[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
** Changed in: ubuntu-z-systems Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Fix Released Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: Fix Released Status in qtwebkit-opensource-src source package in Hirsute: Fix Released Status in qtwebkit-opensource-src source package in Impish: Fix Released Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
This bug was fixed in the package qtwebkit-opensource-src - 5.212.0~alpha4-12ubuntu0.21.10.1 --- qtwebkit-opensource-src (5.212.0~alpha4-12ubuntu0.21.10.1) impish; urgency=medium * d/p/webkit-javascript-s390x-segmentation-fault-fix.patch: WebKit Javascript big endian/s390x segmentation-fault fix (LP: #1951470) -- Frank Heimes Wed, 24 Nov 2021 16:58:52 +0100 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Fix Committed Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: Fix Released Status in qtwebkit-opensource-src source package in Hirsute: Fix Released Status in qtwebkit-opensource-src source package in Impish: Fix Released Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
This bug was fixed in the package qtwebkit-opensource-src - 5.212.0~alpha4-1ubuntu2.1 --- qtwebkit-opensource-src (5.212.0~alpha4-1ubuntu2.1) focal; urgency=medium * d/p/webkit-javascript-s390x-segmentation-fault-fix.patch: WebKit Javascript big endian/s390x segmentation-fault fix (LP: #1951470) -- Frank Heimes Thu, 25 Nov 2021 18:16:30 +0100 ** Changed in: qtwebkit-opensource-src (Ubuntu Focal) Status: Fix Committed => Fix Released ** Changed in: qtwebkit-opensource-src (Ubuntu Hirsute) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Fix Committed Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: Fix Released Status in qtwebkit-opensource-src source package in Hirsute: Fix Released Status in qtwebkit-opensource-src source package in Impish: Fix Released Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped)
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
This bug was fixed in the package qtwebkit-opensource-src - 5.212.0~alpha4-12ubuntu0.21.04.1 --- qtwebkit-opensource-src (5.212.0~alpha4-12ubuntu0.21.04.1) hirsute; urgency=medium * d/p/webkit-javascript-s390x-segmentation-fault-fix.patch: WebKit Javascript big endian/s390x segmentation-fault fix (LP: #1951470) -- Frank Heimes Thu, 25 Nov 2021 08:32:14 +0100 ** Changed in: qtwebkit-opensource-src (Ubuntu Impish) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Fix Committed Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: Fix Released Status in qtwebkit-opensource-src source package in Hirsute: Fix Released Status in qtwebkit-opensource-src source package in Impish: Fix Released Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
--- Comment From boris.m...@de.ibm.com 2021-12-01 10:03 EDT--- The bug was fixed in Focal, Impish and Hirsute. Thanks for everybody contributing to fix and verify. IBM Bugzilla status change: -> CLOSED ** Tags removed: targetmilestone-inin--- ** Tags added: targetmilestone-inin2004 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Fix Committed Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: Fix Committed Status in qtwebkit-opensource-src source package in Hirsute: Fix Committed Status in qtwebkit-opensource-src source package in Impish: Fix Committed Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
successfully verified on focal: ubuntu@hwe0009:~$ lsb_release -cs focal ubuntu@hwe0009:~$ sudo apt-cache policy libqt5webkit5 libqt5webkit5: Installed: (none) Candidate: 5.212.0~alpha4-1ubuntu2.1 Version table: 5.212.0~alpha4-1ubuntu2.1 500 500 http://us.ports.ubuntu.com/ubuntu-ports focal-proposed/universe s390x Packages 5.212.0~alpha4-1ubuntu2 500 500 http://ports.ubuntu.com/ubuntu-ports focal/universe s390x Packages ubuntu@hwe0009:~$ sudo apt install libqt5webkit5 wkhtmltopdf Reading package lists... Done Building dependency tree Reading state information... Done The following NEW packages will be installed: libqt5webkit5 wkhtmltopdf 0 upgraded, 2 newly installed, 0 to remove and 35 not upgraded. Need to get 9,598 kB of archives. After this operation, 46.9 MB of additional disk space will be used. Get:1 http://us.ports.ubuntu.com/ubuntu-ports focal-proposed/universe s390x libqt5webkit5 s390x 5.212.0~alpha4-1ubuntu2.1 [9,418 kB] Get:2 http://ports.ubuntu.com/ubuntu-ports focal/universe s390x wkhtmltopdf s390x 0.12.5-1build1 [180 kB] Fetched 9,598 kB in 1s (8,420 kB/s) Selecting previously unselected package libqt5webkit5:s390x. (Reading database ... 98815 files and directories currently installed.) Preparing to unpack .../libqt5webkit5_5.212.0~alpha4-1ubuntu2.1_s390x.deb ... Unpacking libqt5webkit5:s390x (5.212.0~alpha4-1ubuntu2.1) ... Selecting previously unselected package wkhtmltopdf. Preparing to unpack .../wkhtmltopdf_0.12.5-1build1_s390x.deb ... Unpacking wkhtmltopdf (0.12.5-1build1) ... Setting up libqt5webkit5:s390x (5.212.0~alpha4-1ubuntu2.1) ... Setting up wkhtmltopdf (0.12.5-1build1) ... Processing triggers for man-db (2.9.1-1) ... Processing triggers for libc-bin (2.31-0ubuntu9.2) ... ubuntu@hwe0009:~$ sudo apt-cache policy libqt5webkit5 libqt5webkit5: Installed: 5.212.0~alpha4-1ubuntu2.1 Candidate: 5.212.0~alpha4-1ubuntu2.1 Version table: *** 5.212.0~alpha4-1ubuntu2.1 500 500 http://us.ports.ubuntu.com/ubuntu-ports focal-proposed/universe s390x Packages 100 /var/lib/dpkg/status 5.212.0~alpha4-1ubuntu2 500 500 http://ports.ubuntu.com/ubuntu-ports focal/universe s390x Packages ubuntu@hwe0009:~$ wkhtmltopdf --enable-local-file-access index.html test.pdf Loading page (1/2) Printing pages (2/2) Done ubuntu@hwe0009:~$ ls -l ./test.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 30 20:33 ./test.pdf ubuntu@hwe0009:~$ ** Tags removed: verification-needed verification-needed-focal ** Tags added: verification-done verification-done-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Fix Committed Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: Fix Committed Status in qtwebkit-opensource-src source package in Hirsute: Fix Committed Status in qtwebkit-opensource-src source package in Impish: Fix Committed Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
