* bug#16127: 24.3.50; emacs crashes with macfont_free_entity
@ 2013-12-13 2:46 Darren Hoo
2013-12-13 6:40 ` Dmitry Antipov
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Darren Hoo @ 2013-12-13 2:46 UTC (permalink / raw)
To: 16127
Bzr revno: 115489 brings this crash:
lldb src/emacs
Current executable set to 'src/emacs' (x86_64).
(lldb) run
Process 17619 launched: '/Volumes/disk/emacs/src/emacs' (x86_64)
Process 17619 stopped
* thread #1: tid = 0x1f0644, 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
frame #0: 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007
2004 XSAVE_POINTER (Lisp_Object obj, int n)
2005 {
2006 eassert (save_type (XSAVE_VALUE (obj), n) == SAVE_POINTER);
-> 2007 return XSAVE_VALUE (obj)->data[n].pointer;
2008 }
2009 INLINE void
2010 set_save_pointer (Lisp_Object obj, int n, void *val)
(lldb) bt all
* thread #1: tid = 0x1f0644, 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
frame #0: 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007
frame #1: 0x00000001001ac8c7 emacs`macfont_free_entity(entity=4353797322) + 23 at macfont.m:2438
frame #2: 0x000000010010910e emacs`Fgarbage_collect [inlined] cleanup_vector + 84 at alloc.c:2889
frame #3: 0x00000001001090ba emacs`Fgarbage_collect [inlined] sweep_vectors + 168 at alloc.c:2929
frame #4: 0x0000000100109012 emacs`Fgarbage_collect [inlined] gc_sweep + 243 at alloc.c:6631
frame #5: 0x0000000100108f1f emacs`Fgarbage_collect + 6015 at alloc.c:5554
frame #6: 0x000000010015a5e5 emacs`exec_byte_code [inlined] maybe_gc + 1189 at lisp.h:4476
frame #7: 0x000000010015a59b emacs`exec_byte_code(bytestr=<unavailable>, vector=<unavailable>, maxdepth=<unavailable>, args_template=<unavailable>, nargs=<unavailable>, args=<unavailable>) + 1115 at bytecode.c:753
frame #8: 0x000000010012529f emacs`funcall_lambda(fun=<unavailable>, nargs=<unavailable>, arg_vector=0x00007fff5fbff1f0) + 831 at eval.c:3041
frame #9: 0x0000000100124617 emacs`Ffuncall(nargs=<unavailable>, args=<unavailable>) + 631 at eval.c:2854
frame #10: 0x000000010015a9b9 emacs`exec_byte_code(bytestr=<unavailable>, vector=<unavailable>, maxdepth=<unavailable>, args_template=<unavailable>, nargs=<unavailable>, args=<unavailable>) + 2169 at bytecode.c:919
frame #11: 0x000000010012529f emacs`funcall_lambda(fun=<unavailable>, nargs=<unavailable>, arg_vector=0x00007fff5fbff370) + 831 at eval.c:3041
frame #12: 0x0000000100124617 emacs`Ffuncall(nargs=<unavailable>, args=<unavailable>) + 631 at eval.c:2854
frame #13: 0x000000010015a9b9 emacs`exec_byte_code(bytestr=<unavailable>, vector=<unavailable>, maxdepth=<unavailable>, args_template=<unavailable>, nargs=<unavailable>, args=<unavailable>) + 2169 at bytecode.c:919
frame #14: 0x000000010012529f emacs`funcall_lambda(fun=<unavailable>, nargs=<unavailable>, arg_vector=0x00007fff5fbff510) + 831 at eval.c:3041
frame #15: 0x0000000100124617 emacs`Ffuncall(nargs=<unavailable>, args=<unavailable>) + 631 at eval.c:2854
frame #16: 0x000000010015a9b9 emacs`exec_byte_code(bytestr=<unavailable>, vector=<unavailable>, maxdepth=<unavailable>, args_template=<unavailable>, nargs=<unavailable>, args=<unavailable>) + 2169 at bytecode.c:919
frame #17: 0x0000000100124617 emacs`Ffuncall(nargs=<unavailable>, args=<unavailable>) + 631 at eval.c:2854
frame #18: 0x000000010015a9b9 emacs`exec_byte_code(bytestr=<unavailable>, vector=<unavailable>, maxdepth=<unavailable>, args_template=<unavailable>, nargs=<unavailable>, args=<unavailable>) + 2169 at bytecode.c:919
frame #19: 0x0000000100123fd2 emacs`apply_lambda(fun=4297629933, args=<unavailable>) + 290 at eval.c:2914
