Bug 2215312

Summary: [abrt] quiterss: JSC::StructureIDBlob::indexingType(): quiterss killed by SIGSEGV
Product: [Fedora] Fedora Reporter: vikiwiki <wrcadk>
Component: qt5-qtwebkitAssignee: Than Ngo <than>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 38CC: fedora, jgrulich, jreznik, kde-sig, patrick, rdieter, than, ti.eugene, wrcadk
Target Milestone: ---Flags: fedora: needinfo? (wrcadk)
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
URL: https://retrace.fedoraproject.org/faf/reports/bthash/5196c7d5baed07d9319ad7f76bd0732c99a84da
Whiteboard: abrt_hash:f02a7f04d0c82eeff61b862aee16a92879e0c8c4;VARIANT_ID=xfce;
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-04 22:51:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
File: exploitable
none
File: maps
none
File: limits
none
File: proc_pid_status
none
File: os_info
none
File: core_backtrace
none
File: open_fds
none
File: cpuinfo
none
File: environ
none
File: backtrace
none
File: mountinfo none

Description vikiwiki 2023-06-15 13:52:40 UTC 
Version-Release number of selected component:
quiterss-0.19.4-8.fc38

Additional info:
reporter:       libreport-2.17.10
package:        quiterss-0.19.4-8.fc38
dso_list:       /usr/bin/quiterss quiterss-0.19.4-8.fc38.x86_64 (Fedora Project) 1682357122
uid:            1000
executable:     /usr/bin/quiterss
type:           CCpp
rootdir:        /
cgroup:         0::/user.slice/user-1000.slice/user/app.slice/app-quiterss-605f917440954b8c91e58f4fb9952948.scope
cmdline:        /usr/bin/quiterss
crash_function: JSC::StructureIDBlob::indexingType
runlevel:       N 5
kernel:         6.3.7-200.fc38.x86_64
reason:         quiterss killed by SIGSEGV
backtrace_rating: 4
journald_cursor: s=6e9986fedb0c466480c0ca29be6066be;i=272b67;b=3086db8da8b3469c95dbc683f86195e1;m=62a218fdb;t=5fe2b23edc860;x=92107790ea8562ca

