From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Alan Third <alan@idiocy.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#22818: 25.1.1 Emacs.app crash ns_compute_glyph_string_overhangs
Date: Sat, 19 Nov 2016 10:07:03 +0000
Message-ID: <20161119100703.GA66661@breton.holly.idiocy.org>
References: <CAFw1JJ7Fbfognbq7uEhUgeN0B4pdxEtqkUo2sybf86FZBPYz+w@mail.gmail.com>
	<jk60igfumowk3e.fsf@fb.com> <83twb4aqwp.fsf@gnu.org>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: blaine.gmane.org 1479550099 7357 195.159.176.226 (19 Nov 2016 10:08:19 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Sat, 19 Nov 2016 10:08:19 +0000 (UTC)
User-Agent: Mutt/1.7.0 (2016-08-17)
Cc: 22818@debbugs.gnu.org, Josh Berdine <josh@berdine.net>
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Nov 19 11:08:15 2016
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1c82ZD-0000tj-2k
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 19 Nov 2016 11:08:15 +0100
Original-Received: from localhost ([::1]:40723 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1c82ZG-0000AN-B9
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 19 Nov 2016 05:08:18 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:56222)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1c82Z4-00008Z-7i
	for bug-gnu-emacs@gnu.org; Sat, 19 Nov 2016 05:08:07 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1c82Z1-0000Nh-0Q
	for bug-gnu-emacs@gnu.org; Sat, 19 Nov 2016 05:08:06 -0500
Original-Received: from debbugs.gnu.org ([208.118.235.43]:47286)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1c82Z0-0000Nd-TQ
	for bug-gnu-emacs@gnu.org; Sat, 19 Nov 2016 05:08:02 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1c82Z0-0003K8-J6
	for bug-gnu-emacs@gnu.org; Sat, 19 Nov 2016 05:08:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Alan Third <alan@idiocy.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 19 Nov 2016 10:08:02 +0000
Resent-Message-ID: <handler.22818.B22818.147955003412692@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 22818
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: unreproducible
Original-Received: via spool by 22818-submit@debbugs.gnu.org id=B22818.147955003412692
	(code B ref 22818); Sat, 19 Nov 2016 10:08:02 +0000
Original-Received: (at 22818) by debbugs.gnu.org; 19 Nov 2016 10:07:14 +0000
Original-Received: from localhost ([127.0.0.1]:34452 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1c82YE-0003Ie-K1
	for submit@debbugs.gnu.org; Sat, 19 Nov 2016 05:07:14 -0500
Original-Received: from mail-wm0-f54.google.com ([74.125.82.54]:35634)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <athird@googlemail.com>) id 1c82YC-0003IP-Hf
	for 22818@debbugs.gnu.org; Sat, 19 Nov 2016 05:07:13 -0500
Original-Received: by mail-wm0-f54.google.com with SMTP id a197so72772123wmd.0
	for <22818@debbugs.gnu.org>; Sat, 19 Nov 2016 02:07:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=googlemail.com; s=20120113;
	h=sender:date:from:to:cc:subject:message-id:references:mime-version
	:content-disposition:in-reply-to:user-agent;
	bh=ZfA72ChjWez6UhN/UnW718Q3Ozy99z4NQY9yHrJHN9w=;
	b=w1IVjSCiK2jXJuqorg4H9fKpg54t5t5XYUPX+MU46nqQ7COF5vu3vXL7cU//ML/lR6
	9Nt9ysNSwRM9o0wJbK0AHbeoxiQYrRGqHnVlZ1Hr0yE14jB5jqpBSRiv3TzMW6+0G4da
	PVwXwQ72AOGbpYHYrj7wFhHuSBU1ZlrgRf6zt6Kkk41c4LBMYE5tZqOk4xMuTPxVPJsW
	2904iP6iyWaiAZ8aCCBykGr9XPnhOwCcrJAQd9wzRCSeIJUOVE7l9/Gbi3utVgIfdQ6L
	mw9UZprI9SNXIqyDTAdaVejV3r2m4W5yXL/9qZTJOJ41pKHAcqOTMgnLbG/5U7y97/Wb
	ry6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:sender:date:from:to:cc:subject:message-id
	:references:mime-version:content-disposition:in-reply-to:user-agent;
	bh=ZfA72ChjWez6UhN/UnW718Q3Ozy99z4NQY9yHrJHN9w=;
	b=kwMYSOs5LMoKeVyuhzVPVZUGaDkWux33Jf4PIlPOMdXpqocPyngFvoeY6M8pdAMGhd
	Wplms6DL/Gi38kw5Ku/qIQ+EoJ7Df4W6I5alOqm50kSG+DmRt7AevQi/XX0VJ9VOjx7W
	eZXxDnJ6KKIoRGdm+A2w2H5yYmAx0KvFpf0Bksmumx42ocactXYuPCPKZ1TdcJuqZor0
	row+80aGh/bf/Zw3KpYb7I9ViXeQqUGlSJ1zvxJ74Su4UqbyBdUkvhSIxOOAsbMlm2rI
	2Sv8UkKwft2eUuo3s4vU69wZkZz8r3nj7ISfPKtZkcSrH7DgylglZDUrNc3EQUPAt7Dv
	sGLQ==
X-Gm-Message-State: AKaTC01XLlCeIWSSovmdQztaFDXi6tajF3wkaQAk+fnF10AdTtvEQ6xXruTVE1JP14rgFA==
X-Received: by 10.28.16.70 with SMTP id 67mr2660177wmq.53.1479550026665;
	Sat, 19 Nov 2016 02:07:06 -0800 (PST)
Original-Received: from breton.holly.idiocy.org
	(ip6-2001-08b0-03f8-8129-4145-2d31-d9b8-2802.holly.idiocy.org.
	[2001:8b0:3f8:8129:4145:2d31:d9b8:2802])
	by smtp.gmail.com with ESMTPSA id
	l67sm7922540wmf.20.2016.11.19.02.07.05
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sat, 19 Nov 2016 02:07:06 -0800 (PST)
Content-Disposition: inline
In-Reply-To: <83twb4aqwp.fsf@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:125862
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/125862>

