Comment 6 for bug 1295119

I dug a bit deeper into this and I think I have found the cause for this:

When you have an array sort function that is inconsistent (that returns for two given values a and b not always the same value), the new Qml V4 Javascript engine gives you sometimes back a reference to a memory location that doesn't belong to the array (anymore?).

So for the following example:

                    var a = [1, 2];

                    var random_values = [
                                0.4,
                                0.9,
                                0.8,
                                0.6];

                    var c = 0;
                    a.sort(function() { var r = random_values[c]; c++; console.log(r); return 0.5 - r; });
                    console.log(a);

I get sometimes something like [-4.528848823629493e-224,1] or errors like
QV4::__qmljs_convert_to_string(QV4::ExecutionContext*, QV4::ValueRef) or
QV4::Value::toString(QV4::ExecutionContext*) const () etc.

Even though the behavior of array sort with an inconsistent function is not defined it should NOT lead to a segmentation fault (or who knows what memory locations it gives back and what can be done with that).