* bug#20802: Segfault when showing non-GTK+ tooltip @ 2015-06-13 9:18 Tobias Getzner 2015-06-13 9:38 ` Eli Zaretskii 0 siblings, 1 reply; 41+ messages in thread From: Tobias Getzner @ 2015-06-13 9:18 UTC (permalink / raw) To: 20802 When x-gtk-use-system-tooltips is set to nil, and the tooltip face is customized using an invalid color string such as #zz, Emacs will segfault when a tooltip is being drawn. This is for Emacs 24.5. Best regards, TG ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-13 9:18 bug#20802: Segfault when showing non-GTK+ tooltip Tobias Getzner @ 2015-06-13 9:38 ` Eli Zaretskii 2015-06-13 10:25 ` martin rudalics 2015-06-16 7:21 ` Tobias Getzner 0 siblings, 2 replies; 41+ messages in thread From: Eli Zaretskii @ 2015-06-13 9:38 UTC (permalink / raw) To: Tobias Getzner; +Cc: 20802 > From: Tobias Getzner <tobias.getzner@gmx.de> > Date: Sat, 13 Jun 2015 11:18:38 +0200 > > When x-gtk-use-system-tooltips is set to nil, and the tooltip face is > customized using an invalid color string such as #zz, Emacs will > segfault when a tooltip is being drawn. I cannot reproduce this on my system, so please show a backtrace from running Emacs inside GDB. Also, please tell how you customized the face color, exactly -- it could be that only some specific ways of customizing it cause the problem. Thanks. ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-13 9:38 ` Eli Zaretskii @ 2015-06-13 10:25 ` martin rudalics 2015-06-13 10:54 ` Eli Zaretskii 2022-04-29 11:45 ` Lars Ingebrigtsen 2015-06-16 7:21 ` Tobias Getzner 1 sibling, 2 replies; 41+ messages in thread From: martin rudalics @ 2015-06-13 10:25 UTC (permalink / raw) To: Eli Zaretskii, Tobias Getzner; +Cc: 20802 >> When x-gtk-use-system-tooltips is set to nil, and the tooltip face is >> customized using an invalid color string such as #zz, Emacs will >> segfault when a tooltip is being drawn. > > I cannot reproduce this on my system, so please show a backtrace from > running Emacs inside GDB. Also, please tell how you customized the > face color, exactly -- it could be that only some specific ways of > customizing it cause the problem. Below is a bt after setting an invalid background color. Tooltips are shown via ‘x-show-tip’ and the crash triggers after the backtrace buffer complaining about the invalid color popped up and I tried to switch to another buffer. I have no idea whether it's the OP's original issue. martin #0 0x00000000006c9b5c in cache_image (f=0x13a7e00, img=0x198ee20) at ../../src/image.c:1775 #1 0x00000000006c96e3 in lookup_image (f=0x13a7e00, spec=...) at ../../src/image.c:1686 #2 0x000000000044bebc in handle_single_display_spec (it=0x7fffffff8ba0, spec=..., object=..., overlay=..., position=0x7fffffff8cd8, bufpos=203, display_replaced=0, frame_window_p=true) at ../../src/xdisp.c:5137 #3 0x00000000004498cd in handle_display_spec (it=0x7fffffff8ba0, spec=..., object=..., overlay=..., position=0x7fffffff8cd8, bufpos=203, frame_window_p=true) at ../../src/xdisp.c:4654 #4 0x00000000004492c8 in handle_display_prop (it=0x7fffffff8ba0) at ../../src/xdisp.c:4576 #5 0x0000000000445e8d in handle_stop (it=0x7fffffff8ba0) at ../../src/xdisp.c:3299 #6 0x0000000000454ee3 in next_element_from_buffer (it=0x7fffffff8ba0) at ../../src/xdisp.c:8133 #7 0x00000000004511b5 in get_next_display_element (it=0x7fffffff8ba0) at ../../src/xdisp.c:6785 #8 0x000000000047e4ea in display_line (it=0x7fffffff8ba0) at ../../src/xdisp.c:20132 #9 0x00000000004719a2 in try_window (window=..., pos=..., flags=1) at ../../src/xdisp.c:16892 #10 0x000000000046df50 in redisplay_window (window=..., just_this_one_p=false) at ../../src/xdisp.c:16365 #11 0x00000000004654d0 in redisplay_window_0 (window=...) at ../../src/xdisp.c:14184 #12 0x0000000000625c43 in internal_condition_case_1 (bfun=0x46548e <redisplay_window_0>, arg=..., handlers=..., hfun=0x465456 <redisplay_window_error>) at ../../src/eval.c:1372 #13 0x000000000046542c in redisplay_windows (window=...) at ../../src/xdisp.c:14164 #14 0x00000000004653e2 in redisplay_windows (window=...) at ../../src/xdisp.c:14158 #15 0x00000000004641e1 in redisplay_internal () at ../../src/xdisp.c:13756 #16 0x0000000000461e04 in redisplay () at ../../src/xdisp.c:13019 #17 0x000000000057d4a3 in read_char (commandflag=1, map=..., prev_event=..., used_mouse_menu=0x7fffffffe23f, end_time=0x0) at ../../src/keyboard.c:2542 #18 0x000000000058e17f in read_key_sequence (keybuf=0x7fffffffe410, bufsize=30, prompt=..., dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false) at ../../src/keyboard.c:9156 #19 0x000000000057a0e7 in command_loop_1 () at ../../src/keyboard.c:1407 #20 0x0000000000625ac9 in internal_condition_case (bfun=0x579c90 <command_loop_1>, handlers=..., hfun=0x579300 <cmd_error>) at ../../src/eval.c:1348 #21 0x00000000005798be in command_loop_2 (ignore=...) at ../../src/keyboard.c:1139 #22 0x0000000000624ec4 in internal_catch (tag=..., func=0x579895 <command_loop_2>, arg=...) at ../../src/eval.c:1108 #23 0x0000000000579860 in command_loop () at ../../src/keyboard.c:1118 #24 0x0000000000578df7 in recursive_edit_1 () at ../../src/keyboard.c:728 #25 0x0000000000578ff3 in Frecursive_edit () at ../../src/keyboard.c:799 #26 0x0000000000576cd3 in main (argc=1, argv=0x7fffffffe8e8) at ../../src/emacs.c:1626 Lisp Backtrace: "redisplay_internal (C function)" (0x0) ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-13 10:25 ` martin rudalics @ 2015-06-13 10:54 ` Eli Zaretskii 2015-06-13 13:24 ` martin rudalics 2022-04-29 11:45 ` Lars Ingebrigtsen 1 sibling, 1 reply; 41+ messages in thread From: Eli Zaretskii @ 2015-06-13 10:54 UTC (permalink / raw) To: martin rudalics; +Cc: tobias.getzner, 20802 > Date: Sat, 13 Jun 2015 12:25:42 +0200 > From: martin rudalics <rudalics@gmx.at> > CC: 20802@debbugs.gnu.org > > Below is a bt after setting an invalid background color. Tooltips are > shown via ‘x-show-tip’ and the crash triggers after the backtrace buffer > complaining about the invalid color popped up and I tried to switch to > another buffer. I have no idea whether it's the OP's original issue. Thanks, but I still cannot reproduce this. (On what OS did you reproduce it?) I also see no backtrace buffers, just a silent message in *Messages* about its being unable to load the bogus color I specified. Can you help by showing values of variables involved in the crash? > #0 0x00000000006c9b5c in cache_image (f=0x13a7e00, img=0x198ee20) at ../../src/image.c:1775 Is this in v24.5 or in the current master? If the latter, line 1775 of image.c is this: else if (EQ (ascent, Qcenter)) img->ascent = CENTERED_IMAGE_ASCENT; <<<<<<<<<<<<< So is value of img a NULL pointer? (The argument img in the call above indicates it's non-NULL, but maybe your GDB shows only the value at entry?) If it's not NULL, and this is the correct line, then what caused the crash? (I'm also puzzled what does this have to do with tooltips, since we show no images in the tooltips, and customizing faces for the tooltip frames should not affect showing images in other frames.) Thanks. ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-13 10:54 ` Eli Zaretskii @ 2015-06-13 13:24 ` martin rudalics 2015-06-13 14:01 ` Eli Zaretskii 0 siblings, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-13 13:24 UTC (permalink / raw) To: Eli Zaretskii; +Cc: tobias.getzner, 20802 > Thanks, but I still cannot reproduce this. (On what OS did you > reproduce it?) A Gtk build on Debian. Run with all my customizations. > I also see no backtrace buffers, just a silent message > in *Messages* about its being unable to load the bogus color I > specified. Can you help by showing values of variables involved in > the crash? > >> #0 0x00000000006c9b5c in cache_image (f=0x13a7e00, img=0x198ee20) at ../../src/image.c:1775 > > Is this in v24.5 or in the current master? If the latter, line 1775 > of image.c is this: > > else if (EQ (ascent, Qcenter)) > img->ascent = CENTERED_IMAGE_ASCENT; <<<<<<<<<<<<< > > So is value of img a NULL pointer? (The argument img in the call > above indicates it's non-NULL, but maybe your GDB shows only the value > at entry?) > > If it's not NULL, and this is the correct line, then what caused the > crash? Sorry, I forgot to tell. Line 1775 of image.c here is for (i = 0; i < c->used; ++i) in the context of struct image_cache *c = FRAME_IMAGE_CACHE (f); ptrdiff_t i; /* Find a free slot in c->images. */ for (i = 0; i < c->used; ++i) if (c->images[i] == NULL) break; /* If no free slot found, maybe enlarge c->images. */ in cache_image. i is still 0 and I get (gdb) p c->used Cannot access memory at address 0x18 which should explain the direct cause of the segfault. This is from a not-up-to-date version of trunk with some modifications I made (none in image.c though). A backtrace with some more data from the Lisp part is below. > (I'm also puzzled what does this have to do with tooltips, since we > show no images in the tooltips, and customizing faces for the tooltip > frames should not affect showing images in other frames.) Maybe it's the ‘debug’ call interfering? martin #0 0x00000000006c9b5c in cache_image (f=0x13a7e00, img=0x249e010) at ../../src/image.c:1775 #1 0x00000000006c96e3 in lookup_image (f=0x13a7e00, spec=...) at ../../src/image.c:1686 #2 0x000000000044bebc in handle_single_display_spec (it=0x7fffffff46f0, spec=..., object=..., overlay=..., position=0x7fffffff4828, bufpos=203, display_replaced=0, frame_window_p=true) at ../../src/xdisp.c:5137 #3 0x00000000004498cd in handle_display_spec (it=0x7fffffff46f0, spec=..., object=..., overlay=..., position=0x7fffffff4828, bufpos=203, frame_window_p=true) at ../../src/xdisp.c:4654 #4 0x00000000004492c8 in handle_display_prop (it=0x7fffffff46f0) at ../../src/xdisp.c:4576 #5 0x0000000000445e8d in handle_stop (it=0x7fffffff46f0) at ../../src/xdisp.c:3299 #6 0x0000000000454ee3 in next_element_from_buffer (it=0x7fffffff46f0) at ../../src/xdisp.c:8133 #7 0x00000000004511b5 in get_next_display_element (it=0x7fffffff46f0) at ../../src/xdisp.c:6785 #8 0x000000000047e4ea in display_line (it=0x7fffffff46f0) at ../../src/xdisp.c:20132 #9 0x00000000004719a2 in try_window (window=..., pos=..., flags=1) at ../../src/xdisp.c:16892 #10 0x000000000046df50 in redisplay_window (window=..., just_this_one_p=false) at ../../src/xdisp.c:16365 #11 0x00000000004654d0 in redisplay_window_0 (window=...) at ../../src/xdisp.c:14184 #12 0x0000000000625c43 in internal_condition_case_1 (bfun=0x46548e <redisplay_window_0>, arg=..., handlers=..., hfun=0x465456 <redisplay_window_error>) at ../../src/eval.c:1372 #13 0x000000000046542c in redisplay_windows (window=...) at ../../src/xdisp.c:14164 #14 0x00000000004653e2 in redisplay_windows (window=...) at ../../src/xdisp.c:14158 #15 0x00000000004641e1 in redisplay_internal () at ../../src/xdisp.c:13756 #16 0x0000000000461e04 in redisplay () at ../../src/xdisp.c:13019 #17 0x000000000057d4a3 in read_char (commandflag=1, map=..., prev_event=..., used_mouse_menu=0x7fffffff9d8f, end_time=0x0) at ../../src/keyboard.c:2542 #18 0x000000000058e17f in read_key_sequence (keybuf=0x7fffffff9f60, bufsize=30, prompt=..., dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false) at ../../src/keyboard.c:9156 #19 0x000000000057a0e7 in command_loop_1 () at ../../src/keyboard.c:1407 #20 0x0000000000625ac9 in internal_condition_case (bfun=0x579c90 <command_loop_1>, handlers=..., hfun=0x579300 <cmd_error>) at ../../src/eval.c:1348 #21 0x00000000005798be in command_loop_2 (ignore=...) at ../../src/keyboard.c:1139 #22 0x0000000000624ec4 in internal_catch (tag=..., func=0x579895 <command_loop_2>, arg=...) at ../../src/eval.c:1108 #23 0x00000000005797f6 in command_loop () at ../../src/keyboard.c:1110 #24 0x0000000000578df7 in recursive_edit_1 () at ../../src/keyboard.c:728 #25 0x0000000000578ff3 in Frecursive_edit () at ../../src/keyboard.c:799 #26 0x000000000062978c in Ffuncall (nargs=1, args=0x7fffffffa408) at ../../src/eval.c:2715 #27 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=2, args=0x7fffffffac98) at ../../src/bytecode.c:919 #28 0x000000000062a11f in funcall_lambda (fun=..., nargs=2, arg_vector=0x7fffffffac98) at ../../src/eval.c:2885 #29 0x0000000000629a1a in Ffuncall (nargs=3, args=0x7fffffffac90) at ../../src/eval.c:2767 #30 0x0000000000628a06 in Fapply (nargs=2, args=0x7fffffffada0) at ../../src/eval.c:2337 #31 0x00000000006290fc in apply1 (fn=..., arg=...) at ../../src/eval.c:2558 #32 0x0000000000622711 in call_debugger (arg=...) at ../../src/eval.c:309 #33 0x0000000000626ab3 in maybe_call_debugger (conditions=..., sig=..., data=...) at ../../src/eval.c:1726 #34 0x00000000006262c8 in Fsignal (error_symbol=..., data=...) at ../../src/eval.c:1544 #35 0x00000000006263fe in xsignal (error_symbol=..., data=...) at ../../src/eval.c:1581 #36 0x000000000062663c in signal_error (s=0x6fd2de "Undefined color", arg=...) at ../../src/eval.c:1636 #37 0x000000000054c091 in x_decode_color (f=0x24d2c30, color_name=..., mono_color=16777215) at ../../src/xfns.c:495 #38 0x000000000054c566 in x_set_background_color (f=0x24d2c30, arg=..., oldval=...) at ../../src/xfns.c:638 #39 0x000000000042d45d in x_set_frame_parameters (f=0x24d2c30, alist=...) at ../../src/frame.c:3152 #40 0x0000000000431ce6 in x_default_parameter (f=0x24d2c30, alist=..., prop=..., deflt=..., xprop=0x6fd49d "background", xclass=0x6fd908 "Background", type=RES_TYPE_STRING) at ../../src/frame.c:4374 #41 0x000000000055549d in x_create_tip_frame (dpyinfo=0x1621ee0, parms=..., text=...) at ../../src/xfns.c:5173 #42 0x0000000000556884 in Fx_show_tip (string=..., frame=..., parms=..., timeout=..., dx=..., dy=...) at ../../src/xfns.c:5543 #43 0x0000000000628116 in eval_sub (form=...) at ../../src/eval.c:2200 #44 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #45 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #46 0x00000000006229d4 in Fif (args=...) at ../../src/eval.c:396 #47 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #48 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #49 0x000000000062437c in FletX (args=...) at ../../src/eval.c:896 #50 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #51 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #52 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #53 0x00000000006229d4 in Fif (args=...) at ../../src/eval.c:396 #54 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #55 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #56 0x000000000062437c in FletX (args=...) at ../../src/eval.c:896 #57 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #58 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #59 0x000000000062a511 in funcall_lambda (fun=..., nargs=0, arg_vector=0x0) at ../../src/eval.c:2944 #60 0x0000000000629b19 in Ffuncall (nargs=1, args=0x7fffffffcbb0) at ../../src/eval.c:2779 #61 0x000000000062853a in Fapply (nargs=2, args=0x7fffffffcbb0) at ../../src/eval.c:2289 #62 0x0000000000629676 in Ffuncall (nargs=3, args=0x7fffffffcba8) at ../../src/eval.c:2698 #63 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=0, args=0x0) at ../../src/bytecode.c:919 #64 0x000000000062a5b1 in funcall_lambda (fun=..., nargs=1, arg_vector=0xadb72d) at ../../src/eval.c:2951 #65 0x0000000000629a1a in Ffuncall (nargs=2, args=0x7fffffffd430) at ../../src/eval.c:2767 #66 0x0000000000629153 in call1 (fn=..., arg1=...) at ../../src/eval.c:2573 #67 0x0000000000582a83 in timer_check_2 (timers=..., idle_timers=...) at ../../src/keyboard.c:4533 #68 0x0000000000582bf2 in timer_check () at ../../src/keyboard.c:4600 #69 0x000000000058008d in readable_events (flags=1) at ../../src/keyboard.c:3434 #70 0x000000000058841c in get_input_pending (flags=1) at ../../src/keyboard.c:6818 #71 0x000000000058ff13 in detect_input_pending_run_timers (do_display=true) at ../../src/keyboard.c:9973 #72 0x0000000000684c13 in wait_reading_process_output (time_limit=2025, nsecs=0, read_kbd=-1, do_display=true, wait_for_cell=..., wait_proc=0x0, just_wait_proc=0) at ../../src/process.c:5014 #73 0x0000000000422610 in sit_for (timeout=..., reading=true, display_option=1) at ../../src/dispnew.c:5748 #74 0x000000000057de53 in read_char (commandflag=1, map=..., prev_event=..., used_mouse_menu=0x7fffffffe23f, end_time=0x0) at ../../src/keyboard.c:2781 #75 0x000000000058e17f in read_key_sequence (keybuf=0x7fffffffe410, bufsize=30, prompt=..., dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false) at ../../src/keyboard.c:9156 #76 0x000000000057a0e7 in command_loop_1 () at ../../src/keyboard.c:1407 #77 0x0000000000625ac9 in internal_condition_case (bfun=0x579c90 <command_loop_1>, handlers=..., hfun=0x579300 <cmd_error>) at ../../src/eval.c:1348 #78 0x00000000005798be in command_loop_2 (ignore=...) at ../../src/keyboard.c:1139 #79 0x0000000000624ec4 in internal_catch (tag=..., func=0x579895 <command_loop_2>, arg=...) at ../../src/eval.c:1108 #80 0x0000000000579860 in command_loop () at ../../src/keyboard.c:1118 #81 0x0000000000578df7 in recursive_edit_1 () at ../../src/keyboard.c:728 #82 0x0000000000578ff3 in Frecursive_edit () at ../../src/keyboard.c:799 #83 0x0000000000576cd3 in main (argc=1, argv=0x7fffffffe8e8) at ../../src/emacs.c:1626 Lisp Backtrace: "redisplay_internal (C function)" (0x0) "recursive-edit" (0xffffa410) "debug" (0xffffac98) "x-show-tip" (0xffffb810) "progn" (0xffffbb20) "if" (0xffffbd40) "let*" (0xffffc040) "progn" (0xffffc250) "if" (0xffffc470) "let*" (0xffffc770) "eldoc-tooltip--make" (0xffffcbb8) "apply" (0xffffcbb0) "timer-event-handler" (0xffffd438) ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-13 13:24 ` martin rudalics @ 2015-06-13 14:01 ` Eli Zaretskii 2015-06-13 14:28 ` martin rudalics 0 siblings, 1 reply; 41+ messages in thread From: Eli Zaretskii @ 2015-06-13 14:01 UTC (permalink / raw) To: martin rudalics; +Cc: tobias.getzner, 20802 > Date: Sat, 13 Jun 2015 15:24:02 +0200 > From: martin rudalics <rudalics@gmx.at> > CC: tobias.getzner@gmx.de, 20802@debbugs.gnu.org > > > Thanks, but I still cannot reproduce this. (On what OS did you > > reproduce it?) > > A Gtk build on Debian. Run with all my customizations. I see that x_decode_color in xfns.c signals an error, while the same function in w32fns.c doesn't. But even if I add the call to signal_error to w32fns.c's implementation, I still cannot reproduce the crash. I do see an error message in the echo area, but no debugger pops up. > Sorry, I forgot to tell. Line 1775 of image.c here is > > for (i = 0; i < c->used; ++i) > > in the context of > > struct image_cache *c = FRAME_IMAGE_CACHE (f); > ptrdiff_t i; > > /* Find a free slot in c->images. */ > for (i = 0; i < c->used; ++i) > if (c->images[i] == NULL) > break; > > /* If no free slot found, maybe enlarge c->images. */ > > in cache_image. i is still 0 and I get > > (gdb) p c->used > Cannot access memory at address 0x18 So FRAME_IMAGE_CACHE returns a NULL pointer, I guess. But how did that happen? We allocate the cache in xfaces.c:init_frame_faces. I could understand why init_frame_faces was not yet called for the tip frame we were trying to create, but the crash happens because of a different frame. Look: #37 0x000000000054c091 in x_decode_color (f=0x24d2c30, color_name=..., mono_color=16777215) at ../../src/xfns.c:495 #38 0x000000000054c566 in x_set_background_color (f=0x24d2c30, arg=..., oldval=...) at ../../src/xfns.c:638 #39 0x000000000042d45d in x_set_frame_parameters (f=0x24d2c30, alist=...) at ../../src/frame.c:3152 #40 0x0000000000431ce6 in x_default_parameter (f=0x24d2c30, alist=..., prop=..., deflt=..., xprop=0x6fd49d "background", xclass=0x6fd908 "Background", type=RES_TYPE_STRING) at ../../src/frame.c:4374 #41 0x000000000055549d in x_create_tip_frame (dpyinfo=0x1621ee0, parms=..., text=...) at ../../src/xfns.c:5173 This is the tip frame we are creating, its pointer is 0x24d2c30. But when we crash, it's for a different frame, whose pointer is 0x13a7e00: #0 0x00000000006c9b5c in cache_image (f=0x13a7e00, img=0x249e010) at ../../src/image.c:1775 #1 0x00000000006c96e3 in lookup_image (f=0x13a7e00, spec=...) at ../../src/image.c:1686 Can you see what is that frame, and why we didn't call init_frame_faces for it? Also, which image are we trying to display here? Something on the toolbar, perhaps? Did you move mouse pointer over a tool-bar button to trigger a tooltip that failed? ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-13 14:01 ` Eli Zaretskii @ 2015-06-13 14:28 ` martin rudalics 2015-06-13 14:42 ` Eli Zaretskii 0 siblings, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-13 14:28 UTC (permalink / raw) To: Eli Zaretskii; +Cc: tobias.getzner, 20802 > So FRAME_IMAGE_CACHE returns a NULL pointer, I guess. But how did > that happen? We allocate the cache in xfaces.c:init_frame_faces. I > could understand why init_frame_faces was not yet called for the tip > frame we were trying to create, but the crash happens because of a > different frame. Look: > > #37 0x000000000054c091 in x_decode_color (f=0x24d2c30, color_name=..., mono_color=16777215) at ../../src/xfns.c:495 > #38 0x000000000054c566 in x_set_background_color (f=0x24d2c30, arg=..., oldval=...) at ../../src/xfns.c:638 > #39 0x000000000042d45d in x_set_frame_parameters (f=0x24d2c30, alist=...) at ../../src/frame.c:3152 > #40 0x0000000000431ce6 in x_default_parameter (f=0x24d2c30, alist=..., prop=..., deflt=..., xprop=0x6fd49d "background", xclass=0x6fd908 "Background", type=RES_TYPE_STRING) at ../../src/frame.c:4374 > #41 0x000000000055549d in x_create_tip_frame (dpyinfo=0x1621ee0, parms=..., text=...) at ../../src/xfns.c:5173 > > This is the tip frame we are creating, its pointer is 0x24d2c30. But > when we crash, it's for a different frame, whose pointer is 0x13a7e00: > > #0 0x00000000006c9b5c in cache_image (f=0x13a7e00, img=0x249e010) at ../../src/image.c:1775 > #1 0x00000000006c96e3 in lookup_image (f=0x13a7e00, spec=...) at ../../src/image.c:1686 As I mentioned earlier this seems to be due to the fact that the debugger intervenes in some recursive fashion. The crash happens after the backtrace window popped up and when I try to ‘switch-to-prev-buffer’ in the window where the tooltip should have appeared. Without that I'm _not_ able to reproduce the crash. > Can you see what is that frame, and why we didn't call > init_frame_faces for it? What makes you think this is not my normal frame in the first place and why init_frame_faces was not called for it? Hmmm, I see, nothing can stop make_image_cache apparently. I'll look into this later - sounds like a thunderstorm approaching and I'll rather switch off my machine. > Also, which image are we trying to display > here? How would I know? I never see one because I build without image support. > Something on the toolbar, perhaps? Did you move mouse pointer > over a tool-bar button to trigger a tooltip that failed? The toolbar is disabled with my customizations. martin ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-13 14:28 ` martin rudalics @ 2015-06-13 14:42 ` Eli Zaretskii 2015-06-14 11:00 ` martin rudalics 0 siblings, 1 reply; 41+ messages in thread From: Eli Zaretskii @ 2015-06-13 14:42 UTC (permalink / raw) To: martin rudalics; +Cc: tobias.getzner, 20802 > Date: Sat, 13 Jun 2015 16:28:47 +0200 > From: martin rudalics <rudalics@gmx.at> > CC: tobias.getzner@gmx.de, 20802@debbugs.gnu.org > > As I mentioned earlier this seems to be due to the fact that the > debugger intervenes in some recursive fashion. The crash happens after > the backtrace window popped up and when I try to ‘switch-to-prev-buffer’ > in the window where the tooltip should have appeared. Without that I'm > _not_ able to reproduce the crash. > > > Can you see what is that frame, and why we didn't call > > init_frame_faces for it? > > What makes you think this is not my normal frame in the first place and > why init_frame_faces was not called for it? Hmmm, I see, nothing can > stop make_image_cache apparently. Exactly. It is created in init_frame_faces, and never removed as long as the frame is alive. > I'll look into this later Thanks. > > Also, which image are we trying to display > > here? > > How would I know? I thought you could look that up in the debugger. For example, the value of 'spec' in frame #1 (see below) could tell. > > Something on the toolbar, perhaps? Did you move mouse pointer > > over a tool-bar button to trigger a tooltip that failed? > > The toolbar is disabled with my customizations. Hmm... then what other images do we display? Note that according to the backtrace, we've found a 'display' property in buffer, which caused the call to lookup_image: #0 0x00000000006c9b5c in cache_image (f=0x13a7e00, img=0x198ee20) at ../../src/image.c:1775 #1 0x00000000006c96e3 in lookup_image (f=0x13a7e00, spec=...) at ../../src/image.c:1686 #2 0x000000000044bebc in handle_single_display_spec (it=0x7fffffff8ba0, spec=..., object=..., overlay=..., position=0x7fffffff8cd8, bufpos=203, display_replaced=0, frame_window_p=true) at ../../src/xdisp.c:5137 [...] #6 0x0000000000454ee3 in next_element_from_buffer (it=0x7fffffff8ba0) at ../../src/xdisp.c:8133 Thanks. ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-13 14:42 ` Eli Zaretskii @ 2015-06-14 11:00 ` martin rudalics 2015-06-14 14:12 ` Eli Zaretskii 0 siblings, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-14 11:00 UTC (permalink / raw) To: Eli Zaretskii; +Cc: tobias.getzner, 20802 What happens is given in the backtraces below. The first breakpoint is hit when Emacs creates the image cache for the original frame (f=0x13a7e00). The second breakpoint is hit when freeing the image cache for the tooltip frame (f=0xe0c7a0). This removes the image_cache created in make_image_cache at 0x1676f90. The third breakpoint is the same as in my earlier posts. The reason seems obvious: When the color is not defined for the tooltip frame we do _not_ increment the refcount of the image cache. But we subsequently free the image cache in unwind_create_frame. Bad luck. martin (gdb) run Starting program: /home/martin/emacs-git/trunk/obj-gtk/src/emacs [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffef48c700 (LWP 4514)] [New Thread 0x7fffedadf700 (LWP 4515)] [New Thread 0x7fffed28e700 (LWP 4516)] (gdb) bt #0 make_image_cache () at ../../src/image.c:1356 #1 0x0000000000524b87 in init_frame_faces (f=0x13a7e00) at ../../src/xfaces.c:591 #2 0x0000000000551afb in Fx_create_frame (parms=...) at ../../src/xfns.c:3215 #3 0x00000000006297ae in Ffuncall (nargs=2, args=0x7fffffffb848) at ../../src/eval.c:2718 #4 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=0, args=0x0) at ../../src/bytecode.c:919 #5 0x000000000062a5b1 in funcall_lambda (fun=..., nargs=1, arg_vector=0xa0be8d) at ../../src/eval.c:2951 #6 0x0000000000629a1a in Ffuncall (nargs=2, args=0x7fffffffc0d8) at ../../src/eval.c:2767 #7 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=1, args=0x7fffffffc978) at ../../src/bytecode.c:919 #8 0x000000000062a11f in funcall_lambda (fun=..., nargs=1, arg_vector=0x7fffffffc970) at ../../src/eval.c:2885 #9 0x0000000000629a1a in Ffuncall (nargs=2, args=0x7fffffffc968) at ../../src/eval.c:2767 #10 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=0, args=0x7fffffffd1e0) at ../../src/bytecode.c:919 #11 0x000000000062a11f in funcall_lambda (fun=..., nargs=0, arg_vector=0x7fffffffd1e0) at ../../src/eval.c:2885 #12 0x0000000000629a1a in Ffuncall (nargs=1, args=0x7fffffffd1d8) at ../../src/eval.c:2767 #13 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=0, args=0x7fffffffdab8) at ../../src/bytecode.c:919 #14 0x000000000062a11f in funcall_lambda (fun=..., nargs=0, arg_vector=0x7fffffffdab8) at ../../src/eval.c:2885 #15 0x0000000000629a1a in Ffuncall (nargs=1, args=0x7fffffffdab0) at ../../src/eval.c:2767 #16 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=0, args=0x7fffffffe260) at ../../src/bytecode.c:919 #17 0x000000000062a11f in funcall_lambda (fun=..., nargs=0, arg_vector=0x7fffffffe260) at ../../src/eval.c:2885 #18 0x0000000000629db3 in apply_lambda (fun=..., args=..., count=3) at ../../src/eval.c:2826 #19 0x0000000000628201 in eval_sub (form=...) at ../../src/eval.c:2226 #20 0x00000000006276a7 in Feval (form=..., lexical=...) at ../../src/eval.c:1996 #21 0x00000000005798fe in top_level_2 () at ../../src/keyboard.c:1148 #22 0x0000000000625ac9 in internal_condition_case (bfun=0x5798e1 <top_level_2>, handlers=..., hfun=0x579300 <cmd_error>) at ../../src/eval.c:1348 #23 0x000000000057993f in top_level_1 (ignore=...) at ../../src/keyboard.c:1156 #24 0x0000000000624ec4 in internal_catch (tag=..., func=0x579900 <top_level_1>, arg=...) at ../../src/eval.c:1108 #25 0x0000000000579839 in command_loop () at ../../src/keyboard.c:1117 #26 0x0000000000578df7 in recursive_edit_1 () at ../../src/keyboard.c:728 #27 0x0000000000578ff3 in Frecursive_edit () at ../../src/keyboard.c:799 #28 0x0000000000576cd3 in main (argc=1, argv=0x7fffffffe8e8) at ../../src/emacs.c:1626 Lisp Backtrace: "x-create-frame" (0xffffb850) "x-create-frame-with-faces" (0xffffc0e0) "make-frame" (0xffffc970) "frame-initialize" (0xffffd1e0) "command-line" (0xffffdab8) "normal-top-level" (0xffffe260) (gdb) p c $38 = (struct image_cache *) 0x1676f90 (gdb) c Continuing. (gdb) bt #0 free_image_cache (f=0xe0c7a0) at ../../src/image.c:1432 #1 0x0000000000524c5e in free_frame_faces (f=0xe0c7a0) at ../../src/xfaces.c:624 #2 0x0000000000548bb0 in x_free_frame_resources (f=0xe0c7a0) at ../../src/xterm.c:10228 #3 0x0000000000550621 in unwind_create_frame (frame=...) at ../../src/xfns.c:2833 #4 0x00000000005549b3 in unwind_create_tip_frame (frame=...) at ../../src/xfns.c:4991 #5 0x000000000062ae77 in unbind_to (count=9, value=...) at ../../src/eval.c:3208 #6 0x0000000000624fa6 in unwind_to_catch (catch=0x15696d0, value=...) at ../../src/eval.c:1157 #7 0x00000000006250b4 in Fthrow (tag=..., value=...) at ../../src/eval.c:1188 #8 0x00000000005799be in Ftop_level () at ../../src/keyboard.c:1179 #9 0x000000000062978c in Ffuncall (nargs=1, args=0x7fffffff9168) at ../../src/eval.c:2715 #10 0x000000000061f642 in Ffuncall_interactively (nargs=1, args=0x7fffffff9168) at ../../src/callint.c:252 #11 0x0000000000629676 in Ffuncall (nargs=2, args=0x7fffffff9160) at ../../src/eval.c:2698 #12 0x0000000000621bf9 in Fcall_interactively (function=..., record_flag=..., keys=...) at ../../src/callint.c:849 #13 0x0000000000629813 in Ffuncall (nargs=4, args=0x7fffffff9688) at ../../src/eval.c:2725 #14 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=1, args=0x7fffffff9f20) at ../../src/bytecode.c:919 #15 0x000000000062a11f in funcall_lambda (fun=..., nargs=1, arg_vector=0x7fffffff9f18) at ../../src/eval.c:2885 #16 0x0000000000629a1a in Ffuncall (nargs=2, args=0x7fffffff9f10) at ../../src/eval.c:2767 #17 0x0000000000629153 in call1 (fn=..., arg1=...) at ../../src/eval.c:2573 #18 0x000000000057a4f6 in command_loop_1 () at ../../src/keyboard.c:1521 #19 0x0000000000625ac9 in internal_condition_case (bfun=0x579c90 <command_loop_1>, handlers=..., hfun=0x579300 <cmd_error>) at ../../src/eval.c:1348 #20 0x00000000005798be in command_loop_2 (ignore=...) at ../../src/keyboard.c:1139 #21 0x0000000000624ec4 in internal_catch (tag=..., func=0x579895 <command_loop_2>, arg=...) at ../../src/eval.c:1108 #22 0x00000000005797f6 in command_loop () at ../../src/keyboard.c:1110 #23 0x0000000000578df7 in recursive_edit_1 () at ../../src/keyboard.c:728 #24 0x0000000000578ff3 in Frecursive_edit () at ../../src/keyboard.c:799 #25 0x000000000062978c in Ffuncall (nargs=1, args=0x7fffffffa408) at ../../src/eval.c:2715 #26 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=2, args=0x7fffffffac98) at ../../src/bytecode.c:919 #27 0x000000000062a11f in funcall_lambda (fun=..., nargs=2, arg_vector=0x7fffffffac98) at ../../src/eval.c:2885 #28 0x0000000000629a1a in Ffuncall (nargs=3, args=0x7fffffffac90) at ../../src/eval.c:2767 #29 0x0000000000628a06 in Fapply (nargs=2, args=0x7fffffffada0) at ../../src/eval.c:2337 #30 0x00000000006290fc in apply1 (fn=..., arg=...) at ../../src/eval.c:2558 #31 0x0000000000622711 in call_debugger (arg=...) at ../../src/eval.c:309 #32 0x0000000000626ab3 in maybe_call_debugger (conditions=..., sig=..., data=...) at ../../src/eval.c:1726 #33 0x00000000006262c8 in Fsignal (error_symbol=..., data=...) at ../../src/eval.c:1544 #34 0x00000000006263fe in xsignal (error_symbol=..., data=...) at ../../src/eval.c:1581 #35 0x000000000062663c in signal_error (s=0x6fd2de "Undefined color", arg=...) at ../../src/eval.c:1636 #36 0x000000000054c091 in x_decode_color (f=0xe0c7a0, color_name=..., mono_color=16777215) at ../../src/xfns.c:495 #37 0x000000000054c566 in x_set_background_color (f=0xe0c7a0, arg=..., oldval=...) at ../../src/xfns.c:638 #38 0x000000000042d45d in x_set_frame_parameters (f=0xe0c7a0, alist=...) at ../../src/frame.c:3152 #39 0x0000000000431ce6 in x_default_parameter (f=0xe0c7a0, alist=..., prop=..., deflt=..., xprop=0x6fd49d "background", xclass=0x6fd908 "Background", type=RES_TYPE_STRING) at ../../src/frame.c:4374 #40 0x000000000055549d in x_create_tip_frame (dpyinfo=0x1622000, parms=..., text=...) at ../../src/xfns.c:5173 #41 0x0000000000556884 in Fx_show_tip (string=..., frame=..., parms=..., timeout=..., dx=..., dy=...) at ../../src/xfns.c:5543 #42 0x0000000000628116 in eval_sub (form=...) at ../../src/eval.c:2200 #43 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #44 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #45 0x00000000006229d4 in Fif (args=...) at ../../src/eval.c:396 #46 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #47 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #48 0x000000000062437c in FletX (args=...) at ../../src/eval.c:896 #49 