successfully verified on hirsute: ubuntu@hwe0007:~$ lsb_release -cs hirsute ubuntu@hwe0007:~$ sudo apt-cache policy libqt5webkit5 libqt5webkit5: Installed: (none) Candidate: 5.212.0~alpha4-12ubuntu0.21.04.1 Version table: 5.212.0~alpha4-12ubuntu0.21.04.1 500 500 http://us.ports.ubuntu.com/ubuntu-ports hirsute-proposed/universe s390x Packages 5.212.0~alpha4-12 500 500 http://ports.ubuntu.com/ubuntu-ports hirsute/universe s390x Packages ubuntu@hwe0007:~$ sudo apt install libqt5webkit5 wkhtmltopdf Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: libqt5webkit5 wkhtmltopdf 0 upgraded, 2 newly installed, 0 to remove and 11 not upgraded. Need to get 10.4 MB of archives. After this operation, 48.5 MB of additional disk space will be used. Get:1 http://us.ports.ubuntu.com/ubuntu-ports hirsute-proposed/universe s390x libqt5webkit5 s390x 5.212.0~alpha4-12ubuntu0.21.04.1 [10.2 MB] Get:2 http://ports.ubuntu.com/ubuntu-ports hirsute/universe s390x wkhtmltopdf s390x 0.12.6-1 [168 kB] Fetched 10.4 MB in 0s (24.4 MB/s) Selecting previously unselected package libqt5webkit5:s390x. (Reading database ... 101740 files and directories currently installed.) Preparing to unpack .../libqt5webkit5_5.212.0~alpha4-12ubuntu0.21.04.1_s390x.deb ... Unpacking libqt5webkit5:s390x (5.212.0~alpha4-12ubuntu0.21.04.1) ... Selecting previously unselected package wkhtmltopdf. Preparing to unpack .../wkhtmltopdf_0.12.6-1_s390x.deb ... Unpacking wkhtmltopdf (0.12.6-1) ... Setting up libqt5webkit5:s390x (5.212.0~alpha4-12ubuntu0.21.04.1) ... Setting up wkhtmltopdf (0.12.6-1) ... Processing triggers for man-db (2.9.4-2) ... Processing triggers for libc-bin (2.33-0ubuntu5) ... Scanning processes... Scanning candidates... Scanning linux images... Restarting services... systemctl restart packagekit.service No containers need to be restarted. No user sessions are running outdated binaries. ubuntu@hwe0007:~$ sudo apt-cache policy libqt5webkit5 libqt5webkit5: Installed: 5.212.0~alpha4-12ubuntu0.21.04.1 Candidate: 5.212.0~alpha4-12ubuntu0.21.04.1 Version table: *** 5.212.0~alpha4-12ubuntu0.21.04.1 500 500 http://us.ports.ubuntu.com/ubuntu-ports hirsute-proposed/universe s390x Packages 100 /var/lib/dpkg/status 5.212.0~alpha4-12 500 500 http://ports.ubuntu.com/ubuntu-ports hirsute/universe s390x Packages ubuntu@hwe0007:~$ wkhtmltopdf --enable-local-file-access index.html test.pdf Loading page (1/2) Printing pages (2/2) Done ubuntu@hwe0007:~$ ls -l ./test.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 30 20:33 ./test.pdf ubuntu@hwe0007:~$ ** Tags removed: verification-needed-hirsute ** Tags added: verification-done-hirsute -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Fix Committed Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: Fix Committed Status in qtwebkit-opensource-src source package in Hirsute: Fix Committed Status in qtwebkit-opensource-src source package in Impish: Fix Committed Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
successfully verified on impish: ubuntu@s1lp11:~$ lsb_release -cs impish ubuntu@s1lp11:~$ sudo apt-cache policy libqt5webkit5 libqt5webkit5: Installed: (none) Candidate: 5.212.0~alpha4-12ubuntu0.21.10.1 Version table: 5.212.0~alpha4-12ubuntu0.21.10.1 500 500 http://us.ports.ubuntu.com/ubuntu-ports impish-proposed/universe s390x Packages 5.212.0~alpha4-12 500 500 http://ports.ubuntu.com/ubuntu-ports impish/universe s390x Packages ubuntu@s1lp11:~$ sudo apt install libqt5webkit5 wkhtmltopdf Reading package lists... Done Building dependency tree... Done Reading state information... Done The following NEW packages will be installed: libqt5webkit5 wkhtmltopdf 0 upgraded, 2 newly installed, 0 to remove and 13 not upgraded. Need to get 10.7 MB of archives. After this operation, 44.1 MB of additional disk space will be used. Get:1 http://us.ports.ubuntu.com/ubuntu-ports impish-proposed/universe s390x libqt5webkit5 s390x 5.212.0~alpha4-12ubuntu0.21.10.1 [10.5 MB] Get:2 http://ports.ubuntu.com/ubuntu-ports impish/universe s390x wkhtmltopdf s390x 0.12.6-1 [168 kB] Fetched 10.7 MB in 1s (20.7 MB/s) Selecting previously unselected package libqt5webkit5:s390x. (Reading database ... 98404 files and directories currently installed.) Preparing to unpack .../libqt5webkit5_5.212.0~alpha4-12ubuntu0.21.10.1_s390x.deb ... Unpacking libqt5webkit5:s390x (5.212.0~alpha4-12ubuntu0.21.10.1) ... Selecting previously unselected package wkhtmltopdf. Preparing to unpack .../wkhtmltopdf_0.12.6-1_s390x.deb ... Unpacking wkhtmltopdf (0.12.6-1) ... Setting up libqt5webkit5:s390x (5.212.0~alpha4-12ubuntu0.21.10.1) ... Setting up wkhtmltopdf (0.12.6-1) ... Processing triggers for man-db (2.9.4-2) ... Processing triggers for libc-bin (2.34-0ubuntu3) ... Scanning processes... Scanning processor microcode... Scanning linux images... Failed to check for processor microcode upgrades. No services need to be restarted. No containers need to be restarted. No user sessions are running outdated binaries. ubuntu@s1lp11:~$ sudo apt-cache policy libqt5webkit5 libqt5webkit5: Installed: 5.212.0~alpha4-12ubuntu0.21.10.1 Candidate: 5.212.0~alpha4-12ubuntu0.21.10.1 Version table: *** 5.212.0~alpha4-12ubuntu0.21.10.1 500 500 http://us.ports.ubuntu.com/ubuntu-ports impish-proposed/universe s390x Packages 100 /var/lib/dpkg/status 5.212.0~alpha4-12 500 500 http://ports.ubuntu.com/ubuntu-ports impish/universe s390x Packages ubuntu@s1lp11:~$ wkhtmltopdf --enable-local-file-access index.html test.pdf Loading page (1/2) Printing pages (2/2) Done ubuntu@s1lp11:~$ ls -l ./test.