frame #20: 0x0000000100120c31 emacs`eval_sub(form=<unavailable>) + 865 at eval.c:2220
frame #21: 0x0000000100123d5a emacs`Feval(form=4353822790, lexical=<unavailable>) + 106 at eval.c:1993
frame #22: 0x0000000100122f63 emacs`internal_condition_case(bfun=0x00000001000bfbd0, handlers=<unavailable>, hfun=<unavailable>) + 243 at eval.c:1344
frame #23: 0x00000001000bfbb2 emacs`top_level_1(ignore=<unavailable>) + 82 at keyboard.c:1187
frame #24: 0x0000000100122920 emacs`internal_catch(tag=<unavailable>, func=0x00000001000bfb60, arg=4320145466) + 240 at eval.c:1108
frame #25: 0x00000001000ae63f emacs`recursive_edit_1 [inlined] command_loop + 50 at keyboard.c:1148
frame #26: 0x00000001000ae60d emacs`recursive_edit_1 + 269 at keyboard.c:777
frame #27: 0x00000001000ae79a emacs`Frecursive_edit + 250 at keyboard.c:841
frame #28: 0x00000001000ad514 emacs`main(argc=0, argv=<unavailable>) + 5524 at emacs.c:1634
frame #29: 0x00007fff8d21d5fd libdyld.dylib`start + 1
frame #30: 0x00007fff8d21d5fd libdyld.dylib`start + 1
thread #2: tid = 0x1f065e, 0x00007fff96ae7e6a libsystem_kernel.dylib`__workq_kernreturn + 10
frame #0: 0x00007fff96ae7e6a libsystem_kernel.dylib`__workq_kernreturn + 10
frame #1: 0x00007fff93c7cf08 libsystem_pthread.dylib`_pthread_wqthread + 330
frame #2: 0x00007fff93c7ffb9 libsystem_pthread.dylib`start_wqthread + 13
thread #3: tid = 0x1f065f, 0x00007fff96ae8662 libsystem_kernel.dylib`kevent64 + 10, queue = 'com.apple.libdispatch-manager
frame #0: 0x00007fff96ae8662 libsystem_kernel.dylib`kevent64 + 10
frame #1: 0x00007fff9915043d libdispatch.dylib`_dispatch_mgr_invoke + 239
frame #2: 0x00007fff99150152 libdispatch.dylib`_dispatch_mgr_thread + 52
thread #4: tid = 0x1f0660, 0x00007fff96ae7e6a libsystem_kernel.dylib`__workq_kernreturn + 10
frame #0: 0x00007fff96ae7e6a libsystem_kernel.dylib`__workq_kernreturn + 10
frame #1: 0x00007fff93c7cf08 libsystem_pthread.dylib`_pthread_wqthread + 330
frame #2: 0x00007fff93c7ffb9 libsystem_pthread.dylib`start_wqthread + 13
thread #5: tid = 0x1f0674, 0x00007fff96ae7e6a libsystem_kernel.dylib`__workq_kernreturn + 10
frame #0: 0x00007fff96ae7e6a libsystem_kernel.dylib`__workq_kernreturn + 10
frame #1: 0x00007fff93c7cf08 libsystem_pthread.dylib`_pthread_wqthread + 330
frame #2: 0x00007fff93c7ffb9 libsystem_pthread.dylib`start_wqthread + 13
thread #6: tid = 0x1f0675, 0x00007fff96ae79aa libsystem_kernel.dylib`select$DARWIN_EXTSN + 10
frame #0: 0x00007fff96ae79aa libsystem_kernel.dylib`select$DARWIN_EXTSN + 10
frame #1: 0x000000010018f08e emacs`-[EmacsApp fd_handler:](self=<unavailable>, _cmd=<unavailable>, unused=<unavailable>) + 270 at nsterm.m:4807
frame #2: 0x00007fff90c4870b Foundation`__NSThread__main__ + 1318
frame #3: 0x00007fff93c7b899 libsystem_pthread.dylib`_pthread_body + 138
frame #4: 0x00007fff93c7b72a libsystem_pthread.dylib`_pthread_start + 137
frame #5: 0x00007fff93c7ffc9 libsystem_pthread.dylib`thread_start + 13
thread #7: tid = 0x1f067e, 0x00007fff96ae3a1a libsystem_kernel.dylib`mach_msg_trap + 10
frame #0: 0x00007fff96ae3a1a libsystem_kernel.dylib`mach_msg_trap + 10
frame #1: 0x00007fff96ae2d18 libsystem_kernel.dylib`mach_msg + 64
frame #2: 0x00007fff91d5c315 CoreFoundation`__CFRunLoopServiceMachPort + 181
frame #3: 0x00007fff91d5b939 CoreFoundation`__CFRunLoopRun + 1161
frame #4: 0x00007fff91d5b275 CoreFoundation`CFRunLoopRunSpecific + 309
frame #5: 0x00007fff9228c1ce AppKit`_NSEventThread + 144
frame #6: 0x00007fff93c7b899 libsystem_pthread.dylib`_pthread_body + 138
