From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Dmitry Antipov Newsgroups: gmane.emacs.bugs Subject: bug#16069: emacs bug #16069 - cause & reproduction Date: Fri, 28 Feb 2014 10:39:40 +0400 Message-ID: <53102F2C.60605@yandex.ru> References: <1393504047.11841.YahooMailNeo@web125304.mail.ne1.yahoo.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------000305060809010303030005" X-Trace: ger.gmane.org 1393569618 16238 80.91.229.3 (28 Feb 2014 06:40:18 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 28 Feb 2014 06:40:18 +0000 (UTC) Cc: 16069@debbugs.gnu.org To: nil Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Feb 28 07:40:23 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WJH7M-0004PY-J0 for geb-bug-gnu-emacs@m.gmane.org; Fri, 28 Feb 2014 07:40:20 +0100 Original-Received: from localhost ([::1]:49500 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WJH7M-0006hU-7K for geb-bug-gnu-emacs@m.gmane.org; Fri, 28 Feb 2014 01:40:20 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:51523) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WJH7D-0006hK-0z for bug-gnu-emacs@gnu.org; Fri, 28 Feb 2014 01:40:17 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WJH75-0002kt-Uh for bug-gnu-emacs@gnu.org; Fri, 28 Feb 2014 01:40:10 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:42235) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WJH75-0002k6-PA for bug-gnu-emacs@gnu.org; Fri, 28 Feb 2014 01:40:03 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1WJH74-0001gR-Mw for bug-gnu-emacs@gnu.org; Fri, 28 Feb 2014 01:40:03 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Dmitry Antipov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 28 Feb 2014 06:40:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16069 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 16069-submit@debbugs.gnu.org id=B16069.13935695916448 (code B ref 16069); Fri, 28 Feb 2014 06:40:02 +0000 Original-Received: (at 16069) by debbugs.gnu.org; 28 Feb 2014 06:39:51 +0000 Original-Received: from localhost ([127.0.0.1]:43417 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WJH6q-0001ft-J9 for submit@debbugs.gnu.org; Fri, 28 Feb 2014 01:39:50 -0500 Original-Received: from forward1l.mail.yandex.net ([84.201.143.144]:47212) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WJH6k-0001fe-NH for 16069@debbugs.gnu.org; Fri, 28 Feb 2014 01:39:44 -0500 Original-Received: from smtp1h.mail.yandex.net (smtp1h.mail.yandex.net [84.201.187.144]) by forward1l.mail.yandex.net (Yandex) with ESMTP id 1A8ED1520E36; Fri, 28 Feb 2014 10:39:41 +0400 (MSK) Original-Received: from smtp1h.mail.yandex.net (localhost [127.0.0.1]) by smtp1h.mail.yandex.net (Yandex) with ESMTP id A8AE713405F3; Fri, 28 Feb 2014 10:39:40 +0400 (MSK) Original-Received: from unknown (unknown [37.139.80.10]) by smtp1h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id 2z8cXL17Fb-depCmohZ; Fri, 28 Feb 2014 10:39:40 +0400 (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client certificate not present) X-Yandex-Uniq: b99bc834-81cc-472b-9578-b02bb499d649 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1393569580; bh=4rvXRGFJvVAqywfpt8xwC/BH2niM6snXWh+6PUH+08U=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject: References:In-Reply-To:Content-Type; b=SP327EdJEKU21igUCY6kf0H695mux2hTck+KIuu1z7BXyf0Ea8m94HPd2Cu54iNS2 qeG1hKS6neNrqv8+woUymIHFS9uWnjbocqJCbyNS/sNXmkmXVod7Xwhdn8CJSU4R2I AU5eUc52XlhZQ0UzOOQs/xW/0jAJdIiWgH3Bye7M= Authentication-Results: smtp1h.mail.yandex.net; dkim=pass header.i=@yandex.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 In-Reply-To: <1393504047.11841.YahooMailNeo@web125304.mail.ne1.yahoo.com> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:86349 Archived-At: This is a multi-part message in MIME format. --------------000305060809010303030005 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit On 02/27/2014 04:27 PM, nil wrote: > I ran into the first crash reported on bug #16069, on trunk r116550. It appears to trigger when an xftfont is garbage collected - but only after its Display has been freed and then reused. The guard in xftfont_close is satisfied, then XftFontClose causes xft's reference counting to go out of sync. SIGSEGV occurs when the display is closed (_XftCloseDisplay, XftFontManageMemory, XftFontFindNthUnref returns an unexpected NULL) > > To reproduce: > > gdb --args emacs -Q -nw > > set $dpy = 0 > break xterm.c:9810 > condition $bpnum $dpy == dpy > break xterm.c:9814 > commands > silent > set $dpy = dpy > cont > end > run > > M-x server-start > > Then repeatedly: > > emacsclient -c -n . > C-x C-c > > until the breakpoint fires on Display address reuse. after continuing, closing the terminal should SIGSEGV in xft/src/xftfreetype.c. (This is on an x86_64 linux with recent glibc/xorg/etc, if it makes any difference.) > > I'm not nearly familiar enough with the insides of emacs to suggest a fix, I'm afraid. Happy to provide any other information you need, though! Thanks. Next time please do CC: to appropriate bug (i.e. [bug-number]@debbugs.gnu.org). Could you please try this patch? Dmitry --------------000305060809010303030005 Content-Type: text/x-patch; name="x_display_id.patch" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="x_display_id.patch" === modified file 'src/xfont.c' --- src/xfont.c 2014-01-01 07:43:34 +0000 +++ src/xfont.c 2014-02-28 06:20:04 +0000 @@ -42,6 +42,7 @@ struct font font; Display *display; XFontStruct *xfont; + unsigned x_display_id; }; /* Prototypes of support functions. */ @@ -808,6 +809,7 @@ font = XFONT_OBJECT (font_object); ((struct xfont_info *) font)->xfont = xfont; ((struct xfont_info *) font)->display = FRAME_X_DISPLAY (f); + ((struct xfont_info *) font)->x_display_id = FRAME_DISPLAY_INFO (f)->x_id; font->pixel_size = pixel_size; font->driver = &xfont_driver; font->encoding_charset = encoding->id; @@ -892,12 +894,15 @@ static void xfont_close (struct font *font) { + struct x_display_info *xdi; struct xfont_info *xfi = (struct xfont_info *) font; /* This function may be called from GC when X connection is gone (Bug#16093), and an attempt to free font resources on invalid display may lead to X protocol errors or segfaults. */ - if (xfi->xfont && x_display_info_for_display (xfi->display)) + if (xfi->xfont + && ((xdi = x_display_info_for_display (xfi->display)) + && xfi->x_display_id == xdi->x_id)) { block_input (); XFreeFont (xfi->display, xfi->xfont); === modified file 'src/xftfont.c' --- src/xftfont.c 2014-01-06 06:25:30 +0000 +++ src/xftfont.c 2014-02-28 06:23:32 +0000 @@ -59,6 +59,7 @@ FT_Matrix matrix; Display *display; XftFont *xftfont; + unsigned x_display_id; }; /* Structure pointed by (struct face *)->extra */ @@ -372,6 +373,7 @@ xftfont_info = (struct xftfont_info *) font; xftfont_info->display = display; xftfont_info->xftfont = xftfont; + xftfont_info->x_display_id = FRAME_DISPLAY_INFO (f)->x_id; /* This means that there's no need of transformation. */ xftfont_info->matrix.xx = 0; if (FcPatternGetMatrix (xftfont->pattern, FC_MATRIX, 0, &matrix) @@ -481,6 +483,7 @@ static void xftfont_close (struct font *font) { + struct x_display_info *xdi; struct xftfont_info *xftfont_info = (struct xftfont_info *) font; #ifdef HAVE_LIBOTF @@ -493,7 +496,8 @@ /* See comment in xfont_close. */ if (xftfont_info->xftfont - && x_display_info_for_display (xftfont_info->display)) + && ((xdi = x_display_info_for_display (xftfont_info->display)) + && xftfont_info->x_display_id == xdi->x_id)) { block_input (); XftUnlockFace (xftfont_info->xftfont); === modified file 'src/xterm.c' --- src/xterm.c 2014-02-04 07:36:58 +0000 +++ src/xterm.c 2014-02-28 06:28:46 +0000 @@ -9679,6 +9679,8 @@ } #endif +static unsigned x_display_id; + /* Open a connection to X display DISPLAY_NAME, and return the structure that describes the open display. If we cannot contact the display, return null. */ @@ -9896,6 +9898,7 @@ lim = min (PTRDIFF_MAX, SIZE_MAX) - sizeof "@"; if (lim - SBYTES (Vinvocation_name) < SBYTES (Vsystem_name)) memory_full (SIZE_MAX); + dpyinfo->x_id = ++x_display_id; dpyinfo->x_id_name = xmalloc (SBYTES (Vinvocation_name) + SBYTES (Vsystem_name) + 2); strcat (strcat (strcpy (dpyinfo->x_id_name, SSDATA (Vinvocation_name)), "@"), === modified file 'src/xterm.h' --- src/xterm.h 2014-01-11 09:31:09 +0000 +++ src/xterm.h 2014-02-28 06:11:05 +0000 @@ -198,6 +198,7 @@ mouse-face. */ Mouse_HLInfo mouse_highlight; + unsigned x_id; char *x_id_name; /* The number of fonts opened for this display. */ --------------000305060809010303030005--