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 30 20:30 ./test.pdf ubuntu@s1lp11:~$ ** Tags removed: verification-needed-impish ** Tags added: verification-done-impish -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Fix Committed Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: Fix Committed Status in qtwebkit-opensource-src source package in Hirsute: Fix Committed Status in qtwebkit-opensource-src source package in Impish: Fix Committed Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped)
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
Looks like the builds are still ongoing - since they didn't arrived yet in -proposed. will re-check tomorrow ... -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Fix Committed Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: Fix Committed Status in qtwebkit-opensource-src source package in Hirsute: Fix Committed Status in qtwebkit-opensource-src source package in Impish: Fix Committed Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
** Changed in: ubuntu-z-systems Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Fix Committed Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: Fix Committed Status in qtwebkit-opensource-src source package in Hirsute: Fix Committed Status in qtwebkit-opensource-src source package in Impish: Fix Committed Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
Hello bugproxy, or anyone else affected, Accepted qtwebkit-opensource-src into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/qtwebkit-opensource- src/5.212.0~alpha4-1ubuntu2.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-focal. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: qtwebkit-opensource-src (Ubuntu Focal) Status: In Progress => Fix Committed ** Tags added: verification-needed-focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: Fix Committed Status in qtwebkit-opensource-src source package in Hirsute: Fix Committed Status in qtwebkit-opensource-src source package in Impish: Fix Committed Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top:
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
Hello bugproxy, or anyone else affected, Accepted qtwebkit-opensource-src into impish-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/qtwebkit-opensource- src/5.212.0~alpha4-12ubuntu0.21.10.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed- impish to verification-done-impish. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification- failed-impish. In either case, without details of your testing we will not be able to proceed. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping! N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days. ** Changed in: qtwebkit-opensource-src (Ubuntu Impish) Status: In Progress => Fix Committed ** Tags added: verification-needed verification-needed-impish ** Changed in: qtwebkit-opensource-src (Ubuntu Hirsute) Status: In Progress => Fix Committed ** Tags added: verification-needed-hirsute -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: Fix Committed Status in qtwebkit-opensource-src source package in Hirsute: Fix Committed Status in qtwebkit-opensource-src source package in Impish: Fix Committed Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. *
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
Many thx, Dmitry! -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: In Progress Status in qtwebkit-opensource-src source package in Hirsute: In Progress Status in qtwebkit-opensource-src source package in Impish: In Progress Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64 bit) value: 2141: instructions[i + 6].u.pointer =
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
I have uploaded Focal, Impish and Hirsute debdiffs, they are now waiting for approval in review queues. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: In Progress Status in qtwebkit-opensource-src source package in Hirsute: In Progress Status in qtwebkit-opensource-src source package in Impish: In Progress Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
This bug was fixed in the package qtwebkit-opensource-src - 5.212.0~alpha4-14 --- qtwebkit-opensource-src (5.212.0~alpha4-14) unstable; urgency=medium * debian/patches/jscore_big_endian.diff: Fix segmentation fault on s390x and potentially other 64-bit big endian systems (LP: #1951470). Thanks Andreas Krebbel for the patch and Frank Heimes for the initial debdiff! * Update debian/source/lintian-overrides for Lintian 2.109. -- Dmitry Shachnev Wed, 24 Nov 2021 22:27:08 +0300 ** Changed in: qtwebkit-opensource-src (Ubuntu Jammy) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: Fix Released Status in qtwebkit-opensource-src source package in Focal: In Progress Status in qtwebkit-opensource-src source package in Hirsute: In Progress Status in qtwebkit-opensource-src source package in Impish: In Progress Status in qtwebkit-opensource-src source package in Jammy: Fix Released Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
