* bug#24614: 25.1.50; Exception after moving mouse over over a different window
@ 2016-10-04 14:53 Alain Schneble
2016-10-04 15:44 ` Eli Zaretskii
0 siblings, 1 reply; 13+ messages in thread
From: Alain Schneble @ 2016-10-04 14:53 UTC (permalink / raw)
To: 24614
I was working in an emacs-lisp-mode buffer displayed in a window of a
frame divided into 4 windows. After moving the mouse over another
window showing an org-mode buffer, Emacs crashed.
Below is the backtrace.
Thanks,
Alain
(gdb) bt full
#0 0x00007ff856e72d53 in KERNELBASE!DebugBreak () from C:\WINDOWS\system32\KernelBase.dll
No symbol table info available.
#1 0x0000000400174048 in emacs_abort () at w32fns.c:9830
button = <optimized out>
#2 0x00000004000a6362 in terminate_due_to_signal (sig=11, backtrace_limit=<optimized out>) at emacs.c:381
No locals.
#3 0x00000004000be11e in handle_fatal_signal (sig=24212320, sig@entry=11) at sysdep.c:1601
No locals.
#4 0x00000004000bee1c in deliver_thread_signal (sig=11, handler=0x4000be110 <handle_fatal_signal>) at sysdep.c:1575
old_errno = 0
#5 0x00000004001c4458 in _gnu_exception_handler (exception_data=0xbfc7c0) at C:/repo/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crt_handler.c:223
old_handler = <optimized out>
action = 0
reset_fpu = 0
#6 0x00007ff85a6e5b26 in ntdll!__C_specific_handler () from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#7 0x00007ff85a6f9afd in ntdll!.chkstk () from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#8 0x00007ff85a684fe9 in ntdll!RtlImageNtHeaderEx () from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#9 0x00007ff85a6f8c0a in ntdll!KiUserExceptionDispatcher () from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#10 0x00000004000469f9 in get_window_cursor_type (active_cursor=<synthetic pointer>, width=0xbfd6ac, glyph=0x10c46fd0, w=0x12af8400) at xdisp.c:28096
cursor_type = 6
alt_cursor = <optimized out>
non_selected = false
#11 display_and_set_cursor (w=w@entry=0x12af8400, on=on@entry=true, hpos=<optimized out>, vpos=<optimized out>, x=0, y=280) at xdisp.c:28496
new_cursor_width = 1
active_cursor = <optimized out>
glyph_row = 0x11096be0
glyph = 0x10c46fd0
#12 0x0000000400181daf in x_update_window_end (w=0x12af8400, cursor_on_p=<optimized out>, mouse_face_overwritten_p=<optimized out>) at w32term.c:686
No locals.
#13 0x00000004000061af in update_window (w=<optimized out>, w@entry=0x12af8400, force_p=<optimized out>, force_p@entry=true) at dispnew.c:3541
end = <optimized out>
mode_line_row = <optimized out>
header_line_row = <optimized out>
changed_p = <optimized out>
mouse_face_overwritten_p = false
row = <optimized out>
yb = <optimized out>
n_updated = <optimized out>
desired_matrix = <optimized out>
paused_p = <optimized out>
preempt_count = <optimized out>
rif = <optimized out>
#14 0x00000004000074ca in update_window_tree (w=0x12af8400, force_p=force_p@entry=true) at dispnew.c:3219
paused_p = <optimized out>
#15 0x00000004000074b9 in update_window_tree (w=0x13f35af0, force_p=force_p@entry=true) at dispnew.c:3217
paused_p = <optimized out>
#16 0x00000004000074b9 in update_window_tree (w=w@entry=0x24022e48, force_p=force_p@entry=true) at dispnew.c:3217
paused_p = <optimized out>
#17 0x00000004000098cf in update_frame (f=f@entry=0x8098080, force_p=<optimized out>, force_p@entry=false, inhibit_hairy_id_p=inhibit_hairy_id_p@entry=false) at dispnew.c:3108
paused_p = <optimized out>
#18 0x000000040003c9b6 in redisplay_internal () at xdisp.c:14084
gcscrollbars = <optimized out>
f_redisplay_flag = <optimized out>
w = <optimized out>
sw = <optimized out>
pending = <optimized out>
must_finish = <optimized out>
match_p = <optimized out>
tlbufpos = <optimized out>
tlendpos = <optimized out>
number_of_visible_frames = <optimized out>
sf = <optimized out>
polling_stopped_here = true
tail = <optimized out>
consider_all_windows_p = <optimized out>
update_miniwindow_p = <optimized out>
#19 0x000000040003e555 in redisplay () at xdisp.c:13255
No locals.
