bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#15475: 24.3.50; race condition in x_frame_rehighlight


From: Andreas Politz
Subject: bug#15475: 24.3.50; race condition in x_frame_rehighlight
Date: Sat, 28 Sep 2013 01:47:33 +0200

There is a race condition in x_frame_rehighlight regarding input
redirection, triggering a null-pointer access.  This kinds of
errors are usually difficult to reproduce.  I used the following
code, while simultaneously changing focus rapidly via the
window-manager.

(defun fn (&optional parms)
  (let* ((frame (make-frame parms)))
    (sit-for 1e-100)
    (redirect-frame-focus (selected-frame) frame)
    frame))

(while t
  (let ((f1 (fn
             '((width . 20)
               (height . 30))))
        (f2 (fn
             '((width . 20)
               (height . 30)
               (top . 400)))))
    (sleep-for (/ (float (random 1000)) 5000))
    (delete-other-frames)))

Take a look at this part of the attached back-trace.

#0  0x00000000004f9b0e in frame_highlight (f=0x132b510) at xterm.c:3204
#4  0x00000000004fa4ae in x_detect_focus_change (dpyinfo=0x15ba800, 
frame=0x11c7e68, 
    event=0x7fffffffb300, bufp=0x7fffffffae50) at xterm.c:3522
#14 0x00000000004ff413 in XTread_socket (...) at xterm.c:7066
#19 0x00000000005409e7 in unblock_input () at keyboard.c:7116
#20 0x0000000000503f82 in x_free_frame_resources (f=0x132b510) at xterm.c:9383
#21 0x0000000000503fbf in x_destroy_window (f=0x132b510) at xterm.c:9397
#22 0x00000000004274b7 in delete_frame (frame=20100373, force=12634498) at 
frame.c:1362
#23 0x000000000042784e in Fdelete_frame (frame=20100373, force=12634498) at 
frame.c:1495

Note that the freed frame in #20 is the same as the one about to
be highlighted in #0.  delete_frame would later execute

    f->terminal = 0;             /* Now the frame is dead.  */

but won't, since x_destroy_window has not returned yet.  But
x_free_frame_resources has executed

    f->output_data.x = NULL;

, so FRAME_LIVE_P(f) is still true, but FRAME_X_DISPLAY is no
good at this moment.  Then in x_frame_rehighlight the deleted
frame becomes the x_highlight_frame.


(gdb) p /x dpyinfo->x_focus_frame
$30 = 0x11c7e68
(gdb) p /x dpyinfo->x_highlight_frame 
$27 = 0x132b510
(gdb) pp dpyinfo->x_focus_frame.focus_frame
#<frame address@hidden 0x132b510>
(gdb) p /x dpyinfo->x_highlight_frame.output_data.x
$36 = 0x0
(gdb) p /x dpyinfo->x_highlight_frame.terminal
$37 = 0x110e398

The second if condition is false (FRAME_LIVE_P) and
frame_highlight gets called with the halfway deleted frame, calls
FRAME_X_DISPLAY and that's the end.

-ap

Attachment: gdb.log
Description: Binary data



In GNU Emacs 24.3.50.4 (x86_64-unknown-linux-gnu, GTK+ Version 2.20.1)
 of 2013-09-27 on luca
Bzr revision: 114421 address@hidden
Windowing system distributor `The X.Org Foundation', version 11.0.10707000
System Description:     Debian GNU/Linux 6.0.7 (squeeze)

Important settings:
  value of $LC_COLLATE: C
  value of $LC_MESSAGES: C
  value of $LANG: de_DE.UTF-8
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Emacs-Lisp