** Changed in: ubuntu-z-systems Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: Fix Committed Status in qtwebkit-opensource-src source package in Focal: In Progress Status in qtwebkit-opensource-src source package in Hirsute: In Progress Status in qtwebkit-opensource-src source package in Impish: In Progress Status in qtwebkit-opensource-src source package in Jammy: Fix Committed Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
** Changed in: qtwebkit-opensource-src (Ubuntu Focal) Status: New => In Progress ** Tags added: focal -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: Fix Committed Status in qtwebkit-opensource-src source package in Focal: In Progress Status in qtwebkit-opensource-src source package in Hirsute: In Progress Status in qtwebkit-opensource-src source package in Impish: In Progress Status in qtwebkit-opensource-src source package in Jammy: Fix Committed Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
qtwebkit debdiff (focal) ** Patch added: "qtwebkit debdiff (focal)" https://bugs.launchpad.net/ubuntu/+source/qtwebkit-opensource-src/+bug/1951470/+attachment/5543391/+files/debdiff-qtwebkit-lp1951470-focal.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: Fix Committed Status in qtwebkit-opensource-src source package in Focal: In Progress Status in qtwebkit-opensource-src source package in Hirsute: In Progress Status in qtwebkit-opensource-src source package in Impish: In Progress Status in qtwebkit-opensource-src source package in Jammy: Fix Committed Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
** Merge proposal linked: https://code.launchpad.net/~fheimes/ubuntu/+source/qtwebkit-opensource-src/+git/qtwebkit-opensource-src/+merge/412408 ** Merge proposal linked: https://code.launchpad.net/~fheimes/ubuntu/+source/qtwebkit-opensource-src/+git/qtwebkit-opensource-src/+merge/412410 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: Fix Committed Status in qtwebkit-opensource-src source package in Focal: New Status in qtwebkit-opensource-src source package in Hirsute: In Progress Status in qtwebkit-opensource-src source package in Impish: In Progress Status in qtwebkit-opensource-src source package in Jammy: Fix Committed Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
Thanks to Dmitry Shachnev, who picked the endianness patch for Debian, and a new and fixed version got was now synched over to Ubuntu jammy: 5.212.0~alpha4-14 qtwebkit-opensource-src (5.212.0~alpha4-14) unstable; urgency=medium * debian/patches/jscore_big_endian.diff: Fix segmentation fault on s390x and potentially other 64-bit big endian systems (LP: #1951470). Thanks Andreas Krebbel for the patch and Frank Heimes for the initial debdiff! * Update debian/source/lintian-overrides for Lintian 2.109. -- Dmitry Shachnev Wed, 24 Nov 2021 22:27:08 +0300 It's currently in jammy proposed: qtwebkit-opensource-src | 5.212.0~alpha4-13 | jammy/universe | source qtwebkit-opensource-src | 5.212.0~alpha4-14 | jammy-proposed/universe | source With that I delete my MP for jammy (since it's no longer needed) and set the affected jammy entry to Fix Committed. ** Tags removed: jammy ** Tags added: hirsute ** Changed in: qtwebkit-opensource-src (Ubuntu Jammy) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: Fix Committed Status in qtwebkit-opensource-src source package in Focal: New Status in qtwebkit-opensource-src source package in Hirsute: In Progress Status in qtwebkit-opensource-src source package in Impish: In Progress Status in qtwebkit-opensource-src source package in Jammy: Fix Committed Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
qtwebkit debdiff (hirsute) ** Patch added: "qtwebkit debdiff (hirsute)" https://bugs.launchpad.net/ubuntu/+source/qtwebkit-opensource-src/+bug/1951470/+attachment/5543299/+files/debdiff-qtwebkit-lp1951470-hirsute.patch ** Changed in: qtwebkit-opensource-src (Ubuntu Hirsute) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: In Progress Status in qtwebkit-opensource-src source package in Focal: New Status in qtwebkit-opensource-src source package in Hirsute: In Progress Status in qtwebkit-opensource-src source package in Impish: In Progress Status in qtwebkit-opensource-src source package in Jammy: In Progress Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
** Merge proposal linked: https://code.launchpad.net/~fheimes/ubuntu/+source/qtwebkit-opensource-src/+git/qtwebkit-opensource-src/+merge/412383 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: In Progress Status in qtwebkit-opensource-src source package in Focal: New Status in qtwebkit-opensource-src source package in Hirsute: New Status in qtwebkit-opensource-src source package in Impish: In Progress Status in qtwebkit-opensource-src source package in Jammy: In Progress Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
** Tags added: impish ** Changed in: qtwebkit-opensource-src (Ubuntu Impish) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: In Progress Status in qtwebkit-opensource-src source package in Focal: New Status in qtwebkit-opensource-src source package in Hirsute: New Status in qtwebkit-opensource-src source package in Impish: In Progress Status in qtwebkit-opensource-src source package in Jammy: In Progress Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
qtwebkit debdiff (impish) ** Patch added: "qtwebkit debdiff (impish)" https://bugs.launchpad.net/ubuntu/+source/qtwebkit-opensource-src/+bug/1951470/+attachment/5543117/+files/debdiff-qtwebkit-lp1951470-impish.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: In Progress Status in qtwebkit-opensource-src source package in Focal: New Status in qtwebkit-opensource-src source package in Hirsute: New Status in qtwebkit-opensource-src source package in Impish: New Status in qtwebkit-opensource-src source package in Jammy: In Progress Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