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #50 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #51 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #52 0x00000000006229d4 in Fif (args=...) at ../../src/eval.c:396 #53 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #54 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #55 0x000000000062437c in FletX (args=...) at ../../src/eval.c:896 #56 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #57 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #58 0x000000000062a511 in funcall_lambda (fun=..., nargs=0, arg_vector=0x0) at ../../src/eval.c:2944 #59 0x0000000000629b19 in Ffuncall (nargs=1, args=0x7fffffffcbb0) at ../../src/eval.c:2779 #60 0x000000000062853a in Fapply (nargs=2, args=0x7fffffffcbb0) at ../../src/eval.c:2289 #61 0x0000000000629676 in Ffuncall (nargs=3, args=0x7fffffffcba8) at ../../src/eval.c:2698 #62 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=0, args=0x0) at ../../src/bytecode.c:919 #63 0x000000000062a5b1 in funcall_lambda (fun=..., nargs=1, arg_vector=0xadb72d) at ../../src/eval.c:2951 #64 0x0000000000629a1a in Ffuncall (nargs=2, args=0x7fffffffd430) at ../../src/eval.c:2767 #65 0x0000000000629153 in call1 (fn=..., arg1=...) at ../../src/eval.c:2573 #66 0x0000000000582a83 in timer_check_2 (timers=..., idle_timers=...) at ../../src/keyboard.c:4533 #67 0x0000000000582bf2 in timer_check () at ../../src/keyboard.c:4600 #68 0x000000000058008d in readable_events (flags=1) at ../../src/keyboard.c:3434 #69 0x000000000058841c in get_input_pending (flags=1) at ../../src/keyboard.c:6818 #70 0x000000000058ff13 in detect_input_pending_run_timers (do_display=true) at ../../src/keyboard.c:9973 #71 0x0000000000684c13 in wait_reading_process_output (time_limit=2025, nsecs=0, read_kbd=-1, do_display=true, wait_for_cell=..., wait_proc=0x0, just_wait_proc=0) at ../../src/process.c:5014 #72 0x0000000000422610 in sit_for (timeout=..., reading=true, display_option=1) at ../../src/dispnew.c:5748 #73 0x000000000057de53 in read_char (commandflag=1, map=..., prev_event=..., used_mouse_menu=0x7fffffffe23f, end_time=0x0) at ../../src/keyboard.c:2781 #74 0x000000000058e17f in read_key_sequence (keybuf=0x7fffffffe410, bufsize=30, prompt=..., dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false) at ../../src/keyboard.c:9156 #75 0x000000000057a0e7 in command_loop_1 () at ../../src/keyboard.c:1407 #76 0x0000000000625ac9 in internal_condition_case (bfun=0x579c90 <command_loop_1>, handlers=..., hfun=0x579300 <cmd_error>) at ../../src/eval.c:1348 #77 0x00000000005798be in command_loop_2 (ignore=...) at ../../src/keyboard.c:1139 #78 0x0000000000624ec4 in internal_catch (tag=..., func=0x579895 <command_loop_2>, arg=...) at ../../src/eval.c:1108 #79 0x0000000000579860 in command_loop () at ../../src/keyboard.c:1118 #80 0x0000000000578df7 in recursive_edit_1 () at ../../src/keyboard.c:728 #81 0x0000000000578ff3 in Frecursive_edit () at ../../src/keyboard.c:799 #82 0x0000000000576cd3 in main (argc=1, argv=0x7fffffffe8e8) at ../../src/emacs.c:1626 Lisp Backtrace: "x-show-tip" (0xffffb810) "progn" (0xffffbb20) "if" (0xffffbd40) "let*" (0xffffc040) "progn" (0xffffc250) "if" (0xffffc470) "let*" (0xffffc770) "eldoc-tooltip--make" (0xffffcbb8) "apply" (0xffffcbb0) "timer-event-handler" (0xffffd438) (gdb) p c $39 = (struct image_cache *) 0x1676f90 (gdb) c Continuing. (gdb) bt #0 0x00000000006c9b5c in cache_image (f=0x13a7e00, img=0x24d7600) at ../../src/image.c:1775 #1 0x00000000006c96e3 in lookup_image (f=0x13a7e00, spec=...) at ../../src/image.c:1686 #2 0x000000000044bebc in handle_single_display_spec (it=0x7fffffff46f0, spec=..., object=..., overlay=..., position=0x7fffffff4828, bufpos=203, display_replaced=0, frame_window_p=true) at ../../src/xdisp.c:5137 #3 0x00000000004498cd in handle_display_spec (it=0x7fffffff46f0, spec=..., object=..., overlay=..., position=0x7fffffff4828, bufpos=203, frame_window_p=true) at ../../src/xdisp.c:4654 #4 0x00000000004492c8 in handle_display_prop (it=0x7fffffff46f0) at ../../src/xdisp.c:4576 #5 0x0000000000445e8d in handle_stop (it=0x7fffffff46f0) at ../../src/xdisp.c:3299 #6 0x0000000000454ee3 in next_element_from_buffer (it=0x7fffffff46f0) at ../../src/xdisp.c:8133 #7 0x00000000004511b5 in get_next_display_element (it=0x7fffffff46f0) at ../../src/xdisp.c:6785 #8 0x000000000047e4ea in display_line (it=0x7fffffff46f0) at ../../src/xdisp.c:20132 #9 0x00000000004719a2 in try_window (window=..., pos=..., flags=1) at ../../src/xdisp.c:16892 #10 0x000000000046df50 in redisplay_window (window=..., just_this_one_p=false) at ../../src/xdisp.c:16365 #11 0x00000000004654d0 in redisplay_window_0 (window=...) at ../../src/xdisp.c:14184 #12 0x0000000000625c43 in internal_condition_case_1 (bfun=0x46548e <redisplay_window_0>, arg=..., handlers=..., hfun=0x465456 <redisplay_window_error>) at ../../src/eval.c:1372 #13 0x000000000046542c in redisplay_windows (window=...) at ../../src/xdisp.c:14164 #14 0x00000000004653e2 in redisplay_windows (window=...) at ../../src/xdisp.c:14158 #15 0x00000000004641e1 in redisplay_internal () at ../../src/xdisp.c:13756 #16 0x0000000000461e04 in redisplay () at ../../src/xdisp.c:13019 #17 0x000000000057d4a3 in read_char (commandflag=1, map=..., prev_event=..., used_mouse_menu=0x7fffffff9d8f, end_time=0x0) at ../../src/keyboard.c:2542 #18 0x000000000058e17f in read_key_sequence (keybuf=0x7fffffff9f60, bufsize=30, prompt=..., dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false) at ../../src/keyboard.c:9156 #19 0x000000000057a0e7 in command_loop_1 () at ../../src/keyboard.c:1407 #20 0x0000000000625ac9 in internal_condition_case (bfun=0x579c90 <command_loop_1>, handlers=..., hfun=0x579300 <cmd_error>) at ../../src/eval.c:1348 #21 0x00000000005798be in command_loop_2 (ignore=...) at ../../src/keyboard.c:1139 #22 0x0000000000624ec4 in internal_catch (tag=..., func=0x579895 <command_loop_2>, arg=...) at ../../src/eval.c:1108 #23 0x00000000005797f6 in command_loop () at ../../src/keyboard.c:1110 #24 0x0000000000578df7 in recursive_edit_1 () at ../../src/keyboard.c:728 #25 0x0000000000578ff3 in Frecursive_edit () at ../../src/keyboard.c:799 #26 0x000000000062978c in Ffuncall (nargs=1, args=0x7fffffffa408) at ../../src/eval.c:2715 #27 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=2, args=0x7fffffffac98) at ../../src/bytecode.c:919 #28 0x000000000062a11f in funcall_lambda (fun=..., nargs=2, arg_vector=0x7fffffffac98) at ../../src/eval.c:2885 #29 0x0000000000629a1a in Ffuncall (nargs=3, args=0x7fffffffac90) at ../../src/eval.c:2767 #30 0x0000000000628a06 in Fapply (nargs=2, args=0x7fffffffada0) at ../../src/eval.c:2337 #31 0x00000000006290fc in apply1 (fn=..., arg=...) at ../../src/eval.c:2558 #32 0x0000000000622711 in call_debugger (arg=...) at ../../src/eval.c:309 #33 0x0000000000626ab3 in maybe_call_debugger (conditions=..., sig=..., data=...) at ../../src/eval.c:1726 #34 0x00000000006262c8 in Fsignal (error_symbol=..., data=...) at ../../src/eval.c:1544 #35 0x00000000006263fe in xsignal (error_symbol=..., data=...) at ../../src/eval.c:1581 #36 0x000000000062663c in signal_error (s=0x6fd2de "Undefined color", arg=...) at ../../src/eval.c:1636 #37 0x000000000054c091 in x_decode_color (f=0x26aafb0, color_name=..., mono_color=16777215) at ../../src/xfns.c:495 #38 0x000000000054c566 in x_set_background_color (f=0x26aafb0, arg=..., oldval=...) at ../../src/xfns.c:638 #39 0x000000000042d45d in x_set_frame_parameters (f=0x26aafb0, alist=...) at ../../src/frame.c:3152 #40 0x0000000000431ce6 in x_default_parameter (f=0x26aafb0, alist=..., prop=..., deflt=..., xprop=0x6fd49d "background", xclass=0x6fd908 "Background", type=RES_TYPE_STRING) at ../../src/frame.c:4374 #41 0x000000000055549d in x_create_tip_frame (dpyinfo=0x1622000, parms=..., text=...) at ../../src/xfns.c:5173 #42 0x0000000000556884 in Fx_show_tip (string=..., frame=..., parms=..., timeout=..., dx=..., dy=...) at ../../src/xfns.c:5543 #43 0x0000000000628116 in eval_sub (form=...) at ../../src/eval.c:2200 #44 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #45 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #46 0x00000000006229d4 in Fif (args=...) at ../../src/eval.c:396 #47 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #48 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #49 0x000000000062437c in FletX (args=...) at ../../src/eval.c:896 #50 