* Crash calling md5 for a list of buffers
@ 2004-01-20 11:41 Dmitry Antipov
0 siblings, 0 replies; 5+ messages in thread
From: Dmitry Antipov @ 2004-01-20 11:41 UTC (permalink / raw)
Hello,
Calling 'md5' can cause the crash with 'Fatal error (6).Aborted (core
dumped)'.
To reproduce, do:
1. Run emacs with a lot of buffers (for example, go to the source directory
of some project and do 'emacs *.c'.
2. Eval one of:
- (mapcar 'md5 (buffer-list)) or
- (mapcar '(lambda (b) (md5 b nil nil 'raw-text)) (buffer-list))
My post-mortem backtrace is:
----
#0 0x40326671 in kill () from /lib/i686/libc.so.6
#1 0x080cf84c in fatal_error_signal (sig=27993) at emacs.c:354
#2 <signal handler called>
#3 0x40326671 in kill () from /lib/i686/libc.so.6
#4 0x080cf88a in abort () at emacs.c:387
#5 0x080f0498 in buf_charpos_to_bytepos (b=0x8805980, charpos=459097)
at marker.c:141
#6 0x0811f1df in make_buffer_string (start=1, end=27993, props=0) at
editfns.c:2151
#7 0x08131a9d in Fmd5 (object=1216014040, start=405215452,
end=405215452, coding_system=405385700,
noerror=405215452) at fns.c:5169
#8 0x08126510 in Feval (form=136526776) at eval.c:2027
#9 0x0812427d in Fprogn (args=1484879300) at eval.c:431
#10 0x0812721f in funcall_lambda (fun=142702100, nargs=1,
arg_vector=0xbfffe554) at eval.c:2844
#11 0x08126dfe in Ffuncall (nargs=2, args=0xbfffe550) at eval.c:2716
#12 0x08126bc4 in call1 (fn=1484879380, arg1=1216014040) at eval.c:2456
#13 0x0812ecd0 in mapcar1 (leni=117, vals=0xbfffe5d0, fn=1484879380,
seq=-1073750316) at fns.c:2713
#14 0x0812eef0 in Fmapcar (function=1484879380, sequence=1484918916) at
fns.c:2773
#15 0x081264c2 in Feval (form=136525648) at eval.c:2013
#16 0x08126ede in Ffuncall (nargs=2, args=0xbfffe904) at eval.c:2659
#17 0x0814e340 in Fbyte_code (bytestr=135968312, vector=1,
maxdepth=-1073747712) at bytecode.c:716
#18 0x081271e0 in funcall_lambda (fun=1209710080, nargs=2,
arg_vector=0xbfffea14) at eval.c:2851
#19 0x08126dfe in Ffuncall (nargs=3, args=0xbfffea10) at eval.c:2716
#20 0x08126796 in Fapply (nargs=2, args=0xbfffeaa0) at eval.c:2169
#21 0x08126b85 in apply1 (fn=405374140, arg=1484879044) at eval.c:2423
#22 0x0812390c in Fcall_interactively (function=405374140,
record_flag=405215452, keys=1210580568)
at callint.c:367
#23 0x080dbeba in Fcommand_execute (cmd=405374140,
record_flag=405215452, keys=405215452, special=405215452)
at keyboard.c:9250
#24 0x080d22aa in command_loop_1 () at keyboard.c:1661
#25 0x0812537a in internal_condition_case (bfun=0x80d1f2c
<command_loop_1>, handlers=405311796,
hfun=0x80d1b54 <cmd_error>) at eval.c:1267
#26 0x080d1e06 in command_loop_2 () at keyboard.c:1245
#27 0x08124f35 in internal_catch (tag=0, func=0x80d1de8
<command_loop_2>, arg=405215452) at eval.c:1030
#28 0x080d1dbc in command_loop () at keyboard.c:1224
#29 0x080d1924 in recursive_edit_1 () at keyboard.c:950
#30 0x080d1a40 in Frecursive_edit () at keyboard.c:1006
#31 0x080d04d3 in main (argc=111, argv=0xbffff234, envp=0xbffff3f4) at
emacs.c:1547
#32 0x40313a67 in __libc_start_main () from /lib/i686/libc.so.6
---
This bug is founded on Emacs 21.3 (GNU Emacs 21.3.1
(i686-pc-linux-gnu, X toolkit, Xaw3d scroll bars))
on custom RedHat 9.0-based system (kernel version 2.4.24, gcc version
3.2.2, libc version 2.3.2-27.9.7 (comes
from RedHat package)). Compilation flags are default '-g -O2'.
I've also got exactly the same results with CVS shapshot (2004-01-20).
Dmitry.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Crash calling md5 for a list of buffers
[not found] <mailman.991.1074595908.928.bug-gnu-emacs@gnu.org>
@ 2004-01-20 17:11 ` Kevin Rodgers
[not found] ` <mailman.1021.1074618759.928.bug-gnu-emacs@gnu.org>
1 sibling, 0 replies; 5+ messages in thread
From: Kevin Rodgers @ 2004-01-20 17:11 UTC (permalink / raw)
Dmitry Antipov wrote:
> Calling 'md5' can cause the crash with 'Fatal error (6).Aborted (core
> dumped)'.