Truncated backtrace:
Thread no. 0 (48 frames)
 #0 JSC::StructureIDBlob::indexingType at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/runtime/StructureIDBlob.h:56
 #1 JSC::Structure::indexingType at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/runtime/Structure.h:233
 #2 JSC::IndexingHeader::preCapacity at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/runtime/IndexingHeaderInlines.h:37
 #3 JSC::Butterfly::createOrGrowPropertyStorage at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/runtime/ButterflyInlines.h:85
 #4 JSC::JSObject::growOutOfLineStorage at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/runtime/JSObject.cpp:2552
 #5 JSC::JSObject::setStructureAndReallocateStorageIfNecessary at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/runtime/JSObject.h:1371
 #7 JSC::JSObject::putDirectInternal<(JSC::JSObject::PutMode)0> at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/runtime/JSObject.h:1352
 #8 JSC::JSObject::putInline at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/runtime/JSObjectInlines.h:55
 #9 JSC::JSObject::put at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/runtime/JSObject.cpp:384
 #10 JSC::JSValue::put at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/runtime/JSCJSValueInlines.h:762
 #11 JSC::LLInt::llint_slow_path_put_by_val at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:753
 #12 llint_entry
 #15 vmEntryToJavaScript
 #16 JSC::JITCode::execute at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/jit/JITCode.cpp:80
 #17 JSC::Interpreter::execute at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/interpreter/Interpreter.cpp:971
 #18 JSC::evaluate at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/runtime/Completion.cpp:106
 #19 JSC::profiledEvaluate at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/JavaScriptCore/runtime/Completion.cpp:121
 #20 WebCore::JSMainThreadExecState::profiledEvaluate at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/WebCore/bindings/js/JSMainThreadExecState.h:80
 #21 WebCore::ScriptController::evaluateInWorld at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/WebCore/bindings/js/ScriptController.cpp:164
 #22 WebCore::ScriptController::evaluate at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/WebCore/bindings/js/ScriptController.cpp:180
 #23 WebCore::ScriptElement::executeScript at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/WebCore/dom/ScriptElement.cpp:320
 #24 WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/WebCore/html/parser/HTMLScriptRunner.cpp:144
 #25 WebCore::HTMLScriptRunner::executeParsingBlockingScript at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/WebCore/html/parser/HTMLScriptRunner.cpp:120
 #26 WebCore::HTMLScriptRunner::executeParsingBlockingScripts at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/WebCore/html/parser/HTMLScriptRunner.cpp:195
 #27 WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/WebCore/html/parser/HTMLScriptRunner.cpp:204
 #28 WebCore::HTMLDocumentParser::notifyFinished at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/WebCore/html/parser/HTMLDocumentParser.cpp:525
 #29 WebCore::CachedResource::checkNotify at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/WebCore/loader/cache/CachedResource.cpp:298
 #30 WebCore::SubresourceLoader::didFinishLoading at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/WebCore/loader/SubresourceLoader.cpp:428
 #31 WebCore::QNetworkReplyHandler::finish at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:550
 #32 WebCore::QNetworkReplyHandlerCallQueue::flush at /usr/src/debug/qt5-qtwebkit-5.212.0-0.75alpha4.fc38.x86_64/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:281
 #33 doActivate<false> at kernel/qobject.cpp:3935
 #34 QMetaObject::activate at kernel/qobject.cpp:3983
 #35 QNetworkReply::finished at .moc/moc_qnetworkreply.cpp:404
 #36 QNetworkReplyHttpImplPrivate::finished at access/qnetworkreplyhttpimpl.cpp:2280
 #37 QObject::event at kernel/qobject.cpp:1347
 #38 QApplicationPrivate::notify_helper at kernel/qapplication.cpp:3640
 #39 QCoreApplication::notifyInternal2 at kernel/qcoreapplication.cpp:1064
 #40 QCoreApplication::sendEvent at kernel/qcoreapplication.cpp:1462
 #41 QCoreApplicationPrivate::sendPostedEvents at kernel/qcoreapplication.cpp:1821
 #42 QCoreApplication::sendPostedEvents at kernel/qcoreapplication.cpp:1680
 #43 postEventSourceDispatch at kernel/qeventdispatcher_glib.cpp:277
 #46 g_main_context_iterate.isra.0 at ../glib/gmain.c:4276
 #47 g_main_context_iteration at ../glib/gmain.c:4343
 #48 QEventDispatcherGlib::processEvents at kernel/qeventdispatcher_glib.cpp:423
 #49 QEventLoop::exec at ../../include/QtCore/../../src/corelib/global/qflags.h:69
 #50 QCoreApplication::exec at ../../include/QtCore/../../src/corelib/global/qflags.h:121
 #51 QGuiApplication::exec at kernel/qguiapplication.cpp:1863
 #52 QApplication::exec at kernel/qapplication.cpp:2832
Comment 1 vikiwiki 2023-06-15 13:52:43 UTC 
Created attachment 1970995 [details]
File: exploitable
Comment 2 vikiwiki 2023-06-15 13:52:45 UTC 
Created attachment 1970996 [details]
File: maps
Comment 3 vikiwiki 2023-06-15 13:52:47 UTC 
Created attachment 1970997 [details]
File: limits
Comment 4 vikiwiki 2023-06-15 13:52:49 UTC 
Created attachment 1970998 [details]
File: proc_pid_status
Comment 5 vikiwiki 2023-06-15 13:52:50 UTC 
Created attachment 1970999 [details]
File: os_info
Comment 6 vikiwiki 2023-06-15 13:52:52 UTC 
Created attachment 1971000 [details]
File: core_backtrace
Comment 7 vikiwiki 2023-06-15 13:52:54 UTC 
Created attachment 1971001 [details]
File: open_fds
Comment 8 vikiwiki 2023-06-15 13:52:55 UTC 
Created attachment 1971002 [details]
File: cpuinfo
Comment 9 vikiwiki 2023-06-15 13:52:57 UTC 
Created attachment 1971003 [details]
File: environ
Comment 10 vikiwiki 2023-06-15 13:52:59 UTC 
Created attachment 1971004 [details]
File: backtrace
Comment 11 vikiwiki 2023-06-15 13:53:01 UTC 
Created attachment 1971005 [details]
File: mountinfo
Comment 12 Christian Stadelmann 2023-06-16 12:13:03 UTC 
This backtrace is very deep in Qt5's WebKit, so I'm assigning it to that package.

Anyway, qt5-qtwebkit seems to be barely maintained by upstream (see bug #1872819), lacking security updates for more than 2 years, so we should think about dropping this package completely for security reasons.
Comment 13 Eugene A. Pivnev 2023-08-04 22:51:36 UTC 
Maybe it's time to shut down this application.
Good idea, bad realization.
I'm sorry