#20 0x00000004000b0696 in read_char (commandflag=1065940, commandflag@entry=1, map=1, map@entry=289772243, prev_event=17206631440, used_mouse_menu=0x1f00000000, used_mouse_menu@entry=0xbff47b, end_time=end_time@entry=0x0) at keyboard.c:2477
echo_current = true
c = <optimized out>
jmpcount = <optimized out>
local_getcjmp = {{
Part = {282715685, 0}
}, {
Part = {18446744073709551615, 18446744073709551615}
}, {
Part = {282715680, 34104}
}, {
Part = {12579088, 39118}
}, {
Part = {282715680, 17180954640}
}, {
Part = {17184587607, 12579600}
}, {
Part = {0, 17182756808}
}, {
Part = {17182756808, 3}
}, {
Part = {282715680, 12579480}
}, {
Part = {3, 17181005631}
}, {
Part = {1, 17180935124}
}, {
Part = {18446744073688825672, 12579176}
}, {
Part = {3, 12579480}
}, {
Part = {0, 12579480}
}, {
Part = {17206632488, 17182756813}
}, {
Part = {16, 17181229339}
}}
save_jump = {{
Part = {17206632488, 18446744073690362232}
}, {
Part = {17182756808, 4}
}, {
Part = {3, 17206705520}
}, {
Part = {12579480, 17206626080}
}, {
Part = {1030, 17181006379}
}, {
Part = {34104, 17181325954}
}, {
Part = {2, 17181006379}
}, {
Part = {17206701632, 17180935124}
}, {
Part = {17206763760, 17186978352}
}, {
Part = {17187117872, 1}
}, {
Part = {3, 17180934243}
}, {
Part = {0, 17183687168}
}, {
Part = {12578960, 40}
}, {
Part = {17187117888, 17180632042}
}, {
Part = {1, 282715680}
}, {
Part = {1, 156474}
}}
tem = <optimized out>
save = <optimized out>
previous_echo_area_message = 0
also_record = 0
reread = false
recorded = false
polling_stopped_here = false
orig_kboard = 0x400335600 <pure+1397440>
#21 0x00000004000b310a in read_key_sequence (keybuf=keybuf@entry=0xbff5e0, prompt=prompt@entry=0, dont_downcase_last=dont_downcase_last@entry=false, can_return_switch_frame=can_return_switch_frame@entry=true, fix_current_buffer=fix_current_buffer@entry=true, prevent_redisplay=prevent_redisplay@entry=false, bufsize=30) at keyboard.c:9063
interrupted_kboard = 0xc53ef0
interrupted_frame = 0x8098080
key = <optimized out>
used_mouse_menu = false
echo_local_start = 0
last_real_key_start = <optimized out>
keys_local_start = <optimized out>
new_binding = <optimized out>
t = <optimized out>
echo_start = 0
keys_start = 0
current_binding = 289772243
first_event = 0
first_unbound = 31
mock_input = 0
fkey = {
parent = 17186591987,
map = 17186591987,
start = 0,
end = 0
}
keytran = {
parent = 17185683011,
map = 17185683011,
start = 0,
end = 0
}
indec = {
parent = 17186592067,
map = 17186592067,
start = 0,
end = 0
}
shift_translated = false
delayed_switch_frame = 0
original_uppercase = 17181001769
original_uppercase_position = -1
dummyflag = false
fake_prefixed_keys = 0
#22 0x00000004000b4d11 in command_loop_1 () at keyboard.c:1365
cmd = <optimized out>
keybuf = {289775171, 17181013415, 12580480, 17181003201, 17183035477, 0, -20986616, 363672515, 17181836132, -15263864, 17206705264, 17180571658, 0, 12581376, 32704, 0, 17206701632, 0, 12580528, 0, 363672515, 17180571990, 32704, 17181010803, 12580688, 17185035696, 0, 17181001769, 12581376, 0}
i = <optimized out>
prev_modiff = 1664
prev_buffer = 0xbfe9a60
#23 0x0000000400114385 in internal_condition_case (bfun=bfun@entry=0x4000b4ab0 <command_loop_1>, handlers=handlers@entry=21168, hfun=hfun@entry=0x4000ab840 <cmd_error>) at eval.c:1314
val = <optimized out>
c = <optimized out>
#24 0x00000004000a6a14 in command_loop_2 (ignore=<optimized out>) at keyboard.c:1107
val = 6
#25 0x0000000400114327 in internal_catch (tag=tag@entry=56336, func=func@entry=0x4000a69f0 <command_loop_2>, arg=arg@entry=0) at eval.c:1079
val = <optimized out>
c = <optimized out>
#26 0x00000004000a69c7 in command_loop () at keyboard.c:1086
No locals.
