bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27258: 26.0.50; Possible undefined behavior in Fmapbacktrace


From: Philipp Stephani
Subject: bug#27258: 26.0.50; Possible undefined behavior in Fmapbacktrace
Date: Mon, 05 Jun 2017 20:13:37 +0000



Philipp <address@hidden> schrieb am Mo., 5. Juni 2017 um 21:51 Uhr:

Insert the following into /tmp/rec.el:

;; -*- lexical-binding: t; -*-

(require 'cl-lib)

(defun recurse (i g)
  (if (= i 0)
      (funcall g (cl-gensym))
    (recurse (1- i) g)))

(recurse 100 (lambda (sym)
               (message "outer: %s" sym)
               (mapbacktrace
                (lambda (_ _ args _)
                  (recurse 100 (lambda (sym)
                                 (message "inner: %s %s" sym args)))))))

Then run

  emacs -Q -batch -l /tmp/rec.el

The printed messages will either be way too short, or Emacs will
segfault.  Re-running the command a couple of times consistently
generated a segfault for me.

My guess is that pdlvec got reallocated, but Fmapbacktrace uses pointers
instead of indices to access its element, so they pointers became
invalidated and point to garbage.

Fixed with commit 3d9d976aa476b1c1098359a1215ad1cabd022d33. 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]