Minor modes in effect:
  workgroups-mode: t
  desktop-save-mode: t
  mimo-mode: t
  ispell-track-input-method: t
  recentf-mode: t
  show-paren-mode: t
  window-numbering-mode: t
  shell-dirtrack-mode: t
  scroll-other-window-mode: t
  savehist-mode: t
  ekey-mode: t
  winner-mode: t
  eldoc-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  column-number-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent input:
i f SPC c o n d i M-/ SPC i s SPC f a l s e , SPC d 
u e SPC t o SPC M-h M-h DEL DEL SPC ( F R A M-/ M-/ 
M-/ M-/ ) SPC a n d SPC f r a m e M-/ M-/ M-h M-h h 
i M-/ SPC g e t s SPC c a l l e d SPC w i t h SPC M-q 
SPC t h e M-h a SPC f r a m e M-b DEL DEL C-p C-p C-p 
SPC < = = <backspace> <backspace> - - C-b C-b C-b C-k 
C-p C-p C-p C-n C-n C-n C-n C-n C-n M-f SPC d <backspace> 
M-SPC M-f C-p C-p C-p C-j C-y C-y C-p C-n C-n C-k M-f 
C-e C-n SPC M-b t h e SPC d e l e t e d SPC M-f , SPC 
c a l l s SPC C-x o C-u C-SPC C-SPC C-SPC C-c i f r 
M-p <return> C-s x _ C-s C-M-d C-M-SPC M-w C-x o C-y 
SPC a n d SPC M-q SPC t h a t ' s SPC t h e SPC e n 
d . C-x o C-x o M-q C-x o C-x b C-s C-s <return> M-< 
C-x C-w / t m p / g <backspace> <return> y y C-x o 
C-p M-f SPC h a l f w a y M-q C-n C-l C-j C-j - a p 
C-x C-w b u g <return> C-x h C-g M-x i s p e l l <return> 
a 0 a a a 1 a a a a a a a a a a C-x C-s C-x h M-w M-x 
r e p o r t - e m <tab> b u <tab> <return>

Recent messages:
Mark set [2 times]
Quit
Spell-checking bug using aspell with en dictionary...done
Saving file /tmp/bug...
Wrote /tmp/bug
Mark set [2 times]
Saved text until "RAME_X_DISPLAY and that's the end.

-ap
"

