Re: abort in marker.c

[Eli Zaretskii]

On Mon, 13 Jan 2003, Alex Schroeder wrote:

> Another abort being triggered...

A few points that might help you in debugging this (I currently have no 
idea what causes the crashes, and unfortunately have no time to take a 
good look at the code).

> (gdb) p i
> $1 = 405209180
[...]
> Since I got a SIGSEGV, I think I am in "Deep Trouble" according to
> etc/DEBUG and thus I should not use pr and the other stuff.

True; use the "p foo RET xtype RET xTYPE RET" paradigm (where "TYPE" is 
determined by what "xtype" says) instead.

> (gdb) p real_this_command
> $5 = 405427052
> (gdb) xtype
> Lisp_Symbol
> 0
> (gdb) xsymbol
> $6 = (struct Lisp_Symbol *) 0x82a536c
> 0x818c854 "delete-window"

Does "xbacktrace" print something sensible?  If it does, that info might 
be useful as well.

> Anyway, now let me start checking how big the buffer is supposed to
> be, so that we can then check whether the position i (405209180) is in
> the range.

A good idea.

> (gdb) p b->pt
> $10 = 135788160
> (gdb) p b->begv
> $11 = 405209204
> (gdb) p b->zv
> $12 = 1210536088
> 
> It seems that i is smaller than begv -- and the comment in buffer.h
> says: "Char position of beginning of accessible range." -- I guess
> that means this position is not "accessible" -- whatever that means.
> Just to be sure, let me repeat that with the bytes.
> 
> (gdb) p b->pt_byte
> $13 = 405209204
> (gdb) p b->begv_byte
> $14 = 1478949956
> (gdb) p b->zv_byte
> $15 = 0
> 
> Hm.  Now that looks fishy.

Yes, it does.  And that's the reason for the crash, I think.  The 
question is, how did that happen.

>   own_text = {
>     beg = 0x18270074 <Address 0x18270074 out of bounds>, 
>     gpt = 405209180, 
>     z = 405209180, 

Yes, beg being out of bounds is also a possible smoking gun.