bug#1052: segfault when resuming emacsclient -t in an xterm

unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed

From: Dan Nicolaescu <dann@ics.uci.edu>
To: bug-gnu-emacs@gnu.org
Subject: bug#1052: segfault when resuming emacsclient -t in an xterm
Date: Mon, 29 Sep 2008 10:46:26 -0700 (PDT)	[thread overview]
Message-ID: <200809291746.m8THkQE1005918@mothra.ics.uci.edu> (raw)


This change:

2008-03-29  Stefan Monnier  <monnier@iro.umontreal.ca>

            * xt-mouse.el (xterm-mouse-mode): Use delete-terminal-functions.
            (xterm-mouse-handle-delete-frame): Delete.

            * term/xterm.el (terminal-init-xterm): Use delete-terminal-functions.
            (xterm-turn-on-modify-other-keys, xterm-turn-off-modify-other-keys)
            (xterm-remove-modify-other-keys): Lookup terminal rather than frame
            in xterm-modify-other-keys-terminal-list.

causes the following:

emacs -Q -f server-start RET

in another xterm do:

emacsclient -t RET
C-z
emacsclient -t RET
C-z
fg
C-x C-c

at this point emacs segfaults with the following backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x007c3c81 in fwrite () from /lib/libc.so.6
Missing separate debuginfos, use: debuginfo-install Xaw3d.i386 e2fsprogs.i386 giflib.i386 glibc.i686 gpm.i386 libICE.i386 libSM.i386 libX11.i386 libXau.i386 libXcursor.i386 libXdmcp.i386 libXext.i386 libXfixes.i386 libXmu.i386 libXpm.i386 libXrender.i386 libXt.i386 libjpeg.i386 libpng.i386 libtiff.i386 libxcb.i386 ncurses.i386 zlib.i386
(gdb) bt
#0  0x007c3c81 in fwrite () from /lib/libc.so.6
#1  0x08052f7a in Fsend_string_to_terminal (string=143248211, terminal=137808073)
    at /tmp/emacs/src/dispnew.c:6473
#2  0x0816ed97 in Ffuncall (nargs=2, args=0xbf8e3b00)
    at /tmp/emacs/src/eval.c:3047
#3  0x081a3680 in Fbyte_code (bytestr=143248515, vector=146901764, maxdepth=<value optimized out>)
    at /tmp/emacs/src/bytecode.c:678
#4  0x08170b73 in funcall_lambda (fun=146932996, nargs=1, arg_vector=0xbf8e3df4)
    at /tmp/emacs/src/eval.c:3231
#5  0x0816ea9b in Ffuncall (nargs=2, args=0xbf8e3df0)
    at /tmp/emacs/src/eval.c:3101
#6  0x0816fe01 in run_hook_with_args (nargs=2, args=0xbf8e3df0, cond=to_completion)
    at /tmp/emacs/src/eval.c:2703
#7  0x0816ec36 in Ffuncall (nargs=3, args=0xbf8e3dec)
    at /tmp/emacs/src/eval.c:3025
#8  0x0816dd6d in internal_condition_case_2 (bfun=0x816e8f0 <Ffuncall>, nargs=3, args=0xbf8e3dec, 
    handlers=137808121, hfun=0x8076a40 <safe_eval_handler>)
    at /tmp/emacs/src/eval.c:1610
#9  0x0807f2aa in safe_call (nargs=3, args=0xbf8e3dec)
    at /tmp/emacs/src/xdisp.c:2379
#10 0x0807f2fb in safe_call2 (fn=137949729, arg1=138024513, arg2=144406428)
    at /tmp/emacs/src/xdisp.c:2420
#11 0x080cac9d in Fdelete_terminal (terminal=144406428, force=137808121)
    at /tmp/emacs/src/terminal.c:331
#12 0x0805e8b3 in Fdelete_frame (frame=147003460, force=137808121)
    at /tmp/emacs/src/frame.c:1525
#13 0x0816ed97 in Ffuncall (nargs=2, args=0xbf8e3f00)
    at /tmp/emacs/src/eval.c:3047
#14 0x081a3680 in Fbyte_code (bytestr=143528187, vector=146950748, maxdepth=<value optimized out>)
    at /tmp/emacs/src/bytecode.c:678
#15 0x08170b73 in funcall_lambda (fun=147009116, nargs=1, arg_vector=0xbf8e4044)
    at /tmp/emacs/src/eval.c:3231
#16 0x0816ea9b in Ffuncall (nargs=2, args=0xbf8e4040)
    at /tmp/emacs/src/eval.c:3101
#17 0x081a3680 in Fbyte_code (bytestr=137997267, vector=144196452, maxdepth=<value optimized out>)
    at /tmp/emacs/src/bytecode.c:678
#18 0x08170b73 in funcall_lambda (fun=144184804, nargs=2, arg_vector=0xbf8e4174)
    at /tmp/emacs/src/eval.c:3231
#19 0x0816ea9b in Ffuncall (nargs=3, args=0xbf8e4170)
    at /tmp/emacs/src/eval.c:3101
#20 0x081a3680 in Fbyte_code (bytestr=136424043, vector=136424060, maxdepth=<value optimized out>)
    at /tmp/emacs/src/bytecode.c:678
#21 0x08170b73 in funcall_lambda (fun=136423996, nargs=1, arg_vector=0xbf8e42f4)
    at /tmp/emacs/src/eval.c:3231
#22 0x0816ea9b in Ffuncall (nargs=2, args=0xbf8e42f0)
    at /tmp/emacs/src/eval.c:3101
#23 0x0816c9ac in Fcall_interactively (function=143157089, record_flag=137808073, keys=137846508)
    at /tmp/emacs/src/callint.c:857
#24 0x0816ed7b in Ffuncall (nargs=4, args=0xbf8e44b0)
    at /tmp/emacs/src/eval.c:3050
#25 0x0816eec9 in call3 (fn=137972297, arg1=143157089, arg2=137808073, arg3=137808073)
    at /tmp/emacs/src/emacs.c:1724

