emacs-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: allocate_string_data memory corruption

From: Richard M. Stallman
Subject: Re: allocate_string_data memory corruption
Date: Thu, 19 Jan 2006 20:14:13 -0500 
        /* no crash here */
        if (data->string != s || data->nbytes != nbytes) abort ();

        check_sblock (current_sblock);

        /* crash occured here */
        if (data->string != s || data->nbytes != nbytes) abort ();
        ...

My first question is, is the value of `data' itself the same
at those two places?  In other words, did the memory locations
pointed to get clobbered, or did the variable `data' itself
get clobbered?

Another question: suppose you replace check_sblock with
a delay loop.  Does it still happen?  Try various values
of the delay.


I just noticed that allocate_string does nothing to prevent
signals from being handled.  Neither does Fcons.  The result
is that if a signal comes inside these lines,

  /* Pop a Lisp_String off the free-list.  */
  s = string_free_list;
  string_free_list = NEXT_FREE_LISP_STRING (s);

then the same string header object could be allocated
both at main program level and in the signal handler.
Or other things could go wrong, depending on precisely
where the signal arrived.

So it seems that these functions need BLOCK_INPUT.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]