#27 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Lisp Backtrace:
"redisplay_internal (C function)" (0x0)
In GNU Emacs 25.1.50.1 (x86_64-w64-mingw32)
of 2016-09-27 built on MYNGB
Repository revision: bbf1ffd7c74bdf3ea766580788f7f4adb98a47f0
Windowing system distributor 'Microsoft Corp.', version 10.0.10586
Configured using:
'configure --prefix /c/usr/bin/emacs-25.1 --without-imagemagick'
Configured features:
XPM JPEG TIFF GIF PNG RSVG SOUND NOTIFY ACL GNUTLS LIBXML2 ZLIB
TOOLKIT_SCROLL_BARS
Important settings:
value of $LANG: DES
locale-coding-system: cp1252
Major mode: Fundamental
Minor modes in effect:
winner-mode: t
icomplete-mode: t
show-paren-mode: t
display-time-mode: t
display-battery-mode: t
tooltip-mode: t
global-eldoc-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
blink-cursor-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
buffer-read-only: t
column-number-mode: t
line-number-mode: t
transient-mark-mode: t
Recent messages:
Loading battery...done
Loading time...done
Loading gnus...done
Loading paren...done
For information about GNU Emacs and the GNU system, type C-h C-a.
Features:
(shadow sort mail-extr emacsbug message dired rfc822 mml mml-sec
password-cache epg mm-decode mm-bodies mm-encode mail-parse rfc2231
mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums
linum paredit winner ob-ditaa ob-gnuplot org org-macro org-footnote
org-pcomplete pcomplete org-list org-faces org-entities noutline outline
easy-mmode org-version ob-emacs-lisp ob ob-tangle ob-ref ob-lob ob-table
ob-exp org-src ob-keys ob-comint comint ansi-color ring ob-core ob-eval
org-compat org-macs org-loaddefs format-spec find-func cal-menu calendar
cal-loaddefs warnings server ido icomplete
sanityinc-tomorrow-night-theme sanityinc-tomorrow-bright-theme
color-theme-sanityinc-tomorrow paren gnus gnus-ems nnheader gnus-util
mail-utils mm-util help-fns mail-prsvr wid-edit time battery cus-start
cus-load finder-inf ac-js2-autoloads ace-window-autoloads
ace-jump-mode-autoloads bongo-autoloads
color-theme-sanityinc-tomorrow-autoloads company-autoloads
emms-autoloads expand-region-autoloads gnuplot-autoloads
gnuplot-mode-autoloads google-this-autoloads js2-refactor-autoloads
json-mode-autoloads json-reformat-autoloads json-snatcher-autoloads
eieio eieio-core cl-macs multiple-cursors-autoloads
auto-complete-autoloads flycheck-autoloads paredit-autoloads
pkg-info-autoloads epl-autoloads popup-autoloads s-autoloads
skewer-mode-autoloads js2-mode-autoloads simple-httpd-autoloads
solarized-theme-autoloads spacegray-theme-autoloads swift-mode-autoloads
info yasnippet-autoloads zenburn-theme-autoloads package epg-config seq
byte-opt gv bytecomp byte-compile cl-extra help-mode easymenu cconv
edmacro kmacro cl-loaddefs pcase cl-lib time-date mule-util tooltip
eldoc electric uniquify ediff-hook vc-hooks lisp-float-type mwheel
dos-w32 ls-lisp disp-table w32-win w32-vars term/common-win tool-bar dnd
fontset image regexp-opt fringe tabulated-list newcomment elisp-mode
lisp-mode prog-mode register page menu-bar rfn-eshadow timer select
scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame
cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan thai
tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian
slovak czech european ethiopic indian cyrillic chinese charscript
case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer
cl-preloaded nadvice loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote w32notify w32 multi-tty
make-network-process emacs)
Memory information:
((conses 16 258322 10993)
(symbols 56 34144 0)
(miscs 48 274 170)
(strings 32 72130 6827)
(string-bytes 1 1974837)
(vectors 16 25828)
(vector-slots 8 594783 1991)
(floats 8 287 115)
(intervals 56 287 0)
(buffers 976 147))
^ permalink raw reply [flat|nested] 13+ messages in thread* bug#24614: 25.1.50; Exception after moving mouse over over a different window
2016-10-04 14:53 bug#24614: 25.1.50; Exception after moving mouse over over a different window Alain Schneble
@ 2016-10-04 15:44 ` Eli Zaretskii
2016-10-04 15:54 ` Alain Schneble
2016-10-04 16:06 ` Alain Schneble
0 siblings, 2 replies; 13+ messages in thread
From: Eli Zaretskii @ 2016-10-04 15:44 UTC (permalink / raw)
To: Alain Schneble; +Cc: 24614
> From: Alain Schneble <a.s@realize.ch>
> Date: Tue, 4 Oct 2016 16:53:14 +0200
>
> I was working in an emacs-lisp-mode buffer displayed in a window of a
> frame divided into 4 windows. After moving the mouse over another
> window showing an org-mode buffer, Emacs crashed.
