bug#16049: 24.3.50; Crash on startup on Mac OS X 10.9

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#16049: 24.3.50; Crash on startup on Mac OS X 10.9

From:	Jan Djärv
Subject:	bug#16049: 24.3.50; Crash on startup on Mac OS X 10.9
Date:	Fri, 6 Dec 2013 19:32:56 +0100

Hello.

5 dec 2013 kl. 21:20 skrev Eli Zaretskii <eliz@gnu.org>:

>> From: Jan Djärv <jan.h.d@swipnet.se>
>> Date: Thu, 5 Dec 2013 20:59:00 +0100
>> Cc: martin rudalics <rudalics@gmx.at>,
>> Jules Colding <colding@venalicium.dk>,
>> 16049@debbugs.gnu.org
>> 
>> (gdb) p desired_matrix->nrows
>> $1 = -306783372
>> 
>> This is not random, I get the same value each time.  Overflow?
> 
> Put a watchpoint on that address, and see who gives it such a bogus
> value.

The root cause is grow_mini_window in window.c.

It sets w->pixel_height to a large negative value, and it is all downhill from 
there.
It is called twice.  Right before w->pixel_height += pixel_height;

the values for pixelwise, w->pixel_height, pixel_height, line_height, 
FRAME_LINE_HEIGTH(f), delta and XINT (height) are:

1 1 -47 -3 14 13 47

The 1 for w->pixel_height looks wrong.
This will set w->pixel_height to -46.
The second call:

1 -46 -2147483603 .153391685 14 60 0

I'm not sure how this function is supposed to work.  pixel_value is negative or 
it is a huge positive value.  Is it relying on overflow?

        Jan D.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#16049: 24.3.50; Crash on startup on Mac OS X 10.9, (continued)

Prev by Date: bug#16071: Erc re-binds [home] even if not beginning-of-line
Next by Date: bug#13898: [babc40c4] minibuffer-complete does not cycle anymore
Previous by thread: bug#16049: 24.3.50; Crash on startup on Mac OS X 10.9
Next by thread: bug#16049: 24.3.50; Crash on startup on Mac OS X 10.9
Index(es):
- Date
- Thread