff --git a/src/qml/jsruntime/qv4arraydata.cpp b/src/qml/jsruntime/qv4arraydata.cpp +index 7d76a10..9627848 100644 +--- a/src/qml/jsruntime/qv4arraydata.cpp ++++ b/src/qml/jsruntime/qv4arraydata.cpp +@@ -674,6 +674,60 @@ bool ArrayElementLessThan::operator()(Value v1, Value v2) const + return p1s->toQString() < p2s->toQString(); + } + ++template <typename RandomAccessIterator, typename T, typename LessThan> ++void sortHelper(RandomAccessIterator start, RandomAccessIterator end, const T &t, LessThan lessThan) ++{ ++top: ++ int span = int(end - start); ++ if (span < 2) ++ return; ++ ++ --end; ++ RandomAccessIterator low = start, high = end - 1; ++ RandomAccessIterator pivot = start + span / 2; ++ ++ if (lessThan(*end, *start)) ++ qSwap(*end, *start); ++ if (span == 2) ++ return; ++ ++ if (lessThan(*pivot, *start)) ++ qSwap(*pivot, *start); ++ if (lessThan(*end, *pivot)) ++ qSwap(*end, *pivot); ++ if (span == 3) ++ return; ++ ++ qSwap(*pivot, *end); ++ ++ while (low < high) { ++ while (low < high && lessThan(*low, *end)) ++ ++low; ++ ++ while (high > low && lessThan(*end, *high)) ++ --high; ++ ++ if (low < high) { ++ qSwap(*low, *high); ++ ++low; ++ --high; ++ } else { ++ break; ++ } ++ } ++ ++ if (lessThan(*low, *end)) ++ ++low; ++ ++ qSwap(*end, *low); ++ sortHelper(start, low, t, lessThan); ++ ++ start = low + 1; ++ ++end; ++ goto top; ++} ++ ++ + void ArrayData::sort(ExecutionContext *context, ObjectRef thisObject, const ValueRef comparefn, uint len) + { + if (!len) +@@ -765,7 +819,7 @@ void ArrayData::sort(ExecutionContext *context, ObjectRef thisObject, const Valu + ArrayElementLessThan lessThan(context, thisObject, comparefn); + + Value *begin = thisObject->arrayData->data; +- std::sort(begin, begin + len, lessThan); ++ sortHelper(begin, begin + len, *begin, lessThan); + + #ifdef CHECK_SPARSE_ARRAYS + thisObject->initSparseArray(); +diff --git a/tests/auto/qml/qjsengine/tst_qjsengine.cpp b/tests/auto/qml/qjsengine/tst_qjsengine.cpp +index 51cd699..4b47e55 100644 +--- a/tests/auto/qml/qjsengine/tst_qjsengine.cpp ++++ b/tests/auto/qml/qjsengine/tst_qjsengine.cpp +@@ -135,6 +135,7 @@ private slots: + void reentrancy_objectCreation(); + void jsIncDecNonObjectProperty(); + void JSONparse(); ++ void arraySort(); + + void qRegExpInport_data(); + void qRegExpInport(); +@@ -2729,6 +2730,24 @@ void tst_QJSEngine::JSONparse() + QVERIFY(ret.isObject()); + } + ++void tst_QJSEngine::arraySort() ++{ ++ // tests that calling Array.sort with a bad sort function doesn't cause issues ++ // Using std::sort is e.g. not safe when used with a bad sort function and causes ++ // crashes ++ QJSEngine eng; ++ eng.evaluate("function crashMe() {" ++ " var data = [];" ++ " for (var i = 0; i < 50; i++) {" ++ " data[i] = 'whatever';" ++ " }" ++ " data.sort(function(a, b) {" ++ " return -1;" ++ " });" ++ "}" ++ "crashMe();"); ++} ++ + static QRegExp minimal(QRegExp r) { r.setMinimal(true); return r; } + + void tst_QJSEngine::qRegExpInport_data() +diff --git a/tests/auto/qml/qqmlecmascript/data/sequenceSort.qml b/tests/auto/qml/qqmlecmascript/data/sequenceSort.qml +index 5e2892a..b130408 100644 +--- a/tests/auto/qml/qqmlecmascript/data/sequenceSort.qml ++++ b/tests/auto/qml/qqmlecmascript/data/sequenceSort.qml +@@ -23,7 +23,7 @@ Item { + } + + function compareStrings(a, b) { +- return (a < b) ? 1 : -1; ++ return (a == b) ? 0 : ((a < b) ? 1 : -1); + } + + function compareNumbers(a, b) { +-- +2.1.3 + === modified file 'debian/patches/series' --- debian/patches/series 2014-09-23 09:59:27 +0000 +++ debian/patches/series 2014-12-08 10:59:26 +0000 @@ -4,3 +4,5 @@ aarch64.patch ppc64el.patch Support-RFC2822Date-date-format-similar-to-V8.patch +Avoid-race-condition-in-QQmlEngine-on-shutdown.patch +Fix-crashes-when-calling-Array.sort-with-imperfect-s.patch
-- kubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/kubuntu-devel