On Sat, Nov 19, 2016 at 09:07:50AM +0200, Eli Zaretskii wrote:
> Can you convert the address in frame #0 into line numbers?  Judging by
> the faulting address, 0xd0, some pointer in
> ns_compute_glyph_string_overhangs is a null pointer, but it's hard to
> tell which one without the line number information.

I finally managed to replicate this on my own build:

(lldb) run -Q ~/test-file
Process 66588 launched: '/Users/alan/src/emacs/emacs-25/nextstep/Emacs.app/Contents/MacOS/Emacs' (x86_64)
Process 66588 stopped
* thread #1: tid = 0x154600, 0x00000001002c0940 Emacs`ns_compute_glyph_string_overhangs(s=0x00007fff5fbfb6f0) + 224 at nsterm.m:2681, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xd0)
    frame #0: 0x00000001002c0940 Emacs`ns_compute_glyph_string_overhangs(s=0x00007fff5fbfb6f0) + 224 at nsterm.m:2681
   2678	  else
   2679	    {
   2680	      s->left_overhang = 0;
-> 2681	      if (EQ (font->driver->type, Qns))
   2682	        s->right_overhang = ((struct nsfont_info *)font)->ital ?
   2683	          FONT_HEIGHT (font) * 0.2 : 0;
   2684	      else
(lldb) bt all
* thread #1: tid = 0x154600, 0x00000001002c0940 Emacs`ns_compute_glyph_string_overhangs(s=0x00007fff5fbfb6f0) + 224 at nsterm.m:2681, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0xd0)
  * frame #0: 0x00000001002c0940 Emacs`ns_compute_glyph_string_overhangs(s=0x00007fff5fbfb6f0) + 224 at nsterm.m:2681
    frame #1: 0x0000000100058e7c Emacs`draw_glyphs(w=0x000000010204f430, x=570, row=0x000000010240e100, area=TEXT_AREA, start=0, end=52, hl=DRAW_NORMAL_TEXT, overlaps=0) + 3324 at xdisp.c:25673
    frame #2: 0x00000001000580cd Emacs`x_write_glyphs(w=0x000000010204f430, updated_row=0x000000010240e100, start=0x0000000102420000, updated_area=TEXT_AREA, len=52) + 269 at xdisp.c:27774
    frame #3: 0x000000010000ea34 Emacs`update_text_area(w=0x000000010204f430, updated_row=0x000000010240e100, vpos=1) + 452 at dispnew.c:3612
    frame #4: 0x000000010000ca32 Emacs`update_window_line(w=0x000000010204f430, vpos=1, mouse_face_overwritten_p=0x00007fff5fbfbdd2) + 274 at dispnew.c:3855
    frame #5: 0x0000000100006be1 Emacs`update_window(w=0x000000010204f430, force_p=true) + 865 at dispnew.c:3477
    frame #6: 0x0000000100005c88 Emacs`update_window_tree(w=0x000000010204f430, force_p=true) + 200 at dispnew.c:3219
    frame #7: 0x0000000100005996 Emacs`update_frame(f=0x0000000102050430, force_p=true, inhibit_hairy_id_p=false) + 182 at dispnew.c:3108
    frame #8: 0x000000010004151d Emacs`redisplay_internal + 6957 at xdisp.c:14085
    frame #9: 0x0000000100042a79 Emacs`redisplay + 9 at xdisp.c:13255
