38193 2010-04-27 04:31:29 -0700 [Qt] Segfault when unloading a plugin which creates a QScriptEngine 2014-02-03 03:16:25 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) PC All RESOLVED INVALID Qt, QtTriaged P2 Normal --- 1 kent.hansen webkit-unassigned cmarcelo hausmann rion4ik steveire oldest_to_newest 217655 0 kent.hansen 2010-04-27 04:31:29 -0700 Originated from http://bugreports.qt.nokia.com/browse/QTBUG-9622 There are two issues (that I know of) that's causing JavaScriptCore not to gracefully unload: - g_identifierTableSpecific in runtime/Identifier.cpp is never deleted. This is a problem on the Qt port, since we use QThreadStorage to implement ThreadSpecific. The QApplication destructor will attempt to destroy the data, but by this time the QtScript library has been unloaded, causing a crash. - The scavenger thread in wtf/FastMalloc.cpp is not shut down gracefully. The same happens when loading entire QtWebKit from a plugin, of course. 1) Is loading from a plugin a use case we want to support? If so; 2) What's needed to make it happen? We need a robust solution, not just work-arounds for the above two issues. In particular, loading -> unloading -> loading must be supported. It will also have implications for WebKit in general (e.g. people can't just go and add a global variable; they have to make sure it doesn't break loading/unloading). 217656 1 54410 kent.hansen 2010-04-27 04:35:32 -0700 Created attachment 54410 Testcase (Linux) Uncompress under JavaScriptCore/qt/tests, build qtscriptplugin/theplugin, and then qtscriptplugin. Segfaults due to the g_identifierTableSpecific issue. 217864 2 steveire 2010-04-27 12:54:24 -0700 The motivation for the original bug comes from Grantlee and the intention was to be able to have only a plugin depend on QtScript, and the core library depend only on QtCore. Diagram at the bottom of http://grantlee.org/apidox/using_and_deploying.html. I'd prefer that to remain (or become, it seems) possible and supported. I guess it would also be possible to link grantlee_core to libQtScript, but only if really necessary. I don't know if depending on libQtScript brings in a libQtWebkit or libQtGui dependency? Grantlee uses libQtScript to allow users to implement custom parsing and rendering of textual markup content. Disabling the use of the QtScript plugin is an easy way to prevent users from begin able to do those things in cases where it could cause security holes. All the best, Steve. 