> To reproduce, do:
> 1. Run emacs with a lot of buffers (for example, go to the source directory
> of some project and do 'emacs *.c'.
> 2. Eval one of:
> - (mapcar 'md5 (buffer-list)) or
> - (mapcar '(lambda (b) (md5 b nil nil 'raw-text)) (buffer-list))
...
> ---
> This bug is founded on Emacs 21.3 (GNU Emacs 21.3.1 (i686-pc-linux-gnu,
> X toolkit, Xaw3d scroll bars))
> on custom RedHat 9.0-based system (kernel version 2.4.24, gcc version
> 3.2.2, libc version 2.3.2-27.9.7 (comes
> from RedHat package)). Compilation flags are default '-g -O2'.
> I've also got exactly the same results with CVS shapshot (2004-01-20).
I cannot reproduce that on GNU Emacs 21.3.1 (i386-pc-solaris2.7, X
toolkit) of 2003-04-24 on briard. If I go to the emacs-21.3/src
directory, start Emacs as `./emacs-21.3.1 -q --no-site-file *.c',
then type `M-: (mapcar 'md5 (buffer-list)) RET', I get the following
*Backtrace*:
Debugger entered--Lisp error: (args-out-of-range 1 459097)
find-coding-systems-region-internal(1 459097)
find-coding-systems-region(1 459097)
select-safe-coding-system(1 459097 undecided-unix)
md5(#<buffer xdisp.c>)
mapcar(md5 (#<buffer xterm.c> #<buffer *Minibuf-1*> #<buffer xselect.c>
#<buffer xrdb.c> #<buffer xmenu.c> #<buffer xfns.c> #<buffer xfaces.c> #<buffer
xdisp.c> #<buffer window.c> #<buffer widget.c> #<buffer w32xfns.c> #<buffer
w32term.c> #<buffer w32select.c> #<buffer w32reg.c> #<buffer w32proc.c> #<buffer
w32menu.c> #<buffer w32inevt.c> #<buffer w32heap.c> #<buffer w32fns.c> #<buffer
w32console.c> #<buffer w32bdf.c> #<buffer w32.c> #<buffer w16select.c> #<buffer
vm-limit.c> #<buffer unexw32.c> #<buffer unexsunos4.c> #<buffer unexsni.c>
#<buffer unexnext.c> #<buffer unexmips.c> #<buffer unexhp9k800.c> #<buffer
unexenix.c> #<buffer unexelf.c> #<buffer unexec.c> #<buffer unexconvex.c>
#<buffer unexapollo.c> #<buffer unexalpha.c> #<buffer unexaix.c> #<buffer
undo.c> #<buffer tparam.c> #<buffer textprop.c> #<buffer terminfo.c> #<buffer
termcap.c> #<buffer term.c> #<buffer sysdep.c> #<buffer syntax.c> #<buffer
sunfns.c> #<buffer strftime.c> #<buffer sound.c> #<buffer search.c> #<buffer
scroll.c> ...))
eval((mapcar (quote md5) (buffer-list)))
eval-expression((mapcar (quote md5) (buffer-list)) nil)
* call-interactively(eval-expression)
--
Kevin Rodgers
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Crash calling md5 for a list of buffers
[not found] ` <mailman.1021.1074618759.928.bug-gnu-emacs@gnu.org>
@ 2004-01-20 18:57 ` Kevin Rodgers
0 siblings, 0 replies; 5+ messages in thread
From: Kevin Rodgers @ 2004-01-20 18:57 UTC (permalink / raw)
Kevin Rodgers wrote:
> I cannot reproduce that on GNU Emacs 21.3.1 (i386-pc-solaris2.7, X
> toolkit) of 2003-04-24 on briard. If I go to the emacs-21.3/src
> directory, start Emacs as `./emacs-21.3.1 -q --no-site-file *.c',
> then type `M-: (mapcar 'md5 (buffer-list)) RET', I get the following
> *Backtrace*:
>
>
> Debugger entered--Lisp error: (args-out-of-range 1 459097)
> find-coding-systems-region-internal(1 459097)
> find-coding-systems-region(1 459097)
> select-safe-coding-system(1 459097 undecided-unix)
> md5(#<buffer xdisp.c>)
Apparently that's because the xdisp.c buffer only has 459096 characters.
Whether I visit it with find-file or find-file-literally, `M->' followed
by `C-x =' reports "point=459097 of 459096 (100%) column 0".