Load-path shadows:
/home/politza/.emacs.d/elpa/yasnippet-20130907.1855/yasnippet hides 
/home/politza/.emacs.d/plugins/yasnippet-0.6.1c/yasnippet
/home/politza/.emacs.d/plugins/tblc hides 
/home/politza/.emacs.d/plugins/tblc/tblc
/home/politza/.emacs.d/plugins/haskell/haskell-cabal hides 
/home/politza/.emacs.d/plugins/haskell-mode/haskell-cabal
/home/politza/.emacs.d/plugins/haskell/haskell-doc hides 
/home/politza/.emacs.d/plugins/haskell-mode/haskell-doc
/home/politza/.emacs.d/plugins/haskell/ghc-core hides 
/home/politza/.emacs.d/plugins/haskell-mode/ghc-core
/home/politza/.emacs.d/plugins/haskell/haskell-mode hides 
/home/politza/.emacs.d/plugins/haskell-mode/haskell-mode
/home/politza/.emacs.d/plugins/haskell/haskell-c hides 
/home/politza/.emacs.d/plugins/haskell-mode/haskell-c
/home/politza/.emacs.d/plugins/haskell/haskell-indentation hides 
/home/politza/.emacs.d/plugins/haskell-mode/haskell-indentation
/home/politza/.emacs.d/plugins/haskell/haskell-site-file hides 
/home/politza/.emacs.d/plugins/haskell-mode/haskell-site-file
/home/politza/.emacs.d/plugins/haskell/haskell-ghci hides 
/home/politza/.emacs.d/plugins/haskell-mode/haskell-ghci
/home/politza/.emacs.d/plugins/haskell/inf-haskell hides 
/home/politza/.emacs.d/plugins/haskell-mode/inf-haskell
/home/politza/.emacs.d/plugins/haskell/haskell-hugs hides 
/home/politza/.emacs.d/plugins/haskell-mode/haskell-hugs
/home/politza/.emacs.d/plugins/haskell/haskell-font-lock hides 
/home/politza/.emacs.d/plugins/haskell-mode/haskell-font-lock
/home/politza/.emacs.d/plugins/haskell/haskell-simple-indent hides 
/home/politza/.emacs.d/plugins/haskell-mode/haskell-simple-indent
/home/politza/.emacs.d/plugins/haskell/haskell-decl-scan hides 
/home/politza/.emacs.d/plugins/haskell-mode/haskell-decl-scan
/home/politza/.emacs.d/plugins/haskell/haskell-indent hides 
/home/politza/.emacs.d/plugins/haskell-mode/haskell-indent
/home/politza/.emacs.d/plugins/jedi/scratch hides 
/home/politza/.emacs.d/plugins/ewm/scratch
/home/politza/.emacs.d/elpa/company-20130923.513/.dir-locals hides 
/home/politza/.emacs.d/plugins/el-get/.dir-locals
/home/politza/.emacs.d/elpa/popup-20130708.2245/popup hides 
/home/politza/.emacs.d/plugins/auto-complete/popup
/home/politza/.emacs.d/elpa/auto-complete-20130724.1750/auto-complete-config 
hides /home/politza/.emacs.d/plugins/auto-complete/auto-complete-config
/home/politza/.emacs.d/elpa/auto-complete-20130724.1750/auto-complete hides 
/home/politza/.emacs.d/plugins/auto-complete/auto-complete
/home/politza/.emacs.d/plugins/saveplace hides 
/home/politza/src/emacs/trunk/lisp/saveplace
/home/politza/.emacs.d/plugins/imenu hides 
/home/politza/src/emacs/trunk/lisp/imenu
/home/politza/.emacs.d/plugins/term hides 
/home/politza/src/emacs/trunk/lisp/term
/home/politza/.emacs.d/elpa/company-20130923.513/.dir-locals hides 
/home/politza/src/emacs/trunk/lisp/gnus/.dir-locals
/home/politza/.emacs.d/plugins/matlab/matlab hides 
/usr/share/emacs-snapshot/site-lisp/emacs-goodies-el/matlab
/home/politza/.emacs.d/plugins/boxquote hides 
/usr/share/emacs-snapshot/site-lisp/emacs-goodies-el/boxquote
/home/politza/.emacs.d/plugins/bm hides 
/usr/share/emacs-snapshot/site-lisp/emacs-goodies-el/bm
/home/politza/.emacs.d/plugins/haskell/haskell-decl-scan hides 
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-decl-scan
/home/politza/.emacs.d/plugins/haskell/haskell-c hides 
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-c
/home/politza/.emacs.d/plugins/haskell/haskell-ghci hides 
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-ghci
/home/politza/.emacs.d/plugins/haskell/haskell-doc hides 
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-doc
/home/politza/.emacs.d/plugins/haskell/haskell-indent hides 
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-indent
/home/politza/.emacs.d/plugins/haskell/haskell-mode hides 
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-mode
/home/politza/.emacs.d/plugins/haskell/haskell-hugs hides 
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-hugs
/home/politza/.emacs.d/plugins/haskell/haskell-site-file hides 
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-site-file
/home/politza/.emacs.d/plugins/haskell/haskell-cabal hides 
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-cabal
/home/politza/.emacs.d/plugins/haskell/inf-haskell hides 
/usr/share/emacs-snapshot/site-lisp/haskell-mode/inf-haskell
/home/politza/.emacs.d/plugins/haskell/haskell-font-lock hides 
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-font-lock
/home/politza/.emacs.d/plugins/haskell/haskell-simple-indent hides 
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-simple-indent
/home/politza/.emacs.d/plugins/haskell/haskell-indentation hides 
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-indentation

