From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#34256: 27.0.50; Crash on draw_glyphs() Date: Fri, 01 Feb 2019 10:41:13 +0200 Message-ID: <834l9nzys6.fsf@gnu.org> References: <83pnse15pb.fsf@gnu.org> <83k1im142z.fsf@gnu.org> <83bm3y0ycm.fsf@gnu.org> <834l9o2acz.fsf@gnu.org> <83lg30zs5d.fsf@gnu.org> <83ef8szi8i.fsf@gnu.org> Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="40326"; mail-complaints-to="usenet@blaine.gmane.org" Cc: 34256@debbugs.gnu.org To: Kaushal Modi Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Feb 01 09:42:16 2019 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1gpUOs-000AMd-N2 for geb-bug-gnu-emacs@m.gmane.org; Fri, 01 Feb 2019 09:42:14 +0100 Original-Received: from localhost ([127.0.0.1]:40844 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gpUOr-0001tI-MK for geb-bug-gnu-emacs@m.gmane.org; Fri, 01 Feb 2019 03:42:13 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:43898) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gpUOh-0001sI-9Z for bug-gnu-emacs@gnu.org; Fri, 01 Feb 2019 03:42:04 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gpUOg-0005NT-C9 for bug-gnu-emacs@gnu.org; Fri, 01 Feb 2019 03:42:03 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]:54392) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1gpUOg-0005NL-8Q for bug-gnu-emacs@gnu.org; Fri, 01 Feb 2019 03:42:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1gpUOg-0004kA-2r for bug-gnu-emacs@gnu.org; Fri, 01 Feb 2019 03:42:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 01 Feb 2019 08:42:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 34256 X-GNU-PR-Package: emacs Original-Received: via spool by 34256-submit@debbugs.gnu.org id=B34256.154901048518177 (code B ref 34256); Fri, 01 Feb 2019 08:42:02 +0000 Original-Received: (at 34256) by debbugs.gnu.org; 1 Feb 2019 08:41:25 +0000 Original-Received: from localhost ([127.0.0.1]:53673 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gpUO5-0004j7-B6 for submit@debbugs.gnu.org; Fri, 01 Feb 2019 03:41:25 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:57519) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gpUO3-0004it-4e for 34256@debbugs.gnu.org; Fri, 01 Feb 2019 03:41:23 -0500 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:54551) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gpUNx-00058T-8T; Fri, 01 Feb 2019 03:41:17 -0500 Original-Received: from [176.228.60.248] (port=3910 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1gpUNw-0003tt-S3; Fri, 01 Feb 2019 03:41:17 -0500 In-reply-to: (message from Kaushal Modi on Thu, 31 Jan 2019 22:25:35 -0500) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:154957 Archived-At: > From: Kaushal Modi > Date: Thu, 31 Jan 2019 22:25:35 -0500 > Cc: 34256@debbugs.gnu.org > > Thread 1 "emacs" hit Hardware watchpoint 6: -location > s->f->terminal->image_cache->images[0] > > Old value = (struct image *) 0x2346430 > New value = (struct image *) 0x0 > free_image (f=f@entry=0x143b1b0, img=img@entry=0x2346430) at image.c:1022 > 1022 if (img->picture) > (gdb) bt > #0 free_image (f=f@entry=0x143b1b0, img=img@entry=0x2346430) at > image.c:1022 > #1 0x00000000006646a1 in clear_image_cache (f=0x143b1b0, > filter=filter@entry=XIL(0xc5a0)) at image.c:1574 > #2 0x000000000066a35d in Fclear_image_cache (filter=...) at image.c:1658 > [...] > Lisp Backtrace: > "clear-image-cache" (0xffff0650) > "org-display-inline-images" (0xffff0a88) > "org-mode" (0xffff1020) > "set-auto-mode-0" (0xffff1308) > "set-auto-mode" (0xffff17d0) > "vc-find-revision-no-save" (0xffff1bb0) > "diff-syntax-fontify-hunk" (0xffff2130) > "diff-syntax-fontify" (0xffff23f0) > "diff--font-lock-syntax" (0xffff2788) > "font-lock-fontify-keywords-region" (0xffff2d40) > "font-lock-default-fontify-region" (0xffff30b8) > "font-lock-fontify-region" (0xffff3358) > 0x4a1a8c0 PVEC_COMPILED > "run-hook-wrapped" (0xffff37a0) > "jit-lock--run-functions" (0xffff3ae0) > "jit-lock-fontify-now" (0xffff3ef8) > "jit-lock-function" (0xffff4248) > "redisplay_internal (C function)" (0x0) Thanks, I think I understand what happened here. Does the patch below fix the problem? If it doesn't, please repeat the procedure with the patched Emacs. diff --git a/src/frame.h b/src/frame.h index ab3efdf..e0dab51 100644 --- a/src/frame.h +++ b/src/frame.h @@ -413,6 +413,10 @@ struct frame /* Non-zero if this frame's faces need to be recomputed. */ bool_bf face_change : 1; + /* Non-zero if this frame's image cache cannot be freed because the + frame is in the process of being redisplayed. */ + bool_bf inhibit_clear_image_cache : 1; + /* Bitfield area ends here. */ /* This frame's change stamp, set the last time window change diff --git a/src/image.c b/src/image.c index 2014860..342b647 100644 --- a/src/image.c +++ b/src/image.c @@ -1554,7 +1554,7 @@ clear_image_cache (struct frame *f, Lisp_Object filter) { struct image_cache *c = FRAME_IMAGE_CACHE (f); - if (c) + if (c && !f->inhibit_clear_image_cache) { ptrdiff_t i, nfreed = 0; diff --git a/src/xdisp.c b/src/xdisp.c index ec8dd86..b43777a 100644 --- a/src/xdisp.c +++ b/src/xdisp.c @@ -14440,7 +14440,17 @@ redisplay_internal (void) FRAME_TERMINAL (f)->condemn_scroll_bars_hook (f); if (FRAME_VISIBLE_P (f) && !FRAME_OBSCURED_P (f)) - redisplay_windows (FRAME_ROOT_WINDOW (f)); + { + + /* Don't allow freeing images for this frame as long + as the frame's update wasn't completed. This + prevents crashes when some Lisp that runs from + the various hooks or font-lock decides to clear + the frame's image cache, when the images in that + cache are referenced by the desired matrix. */ + f->inhibit_clear_image_cache = true; + redisplay_windows (FRAME_ROOT_WINDOW (f)); + } /* Remember that the invisible frames need to be redisplayed next time they're visible. */ else if (!REDISPLAY_SOME_P ()) @@ -14521,6 +14531,7 @@ redisplay_internal (void) pending |= update_frame (f, false, false); f->cursor_type_changed = false; f->updated_p = true; + f->inhibit_clear_image_cache = false; } } } @@ -14548,6 +14559,7 @@ redisplay_internal (void) } else if (FRAME_VISIBLE_P (sf) && !FRAME_OBSCURED_P (sf)) { + sf->inhibit_clear_image_cache = true; displayed_buffer = XBUFFER (XWINDOW (selected_window)->contents); /* Use list_of_error, not Qerror, so that we catch only errors and don't run the debugger. */ @@ -14603,6 +14615,7 @@ redisplay_internal (void) XWINDOW (selected_window)->must_be_updated_p = true; pending = update_frame (sf, false, false); sf->cursor_type_changed = false; + sf->inhibit_clear_image_cache = false; } /* We may have called echo_area_display at the top of this