--
Kevin Rodgers
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Crash calling md5 for a list of buffers
@ 2004-01-21 8:56 Dmitry Antipov
0 siblings, 0 replies; 5+ messages in thread
From: Dmitry Antipov @ 2004-01-21 8:56 UTC (permalink / raw)
Kevin Rodgers wrote:
>> I cannot reproduce that on GNU Emacs 21.3.1 (i386-pc-solaris2.7, X
>> toolkit) of 2003-04-24 on briard. If I go to the emacs-21.3/src
>> directory, start Emacs as `./emacs-21.3.1 -q --no-site-file *.c',
>> then type `M-: (mapcar 'md5 (buffer-list)) RET', I get the following
>> *Backtrace*:
>>
>> Debugger entered--Lisp error: (args-out-of-range 1 459097)
>> find-coding-systems-region-internal(1 459097)
>> find-coding-systems-region(1 459097)
>> select-safe-coding-system(1 459097 undecided-unix)
>> md5(#<buffer xdisp.c>)
>
> Apparently that's because the xdisp.c buffer only has 459096 characters.
> Whether I visit it with find-file or find-file-literally, `M->' followed
> by `C-x =' reports "point=459097 of 459096 (100%) column 0".
Try to eval (mapcar '(lambda (b) (md5 b nil nil 'raw-text)) (buffer-list)).
(mapcar 'md5 (buffer-list)) doesn't work for all buffers (really I don't
understand why - probably the coding system determined automagically is
not always valid for Fmd5).
Dmitry
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Crash calling md5 for a list of buffers
[not found] <mailman.1088.1074672016.928.bug-gnu-emacs@gnu.org>
@ 2004-01-21 17:20 ` Kevin Rodgers
0 siblings, 0 replies; 5+ messages in thread
From: Kevin Rodgers @ 2004-01-21 17:20 UTC (permalink / raw)
Dmitry Antipov wrote:
> Kevin Rodgers wrote:
>
>>> I cannot reproduce that on GNU Emacs 21.3.1 (i386-pc-solaris2.7, X
>>> toolkit) of 2003-04-24 on briard. If I go to the emacs-21.3/src
>>> directory, start Emacs as `./emacs-21.3.1 -q --no-site-file *.c',
>>> then type `M-: (mapcar 'md5 (buffer-list)) RET', I get the following
>>> *Backtrace*:
>>>
>>> Debugger entered--Lisp error: (args-out-of-range 1 459097)
>>> find-coding-systems-region-internal(1 459097)
>>> find-coding-systems-region(1 459097)
>>> select-safe-coding-system(1 459097 undecided-unix)
>>> md5(#<buffer xdisp.c>)
>>
>>
>> Apparently that's because the xdisp.c buffer only has 459096 characters.
>> Whether I visit it with find-file or find-file-literally, `M->' followed
>> by `C-x =' reports "point=459097 of 459096 (100%) column 0".
>
>
> Try to eval (mapcar '(lambda (b) (md5 b nil nil 'raw-text)) (buffer-list)).
> (mapcar 'md5 (buffer-list)) doesn't work for all buffers (really I don't
> understand why - probably the coding system determined automagically is
> not always valid for Fmd5).
OK, then I get the same crash that you reported. The interesting thing
is that both the crash and the Lisp error occur while processing
xdisp.c. There is something screwy with that file that causes Emacs to
think it has 1 more character (459097) than it really does (459096). If
I kill that buffer before mapping md5 over buffer-list, neither the
crash nor the Lisp error occur.
Running emacs with --unibyte didn't prevent the Lisp error or the crash
on xdisp.c. I'm confused because that file doesn't contain any odd
characters, just printable ASCII chars, newline (^J), tab (^I), and
formfeed (^L).
There must be something wrong in the code in fns.c:Fmd5() that computes
and checks the buffer beginning and end when its run with object set to
the xdisp.c buffer, because either the subsequent call to
select-safe-coding-system (via Vselect_safe_coding_system_function) or
make_buffer_string is passed an end argument that is 1 larger than the
buffer size (which precipitates the Lisp error or the crash,
respectively). Can anyone see what's wrong here?
CHECK_BUFFER (object, 0);
bp = XBUFFER (object);
if (NILP (start))
b = BUF_BEGV (bp);
else
{
CHECK_NUMBER_COERCE_MARKER (start, 0);
b = XINT (start);
}
if (NILP (end))
e = BUF_ZV (bp);
else
{
CHECK_NUMBER_COERCE_MARKER (end, 1);
e = XINT (end);
}
if (b > e)
temp = b, b = e, e = temp;
if (!(BUF_BEGV (bp) <= b && e <= BUF_ZV (bp)))
args_out_of_range (start, end);
--
Kevin Rodgers
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2004-01-21 17:20 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-01-20 11:41 Crash calling md5 for a list of buffers Dmitry Antipov
[not found] <mailman.991.1074595908.928.bug-gnu-emacs@gnu.org>
2004-01-20 17:11 ` Kevin Rodgers
[not found] ` <mailman.1021.1074618759.928.bug-gnu-emacs@gnu.org>
2004-01-20 18:57 ` Kevin Rodgers
-- strict thread matches above, loose matches on Subject: below --
2004-01-21 8:56 Dmitry Antipov
[not found] <mailman.1088.1074672016.928.bug-gnu-emacs@gnu.org>
2004-01-21 17:20 ` Kevin Rodgers
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).