Features:
(shadow sort bbdb-message mail-extr gnus-msg gnus-art mm-uu mml2015
epg-config mm-view mml-smime smime dig mailcap emacsbug sendmail ispell
hi-lock ibuf-ext align dired-aux make-mode debug haskell-font-lock
haskell-indent haskell-indentation haskell-mode etags reposition
misearch multi-isearch doc-view-fixed-scroll pdftk-outline jedi
auto-complete popup epc ctable concurrent deferred python vc-git
vc-dispatcher vc-svn vc-bzr cc-langs cc-mode cc-fonts cc-guess cc-menus
cc-cmds cc-styles cc-align cc-engine cc-vars cc-defs dired-eshell
workgroups bookmark pp yasnippet emacs-customizations
nogroup-customizations wp-customizations view-customizations
tex-customizations reftex-customizations
reftex-miscellaneous-configurations-customizations
reftex-label-support-customizations
reftex-referencing-labels-customizations
reftex-defining-label-environments-customizations AUCTeX-customizations
preview-customizations preview-latex-customizations
preview-appearance-customizations TeX-parse-customizations
TeX-file-customizations TeX-command-customizations
TeX-view-customizations LaTeX-customizations LaTeX-macro-customizations
LaTeX-math-customizations LaTeX-indentation-customizations
table-customizations table-hooks-customizations outlines-customizations
programming-customizations tools-customizations vc-customizations
log-edit-customizations semantic-customizations makefile-customizations
etags-customizations ediff-customizations diff-customizations
diff-mode-customizations languages-customizations elpy-customizations
matlab-customizations sh-customizations python-customizations rx
haskell-customizations c-customizations asm-customizations
multimedia-customizations image-customizations pcase help-customizations
ekey-customizations info-lookup-customizations info-customizations
customize-customizations custom-buffer-customizations
apropos-customizations help-mode files-customizations
uniquify-customizations uniquify sunrise-customizations
recentf-customizations find-file-customizations backup-customizations
faces-customizations highlight-symbol-customizations
font-lock-customizations hi-lock-customizations facemenu-customizations
external-customizations server-customizations processes-customizations
shell-customizations proced-customizations gud-customizations
tooltip-customizations grep-customizations compilation-customizations
next-error-customizations comint-customizations SQL-customizations
man-customizations environment-customizations xterm-customizations
windows-customizations winner-customizations minibuffer-customizations
savehist-customizations completion-spelling lib-string
menu-customizations keyboard-customizations chistory-customizations
initialization-customizations frames-customizations
ediff-window-customizations desktop-customizations desktop frameset
dired-customizations dired-x-customizations dired-x
dired-details-customizations editing-customizations
paragraphs-customizations matching-customizations
paren-matching-customizations paren-showing-customizations
isearch-customizations bookmark-customizations killing-customizations
indent-customizations fill-customizations emulations-customizations
editing-basics-customizations development-customizations
lisp-customizations re-builder-customizations
inferior-lisp-customizations ielm-customizations ert-customizations
edebug-customizations bytecomp-customizations advice-customizations
internal-customizations alloc-customizations extensions-customizations
eldoc-customizations cust-print-customizations data-customizations
save-place-customizations convenience-customizations mimo-customizations
mimo diminish-customizations diminish iedit-customizations
imenu-tree-customizations tags-tree-customizations
company-customizations workgroups-customizations
window-numbering-customizations pabbrev-customizations
kmacro-customizations imenu-customizations ibuffer-customizations
ibuf-macs hl-line-customizations hippie-expand-customizations
file-cache-customizations ffap-customizations completion-customizations
jedi-customizations iswitchb-customizations auto-complete-customizations
browse-kill-ring-customizations auto-revert-customizations
auto-insert-customizations Buffer-menu-customizations
comm-customizations tramp-customizations browse-url-customizations
applications-customizations mediawiki-customizations w3m-customizations
package-customizations mail-customizations bbdb-customizations