Lisp Backtrace:
"send-string-to-terminal" (0xbf8e3b04)
"xterm-remove-modify-other-keys" (0xbf8e3df4)
"run-hook-with-args" (0xbf8e3df0)
"delete-frame" (0xbf8e3f04)
"server-delete-client" (0xbf8e4044)
"server-save-buffers-kill-terminal" (0xbf8e4174)
"save-buffers-kill-terminal" (0xbf8e42f4)
"call-interactively" (0xbf8e44b4)

The reason is:

(gdb) frame 1
#1  0x08052f7a in Fsend_string_to_terminal (string=143248211, terminal=137808073)
    at /tmp/emacs/src/dispnew.c:6473
6473      fwrite (SDATA (string), 1, SBYTES (string), tty->output);
(gdb) p tty->output
$1 = (FILE *) 0x0


The problem is that after the cited change
`xterm-remove-modify-other-keys' calls `terminal-live-p' (it was
previously using `frame-live-p') before calling
`send-string-to-terminal'.

`terminal-live-p' does not return false when tty->output is NULL ---> KABOOM.

BTW, unlike what the cited ChangeLog says,
`xterm-turn-off-modify-other-keys' still uses `frame-live-p'.

next             reply	other threads:[~2008-09-29 17:46 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <200810010036.m910aM6C018539@mothra.ics.uci.edu>
2008-09-29 17:46 ` Dan Nicolaescu [this message]
2008-10-01  0:45   ` bug#1052: marked as done (segfault when resuming emacsclient -t in an xterm) Emacs bug Tracking System
2008-09-30 17:06 bug#1052: segfault when resuming emacsclient -t in an xterm Chong Yidong
2008-09-30 18:18 ` Dan Nicolaescu
2008-09-30 22:06   ` Stefan Monnier

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200809291746.m8THkQE1005918@mothra.ics.uci.edu \
    --to=dann@ics.uci.edu \
    --cc=1052@emacsbugs.donarmstrong.com \
    --cc=bug-gnu-emacs@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).