** Merge proposal linked: https://code.launchpad.net/~fheimes/ubuntu/+source/qtwebkit-opensource-src/+git/qtwebkit-opensource-src/+merge/412357 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: In Progress Status in qtwebkit-opensource-src source package in Focal: New Status in qtwebkit-opensource-src source package in Hirsute: New Status in qtwebkit-opensource-src source package in Impish: New Status in qtwebkit-opensource-src source package in Jammy: In Progress Bug description: SRU Justification: [Impact] * WebKit Javascript engine is causing a segmentation fault on big endian (s390x) systems. * This happens for example when transferring an html to a pdf file using wkhtmltopdf. * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction in macro getProperty(slow), which solves this unpleasant situation. * The JIT ocde is 32bit (even on 64bit systems), hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. [Test Plan] * Testing is very straight forward by following these steps: * install the following packages (incl. their dependencies): $ sudo apt install libqt5webkit5 wkhtmltopdf * create an html file like this: $ vi index.html $ cat index.html * create a JavaScript file like this: $ vi min.js $ cat min.js var i = Math.max * call wkhtmltopdf to process the local files: $ wkhtmltopdf --enable-local-file-access index.html test.pdf * if it's broken one gets this output: Loading page (1/2) Segmentation fault (core dumped) ] 50% and no pdf file was generated: $ ls *.pdf ls: cannot access '*.pdf': No such file or directory * in case it's fixed one gets this output: Loading page (1/2) Printing pages (2/2) Done and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): $ ls -l ./*.pdf -rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf [Where problems could occur] * While this issue only affects big endian systems (like s390x), a bad fix may have an impact on little endian systems, too for example in case the wrong function got used in the macro. * But loadpFromInstruction is known to work for LE and BE systems; * and on top cross-architecture builds were done: https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 * and tested on s390x (if the fix works) and on non-s390x (regression testing). * The changes are otherwise very limited, just: macro getProperty(slow) -loadisFromInstruction(6, t1) +loadpFromInstruction(6, t1) hence I think there is not much more to say. [Other Info] * The maintainer of the Debian packages (Dmitry Shachnev) is going to add this to the Debian package, too. * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are ongoing. * The issue does not occur with the very latest upstream version anymore, and was fixed in a similar way as part of a commit that fixes numerous other CLoop issues on top: "Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." commit 3fdde71c7d95d758a61fcbc4c58168616794c102 __ == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
** Description changed: + SRU Justification: + + [Impact] + + * WebKit Javascript engine is causing a segmentation fault on big + endian (s390x) systems. + + * This happens for example when transferring an html to a pdf file + using wkhtmltopdf. + + * The fix is relatively simple with changing loadisFromInstruction to loadpFromInstruction +in macro getProperty(slow), which solves this unpleasant situation. + + * The JIT ocde is 32bit (even on 64bit systems), +hence is crucial to make sure the lower part of a 64bit value is taken on big endian systems. + + [Test Plan] + + * Testing is very straight forward by following these steps: + + * install the following packages (incl. their dependencies): +$ sudo apt install libqt5webkit5 wkhtmltopdf + + * create an html file like this: +$ vi index.html +$ cat index.html + + + + + + + + + + + * create a JavaScript file like this: +$ vi min.js +$ cat min.js +var i = Math.max + + * call wkhtmltopdf to process the local files: +$ wkhtmltopdf --enable-local-file-access index.html test.pdf + + * if it's broken one gets this output: +Loading page (1/2) +Segmentation fault (core dumped) ] 50% +and no pdf file was generated: +$ ls *.pdf +ls: cannot access '*.pdf': No such file or directory + + * in case it's fixed one gets this output: +Loading page (1/2) +Printing pages (2/2) +Done +and a pdf file was generated and in placed in the current directory (with more than 0 bytes size): +$ ls -l ./*.pdf +-rw-rw-r-- 1 ubuntu ubuntu 1339 Nov 24 11:48 ./test.pdf + + [Where problems could occur] + + * While this issue only affects big endian systems (like s390x), +a bad fix may have an impact on little endian systems, too +for example in case the wrong function got used in the macro. + + * But loadpFromInstruction is known to work for LE and BE systems; + + * and on top cross-architecture builds were done: +https://launchpad.net/~fheimes/+archive/ubuntu/lp1951470 + + * and tested on s390x (if the fix works) and on non-s390x (regression + testing). + + * The changes are otherwise very limited, just: +macro getProperty(slow) +-loadisFromInstruction(6, t1) ++loadpFromInstruction(6, t1) +hence I think there is not much more to say. + + [Other Info] + + * The maintainer of the Debian packages (Dmitry Shachnev) +is going to add this to the Debian package, too. + + * This issue affects Ubuntu jammy, impish, hirsute and focal - SRUs are + ongoing. + + * The issue does not occur with the very latest upstream version anymore, +and was fixed in a similar way as part of a commit +that fixes numerous other CLoop issues on top: +"Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change)." +commit 3fdde71c7d95d758a61fcbc4c58168616794c102 + + __ + == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine - - Contact Information = andreas.kreb...