Looks like some stack issue, or maybe an exception in a non-main
thread:
> #7 0x00007ff85a6f9afd in ntdll!.chkstk () from C:\WINDOWS\SYSTEM32\ntdll.dll
> No symbol table info available.
> #8 0x00007ff85a684fe9 in ntdll!RtlImageNtHeaderEx () from C:\WINDOWS\SYSTEM32\ntdll.dll
> No symbol table info available.
> #9 0x00007ff85a6f8c0a in ntdll!KiUserExceptionDispatcher () from C:\WINDOWS\SYSTEM32\ntdll.dll
> No symbol table info available.
> #10 0x00000004000469f9 in get_window_cursor_type (active_cursor=<synthetic pointer>, width=0xbfd6ac, glyph=0x10c46fd0, w=0x12af8400) at xdisp.c:28096
> cursor_type = 6
> alt_cursor = <optimized out>
> non_selected = false
See that chkstk above?
Also, how can cursor_type be 6? The enumeration has only 6 values, 2
of them negative.
Other than that, I cannot glean anything useful from this backtrace,
especially since this is an optimized build.
Is this GDB session still alive?
^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#24614: 25.1.50; Exception after moving mouse over over a different window
2016-10-04 15:44 ` Eli Zaretskii
@ 2016-10-04 15:54 ` Alain Schneble
2016-10-04 16:19 ` Eli Zaretskii
2016-10-04 16:06 ` Alain Schneble
1 sibling, 1 reply; 13+ messages in thread
From: Alain Schneble @ 2016-10-04 15:54 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: 24614
Eli Zaretskii <eliz@gnu.org> writes:
> Is this GDB session still alive?
Thanks for looking into it. Yes, GDB session is still alive.
Alain
^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#24614: 25.1.50; Exception after moving mouse over over a different window
2016-10-04 15:54 ` Alain Schneble
@ 2016-10-04 16:19 ` Eli Zaretskii
2016-10-04 16:25 ` Alain Schneble
0 siblings, 1 reply; 13+ messages in thread
From: Eli Zaretskii @ 2016-10-04 16:19 UTC (permalink / raw)
To: Alain Schneble; +Cc: 24614
> From: Alain Schneble <a.s@realize.ch>
> CC: <24614@debbugs.gnu.org>
> Date: Tue, 4 Oct 2016 17:54:33 +0200
>
> > Is this GDB session still alive?
>
> Thanks for looking into it. Yes, GDB session is still alive.
OK, so what does this print:
(gdb) frame 10
(gdb) p *glyph
also these:
(gdb) p *width
(gdb) p w->contents
(gdb) xtype
If the last command says it's a buffer, type "xbuffer", otherwise type
"xwindow" and show the result.
Btw, how come the call to get_window_cursor_type is shown with its
argument in reverse order? In the backtrace:
#10 0x00000004000469f9 in get_window_cursor_type (active_cursor=<synthetic pointer>, width=0xbfd6ac, glyph=0x10c46fd0, w=0x12af8400) at xdisp.c:28096
when the actual function argument list is this:
get_window_cursor_type (struct window *w, struct glyph *glyph, int *width,
bool *active_cursor)
What does this print:
(gdb) ptype get_window_cursor_type
Something really weird went on in that frame #10...
^ permalink raw reply [flat|nested] 13+ messages in thread* bug#24614: 25.1.50; Exception after moving mouse over over a different window
2016-10-04 16:19 ` Eli Zaretskii
@ 2016-10-04 16:25 ` Alain Schneble
2016-10-04 17:08 ` Eli Zaretskii
0 siblings, 1 reply; 13+ messages in thread
From: Alain Schneble @ 2016-10-04 16:25 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: 24614
Eli Zaretskii <eliz@gnu.org> writes:
>> From: Alain Schneble <a.s@realize.ch>
>> CC: <24614@debbugs.gnu.org>
>> Date: Tue, 4 Oct 2016 17:54:33 +0200
>>
>> > Is this GDB session still alive?
>>
>> Thanks for looking into it. Yes, GDB session is still alive.
>
> OK, so what does this print:
>
> (gdb) frame 10
> (gdb) p *glyph
>
> also these:
>
> (gdb) p *width
> (gdb) p w->contents
> (gdb) xtype
>
> If the last command says it's a buffer, type "xbuffer", otherwise type
> "xwindow" and show the result.
