|
From: | Florian Weimer |
Subject: | bug#23726: emacs 25.0.94 crashes |
Date: | Wed, 8 Jun 2016 20:34:58 +0200 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 |
On 06/08/2016 07:32 PM, Paul Eggert wrote:
Has Rawhide incorporated some of Florian Weimer's malloc patches? If so, this is almost surely causing the problem. I will CC: Florian to give him a heads-up. See: https://sourceware.org/ml/libc-alpha/2016-06/msg00211.html
That's not the patch, it's not even in upstream master. If that patch was in, you wouldn't see the problem anymore because Emacs' internal malloc would be used.
The problem is that the realloc implementation for dumped chunks is incorrect; that bit is already in glibc master and rawhide. I think I can see what is wrong: The size computation for the old chunk size in realloc is wrong, and the trailing sizeof (size_t) bytes are not copied. Fortunately, it's not a conceptual problem with the heap rewriter.
I am surprised that you can use valgrind.
The valgrind failure is typical of what you get with a dumped Emacs. valgrind intercepts realloc and returns 0 because an off-heap pointer is detected.
Florian
[Prev in Thread] | Current Thread | [Next in Thread] |