From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: YASUOKA Masahiko Newsgroups: gmane.emacs.bugs Subject: bug#46791: 27.1; crash at gtk_label_new() Date: Sat, 27 Feb 2021 12:35:56 +0900 (JST) Message-ID: <20210227.123556.1905602128538185076.yasuoka@yasuoka.net> References: <20210226.163206.1318676287968973294.yasuoka@yasuoka.net> <831rd2rj3k.fsf@gnu.org> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="19048"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 46791@debbugs.gnu.org To: eliz@gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sat Feb 27 04:37:10 2021 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lFqPl-0004pm-UM for geb-bug-gnu-emacs@m.gmane-mx.org; Sat, 27 Feb 2021 04:37:09 +0100 Original-Received: from localhost ([::1]:51948 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lFqPl-0006UI-2B for geb-bug-gnu-emacs@m.gmane-mx.org; Fri, 26 Feb 2021 22:37:09 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:60998) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lFqPe-0006U6-Lg for bug-gnu-emacs@gnu.org; Fri, 26 Feb 2021 22:37:02 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]:59613) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lFqPe-0001WW-Eh for bug-gnu-emacs@gnu.org; Fri, 26 Feb 2021 22:37:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lFqPe-0006mU-9a for bug-gnu-emacs@gnu.org; Fri, 26 Feb 2021 22:37:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: YASUOKA Masahiko Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 27 Feb 2021 03:37:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46791 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 46791-submit@debbugs.gnu.org id=B46791.161439696626003 (code B ref 46791); Sat, 27 Feb 2021 03:37:02 +0000 Original-Received: (at 46791) by debbugs.gnu.org; 27 Feb 2021 03:36:06 +0000 Original-Received: from localhost ([127.0.0.1]:42926 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFqOk-0006lL-2s for submit@debbugs.gnu.org; Fri, 26 Feb 2021 22:36:06 -0500 Original-Received: from s247156.ppp.asahi-net.or.jp ([220.157.247.156]:62421) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFqOg-0006kr-Ab for 46791@debbugs.gnu.org; Fri, 26 Feb 2021 22:36:04 -0500 Original-Received: by mail.2ndsoft.com (OpenSMTPD) with ESMTP id 48264f7f; Sat, 27 Feb 2021 12:35:59 +0900 (JST) In-Reply-To: <831rd2rj3k.fsf@gnu.org> X-Mailer: Mew version 6.8 on Emacs 27.1 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:200900 Archived-At: On Fri, 26 Feb 2021 16:37:03 +0200 Eli Zaretskii wrote: >> Date: Fri, 26 Feb 2021 16:32:06 +0900 (JST) >> From: YASUOKA Masahiko >> >> When I'm using Mew(https://mew.org/) on emacs 27.1, emacs crashes >> frequently. It happens when I am composing a mail message in "draft >> mode" of Mew. >> [...] >> In src/gtkutil.c, update_frame_tool_bar(): >> >> 5197 ti = xg_make_tool_item (f, w, &wbutton, label, i, horiz, text_image); >> >> this "label" is invalid when the crash happens. This "label" >> >> 5006 for (i = j = 0; i < f->n_tool_bar_items; ++i) >> 5007 { >> 5008 bool enabled_p = !NILP (PROP (TOOL_BAR_ITEM_ENABLED_P)); >> 5009 bool selected_p = !NILP (PROP (TOOL_BAR_ITEM_SELECTED_P)); >> >> 5022 const char *label >> 5023 = (EQ (style, Qimage) || (vert_only && horiz)) ? NULL >> 5024 : STRINGP (PROP (TOOL_BAR_ITEM_LABEL)) >> 5025 ? SSDATA (PROP (TOOL_BAR_ITEM_LABEL)) >> 5026 : ""; >> >> is set at the begining of the loop(#5006), >> >> 5065 specified_file = file_for_image (image); >> 5066 if (!NILP (specified_file) && !NILP (Ffboundp (Qx_gtk_map_stock))) >> 5067 stock = call1 (Qx_gtk_map_stock, specified_file); >> 5068 >> >> it sometimes become invalid just after #5067. Then it is passed to >> gtk_label_new() through xg_make_tool_item(), the crash will happen. >> >> Since we can get a valid "label" pointer again by setting it in the >> same way of the beginning of the loop, we can fix the bug by moving >> the initialization of "label" to a place just before it is used. The >> following diff does this: > > Thanks. Could you please try the slightly different patch below? It > is IMO safer, since it doesn't depend on a 'char *' pointer into a > Lisp string's data to remain valid after some point in the code. Yes. I tested your patch, it seems to fix the problem. Thanks,