bug#30705: Segfault in get_next_display

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#30705: Segfault in get_next_display_element

From:	Clément Pit-Claudel
Subject:	bug#30705: Segfault in get_next_display_element
Date:	Sun, 4 Mar 2018 17:37:26 -0500
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0

Hi all,

A user of one of my packages reported 
(https://github.com/cpitclaudel/company-coq/issues/159) a segfault in 
get_next_display_element, and collected the following information:

➜  ~ lldb /usr/local/Cellar/emacs/25.3/Emacs.app/Contents/MacOS/Emacs
(lldb) target create 
"/usr/local/Cellar/emacs/25.3/Emacs.app/Contents/MacOS/Emacs"
Current executable set to 
'/usr/local/Cellar/emacs/25.3/Emacs.app/Contents/MacOS/Emacs' (x86_64).
(lldb) run
Process 21443 launched: 
'/usr/local/Cellar/emacs/25.3/Emacs.app/Contents/MacOS/Emacs' (x86_64)
### [At this point I did exactly what I wrote in my previous post]
Process 21443 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS 
(code=2, address=0x7fff5f3aefd8)
    frame #0: 0x0000000100018e58 Emacs`get_next_display_element + 44
Emacs`get_next_display_element:
->  0x100018e58 <+44>: callq  *(%r12,%rax,8)
    0x100018e5c <+48>: movb   %al, %r13b
    0x100018e5f <+51>: movq   0x838(%rbx), %rcx
    0x100018e66 <+58>: testl  %ecx, %ecx

additionally, the user noted: "at this point (lldb) bt spits out 60290 entries:"

* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS 
(code=2, address=0x7fff5f3aefd8)
  * frame #0: 0x0000000100018e58 Emacs`get_next_display_element + 44
    frame #1: 0x000000010001988e Emacs`get_next_display_element + 2658.
...  (these are all identical)
    frame #60207: 0x000000010001988e Emacs`get_next_display_element + 2658.
    frame #60208: 0x000000010001b29e Emacs`move_it_in_display_line_to + 3968
    frame #60209: 0x0000000100018b3f Emacs`move_it_to + 807
    frame #60210: 0x0000000100020522 Emacs`move_it_vertically + 70
    frame #60211: 0x0000000100051d3e Emacs`Fwindow_end + 423
    frame #60212: 0x0000000100102847 Emacs`Ffuncall + 983
    frame #60213: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60214: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60215: 0x0000000100102cae Emacs`call1 + 46
    frame #60216: 0x00000001001095b7 Emacs`mapcar1 + 459
    frame #60217: 0x00000001001097d2 Emacs`Fmapc + 78
    frame #60218: 0x0000000100102847 Emacs`Ffuncall + 983
    frame #60219: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60220: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60221: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60222: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60223: 0x0000000100102c7a Emacs`call0 + 25
    frame #60224: 0x0000000100054031 Emacs`run_funs + 29
    frame #60225: 0x0000000100053eda Emacs`run_window_configuration_change_hook 
+ 427
    frame #60226: 0x00000001000543f3 Emacs`set_window_buffer + 851
    frame #60227: 0x00000001000548fa Emacs`Fset_window_buffer + 178
    frame #60228: 0x000000010010285b Emacs`Ffuncall + 1003
    frame #60229: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60230: 0x0000000100103253 Emacs`funcall_lambda + 730
    frame #60231: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60232: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60233: 0x0000000100103253 Emacs`funcall_lambda + 730
    frame #60234: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60235: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60236: 0x0000000100103253 Emacs`funcall_lambda + 730
    frame #60237: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60238: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60239: 0x0000000100103253 Emacs`funcall_lambda + 730
    frame #60240: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60241: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60242: 0x0000000100103253 Emacs`funcall_lambda + 730
    frame #60243: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60244: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60245: 0x0000000100103253 Emacs`funcall_lambda + 730
    frame #60246: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60247: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60248: 0x0000000100103253 Emacs`funcall_lambda + 730
    frame #60249: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60250: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60251: 0x0000000100103253 Emacs`funcall_lambda + 730
    frame #60252: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60253: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60254: 0x0000000100103253 Emacs`funcall_lambda + 730
    frame #60255: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60256: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60257: 0x0000000100103253 Emacs`funcall_lambda + 730
    frame #60258: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60259: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60260: 0x0000000100103253 Emacs`funcall_lambda + 730
    frame #60261: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60262: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60263: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60264: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60265: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60266: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60267: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60268: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60269: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60270: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60271: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60272: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60273: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60274: 0x00000001001023a2 Emacs`Fapply + 579
    frame #60275: 0x00000001001027d0 Emacs`Ffuncall + 864
    frame #60276: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60277: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60278: 0x00000001001023a2 Emacs`Fapply + 579
    frame #60279: 0x00000001001027d0 Emacs`Ffuncall + 864
    frame #60280: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60281: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60282: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60283: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60284: 0x000000010013280c Emacs`exec_byte_code + 2035
    frame #60285: 0x0000000100102710 Emacs`Ffuncall + 672
    frame #60286: 0x00000001000fd6e2 Emacs`Ffuncall_interactively + 58
    frame #60287: 0x00000001001027d0 Emacs`Ffuncall + 864
    frame #60288: 0x00000001000fdbaa Emacs`Fcall_interactively + 1203
    frame #60289: 0x000000010010285b Emacs`Ffuncall + 1003
    frame #60290: 0x0

The user's version is GNU Emacs 25.3.1 (x86_64-apple-darwin16.7.0, NS 
appkit-1504.83 Version 10.12.6 (Build 16G29)) of 2017-09-25; Emacs was 
installed via Homebrew with Cocoa support.

Is there extra information that I should ask the user for to help debug this 
issue?

Thanks,
Clément.

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#30705: Segfault in get_next_display_element, Clément Pit-Claudel <=
- bug#30705: Segfault in get_next_display_element, Eli Zaretskii, 2018/03/05

Prev by Date: bug#30697: make eval-expression only take `read'-able Lisp
Next by Date: bug#18059: 24.3.92; defvar and special variables
Previous by thread: bug#28753: 25.3; Functions to get alist from hash table and vice versa
Next by thread: bug#30705: Segfault in get_next_display_element
Index(es):
- Date
- Thread