(gdb) frame 10
#10 0x00000004000469f9 in get_window_cursor_type (active_cursor=<synthetic pointer>, width=0xbfd6ac, glyph=0x10c46fd0, w=0x12af8400) at xdisp.c:28096
28096 if (glyph != NULL && glyph->type == XWIDGET_GLYPH)
(gdb) p *width
$3 = 1
(gdb) p w->contents
$4 = 282715685
(gdb) xtype
Lisp_Vectorlike
PVEC_BUFFER
(gdb) xbuffer
$5 = (struct buffer *) 0x10d9e620
(unsigned char *) 0xc661598 "TaskList.org"
> Btw, how come the call to get_window_cursor_type is shown with its
> argument in reverse order? In the backtrace:
I have no clue... Could optimization reorder the arguments?
>
> #10 0x00000004000469f9 in get_window_cursor_type (active_cursor=<synthetic pointer>, width=0xbfd6ac, glyph=0x10c46fd0, w=0x12af8400) at xdisp.c:28096
>
> when the actual function argument list is this:
>
> get_window_cursor_type (struct window *w, struct glyph *glyph, int *width,
> bool *active_cursor)
>
> What does this print:
>
> (gdb) ptype get_window_cursor_type
(gdb) ptype get_window_cursor_type
type = enum text_cursor_kinds {DEFAULT_CURSOR = -2, NO_CURSOR, FILLED_BOX_CURSOR, HOLLOW_BOX_CURSOR, BAR_CURSOR, HBAR_CURSOR} (_Bool *, int *, struct glyph *, struct window *)
> Something really weird went on in that frame #10...
Should I have fear of something now? ;)
Thanks,
Alain
^ permalink raw reply [flat|nested] 13+ messages in thread* bug#24614: 25.1.50; Exception after moving mouse over over a different window
2016-10-04 16:25 ` Alain Schneble
@ 2016-10-04 17:08 ` Eli Zaretskii
2016-10-04 17:24 ` Alain Schneble
0 siblings, 1 reply; 13+ messages in thread
From: Eli Zaretskii @ 2016-10-04 17:08 UTC (permalink / raw)
To: Alain Schneble; +Cc: 24614
> From: Alain Schneble <a.s@realize.ch>
> CC: <24614@debbugs.gnu.org>
> Date: Tue, 4 Oct 2016 18:25:34 +0200
>
> > OK, so what does this print:
> >
> > (gdb) frame 10
> > (gdb) p *glyph
> >
> > also these:
> >
> > (gdb) p *width
> > (gdb) p w->contents
> > (gdb) xtype
> >
> > If the last command says it's a buffer, type "xbuffer", otherwise type
> > "xwindow" and show the result.
>
> (gdb) frame 10
> #10 0x00000004000469f9 in get_window_cursor_type (active_cursor=<synthetic pointer>, width=0xbfd6ac, glyph=0x10c46fd0, w=0x12af8400) at xdisp.c:28096
> 28096 if (glyph != NULL && glyph->type == XWIDGET_GLYPH)
> (gdb) p *width
> $3 = 1
> (gdb) p w->contents
> $4 = 282715685
> (gdb) xtype
> Lisp_Vectorlike
> PVEC_BUFFER
> (gdb) xbuffer
> $5 = (struct buffer *) 0x10d9e620
> (unsigned char *) 0xc661598 "TaskList.org"
What about
(gdb) p *glyph
?
> > Btw, how come the call to get_window_cursor_type is shown with its
> > argument in reverse order? In the backtrace:
>
> I have no clue... Could optimization reorder the arguments?
Maybe the function was inlined. Or maybe it's a GDB bug.
> > Something really weird went on in that frame #10...
>
> Should I have fear of something now? ;)
Fear of a crash, of course.
If this happens again, I suggest to build an unoptimized binary and
see if the problem can be reproduced there.
^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#24614: 25.1.50; Exception after moving mouse over over a different window
2016-10-04 17:08 ` Eli Zaretskii
@ 2016-10-04 17:24 ` Alain Schneble
2016-10-04 17:41 ` Eli Zaretskii
0 siblings, 1 reply; 13+ messages in thread
From: Alain Schneble @ 2016-10-04 17:24 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: 24614
Eli Zaretskii <eliz@gnu.org> writes:
> What about
>
> (gdb) p *glyph
>
(gdb) p *glyph
Cannot access memory at address 0x10c46fd0
(Not a valid excuse for having missed that one, but sorry, I was in a
hurry. I had to leave the train.)
>> > Btw, how come the call to get_window_cursor_type is shown with its
>> > argument in reverse order? In the backtrace:
>>
>> I have no clue... Could optimization reorder the arguments?