bbdb-sendmail-customizations bbdb-mua-customizations bbdb-mua bbdb-com
crm bbdb smtpmail-customizations shr-customizations
sendmail-customizations gnus-customizations nnmail-customizations
nnmail-split-customizations gnus-summary-customizations
gnus-thread-customizations gnus-summary-various-customizations
gnus-summary-sort-customizations gnus-summary-marks-customizations
gnus-summary-maneuvering-customizations
gnus-summary-format-customizations parse-time-rfc2822
gnus-summary-exit-customizations gnus-sum gnus-group gnus-undo
gnus-start gnus-spec gnus-win gnus-start-customizations
gnus-server-customizations gnus-message-customizations
message-customizations message-various-customizations
message-sending-customizations message-buffers-customizations
gnus-group-customizations gnus-group-visual-customizations
gnus-nnimap-format nnimap nnmail gnus-int mail-source message rfc822 mml
mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045
ietf-drums mailabbrev gmm-utils mailheader parse-time tls utf7 netrc
nnoo gnus gnus-ems nnheader mail-utils gnus-group-various-customizations
gnus-group-select-customizations gnus-files-customizations
gnus-newsrc-customizations gnus-exit-customizations
gnus-article-customizations gnus-article-hiding-customizations
ispell-customizations eshell-customizations eshell-module-customizations
eshell-smart-customizations eshell-hist-customizations
eshell-mode-customizations edebug doc-view-customizations
pdf-tools-customizations pdf-annot-customizations
pdf-links-customizations pdf-isearch-customizations pdf-annot tablist
tablist-filter semantic/wisent/comp semantic/wisent
semantic/wisent/wisent semantic/util-modes semantic/util semantic
semantic/tag semantic/lex semantic/fw mode-local cedet pdf-occur
pdf-history pdf-outline pdf-links pdf-isearch pdf-misc imenu pdf-info tq
pdf-render pdf-tools pdf-util gnus-range warnings doc-view jka-compr
image-mode calendar-customizations org-customizations
org-structure-customizations org-plain-lists-customizations
org-edit-structure-customizations org-startup-customizations
org-link-customizations org-latex-customizations
org-appearance-customizations holidays-customizations
calculator-customizations calc-customizations server recentf tree-widget
.autoload paren window-numbering w3m browse-url timezone w3m-hist
w3m-e23 w3m-ccl ccl w3m-fsf w3m-favicon w3m-image w3m-proc w3m-util view
tramp tramp-compat tramp-loaddefs trampver shell track-last-window
scroll-other-window saveplace savehist reftex reftex-vars pabbrev org
ob-tangle ob-ref ob-lob ob-table org-footnote org-src ob-comint ob-keys
org-pcomplete org-list org-faces org-entities noutline outline
org-version ob-emacs-lisp ob org-compat org-macs ob-eval org-loaddefs
format-spec find-func cal-menu calendar cal-loaddefs lib-edit lib-window
lib-isearch lib-buffer reveal iswitchb lib-basic lib-lispext latex
easy-mmode tex-style tex dbus xml tex-site auto-loads info-look info
ibuffer hippie-exp grep compile filecache edit-minibuffer eldoc-eval
pcomplete esh-var esh-io esh-cmd esh-opt esh-ext esh-proc esh-arg
esh-groups eshell esh-module esh-mode esh-util ekey assoc dired-details+
dired dired-details cool-prefix-bindings winner lib-kbd comint-history
comint ansi-color ring browse-kill-ring advice anticus edmacro kmacro
derived cl-macs gv ffap thingatpt url-parse auth-source eieio byte-opt
bytecomp byte-compile cconv eieio-core gnus-util mm-util mail-prsvr
password-cache url-vars eldoc help-fns cus-edit easymenu cus-start
cus-load wid-edit cl cl-loaddefs cl-lib bbdb-loaddefs
cl-format-autoloads package time-date tooltip ediff-hook vc-hooks
lisp-float-type mwheel x-win x-dnd tool-bar dnd fontset image regexp-opt
fringe tabulated-list newcomment lisp-mode prog-mode register page
menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock
syntax facemenu font-core frame cham georgian utf-8-lang misc-lang
vietnamese tibetan thai tai-viet lao korean japanese hebrew greek
romanian slovak czech european ethiopic indian cyrillic chinese
case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer nadvice
loaddefs button faces cus-face macroexp files text-properties overlay
sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process dbusbind
gfilenotify dynamic-setting system-font-setting font-render-setting
move-toolbar gtk x-toolkit x multi-tty emacs)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]