frame #7: 0x00007fff93c7b72a libsystem_pthread.dylib`_pthread_start + 137
frame #8: 0x00007fff93c7ffc9 libsystem_pthread.dylib`thread_start + 13
thread #8: tid = 0x1f0686, 0x00007fff96ae7e6a libsystem_kernel.dylib`__workq_kernreturn + 10
frame #0: 0x00007fff96ae7e6a libsystem_kernel.dylib`__workq_kernreturn + 10
frame #1: 0x00007fff93c7cf08 libsystem_pthread.dylib`_pthread_wqthread + 330
frame #2: 0x00007fff93c7ffb9 libsystem_pthread.dylib`start_wqthread + 13
(lldb)
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#16127: 24.3.50; emacs crashes with macfont_free_entity
2013-12-13 2:46 bug#16127: 24.3.50; emacs crashes with macfont_free_entity Darren Hoo
@ 2013-12-13 6:40 ` Dmitry Antipov
2013-12-13 8:27 ` Darren Hoo
2016-09-11 10:08 ` Alan Third
2019-08-23 6:13 ` Stefan Kangas
2 siblings, 1 reply; 6+ messages in thread
From: Dmitry Antipov @ 2013-12-13 6:40 UTC (permalink / raw)
To: Darren Hoo; +Cc: 16127
[-- Attachment #1: Type: text/plain, Size: 936 bytes --]
On 12/13/2013 06:46 AM, Darren Hoo wrote:
> Process 17619 launched: '/Volumes/disk/emacs/src/emacs' (x86_64)
> Process 17619 stopped
> * thread #1: tid = 0x1f0644, 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
> frame #0: 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007
> 2004 XSAVE_POINTER (Lisp_Object obj, int n)
> 2005 {
> 2006 eassert (save_type (XSAVE_VALUE (obj), n) == SAVE_POINTER);
> -> 2007 return XSAVE_VALUE (obj)->data[n].pointer;
> 2008 }
> 2009 INLINE void
> 2010 set_save_pointer (Lisp_Object obj, int n, void *val)
Hm...double call to macfont_free_entity for the same entity?
Can you compile with --enable-checking and this patch?
Dmitry
[-- Attachment #2: test_bug16127.patch --]
[-- Type: text/x-patch, Size: 575 bytes --]
=== modified file 'src/macfont.m'
--- src/macfont.m 2013-12-12 14:26:06 +0000
+++ src/macfont.m 2013-12-13 06:37:01 +0000
@@ -2435,11 +2435,14 @@
{
Lisp_Object val = assq_no_quit (QCfont_entity,
AREF (entity, FONT_EXTRA_INDEX));
- CFStringRef name = XSAVE_POINTER (XCDR (val), 0);
+ if (CONSP (val) && SAVE_VALUE_P (XCDR (val)))
+ {
+ CFStringRef name = XSAVE_POINTER (XCDR (val), 0);
- block_input ();
- CFRelease (name);
- unblock_input ();
+ block_input ();
+ CFRelease (name);
+ unblock_input ();
+ }
}
static Lisp_Object
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#16127: 24.3.50; emacs crashes with macfont_free_entity
2013-12-13 6:40 ` Dmitry Antipov
@ 2013-12-13 8:27 ` Darren Hoo
2013-12-13 9:31 ` Dmitry Antipov
0 siblings, 1 reply; 6+ messages in thread
From: Darren Hoo @ 2013-12-13 8:27 UTC (permalink / raw)
To: Dmitry Antipov; +Cc: 16127
[-- Attachment #1: Type: text/plain, Size: 334 bytes --]
On Fri, Dec 13, 2013 at 2:40 PM, Dmitry Antipov <dmantipov@yandex.ru> wrote:
> On 12/13/2013 06:46 AM, Darren Hoo wrote:
>
> Hm...double call to macfont_free_entity for the same entity?
>
> Can you compile with --enable-checking and this patch?
>
>
No more crashes after applying the patch.
using SAVE_VALUEP instead of SAVE_VALUE_P
[-- Attachment #2: Type: text/html, Size: 895 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#16127: 24.3.50; emacs crashes with macfont_free_entity
2013-12-13 8:27 ` Darren Hoo
@ 2013-12-13 9:31 ` Dmitry Antipov
0 siblings, 0 replies; 6+ messages in thread
From: Dmitry Antipov @ 2013-12-13 9:31 UTC (permalink / raw)
To: Darren Hoo; +Cc: 16127
On 12/13/2013 12:27 PM, Darren Hoo wrote:
> No more crashes after applying the patch.
> using SAVE_VALUEP instead of SAVE_VALUE_P
So, most likely this is a double call to macfont_free_entity.