>
> Maybe the function was inlined. Or maybe it's a GDB bug.
Aha.
>> > Something really weird went on in that frame #10...
>>
>> Should I have fear of something now? ;)
>
> Fear of a crash, of course.
I'll resist.
> If this happens again, I suggest to build an unoptimized binary and
> see if the problem can be reproduced there.
Ok, I'll watch out and will try to catch it with an unoptimized build if
that happens again.
Thanks,
Alain
^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#24614: 25.1.50; Exception after moving mouse over over a different window
2016-10-04 17:24 ` Alain Schneble
@ 2016-10-04 17:41 ` Eli Zaretskii
2016-10-04 18:06 ` Alain Schneble
0 siblings, 1 reply; 13+ messages in thread
From: Eli Zaretskii @ 2016-10-04 17:41 UTC (permalink / raw)
To: Alain Schneble; +Cc: 24614
> From: Alain Schneble <a.s@realize.ch>
> CC: <24614@debbugs.gnu.org>
> Date: Tue, 4 Oct 2016 19:24:34 +0200
>
> Eli Zaretskii <eliz@gnu.org> writes:
>
> > What about
> >
> > (gdb) p *glyph
> >
>
> (gdb) p *glyph
> Cannot access memory at address 0x10c46fd0
So this is our villain. Now how could that happen? I hope the GDB
session is still alive; if it is, what do the commands below report?
(gdb) frame 11
(gdb) p *glyph_row
(gdb) p w->output_cursor
(gdb) p w->current_matrix->nrows
(gdb) p w->current_matrix->matrix_w
^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#24614: 25.1.50; Exception after moving mouse over over a different window
2016-10-04 17:41 ` Eli Zaretskii
@ 2016-10-04 18:06 ` Alain Schneble
2016-10-04 19:15 ` Eli Zaretskii
0 siblings, 1 reply; 13+ messages in thread
From: Alain Schneble @ 2016-10-04 18:06 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: 24614
Eli Zaretskii <eliz@gnu.org> writes:
>> From: Alain Schneble <a.s@realize.ch>
>> CC: <24614@debbugs.gnu.org>
>> Date: Tue, 4 Oct 2016 19:24:34 +0200
>>
>> Eli Zaretskii <eliz@gnu.org> writes:
>>
>> > What about
>> >
>> > (gdb) p *glyph
>> >
>>
>> (gdb) p *glyph
>> Cannot access memory at address 0x10c46fd0
>
> So this is our villain. Now how could that happen? I hope the GDB
> session is still alive; if it is, what do the commands below report?
>
> (gdb) frame 11
> (gdb) p *glyph_row
> (gdb) p w->output_cursor
> (gdb) p w->current_matrix->nrows
> (gdb) p w->current_matrix->matrix_w
Fortunately, yes. Here it is:
(gdb) frame 11
#11 display_and_set_cursor (w=w@entry=0x12af8400, on=on@entry=true, hpos=<optimized out>, vpos=<optimized out>, x=0, y=280) at xdisp.c:28496
28496 new_cursor_type = get_window_cursor_type (w, glyph,
(gdb) p *glyph_row
$6 = {
glyphs = {0x10c47010, 0x10c47010, 0x10c558d0, 0x10c558d0},
used = {0, 1, 0, 0},
hash = 32,
x = 0,
y = 280,
pixel_width = 7,
ascent = 11,
height = 14,
phys_ascent = 11,
phys_height = 14,
visible_height = 14,
extra_line_spacing = 0,
start = {
pos = {
charpos = 39105,
bytepos = 39116
},
overlay_string_index = -1,
string_pos = {
charpos = -1,
bytepos = -1
},
dpvec_index = -1
},
end = {
pos = {
charpos = 39119,
bytepos = 39130
},
overlay_string_index = -1,
string_pos = {
charpos = -1,
bytepos = -1
},
dpvec_index = -1
},
minpos = {
charpos = 39105,
bytepos = 39116
},
maxpos = {
charpos = 39119,
bytepos = 39130
},
overlay_arrow_bitmap = 0,
left_user_fringe_bitmap = 0,
right_user_fringe_bitmap = 0,
left_fringe_bitmap = 3,
right_fringe_bitmap = 0,
left_user_fringe_face_id = 0,
right_user_fringe_face_id = 0,
left_fringe_face_id = 0,
right_fringe_face_id = 0,
left_fringe_offset = 0,
right_fringe_offset = 0,
fringe_bitmap_periodic_p = false,
redraw_fringe_bitmaps_p = false,