@de.ibm.com - + + Contact Information = andreas.kreb...@de.ibm.com + ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux - - Machine Type = IBM Z - + + Machine Type = IBM Z + ---Debugger--- A debugger is not configured - + ---Steps to Reproduce--- - index.html: + index.html: - - + + - - - + + + min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% - - Userspace tool common name: wkhtmltopdf - - The userspace tool has the following bit modes: 64 + + Userspace tool common name: wkhtmltopdf + + The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 - Userspace tool obtained from project website: na - + Userspace tool obtained from project website: na + *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64 bit) value: 2141: instructions[i + 6].u.pointer = reinterpret_cast(op.operand); while the same slot is accessed later by the jitted code as 32 bit integer: macro getProperty(slow) - loadisFromInstruction(6, t1) + loadisFromInstruction(6, t1) This fails on big endian targets since the integer access takes the higher part
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
** Also affects: qtwebkit-opensource-src (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: qtwebkit-opensource-src (Ubuntu Hirsute) Importance: Undecided Status: New ** Also affects: qtwebkit-opensource-src (Ubuntu Impish) Importance: Undecided Status: New ** Also affects: qtwebkit-opensource-src (Ubuntu Jammy) Importance: Undecided Assignee: Skipper Bug Screeners (skipper-screen-team) Status: Confirmed ** Changed in: qtwebkit-opensource-src (Ubuntu Jammy) Status: Confirmed => In Progress ** Changed in: ubuntu-z-systems Status: Confirmed => In Progress ** Tags added: jammy -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: In Progress Status in qtwebkit-opensource-src package in Ubuntu: In Progress Status in qtwebkit-opensource-src source package in Focal: New Status in qtwebkit-opensource-src source package in Hirsute: New Status in qtwebkit-opensource-src source package in Impish: New Status in qtwebkit-opensource-src source package in Jammy: In Progress Bug description: == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64 bit) value: 2141: instructions[i + 6].u.pointer = reinterpret_cast(op.operand); while the same slot is accessed later by the jitted code as 32 bit integer: macro getProperty(slow) loadisFromInstruction(6, t1) This fails on big endian targets since the integer access takes the higher part of the 64 bit value. Changing: macro getProperty(slow) loadisFromInstruction(6, t1) to macro getProperty(slow) loadpFromInstruction(6, t1) in llint/LowLevelInterpreter64.asm fixes the problem for me. I could not reproduce the problem on Ubuntu 20.10. In upstream webkit the problem got fixed as a side effect of a larger change but in the end quite similar to the change I'm proposing. The value resides somewhere else now but it is accessed as 64 bit value in getProperty: macro getProperty() loadp OpGetFromScope::Metadata::m_operand[t5], t1 If you have the jsc binary from the webkit package available the problem can be reproduced with just 'jsc -e "i=Math.min"' == Comment: #2 - Andreas Krebbel - 2021-11-15 09:49:55 == To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1951470/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
The attachment "qtwebkit debdiff (jammy)" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Confirmed Status in qtwebkit-opensource-src package in Ubuntu: Confirmed Bug description: == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64 bit) value: 2141: instructions[i + 6].u.pointer = reinterpret_cast(op.operand); while the same slot is accessed later by the jitted code as 32 bit integer: macro getProperty(slow) loadisFromInstruction(6, t1) This fails on big endian targets since the integer access takes the higher part of the 64 bit value. Changing: macro getProperty(slow) loadisFromInstruction(6, t1) to macro getProperty(slow) loadpFromInstruction(6, t1) in llint/LowLevelInterpreter64.asm fixes the problem for me. I could not reproduce the problem on Ubuntu 20.10. In upstream webkit the problem got fixed as a side effect of a larger change but in the end quite similar to the change I'm proposing. The value resides somewhere else now but it is accessed as 64 bit value in getProperty: macro getProperty() loadp OpGetFromScope::Metadata::m_operand[t5], t1 If you have the jsc binary from the webkit package available the problem can be reproduced with just 'jsc -e "i=Math.min"' == Comment: #2 - Andreas Krebbel - 2021-11-15 09:49:55 == To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1951470/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
qtwebkit debdiff (jammy) ** Patch added: "qtwebkit debdiff (jammy)" https://bugs.launchpad.net/ubuntu/+source/qtwebkit-opensource-src/+bug/1951470/+attachment/5542873/+files/debdiff-qtwebkit-lp1951470-jammy.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Confirmed Status in qtwebkit-opensource-src package in Ubuntu: Confirmed Bug description: == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64 bit) value: 2141: instructions[i + 6].u.pointer = reinterpret_cast(op.operand); while the same slot is accessed later by the jitted code as 32 bit integer: macro getProperty(slow) loadisFromInstruction(6, t1) This fails on big endian targets since the integer access takes the higher part of the 64 bit value. Changing: macro getProperty(slow) loadisFromInstruction(6, t1) to macro getProperty(slow) loadpFromInstruction(6, t1) in llint/LowLevelInterpreter64.asm fixes the problem for me. I could not reproduce the problem on Ubuntu 20.10. In upstream webkit the problem got fixed as a side effect of a larger change but in the end quite similar to the change I'm proposing. The value resides somewhere else now but it is accessed as 64 bit value in getProperty: macro getProperty() loadp OpGetFromScope::Metadata::m_operand[t5], t1 If you have the jsc binary from the webkit package available the problem can be reproduced with just 'jsc -e "i=Math.min"' == Comment: #2 - Andreas Krebbel - 2021-11-15 09:49:55 == To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1951470/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
