id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
168	Arora web browser crashes in LIBC	rudi		"When surfing around Arora often crashes with the following register dump:

{{{
Killed by SIGSEGV
pid=0x9128 ppid=0x0017 tid=0x0001 slot=0x007e pri=0x0200 mc=0x0001
C:\PROG\ARORA\ARORA.EXE
LIBC063 0:00053f6a
cs:eip=005b:1dc63f6a      ss:esp=0053:0214e388      ebp=0214e3c8
 ds=0053      es=0053      fs=150b      gs=0000     efl=00212216
eax=00000000 ebx=20392fd4 ecx=00010000 edx=00000000 edi=00000000 esi=25300000
Process dumping was disabled, use DUMPPROC / PROCDUMP to enable it.

}}}


It's an attempt to ""setmem"" a NULL pointer. I tried to analyze the problem and to me it appears that this comes from /webkit/JavaScriptCore/runtime/Collector.cpp, line 273. Digging a bit into the implementation of posix_memalign() in KLIBC, I tend to think that this function will not work correctly, when the requested alignment is larger than a page size. But exactly this happens in line 272.

I suggest to modify JavaScriptCore\wtf\platform.h so that for OS/2 HAVE_POSIX_MEMALIGN is zero. Note that there are two instances of the JavaScriptCore in the 3rdparty subtree: one that goes into QtScript and one that ends up in QtWebKit.

At the moment I'm writing this, my finding is just a hypothesis. I will try to prove it, when my other builds are complete...
"	defect	closed	major	Qt 4.6.3	QtCore	4.6.2	low	fixed