    frame #10: 0x000000010013a985 Emacs`read_char(commandflag=1, map=4362425571, prev_event=0, used_mouse_menu=0x00007fff5fbfefb7, end_time=0x0000000000000000) + 1829 at keyboard.c:2482
    frame #11: 0x0000000100136b09 Emacs`read_key_sequence(keybuf=0x00007fff5fbff2e0, bufsize=30, prompt=0, dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false) + 1737 at keyboard.c:9068
    frame #12: 0x00000001001356bb Emacs`command_loop_1 + 1435 at keyboard.c:1370
    frame #13: 0x00000001001f8493 Emacs`internal_condition_case(bfun=(Emacs`command_loop_1 at keyboard.c:1261), handlers=16752, hfun=(Emacs`cmd_error at keyboard.c:940)) + 115 at eval.c:1314
    frame #14: 0x000000010014a8ec Emacs`command_loop_2(ignore=0) + 44 at keyboard.c:1112
    frame #15: 0x00000001001f7c68 Emacs`internal_catch(tag=42480, func=(Emacs`command_loop_2 at keyboard.c:1108), arg=0) + 72 at eval.c:1079
    frame #16: 0x0000000100134688 Emacs`command_loop + 280 at keyboard.c:1091
    frame #17: 0x00000001001344d0 Emacs`recursive_edit_1 + 192 at keyboard.c:697
    frame #18: 0x0000000100134821 Emacs`Frecursive_edit + 305 at keyboard.c:768
    frame #19: 0x0000000100132548 Emacs`main(argc=3, argv=0x00007fff5fbff8e8) + 5864 at emacs.c:1626
    frame #20: 0x00007fff8f1a6255 libdyld.dylib`start + 1
    frame #21: 0x00007fff8f1a6255 libdyld.dylib`start + 1

(lldb) frame variable
(glyph_string *) s = 0x00007fff5fbfb6f0
(font *) font = 0x0000000000000000

(lldb) frame variable *s
(glyph_string) *s = {
  x = 10
  y = 16
  ybase = 30
  width = 11
  background_width = 11
  height = 20
  left_overhang = 0
  right_overhang = 0
  f = 0x0000000102050430
  w = 0x000000010204f430
  display = 0x0000000000000000
  window = 1
  row = 0x000000010240e100
  area = TEXT_AREA
  char2b = 0x0000000000000000
  nchars = 1
  hl = DRAW_NORMAL_TEXT
  face = 0x000000010153b400
  font = 0x0000000000000000
  cmp = 0x0000000000000000
  cmp_id = 0
  cmp_from = 0
  cmp_to = 0
  extends_to_end_of_line_p = false
  background_filled_p = false
  font_not_found_p = false
  stippled_p = false
  for_overlaps = 0
  padding_p = false
  first_glyph = 0x0000000102420000
  img = 0x0000000000000000
  xwidget = 0x0000000000000000
  slice = (x = 0, y = 0, width = 0, height = 0)
  clip_head = 0x0000000000000000
  clip_tail = 0x0000000000000000
  clip = ([0] = (origin = (x = 0, y = 0), size = (width = 0, height = 0)), [1] = (origin = (x = 0, y = 0), size = (width = 0, height = 0)))
  num_clips = 0
  underline_position = 0
  underline_thickness = 0
  next = 0x00007fff5fbfb5d0
  prev = 0x0000000000000000
}

-- 
Alan Third