** Merge proposal linked: https://code.launchpad.net/~fheimes/ubuntu/+source/qtwebkit-opensource-src/+git/qtwebkit-opensource-src/+merge/412305 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Confirmed Status in qtwebkit-opensource-src package in Ubuntu: Confirmed Bug description: == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64 bit) value: 2141: instructions[i + 6].u.pointer = reinterpret_cast(op.operand); while the same slot is accessed later by the jitted code as 32 bit integer: macro getProperty(slow) loadisFromInstruction(6, t1) This fails on big endian targets since the integer access takes the higher part of the 64 bit value. Changing: macro getProperty(slow) loadisFromInstruction(6, t1) to macro getProperty(slow) loadpFromInstruction(6, t1) in llint/LowLevelInterpreter64.asm fixes the problem for me. I could not reproduce the problem on Ubuntu 20.10. In upstream webkit the problem got fixed as a side effect of a larger change but in the end quite similar to the change I'm proposing. The value resides somewhere else now but it is accessed as 64 bit value in getProperty: macro getProperty() loadp OpGetFromScope::Metadata::m_operand[t5], t1 If you have the jsc binary from the webkit package available the problem can be reproduced with just 'jsc -e "i=Math.min"' == Comment: #2 - Andreas Krebbel - 2021-11-15 09:49:55 == To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1951470/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
--- Comment From andreas.kreb...@de.ibm.com 2021-11-22 02:30 EDT--- (In reply to comment #10) > This does not look like an Ubuntu system. Linux kernel has wrong version: > "Linux 193438490afd 5.8.15-301.fc33.s390x". Are you sure you are testing it > on Ubuntu image? I just mechanically copied the uname -a output there forgetting that I was working in a container. Hence the output is bogus, please ignore. But as mentioned already the issue is not kernel related anyway. --- Comment From andreas.kreb...@de.ibm.com 2021-11-22 02:37 EDT--- (In reply to comment #13) ... > @Andreas Is your proposed fix known to be save for other platform (LE), too? Yes, the fix should be safe for LE platforms as well. Before that change it just accidentally worked on LE. But this would need to be tested of course. > And can you point me to the upstream issue where this got fixed? It looks like it got fixed as part of a commit which fixes numerous other CLoop issues: commit 3fdde71c7d95d758a61fcbc4c58168616794c102 Author: Mark Lam Date: Mon Jan 14 21:34:47 2019 + Fix all CLoop JSC test failures (including some LLInt bugs due to recent bytecode format change). https://bugs.webkit.org/show_bug.cgi?id=193402 Reviewed by Keith Miller. There you can find a similar change as in my proposed patch. However, it is based on a commit which changed how these data are stored. So it might not be obvious to backport it. On the other hand it looks like it contains more fixes which we might want to have as well. llintOpWithMetadata(op_get_from_scope, OpGetFromScope, macro (size, get, dispatch, metadata, return) macro getProperty() -loadis OpGetFromScope::Metadata::operand[t5], t3 +loadp OpGetFromScope::Metadata::operand[t5], t3 loadPropertyAtVariableOffset(t3, t0, t1, t2) valueProfile(OpGetFromScope, t5, t1, t2) return(t1, t2) ** Bug watch added: bugs.webkit.org/ #193402 https://bugs.webkit.org/show_bug.cgi?id=193402 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Confirmed Status in qtwebkit-opensource-src package in Ubuntu: Confirmed Bug description: == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64 bit) value: 2141: instructions[i + 6].u.pointer = reinterpret_cast(op.operand); while the same slot is accessed later by the jitted code as 32 bit integer: macro getProperty(slow) loadisFromInstruction(6, t1) This fails on big endian targets since the integer access takes the higher part of the 64 bit value. Changing: macro getProperty(slow) loadisFromInstruction(6, t1) to macro getProperty(slow) loadpFromInstruction(6, t1) in llint/LowLevelInterpreter64.asm fixes the problem for me. I could not reproduce the problem on Ubuntu 20.10. In upstream webkit the problem got fixed as a side effect of a larger change but in the end quite similar to the change I'm proposing. The value resides somewhere else now but it is accessed as 64 bit value in getProperty: macro getProperty() loadp OpGetFromScope::Metadata::m_operand[t5], t1 If you have the jsc binary from the webkit package available the problem can be reproduced with just 'jsc -e "i=Math.min"' == Comment: #2 - Andreas Krebbel - 2021-11-15 09:49:55 == To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1951470/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