975122 3 jturcotte 2014-02-03 03:16:25 -0800 === Bulk closing of Qt bugs === If you believe that this bug report is still relevant for a non-Qt port of webkit.org, please re-open it and remove [Qt] from the summary. If you believe that this is still an important QtWebKit bug, please fill a new report at https://bugreports.qt-project.org and add a link to this issue. See http://qt-project.org/wiki/ReportingBugsInQt for additional guidelines. 54410 2010-04-27 04:35:32 -0700 2010-04-27 04:35:32 -0700 Testcase (Linux) qtscriptplugin.tar.gz application/gzip 1509 kent.hansen H4sIAPLF1ksAA+1ZbXPaRhD2Z/2KreMP4NhCYF5mcMlUxrJNS3gx8rT55DmkA64WkjidTJhO/nv3 dBIYx67TseO0iXaYEbrd29fbu0fSQkQOZ6EIvXjK/NLO1yADqVGryWu5UTPuXjPaKZeP6rVatdKo VnaMchUFdqD2Vby5R3EkCAfYuZkRP6L+o3JP8f+ntNiuv5jRl18J/6r+RgPrX8/r/0r0aP3X//SQ B8+zIQtcr1YfrX8N10ZW/1q1vmNUDHkB42VC/Gf6wetvW+8HXdO2IKEWeGysDd+bv1nXlwPTvjjt XOKgrpfu/lAG9va2pdJJ3c7Jk1OUjNbu984658ouvG2BWm0ackfy9tAbilGyNLULyzy1LkeQ+bhZ mjNt1L+6bFsP8Zww1Gzz8tyyYc3d21uILhtzwlc24VMqCmv5onZqjWzpfCaMbo/RIS1azceM+E34 S5MMpVO3Bv222e32fz/tdk9N22yV73Lb5sA86XQ79ocWCsGh3T7RPmnfutgP0Bf0/+y5Np7o/6MK 7vmq/48aDSPp/3Kjmvf/a1Bp/wVJS37QDsIVZ9OZgEK7CFhMA3rBDSPI4GHAiWCBD8R3SwEHJiKI 4nHEXIZNWThkNCrqUonpeZAoiYDTiPJb6upKuS+II5oPqCwsxCHzJ8EvvmTpTjAvph7ZMxbBhHkU 8BoSLiCYyK0CBI0E2meCZiNDAXYQeDdM6OnkvaF9fWKdd3q4c7Wt3shqds8H3T3J6gXowHxOucOI B1cRmdJtc470lvlolNNDTj1KIjnoUhk/zMkK/EDAmILLIsHZOBZpmB+COGHHKC823mPeHCfgLvEd CksmZmkUfB4lGtGey2QyIqkktU5dOVEK2tSZ+YEXTFcw4PSW0SV0mUNxYYM55ZTOqS8SC/OQ+Cvm T6WWxHxInBuMLsvJee8KujTCusA59SnH6Afx2GPOWt86GaaH7vlYoVvqrQ7uBCPDw8gxQhdi30VV m1jSYmzMJEYftnRLeSTLX9HLQNBTyY1mqHS8SpScYWAwCiZiSXji0VmA5tarEEgYUsIx2CxLiXdp rXVZa2Q4Xuyu8yiVqITIWYmvaVA6wEAVOU1voi/wvGCpDEwCPlemRSDVYAQxp/eC/ZJIOV3EjCcV S2q9ZNgwmM45xd6YCRE2S6XlcqlP/VgP+BRP4ERHVAo893B9401D7xDV6TMx97LidjAvrlpGBzKj BKKQJiucfnRoqMZV+02xqhGscLE6lMu1tp5JPKlKdTBmxZ5RmRTV0FgHcKk8eMabtakUYvslGbcy S1JLFndZLx/cr0VaLZxzbf3RtgZ2p9/TxUeh2J+v3M4kcXdGbiksYmx/2SyYzSnhriyRVCmb7m5V DxCcpJ2bbD6q9aW7RMBnm05q6cFfsplYvdNsK9lTwy9HJe0Nm2AzTcC+sAbdK7ltXWhvcAD3ga0x FFSZhJ+H/fGf1BHvNM3xSBTJYg2Ssx+aqp0cSEU0hYGG1/2TX622rWmK3VTYJ5tWSKVhH/dauaW0 wCgea5+O0SjFDWoCpdK2L9/6GPxh6QvwHwLp59l4Cv8dGeX1859RV89/5VqO/16DcvyX478c/+X4 L8d/3w/+W8M6gbsjLQ1HQq7udxvO7p2XO7ufT1hkvHdbIDF9HYf6kqvlowxFkTXsazYfRYBFBIjN DEQWsjEJJn1ski2NBYkUNW2I5Rz0L+1rBRIrmzd1BxugWcyR4zPpHv6bk5cAfPfoqff/R/XKBv8Z 8vtfrXqU479Xobv9fR4zbGeGEEAug4L8Q/jUOQBnhina38eb22L2BGiGIZ4i6SkahgUlmYgcKwnV ot2AyKPdSy6F3eSduvwcsNmComA3m5JtGoG6ttJpOiIoISFPIRO8Nkcj69IupII/qQdMyUpnxL78 k8lzKmLug3H833wJ/w3pXv9v3z7/019CT/W/UTvK+r/cqJex/xv1SiPv/9eg9fe/luxi7Q2CvzAW 689qb1uQHQl54+SUU045fU/0N0QOLg0AKAAA