From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Florian Weimer Newsgroups: gmane.emacs.bugs Subject: bug#23726: emacs 25.0.94 crashes Date: Wed, 8 Jun 2016 20:34:58 +0200 Message-ID: <72a0452f-b732-d562-47a7-cedbc9548a39@redhat.com> References: <489b54c6-1d39-4f47-9c35-36eea32c7b6c@cs.ucla.edu> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1465411594 18221 80.91.229.3 (8 Jun 2016 18:46:34 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 8 Jun 2016 18:46:34 +0000 (UTC) Cc: 23726@debbugs.gnu.org To: Paul Eggert , Jan =?UTF-8?Q?Syn=C3=A1=C4=8Dek?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Jun 08 20:46:24 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1bAiUh-00032H-Ny for geb-bug-gnu-emacs@m.gmane.org; Wed, 08 Jun 2016 20:46:23 +0200 Original-Received: from localhost ([::1]:58907 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bAiUg-0005iX-Te for geb-bug-gnu-emacs@m.gmane.org; Wed, 08 Jun 2016 14:46:22 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42820) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bAiUa-0005iH-Pc for bug-gnu-emacs@gnu.org; Wed, 08 Jun 2016 14:46:17 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bAiUV-0005LI-4R for bug-gnu-emacs@gnu.org; Wed, 08 Jun 2016 14:46:14 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:49020) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bAiUN-0005KX-6U for bug-gnu-emacs@gnu.org; Wed, 08 Jun 2016 14:46:11 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1bAiUM-0001rb-Bd for bug-gnu-emacs@gnu.org; Wed, 08 Jun 2016 14:46:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Florian Weimer Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 08 Jun 2016 18:46:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23726 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 23726-submit@debbugs.gnu.org id=B23726.14654115187098 (code B ref 23726); Wed, 08 Jun 2016 18:46:02 +0000 Original-Received: (at 23726) by debbugs.gnu.org; 8 Jun 2016 18:45:18 +0000 Original-Received: from localhost ([127.0.0.1]:33124 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAiTd-0001qP-Gz for submit@debbugs.gnu.org; Wed, 08 Jun 2016 14:45:18 -0400 Original-Received: from mx1.redhat.com ([209.132.183.28]:32870) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bAiJl-0001cM-Tt for 23726@debbugs.gnu.org; Wed, 08 Jun 2016 14:35:07 -0400 Original-Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id A542B7F6A5; Wed, 8 Jun 2016 18:35:03 +0000 (UTC) Original-Received: from oldenburg.str.redhat.com (ovpn-204-42.brq.redhat.com [10.40.204.42]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u58IYxK5025083 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 8 Jun 2016 14:35:02 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 In-Reply-To: <489b54c6-1d39-4f47-9c35-36eea32c7b6c@cs.ucla.edu> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Wed, 08 Jun 2016 18:35:03 +0000 (UTC) X-Mailman-Approved-At: Wed, 08 Jun 2016 14:45:16 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:119295 Archived-At: On 06/08/2016 07:32 PM, Paul Eggert wrote: > Has Rawhide incorporated some of Florian Weimer's malloc patches? If so, > this is almost surely causing the problem. I will CC: Florian to give > him a heads-up. See: > > https://sourceware.org/ml/libc-alpha/2016-06/msg00211.html That's not the patch, it's not even in upstream master. If that patch was in, you wouldn't see the problem anymore because Emacs' internal malloc would be used. The problem is that the realloc implementation for dumped chunks is incorrect; that bit is already in glibc master and rawhide. I think I can see what is wrong: The size computation for the old chunk size in realloc is wrong, and the trailing sizeof (size_t) bytes are not copied. Fortunately, it's not a conceptual problem with the heap rewriter. > I am surprised that you can use valgrind. The valgrind failure is typical of what you get with a dumped Emacs. valgrind intercepts realloc and returns 0 because an off-heap pointer is detected. Florian