@Andreas Is your proposed fix known to be save for other platform (LE), too? And can you point me to the upstream issue where this got fixed? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Confirmed Status in qtwebkit-opensource-src package in Ubuntu: Confirmed Bug description: == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64 bit) value: 2141: instructions[i + 6].u.pointer = reinterpret_cast(op.operand); while the same slot is accessed later by the jitted code as 32 bit integer: macro getProperty(slow) loadisFromInstruction(6, t1) This fails on big endian targets since the integer access takes the higher part of the 64 bit value. Changing: macro getProperty(slow) loadisFromInstruction(6, t1) to macro getProperty(slow) loadpFromInstruction(6, t1) in llint/LowLevelInterpreter64.asm fixes the problem for me. I could not reproduce the problem on Ubuntu 20.10. In upstream webkit the problem got fixed as a side effect of a larger change but in the end quite similar to the change I'm proposing. The value resides somewhere else now but it is accessed as 64 bit value in getProperty: macro getProperty() loadp OpGetFromScope::Metadata::m_operand[t5], t1 If you have the jsc binary from the webkit package available the problem can be reproduced with just 'jsc -e "i=Math.min"' == Comment: #2 - Andreas Krebbel - 2021-11-15 09:49:55 == To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1951470/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
I just tried to reproduce this on several Ubuntu versions. The steps are fine and do not cause a seg. fault on jammy/22.04, impish/21.10 or hirsute/21.04. But as already assumed it seg. faults on focal/20.04. (This is not kernel related, a wrong package was marked as affected, but if it would have been kernel related, we would have asked to reproduce on focal's 5.4 latest.) ** Changed in: qtwebkit-opensource-src (Ubuntu) Status: New => Confirmed ** Changed in: ubuntu-z-systems Status: New => Confirmed ** Changed in: ubuntu-z-systems Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: Confirmed Status in qtwebkit-opensource-src package in Ubuntu: Confirmed Bug description: == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64 bit) value: 2141: instructions[i + 6].u.pointer = reinterpret_cast(op.operand); while the same slot is accessed later by the jitted code as 32 bit integer: macro getProperty(slow) loadisFromInstruction(6, t1) This fails on big endian targets since the integer access takes the higher part of the 64 bit value. Changing: macro getProperty(slow) loadisFromInstruction(6, t1) to macro getProperty(slow) loadpFromInstruction(6, t1) in llint/LowLevelInterpreter64.asm fixes the problem for me. I could not reproduce the problem on Ubuntu 20.10. In upstream webkit the problem got fixed as a side effect of a larger change but in the end quite similar to the change I'm proposing. The value resides somewhere else now but it is accessed as 64 bit value in getProperty: macro getProperty() loadp OpGetFromScope::Metadata::m_operand[t5], t1 If you have the jsc binary from the webkit package available the problem can be reproduced with just 'jsc -e "i=Math.min"' == Comment: #2 - Andreas Krebbel - 2021-11-15 09:49:55 == To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1951470/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1951470] Re: webkit javascript segmentation fault
adjusted the affected package (linux --> libqt5webkit5) ** Package changed: linux (Ubuntu) => qtwebkit-opensource-src (Ubuntu) ** Tags added: universe -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to qtwebkit-opensource-src in Ubuntu. https://bugs.launchpad.net/bugs/1951470 Title: webkit javascript segmentation fault Status in Ubuntu on IBM z Systems: New Status in qtwebkit-opensource-src package in Ubuntu: New Bug description: == Comment: #0 - Andreas Krebbel - 2021-11-15 09:29:44 == ---Problem Description--- Segmentation fault from WebKit Javascript engine Contact Information = andreas.kreb...@de.ibm.com ---uname output--- Linux 193438490afd 5.8.15-301.fc33.s390x #1 SMP Thu Oct 15 15:55:57 UTC 2020 s390x s390x s390x GNU/Linux Machine Type = IBM Z ---Debugger--- A debugger is not configured ---Steps to Reproduce--- index.html: min.js: var i = Math.max wkhtmltopdf index.html test.pdf QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root' Loading page (1/2) Segmentation fault (core dumped) ] 17% Userspace tool common name: wkhtmltopdf The userspace tool has the following bit modes: 64 Userspace rpm: libqt5webkit5 Userspace tool obtained from project website: na *Additional Instructions for andreas.kreb...@de.ibm.com: -Attach ltrace and strace of userspace application. == Comment: #1 - Andreas Krebbel - 2021-11-15 09:44:04 == In CodeBlock.cpp the code preparing the operands of op_get_from_scope writes the property offset as pointer size (hence 64 bit) value: 2141: instructions[i + 6].u.pointer = reinterpret_cast(op.operand); while the same slot is accessed later by the jitted code as 32 bit integer: macro getProperty(slow) loadisFromInstruction(6, t1) This fails on big endian targets since the integer access takes the higher part of the 64 bit value. Changing: macro getProperty(slow) loadisFromInstruction(6, t1) to macro getProperty(slow) loadpFromInstruction(6, t1) in llint/LowLevelInterpreter64.asm fixes the problem for me. I could not reproduce the problem on Ubuntu 20.10. In upstream webkit the problem got fixed as a side effect of a larger change but in the end quite similar to the change I'm proposing. The value resides somewhere else now but it is accessed as 64 bit value in getProperty: macro getProperty() loadp OpGetFromScope::Metadata::m_operand[t5], t1 If you have the jsc binary from the webkit package available the problem can be reproduced with just 'jsc -e "i=Math.min"' == Comment: #2 - Andreas Krebbel - 2021-11-15 09:49:55 == To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1951470/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