BTW, what versions of OS X and Xcode you're using?
Dmitry
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#16127: 24.3.50; emacs crashes with macfont_free_entity
2013-12-13 2:46 bug#16127: 24.3.50; emacs crashes with macfont_free_entity Darren Hoo
2013-12-13 6:40 ` Dmitry Antipov
@ 2016-09-11 10:08 ` Alan Third
2019-08-23 6:13 ` Stefan Kangas
2 siblings, 0 replies; 6+ messages in thread
From: Alan Third @ 2016-09-11 10:08 UTC (permalink / raw)
To: Darren Hoo; +Cc: 16127
Darren Hoo <darren.hoo@gmail.com> writes:
> Bzr revno: 115489 brings this crash:
>
> lldb src/emacs
> Current executable set to 'src/emacs' (x86_64).
> (lldb) run
> Process 17619 launched: '/Volumes/disk/emacs/src/emacs' (x86_64)
> Process 17619 stopped
> * thread #1: tid = 0x1f0644, 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
> frame #0: 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007
> 2004 XSAVE_POINTER (Lisp_Object obj, int n)
> 2005 {
> 2006 eassert (save_type (XSAVE_VALUE (obj), n) == SAVE_POINTER);
> -> 2007 return XSAVE_VALUE (obj)->data[n].pointer;
> 2008 }
> 2009 INLINE void
> 2010 set_save_pointer (Lisp_Object obj, int n, void *val)
> (lldb) bt all
> * thread #1: tid = 0x1f0644, 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
> frame #0: 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007
> frame #1: 0x00000001001ac8c7 emacs`macfont_free_entity(entity=4353797322) + 23 at macfont.m:2438
> frame #2: 0x000000010010910e emacs`Fgarbage_collect [inlined] cleanup_vector + 84 at alloc.c:2889
Hi, are you still getting this crash with a more up-to-date Emacs?
If so, are there any steps you take to reproduce it?
Thanks!
--
Alan Third
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#16127: 24.3.50; emacs crashes with macfont_free_entity
2013-12-13 2:46 bug#16127: 24.3.50; emacs crashes with macfont_free_entity Darren Hoo
2013-12-13 6:40 ` Dmitry Antipov
2016-09-11 10:08 ` Alan Third
@ 2019-08-23 6:13 ` Stefan Kangas
2 siblings, 0 replies; 6+ messages in thread
From: Stefan Kangas @ 2019-08-23 6:13 UTC (permalink / raw)
To: Alan Third; +Cc: 16127-done, Darren Hoo
Alan Third <alan@idiocy.org> writes:
> Darren Hoo <darren.hoo@gmail.com> writes:
>
>> Bzr revno: 115489 brings this crash:
>>
>> lldb src/emacs
>> Current executable set to 'src/emacs' (x86_64).
>> (lldb) run
>> Process 17619 launched: '/Volumes/disk/emacs/src/emacs' (x86_64)
>> Process 17619 stopped
>> * thread #1: tid = 0x1f0644, 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
>> frame #0: 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007
>> 2004 XSAVE_POINTER (Lisp_Object obj, int n)
>> 2005 {
>> 2006 eassert (save_type (XSAVE_VALUE (obj), n) == SAVE_POINTER);
>> -> 2007 return XSAVE_VALUE (obj)->data[n].pointer;
>> 2008 }
>> 2009 INLINE void
>> 2010 set_save_pointer (Lisp_Object obj, int n, void *val)
>> (lldb) bt all
>> * thread #1: tid = 0x1f0644, 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007, queue = 'com.apple.main-thread, stop reason = EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
>> frame #0: 0x00000001001ac8cb emacs`macfont_free_entity [inlined] XCDR(c=9053142519906304, obj=9053142519906304, n=0) + 4 at lisp.h:2007
>> frame #1: 0x00000001001ac8c7 emacs`macfont_free_entity(entity=4353797322) + 23 at macfont.m:2438
>> frame #2: 0x000000010010910e emacs`Fgarbage_collect [inlined] cleanup_vector + 84 at alloc.c:2889
>
> Hi, are you still getting this crash with a more up-to-date Emacs?
>
> If so, are there any steps you take to reproduce it?
>
> Thanks!
No reply in three years. Since this was already tagged unreproducible,
there doesn't seem to be much chance for further progress here. I'm
therefore closing this bug report.
Thanks,
Stefan Kangas
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-08-23 6:13 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-12-13 2:46 bug#16127: 24.3.50; emacs crashes with macfont_free_entity Darren Hoo
2013-12-13 6:40 ` Dmitry Antipov
2013-12-13 8:27 ` Darren Hoo
2013-12-13 9:31 ` Dmitry Antipov
2016-09-11 10:08 ` Alan Third
2019-08-23 6:13 ` Stefan Kangas
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).