From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Dmitry Antipov Newsgroups: gmane.emacs.bugs Subject: bug#18473: 24.4.50; SEGFAULT when vconcatting more than 2048 vectors Date: Sun, 14 Sep 2014 21:10:31 +0400 Message-ID: <5415CC07.2010702@yandex.ru> References: <87lhpngc6a.fsf@maru2.md5i.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1410714760 14359 80.91.229.3 (14 Sep 2014 17:12:40 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 14 Sep 2014 17:12:40 +0000 (UTC) Cc: 18473@debbugs.gnu.org To: Michael Welsh Duggan , Stefan Monnier Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Sep 14 19:12:27 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XTDLY-0005i7-Ua for geb-bug-gnu-emacs@m.gmane.org; Sun, 14 Sep 2014 19:12:21 +0200 Original-Received: from localhost ([::1]:55428 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XTDLY-0001y5-FU for geb-bug-gnu-emacs@m.gmane.org; Sun, 14 Sep 2014 13:12:20 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:37907) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XTDLO-0001w5-R5 for bug-gnu-emacs@gnu.org; Sun, 14 Sep 2014 13:12:17 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XTDLH-0002NP-Lt for bug-gnu-emacs@gnu.org; Sun, 14 Sep 2014 13:12:10 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:49337) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XTDLH-0002NL-F5 for bug-gnu-emacs@gnu.org; Sun, 14 Sep 2014 13:12:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1XTDLG-0005P2-Mj for bug-gnu-emacs@gnu.org; Sun, 14 Sep 2014 13:12:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Dmitry Antipov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 14 Sep 2014 17:12:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 18473 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 18473-submit@debbugs.gnu.org id=B18473.141071466420700 (code B ref 18473); Sun, 14 Sep 2014 17:12:02 +0000 Original-Received: (at 18473) by debbugs.gnu.org; 14 Sep 2014 17:11:04 +0000 Original-Received: from localhost ([127.0.0.1]:40901 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XTDKJ-0005Nn-Ex for submit@debbugs.gnu.org; Sun, 14 Sep 2014 13:11:04 -0400 Original-Received: from forward1l.mail.yandex.net ([84.201.143.144]:54704) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XTDKE-0005NK-PF for 18473@debbugs.gnu.org; Sun, 14 Sep 2014 13:11:00 -0400 Original-Received: from smtp7.mail.yandex.net (smtp7.mail.yandex.net [77.88.61.55]) by forward1l.mail.yandex.net (Yandex) with ESMTP id 212D41520EF4; Sun, 14 Sep 2014 21:10:57 +0400 (MSK) Original-Received: from smtp7.mail.yandex.net (localhost [127.0.0.1]) by smtp7.mail.yandex.net (Yandex) with ESMTP id 92B6315807CA; Sun, 14 Sep 2014 21:10:56 +0400 (MSK) Original-Received: from unknown (unknown [37.139.80.10]) by smtp7.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id KneUwp5ThV-AgDCjBZr; Sun, 14 Sep 2014 21:10:55 +0400 (using TLSv1.2 with cipher AES128-SHA (128/128 bits)) (Client certificate not present) X-Yandex-Uniq: 4297fb02-bd09-423b-a39b-4165e0a563f7 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1410714656; bh=cxMWQA8PLvzGE6t156HD7vYmNjvQayjj3t3ECcEloQQ=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject: References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=lfuIC9eavBSpo6xupv8iGbu9AFwSMik+kGIZKvOKZ8PAEyQLRg5RqHDn0/w5OKJJi F8ILu7mBIWwcxEXn7UgrrA8j74GHA+D11j1JfUJyoJgXkKWw1R3h7Mqb8UVIRrht4O TNstjkwt9bMcSnzLQKgLNJZu0uRkmWr3r33/S7eY= Authentication-Results: smtp7.mail.yandex.net; dkim=pass header.i=@yandex.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1 In-Reply-To: <87lhpngc6a.fsf@maru2.md5i.com> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:93362 Archived-At: On 09/14/2014 06:37 AM, Michael Welsh Duggan wrote: > With attached foo.el: > > emacs -Q -l foo.el > (testbug 2049) > C-j > > SEGFAULT Also reproduced in emacs-24 branch (here and below, emacs-24 branch is assumed). This looks a fundamental bug in eval_sub, probably introduced in r112828. When compiling with --enable-checking, it gives: ../../emacs-24/src/eval.c:184: Emacs fatal error: assertion failed: pdl->kind == SPECPDL_BACKTRACE (gdb) bt 10 #0 0x000000000056a602 in terminate_due_to_signal (sig=6, backtrace_limit=2147483647) at ../../emacs-24/src/emacs.c:351 #1 0x00000000005f1d8e in die (msg=0x714b20 "pdl->kind == SPECPDL_BACKTRACE", file=0x714ab8 "../../emacs-24/src/eval.c", line=184) at ../../emacs-24/src/alloc.c:6833 #2 0x000000000060c5e6 in set_backtrace_args (pdl=0x1327bc0, args=0x7fffec33e010) at ../../emacs-24/src/eval.c:184 #3 0x0000000000611b76 in eval_sub (form=...) at ../../emacs-24/src/eval.c:2154 #4 0x0000000000611c3d in eval_sub (form=...) at ../../emacs-24/src/eval.c:2170 #5 0x000000000061141b in Feval (form=..., lexical=...) at ../../emacs-24/src/eval.c:2003 #6 0x000000000061347d in Ffuncall (nargs=3, args=0x7fffffffbfa8) at ../../emacs-24/src/eval.c:2818 #7 0x000000000065ce9a in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=1, args=0x7fffffffc7e0) at ../../emacs-24/src/bytecode.c:916 #8 0x0000000000613c9b in funcall_lambda (fun=..., nargs=1, arg_vector=0x7fffffffc7d8) at ../../emacs-24/src/eval.c:2983 #9 0x0000000000613633 in Ffuncall (nargs=2, args=0x7fffffffc7d0) at ../../emacs-24/src/eval.c:2864 #10 0x000000000065ce9a in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=1, args=0x7fffffffd050) at ../../emacs-24/src/bytecode.c:916 In eval.c: 2134 else if (XSUBR (fun)->max_args == MANY) 2135 { 2136 /* Pass a vector of evaluated arguments. */ 2137 Lisp_Object *vals; 2138 ptrdiff_t argnum = 0; 2139 USE_SAFE_ALLOCA; 2140 2141 SAFE_ALLOCA_LISP (vals, XINT (numargs)); 2142 2143 GCPRO3 (args_left, fun, fun); 2144 gcpro3.var = vals; 2145 gcpro3.nvars = 0; 2146 2147 while (!NILP (args_left)) 2148 { 2149 vals[argnum++] = eval_sub (Fcar (args_left)); 2150 args_left = Fcdr (args_left); 2151 gcpro3.nvars = argnum; 2152 } 2153 2154 set_backtrace_args (specpdl_ptr - 1, vals); 2155 set_backtrace_nargs (specpdl_ptr - 1, XINT (numargs)); 2156 2157 val = (XSUBR (fun)->function.aMANY) (XINT (numargs), vals); 2158 UNGCPRO; 2159 SAFE_FREE (); 2160 } At 2141, if numargs is > 2047 (and so allocation size exceeds MAX_ALLOCA on a 64-bit system), SAFE_ALLOCA_LISP pushes an entry of type SPECPDL_UNWIND to specpdl stack. At line 2154, set_backtrace_args modifies this entry assuming SPECPDL_BACKTRACE. Oops. Dmitry