enabled_p = true,
truncated_on_left_p = true,
truncated_on_right_p = false,
continued_p = false,
displays_text_p = true,
ends_at_zv_p = false,
fill_line_p = false,
indicate_empty_line_p = false,
contains_overlapping_glyphs_p = false,
full_width_p = false,
mode_line_p = false,
overlapped_p = false,
ends_in_middle_of_char_p = false,
starts_in_middle_of_char_p = false,
overlapping_p = false,
mouse_face_p = false,
ends_in_newline_from_string_p = false,
exact_window_width_line_p = false,
cursor_in_fringe_p = false,
ends_in_ellipsis_p = false,
indicate_bob_p = false,
indicate_top_line_p = false,
indicate_eob_p = false,
indicate_bottom_line_p = false,
reversed_p = false,
continuation_lines_width = 0,
clip = 0x0
}
(gdb) p w->output_cursor
$7 = {
x = 0,
y = 280,
hpos = -1,
vpos = 20
}
(gdb) p w->current_matrix->nrows
$8 = 183
(gdb) p w->current_matrix->matrix_w
$9 = 931
^ permalink raw reply [flat|nested] 13+ messages in thread* bug#24614: 25.1.50; Exception after moving mouse over over a different window
2016-10-04 18:06 ` Alain Schneble
@ 2016-10-04 19:15 ` Eli Zaretskii
2016-10-04 20:08 ` Alain Schneble
0 siblings, 1 reply; 13+ messages in thread
From: Eli Zaretskii @ 2016-10-04 19:15 UTC (permalink / raw)
To: Alain Schneble; +Cc: 24614-done
> From: Alain Schneble <a.s@realize.ch>
> CC: <24614@debbugs.gnu.org>
> Date: Tue, 4 Oct 2016 20:06:57 +0200
>
> (gdb) p w->output_cursor
> $7 = {
> x = 0,
> y = 280,
> hpos = -1, <<<<<<<<<<<<<<<<<
> vpos = 20
> }
Thanks, the problem is now acutely clear: we were indexing the glyphs
array using a negative index. I wonder why it took so many years for
this bug to manifest itself.
I pushed a fix, and am marking this bug done. Feel free to reopen if
there are left-overs.
Thanks.
^ permalink raw reply [flat|nested] 13+ messages in thread
* bug#24614: 25.1.50; Exception after moving mouse over over a different window
2016-10-04 15:44 ` Eli Zaretskii
2016-10-04 15:54 ` Alain Schneble
@ 2016-10-04 16:06 ` Alain Schneble
2016-10-04 16:31 ` Eli Zaretskii
1 sibling, 1 reply; 13+ messages in thread
From: Alain Schneble @ 2016-10-04 16:06 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: 24614
Eli Zaretskii <eliz@gnu.org> writes:
>> From: Alain Schneble <a.s@realize.ch>
>> Date: Tue, 4 Oct 2016 16:53:14 +0200
>>
>> I was working in an emacs-lisp-mode buffer displayed in a window of a
>> frame divided into 4 windows. After moving the mouse over another
>> window showing an org-mode buffer, Emacs crashed.
>
> Looks like some stack issue, or maybe an exception in a non-main
> thread:
FWIW, I attached the backtrace of Thread 2 below.
Alain
17 Thread 66296.0x12eac stopped in ntdll!RtlAllocateHeap () of C:\WINDOWS\SYSTEM32\ntdll.dll
15 Thread 66296.0x10538 stopped in ntdll!ZwAlpcQueryInformation () of C:\WINDOWS\SYSTEM32\ntdll.dll
14 Thread 66296.0x12f80 stopped in ntdll!RtlUserThreadStart () of C:\WINDOWS\SYSTEM32\ntdll.dll
13 Thread 66296.0x11a54 stopped in ntdll!RtlUserThreadStart () of C:\WINDOWS\SYSTEM32\ntdll.dll
12 Thread 66296.0xd430 stopped in ntdll!RtlUserThreadStart () of C:\WINDOWS\SYSTEM32\ntdll.dll
11 Thread 66296.0x85dc stopped in ntdll!RtlUserThreadStart () of C:\WINDOWS\SYSTEM32\ntdll.dll
10 Thread 66296.0x49dc stopped in ntdll!RtlUserThreadStart () of C:\WINDOWS\SYSTEM32\ntdll.dll
9 Thread 66296.0x1115c stopped in ntdll!RtlUserThreadStart () of C:\WINDOWS\SYSTEM32\ntdll.dll
8 Thread 66296.0x1147c stopped in ntdll!RtlUserThreadStart () of C:\WINDOWS\SYSTEM32\ntdll.dll
7 Thread 66296.0x25a4 stopped in ntdll!RtlUserThreadStart () of C:\WINDOWS\SYSTEM32\ntdll.dll
