emacs-pretest-bug
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: segfault in read_process_output() during vc-diff


From: Tim Van Holder
Subject: Re: segfault in read_process_output() during vc-diff
Date: Tue, 14 Nov 2006 08:44:53 +0100

On 11/10/06, Tim Van Holder <address@hidden> wrote:
On 11/10/06, Chong Yidong <address@hidden> wrote:
> > I was committing a set of changes using vc-directory, and v-= caused
> > the emacs window to disappear.  Re-ran from the commandline, crash was
> > reproducible as a segfault.  Re-ran under debugger; emacs opens the diff
> > window just fine, then a SIGSEGV gets flagged in bcopy(), called at line
> > 5144 of process.c. I have been unable to reproduce the crash on anything
> > other than this single file - all other files can be compared using
> > vc-diff just fine.
>
> Does this file contain sensitive information?  If not, could you send
> it to me?  (If it is sensitive, is it possible to send the smallest
> piece of the file that causes the bug?)

It's only a .gdbinit file, so there's no sensitive information, so
sure, I can post
it when I get in to the office (which would be Tuesday at the earliest).
I'm not sure it would help, however, as I've been unable to reproduce the
crash in any way other than to invoke vc-diff; no other attempt to see the diff
(opening up a redirected diff as a file, seeing the diff as part of
vc-revert, ...)
causes the crash. I'll see if I can reproduce it by creating a dummy CVS
repository containing only the check-in version of the file, and then trying to
vc-diff against that instead of our full repository.  If that reproduces it I'll
send a tarball with the dummy repostory + modified file.

A dummy CVS repository does reproduce the problem, a tarball is attached.

I did observe another strange thing though: if I run "emacs .gdbinit", then
hit [C-x v =] I get a segfault as seen before.  But if I run "emacs .", then
enter the file from the dired buffer, then hit [C-x v =], I also get glibc
abort()s (3 different messages so far, pointers always different), and in one
case, the "Fatal error (11)" message came up, but then the process stopped
responding (suggesting an infinite loop of some kind).

Fatal error (11)*** glibc detected *** corrupted double-linked list:
0x08842688 ***
Aborted

Fatal error (11)*** glibc detected *** realloc(): invalid pointer:
0x08925860 ***
Aborted

Fatal error (11)*** glibc detected *** realloc(): invalid size: 0x0891f4f8 ***
Aborted

Unfortunately I've been unable to reproduce these under valgrind.

Testcase now attached.

Attachment: emacs-crash-testcase.tar.bz2
Description: BZip2 compressed data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]