6 Thread 66296.0xec50 stopped in ntdll!RtlUserThreadStart () of C:\WINDOWS\SYSTEM32\ntdll.dll
5 Thread 66296.0xaa50 stopped in ntdll!RtlUserThreadStart () of C:\WINDOWS\SYSTEM32\ntdll.dll
4 Thread 66296.0x11ac0 stopped in ntdll!ZwWaitForWorkViaWorkerFactory () of C:\WINDOWS\SYSTEM32\ntdll.dll
3 Thread 66296.0x10e18 stopped in ntdll!RtlUserThreadStart () of C:\WINDOWS\SYSTEM32\ntdll.dll
2 Thread 66296.0x11828 stopped in w32_wnd_proc (hwnd=<optimized out>,msg=<optimized out>,wParam=<optimized out>,lParam=<optimized out>) of w32fns.c:4613
1 Thread 66296.0xfb44 stopped in msvcrt!_initterm_e () of C:\WINDOWS\system32\msvcrt.dll
#0 0x0000000400174f47 in w32_wnd_proc (hwnd=<optimized out>, msg=<optimized out>, wParam=<optimized out>, lParam=<optimized out>) at w32fns.c:4613
wmsg = {
msg = {
hwnd = 0x0,
message = 1457534076,
wParam = 512,
lParam = 0,
time = 1526048,
pt = {
x = 4,
y = 33490634
}
},
dwModifiers = 24731424,
rect = {
left = 0,
top = 1626277,
right = 4,
bottom = 0
}
}
windows_translate = <optimized out>
key = <optimized out>
#1 0x00007ff859b51169 in USER32!DispatchMessageW () from C:\WINDOWS\system32\user32.dll
No symbol table info available.
#2 0x00007ff859b50ee2 in USER32!DispatchMessageW () from C:\WINDOWS\system32\user32.dll
No symbol table info available.
#3 0x00007ff859b60bee in USER32!GetMenuItemInfoW () from C:\WINDOWS\system32\user32.dll
No symbol table info available.
#4 0x00007ff85a6f8ba4 in ntdll!KiUserCallbackDispatcher () from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#5 0x00007ff859b721d4 in USER32!InvalidateRect () from C:\WINDOWS\system32\user32.dll
No symbol table info available.
#6 0x00007ff859b63075 in USER32!GetMessageW () from C:\WINDOWS\system32\user32.dll
No symbol table info available.
#7 0x0000000400174356 in w32_msg_pump (msg_buf=<optimized out>) at w32fns.c:2537
msg = {
hwnd = 0x1342bc6,
message = 275,
wParam = 1334030225,
lParam = 0,
time = 3891583468,
pt = {
x = 2263,
y = 299
}
}
focus_window = <optimized out>
#8 0x0000000400174900 in w32_msg_worker (arg=<optimized out>) at w32fns.c:2758
msg = {
hwnd = 0x0,
message = 0,
wParam = 0,
lParam = 0,
time = 0,
pt = {
x = 0,
y = 0
}
}
dummy_buf = {
next = 0x0,
w32msg = {
msg = {
hwnd = 0x0,
message = 0,
wParam = 0,
lParam = 0,
time = 0,
pt = {
x = 0,
y = 0
}
},
dwModifiers = 0,
rect = {
left = 0,
top = 0,
right = 0,
bottom = 0
}
},
result = 0,
completed = 0
}
#9 0x00007ff859aa8102 in KERNEL32!BaseThreadInitThunk () from C:\WINDOWS\system32\kernel32.dll
No symbol table info available.
#10 0x00007ff85a6ac5b4 in ntdll!RtlUserThreadStart () from C:\WINDOWS\SYSTEM32\ntdll.dll
No symbol table info available.
#11 0x0000000000000000 in ?? ()
No symbol table info available.
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
Lisp Backtrace:
"redisplay_internal (C function)" (0x0)
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2016-10-04 20:08 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-04 14:53 bug#24614: 25.1.50; Exception after moving mouse over over a different window Alain Schneble
2016-10-04 15:44 ` Eli Zaretskii
2016-10-04 15:54 ` Alain Schneble
2016-10-04 16:19 ` Eli Zaretskii
2016-10-04 16:25 ` Alain Schneble
2016-10-04 17:08 ` Eli Zaretskii
2016-10-04 17:24 ` Alain Schneble
2016-10-04 17:41 ` Eli Zaretskii
2016-10-04 18:06 ` Alain Schneble
2016-10-04 19:15 ` Eli Zaretskii
2016-10-04 20:08 ` Alain Schneble
2016-10-04 16:06 ` Alain Schneble
2016-10-04 16:31 ` Eli Zaretskii
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).