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #51 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #52 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #53 0x00000000006229d4 in Fif (args=...) at ../../src/eval.c:396 #54 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #55 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #56 0x000000000062437c in FletX (args=...) at ../../src/eval.c:896 #57 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131 #58 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445 #59 0x000000000062a511 in funcall_lambda (fun=..., nargs=0, arg_vector=0x0) at ../../src/eval.c:2944 #60 0x0000000000629b19 in Ffuncall (nargs=1, args=0x7fffffffcbb0) at ../../src/eval.c:2779 #61 0x000000000062853a in Fapply (nargs=2, args=0x7fffffffcbb0) at ../../src/eval.c:2289 #62 0x0000000000629676 in Ffuncall (nargs=3, args=0x7fffffffcba8) at ../../src/eval.c:2698 #63 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=0, args=0x0) at ../../src/bytecode.c:919 #64 0x000000000062a5b1 in funcall_lambda (fun=..., nargs=1, arg_vector=0xadb72d) at ../../src/eval.c:2951 #65 0x0000000000629a1a in Ffuncall (nargs=2, args=0x7fffffffd430) at ../../src/eval.c:2767 #66 0x0000000000629153 in call1 (fn=..., arg1=...) at ../../src/eval.c:2573 #67 0x0000000000582a83 in timer_check_2 (timers=..., idle_timers=...) at ../../src/keyboard.c:4533 #68 0x0000000000582bf2 in timer_check () at ../../src/keyboard.c:4600 #69 0x000000000058008d in readable_events (flags=1) at ../../src/keyboard.c:3434 #70 0x000000000058841c in get_input_pending (flags=1) at ../../src/keyboard.c:6818 #71 0x000000000058ff13 in detect_input_pending_run_timers (do_display=true) at ../../src/keyboard.c:9973 #72 0x0000000000684c13 in wait_reading_process_output (time_limit=2025, nsecs=0, read_kbd=-1, do_display=true, wait_for_cell=..., wait_proc=0x0, just_wait_proc=0) at ../../src/process.c:5014 #73 0x0000000000422610 in sit_for (timeout=..., reading=true, display_option=1) at ../../src/dispnew.c:5748 #74 0x000000000057de53 in read_char (commandflag=1, map=..., prev_event=..., used_mouse_menu=0x7fffffffe23f, end_time=0x0) at ../../src/keyboard.c:2781 #75 0x000000000058e17f in read_key_sequence (keybuf=0x7fffffffe410, bufsize=30, prompt=..., dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false) at ../../src/keyboard.c:9156 #76 0x000000000057a0e7 in command_loop_1 () at ../../src/keyboard.c:1407 #77 0x0000000000625ac9 in internal_condition_case (bfun=0x579c90 <command_loop_1>, handlers=..., hfun=0x579300 <cmd_error>) at ../../src/eval.c:1348 #78 0x00000000005798be in command_loop_2 (ignore=...) at ../../src/keyboard.c:1139 #79 0x0000000000624ec4 in internal_catch (tag=..., func=0x579895 <command_loop_2>, arg=...) at ../../src/eval.c:1108 #80 0x0000000000579860 in command_loop () at ../../src/keyboard.c:1118 #81 0x0000000000578df7 in recursive_edit_1 () at ../../src/keyboard.c:728 #82 0x0000000000578ff3 in Frecursive_edit () at ../../src/keyboard.c:799 #83 0x0000000000576cd3 in main (argc=1, argv=0x7fffffffe8e8) at ../../src/emacs.c:1626 Lisp Backtrace: "redisplay_internal (C function)" (0x0) "recursive-edit" (0xffffa410) "debug" (0xffffac98) "x-show-tip" (0xffffb810) "progn" (0xffffbb20) "if" (0xffffbd40) "let*" (0xffffc040) "progn" (0xffffc250) "if" (0xffffc470) "let*" (0xffffc770) "eldoc-tooltip--make" (0xffffcbb8) "apply" (0xffffcbb0) "timer-event-handler" (0xffffd438) (gdb) p c $40 = (struct image_cache *) 0x0 (gdb) ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-14 11:00 ` martin rudalics @ 2015-06-14 14:12 ` Eli Zaretskii 2015-06-15 8:22 ` martin rudalics 2015-06-17 9:36 ` martin rudalics 0 siblings, 2 replies; 41+ messages in thread From: Eli Zaretskii @ 2015-06-14 14:12 UTC (permalink / raw) To: martin rudalics; +Cc: tobias.getzner, 20802 > Date: Sun, 14 Jun 2015 13:00:57 +0200 > From: martin rudalics <rudalics@gmx.at> > CC: tobias.getzner@gmx.de, 20802@debbugs.gnu.org > > What happens is given in the backtraces below. The first breakpoint is > hit when Emacs creates the image cache for the original frame > (f=0x13a7e00). The second breakpoint is hit when freeing the image > cache for the tooltip frame (f=0xe0c7a0). This removes the image_cache > created in make_image_cache at 0x1676f90. The third breakpoint is the > same as in my earlier posts. > > The reason seems obvious: When the color is not defined for the tooltip > frame we do _not_ increment the refcount of the image cache. But we > subsequently free the image cache in unwind_create_frame. Bad luck. Thanks. Now I know why this cannot be reproduced on Windows: this is bug#17524 coming back to haunt us. That bug was reported on Windows, I fixed it on Windows, then suggested a similar fix for X, but was told it didn't help there. So now please try making a fix on X similar to commit ebdc80316, and if that indeed doesn't help with this crash, perhaps some simple variation of that will. TIA ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-14 14:12 ` Eli Zaretskii @ 2015-06-15 8:22 ` martin rudalics 2015-06-15 15:01 ` Eli Zaretskii 2015-06-17 9:36 ` martin rudalics 1 sibling, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-15 8:22 UTC (permalink / raw) To: Eli Zaretskii; +Cc: tobias.getzner, 20802 > Thanks. Now I know why this cannot be reproduced on Windows: this is > bug#17524 coming back to haunt us. That bug was reported on Windows, > I fixed it on Windows, then suggested a similar fix for X, but was > told it didn't help there. > > So now please try making a fix on X similar to commit ebdc80316, and > if that indeed doesn't help with this crash, perhaps some simple > variation of that will. Sorry. I must be missing something very elementary here. Your "shadow" refcounts #ifdef GLYPH_DEBUG static int image_cache_refcount, dpyinfo_refcount; #endif are defined iff you have GLYPH_DEBUG defined. How are these supposed to work when GLYPH_DEBUG is not defined? martin ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-15 8:22 ` martin rudalics @ 2015-06-15 15:01 ` Eli Zaretskii 2015-06-15 16:00 ` martin rudalics 0 siblings, 1 reply; 41+ messages in thread From: Eli Zaretskii @ 2015-06-15 15:01 UTC (permalink / raw) To: martin rudalics; +Cc: tobias.getzner, 20802 > Date: Mon, 15 Jun 2015 10:22:40 +0200 > From: martin rudalics <rudalics@gmx.at> > CC: tobias.getzner@gmx.de, 20802@debbugs.gnu.org > > > Thanks. Now I know why this cannot be reproduced on Windows: this is > > bug#17524 coming back to haunt us. That bug was reported on Windows, > > I fixed it on Windows, then suggested a similar fix for X, but was > > told it didn't help there. > > > > So now please try making a fix on X similar to commit ebdc80316, and > > if that indeed doesn't help with this crash, perhaps some simple > > variation of that will. > > Sorry. I must be missing something very elementary here. Your "shadow" > refcounts > > #ifdef GLYPH_DEBUG > static int image_cache_refcount, dpyinfo_refcount; > #endif > > are defined iff you have GLYPH_DEBUG defined. How are these supposed to > work when GLYPH_DEBUG is not defined? It cannot, obviously. Bug#17524 was reported in the GLYPH_DEBUG code: the assertion there segfaulted when it tried to access the image cache. So the code was fixed only for that situation. Doing that for a non-GLYPH_DEBUG code will require the shadow variable to come out of that condition as well. Or use some other flag variable to indicate that x_free_frame_resources is about to be called when the refcount was not yet incremented. IOW, that bug was mentioned as a source of ideas, not as something to copy verbatim to xfns.c. Sorry if I was unclear about that. ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-15 15:01 ` Eli Zaretskii @ 2015-06-15 16:00 ` martin rudalics 2015-06-15 17:29 ` Eli Zaretskii 0 siblings, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-15 16:00 UTC (permalink / raw) To: Eli Zaretskii; +Cc: tobias.getzner, 20802 >> How are these supposed to >> work when GLYPH_DEBUG is not defined? > > It cannot, obviously. Bug#17524 was reported in the GLYPH_DEBUG code: > the assertion there segfaulted when it tried to access the image > cache. So the code was fixed only for that situation. Hmmm ... you should have told Michael back then. You clairvoyantly identified the problem then as ... But the real problem is that call to x_free_frame_resources, which eventually calls free_frame_faces, which decrements the image-cache refcount and frees the image cache, because the refcount goes to zero. ... but the recipe ... So I think the X version needs the same change I made in w32fns.c in revision 117131, modulo the changes to the assertions. ... was misleading because the bug was triggerd without violating an assertion. I doubt that Michael then build with glyph debugging enabled because otherwise his fix should have helped indeed. > IOW, that bug was mentioned as a source of ideas, not as something to > copy verbatim to xfns.c. Sorry if I was unclear about that. OK. One last question: In struct image_cache we specify refcount as ptrdiff_t while w32fns.c defines image_cache_refcount as int. Both xfns.c and nsfns.m define image_cache_refcount as ptrdiff_t. Shouldn't we uniquify this? martin ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-15 16:00 ` martin rudalics @ 2015-06-15 17:29 ` Eli Zaretskii 2015-06-16 13:30 ` martin rudalics 0 siblings, 1 reply; 41+ messages in thread From: Eli Zaretskii @ 2015-06-15 17:29 UTC (permalink / raw) To: martin rudalics; +Cc: tobias.getzner, 20802 > Date: Mon, 15 Jun 2015 18:00:55 +0200 > From: martin rudalics <rudalics@gmx.at> > CC: tobias.getzner@gmx.de, 20802@debbugs.gnu.org > > One last question: In struct image_cache we specify refcount as > ptrdiff_t while w32fns.c defines image_cache_refcount as int. Both > xfns.c and nsfns.m define image_cache_refcount as ptrdiff_t. Shouldn't > we uniquify this? Yes, please. The fewer differences between the various *fns.c and *term.c functions with similar, let alone identical names, the better. Thanks. ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-15 17:29 ` Eli Zaretskii @ 2015-06-16 13:30 ` martin rudalics 2015-06-16 14:54 ` Eli Zaretskii 0 siblings, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-16 13:30 UTC (permalink / raw) To: Eli Zaretskii; +Cc: tobias.getzner, 20802 In 32a4883..93ae9f4 master -> master I checked in a fix for X and NS although I wasn't able to reproduce the crash on the latter (probably due to the fact that on NS like with the native Gtk tooltips one can't override the colors anyway). >> One last question: In struct image_cache we specify refcount as >> ptrdiff_t while w32fns.c defines image_cache_refcount as int. Both >> xfns.c and nsfns.m define image_cache_refcount as ptrdiff_t. Shouldn't >> we uniquify this? > > Yes, please. The fewer differences between the various *fns.c and > *term.c functions with similar, let alone identical names, the better. I made it a ptrdiff_t on Windows. Thanks for the basic work, martin ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-16 13:30 ` martin rudalics @ 2015-06-16 14:54 ` Eli Zaretskii 0 siblings, 0 replies; 41+ messages in thread From: Eli Zaretskii @ 2015-06-16 14:54 UTC (permalink / raw) To: martin rudalics; +Cc: tobias.getzner, 20802 > Date: Tue, 16 Jun 2015 15:30:14 +0200 > From: martin rudalics <rudalics@gmx.at> > CC: tobias.getzner@gmx.de, 20802@debbugs.gnu.org > > In 32a4883..93ae9f4 master -> master I checked in a fix for X and NS > although I wasn't able to reproduce the crash on the latter (probably > due to the fact that on NS like with the native Gtk tooltips one can't > override the colors anyway). > > >> One last question: In struct image_cache we specify refcount as > >> ptrdiff_t while w32fns.c defines image_cache_refcount as int. Both > >> xfns.c and nsfns.m define image_cache_refcount as ptrdiff_t. Shouldn't > >> we uniquify this? > > > > Yes, please. The fewer differences between the various *fns.c and > > *term.c functions with similar, let alone identical names, the better. > > I made it a ptrdiff_t on Windows. Thanks. ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-14 14:12 ` Eli Zaretskii 2015-06-15 8:22 ` martin rudalics @ 2015-06-17 9:36 ` martin rudalics 2015-06-17 16:39 ` Eli Zaretskii 1 sibling, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-17 9:36 UTC (permalink / raw) To: Eli Zaretskii; +Cc: tobias.getzner, 20802 > Thanks. Now I know why this cannot be reproduced on Windows: this is > bug#17524 coming back to haunt us. That bug was reported on Windows, > I fixed it on Windows, then suggested a similar fix for X, but was > told it didn't help there. > > So now please try making a fix on X similar to commit ebdc80316, and > if that indeed doesn't help with this crash, perhaps some simple > variation of that will. I'm meanwhile quite confident that we cannot fix the problem with refcounts in the first place. Consider the following scenario: First make sure that the *Backtrace* window will pop up on a new frame. Then make sure that you can trigger its creation, for example, by specifying an invalid color as with the present bug. Also let's assume we use a static variable old_refcount as our shadow copy of the "real" refcount. Now the following will happen: (1) x_create_tip_frame copies the current value of the real refcount into old_refcount. (2) The bug triggers and causes Emacs to pop up the *Backtrace* window. ‘x-create-frame’ copies the value of the real refcount into old_refcount and afterwards increments the real refcount. (3) Now unwind_create_frame will be run for the tip frame we tried to create in (1). old_refcount won't equal the real refcount since the latter was incremented in (2) so we leave the real refcount alone. Subsequently we decrement the real refcount and the real refcount will no longer reflect the number of frames referencing the object it guards. So IMHO we have to maintain for every object currently guarded by a refcount a list of the frames referencing the object. Or, have each frame keep a pointer to all objects it needs and when deleting a frame look for each object it guards whether at least one other frame exists that guards the same object. Suggestions welcome. martin ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-17 9:36 ` martin rudalics @ 2015-06-17 16:39 ` Eli Zaretskii 2015-06-17 18:56 ` Stefan Monnier 2015-06-18 13:37 ` martin rudalics 0 siblings, 2 replies; 41+ messages in thread From: Eli Zaretskii @ 2015-06-17 16:39 UTC (permalink / raw) To: martin rudalics; +Cc: tobias.getzner, 20802 > Date: Wed, 17 Jun 2015 11:36:25 +0200 > From: martin rudalics <rudalics@gmx.at> > CC: tobias.getzner@gmx.de, 20802@debbugs.gnu.org > > I'm meanwhile quite confident that we cannot fix the problem with > refcounts in the first place. Consider the following scenario: First > make sure that the *Backtrace* window will pop up on a new frame. Then > make sure that you can trigger its creation, for example, by specifying > an invalid color as with the present bug. Also let's assume we use a > static variable old_refcount as our shadow copy of the "real" refcount. > > Now the following will happen: > > (1) x_create_tip_frame copies the current value of the real refcount > into old_refcount. > > (2) The bug triggers and causes Emacs to pop up the *Backtrace* window. > ‘x-create-frame’ copies the value of the real refcount into > old_refcount and afterwards increments the real refcount. > > (3) Now unwind_create_frame will be run for the tip frame we tried to > create in (1). old_refcount won't equal the real refcount since the > latter was incremented in (2) so we leave the real refcount alone. > Subsequently we decrement the real refcount and the real refcount > will no longer reflect the number of frames referencing the object > it guards. > > So IMHO we have to maintain for every object currently guarded by a > refcount a list of the frames referencing the object. Or, have each > frame keep a pointer to all objects it needs and when deleting a frame > look for each object it guards whether at least one other frame exists > that guards the same object. Suggestions welcome. Why can't we simply move the code that frees the image cache to delete_terminal? There's only one image cache for each terminal, and it's shared by all frames on that terminal, right? And we call delete-terminal when we delete the last frame on the terminal, right? ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-17 16:39 ` Eli Zaretskii @ 2015-06-17 18:56 ` Stefan Monnier 2015-06-18 13:37 ` martin rudalics 1 sibling, 0 replies; 41+ messages in thread From: Stefan Monnier @ 2015-06-17 18:56 UTC (permalink / raw) To: Eli Zaretskii; +Cc: tobias.getzner, 20802 > Why can't we simply move the code that frees the image cache to > delete_terminal? There's only one image cache for each terminal, and > it's shared by all frames on that terminal, right? And we call > delete-terminal when we delete the last frame on the terminal, right? Indeed. I think this is just a left over from when the image_cache was located inside the "struct frame", and I simply failed to update this part when I moved the cache to the "struct terminal". Of course, that was many years ago, so maybe I did look into it and discovered it wasn't that simple, but if so, I have no recollection of that. Stefan ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-17 16:39 ` Eli Zaretskii 2015-06-17 18:56 ` Stefan Monnier @ 2015-06-18 13:37 ` martin rudalics 2015-06-18 15:53 ` Eli Zaretskii 1 sibling, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-18 13:37 UTC (permalink / raw) To: Eli Zaretskii; +Cc: tobias.getzner, 20802 > Why can't we simply move the code that frees the image cache to > delete_terminal? There's only one image cache for each terminal, and > it's shared by all frames on that terminal, right? And we call > delete-terminal when we delete the last frame on the terminal, right? ‘delete-terminal’ can run into precisely the same problem I described in my previous scenario. IMHO we have to give up the idea of using refcounts to tell whether a frame might still use some object - they are not up to this task. martin ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-18 13:37 ` martin rudalics @ 2015-06-18 15:53 ` Eli Zaretskii 2015-06-18 16:48 ` martin rudalics 0 siblings, 1 reply; 41+ messages in thread From: Eli Zaretskii @ 2015-06-18 15:53 UTC (permalink / raw) To: martin rudalics; +Cc: tobias.getzner, 20802 > Date: Thu, 18 Jun 2015 15:37:20 +0200 > From: martin rudalics <rudalics@gmx.at> > CC: tobias.getzner@gmx.de, 20802@debbugs.gnu.org > > > Why can't we simply move the code that frees the image cache to > > delete_terminal? There's only one image cache for each terminal, and > > it's shared by all frames on that terminal, right? And we call > > delete-terminal when we delete the last frame on the terminal, right? > > ‘delete-terminal’ can run into precisely the same problem I described in > my previous scenario. IMHO we have to give up the idea of using > refcounts to tell whether a frame might still use some object - they are > not up to this task. These are 2 different issues. Do you agree that there's no need to decide whether we should free the image cache while deleting a frame, and instead do that when we delete a terminal? If you agree, we should move the code that frees the image cache there. If, in addition, you are saying that we will sometimes delete a terminal when it still has live frames, then we could simply count the frames on a terminal instead of using a refcount. Something like this (we already have similar code in delete_frame): count = 0; FOR_EACH_FRAME (tail, frame1) if (FRAME_TERMINAL (XFRAME (frame)) == FRAME_TERMINAL (XFRAME (frame1))) count++; ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-18 15:53 ` Eli Zaretskii @ 2015-06-18 16:48 ` martin rudalics 2015-06-18 17:17 ` Eli Zaretskii 0 siblings, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-18 16:48 UTC (permalink / raw) To: Eli Zaretskii; +Cc: tobias.getzner, 20802 > Do you agree that there's no need to decide whether we should free the > image cache while deleting a frame, and instead do that when we delete > a terminal? If you agree, we should move the code that frees the > image cache there. I do agree. > If, in addition, you are saying that we will sometimes delete a > terminal when it still has live frames, frame.c has this very cryptic /* FIXME: Deleting the terminal crashes emacs because of a GTK bug. http://lists.gnu.org/archive/html/emacs-devel/2011-10/msg00363.html */ I doubt it's a Gtk bug. It certainly is related to refcounts. > then we could simply count the > frames on a terminal instead of using a refcount. Something like this > (we already have similar code in delete_frame): > > count = 0; > FOR_EACH_FRAME (tail, frame1) > if (FRAME_TERMINAL (XFRAME (frame)) == FRAME_TERMINAL (XFRAME (frame1))) > count++; Something like that. In any case we should get rid of _all_ refcounts for frames and displays. If you came up with a patch for Windows I could do the remaining platforms (I'm not very eager doing this from scratch since I build without image support and there might be some wrinkle where testing with image support would be safer). martin ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-18 16:48 ` martin rudalics @ 2015-06-18 17:17 ` Eli Zaretskii 2015-06-18 17:36 ` martin rudalics 0 siblings, 1 reply; 41+ messages in thread From: Eli Zaretskii @ 2015-06-18 17:17 UTC (permalink / raw) To: martin rudalics; +Cc: tobias.getzner, 20802 > Date: Thu, 18 Jun 2015 18:48:29 +0200 > From: martin rudalics <rudalics@gmx.at> > CC: tobias.getzner@gmx.de, 20802@debbugs.gnu.org > > > then we could simply count the > > frames on a terminal instead of using a refcount. Something like this > > (we already have similar code in delete_frame): > > > > count = 0; > > FOR_EACH_FRAME (tail, frame1) > > if (FRAME_TERMINAL (XFRAME (frame)) == FRAME_TERMINAL (XFRAME (frame1))) > > count++; > > Something like that. In any case we should get rid of _all_ refcounts > for frames and displays. If you came up with a patch for Windows I > could do the remaining platforms (I'm not very eager doing this from > scratch since I build without image support and there might be some > wrinkle where testing with image support would be safer). I could try, but please keep in mind that we never delete a terminal on Windows, until Emacs exits. That part must be tested on Unix. ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-18 17:17 ` Eli Zaretskii @ 2015-06-18 17:36 ` martin rudalics 2015-06-18 18:00 ` Eli Zaretskii 0 siblings, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-18 17:36 UTC (permalink / raw) To: Eli Zaretskii; +Cc: tobias.getzner, 20802 > I could try, Thanks. > but please keep in mind that we never delete a terminal > on Windows, until Emacs exits. So on Windows we would keep the image cache forever? > That part must be tested on Unix. martin ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-18 17:36 ` martin rudalics @ 2015-06-18 18:00 ` Eli Zaretskii 2015-06-19 6:43 ` martin rudalics 0 siblings, 1 reply; 41+ messages in thread From: Eli Zaretskii @ 2015-06-18 18:00 UTC (permalink / raw) To: martin rudalics; +Cc: tobias.getzner, 20802 > Date: Thu, 18 Jun 2015 19:36:07 +0200 > From: martin rudalics <rudalics@gmx.at> > CC: tobias.getzner@gmx.de, 20802@debbugs.gnu.org > > > but please keep in mind that we never delete a terminal > > on Windows, until Emacs exits. > > So on Windows we would keep the image cache forever? Yes. We keep it forever already. Well, except maybe with the recently-added daemon mode, when all the frames are gone. ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-18 18:00 ` Eli Zaretskii @ 2015-06-19 6:43 ` martin rudalics 0 siblings, 0 replies; 41+ messages in thread From: martin rudalics @ 2015-06-19 6:43 UTC (permalink / raw) To: Eli Zaretskii; +Cc: tobias.getzner, 20802 >> So on Windows we would keep the image cache forever? > > Yes. We keep it forever already. Then don't bother. I'll have to figure this out myself. martin ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-13 10:25 ` martin rudalics 2015-06-13 10:54 ` Eli Zaretskii @ 2022-04-29 11:45 ` Lars Ingebrigtsen 2022-05-28 10:58 ` Lars Ingebrigtsen 1 sibling, 1 reply; 41+ messages in thread From: Lars Ingebrigtsen @ 2022-04-29 11:45 UTC (permalink / raw) To: martin rudalics; +Cc: Tobias Getzner, 20802 martin rudalics <rudalics@gmx.at> writes: > Below is a bt after setting an invalid background color. Tooltips are > shown via ‘x-show-tip’ and the crash triggers after the backtrace buffer > complaining about the invalid color popped up and I tried to switch to > another buffer. I have no idea whether it's the OP's original issue. (I'm going through old bug reports that unfortunately weren't resolved at the time.) I may be missing something, but I didn't see an actual case to reproduce this problem. But this was six years ago -- is this problem still present in recent Emacs versions, Tobias? -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2022-04-29 11:45 ` Lars Ingebrigtsen @ 2022-05-28 10:58 ` Lars Ingebrigtsen 0 siblings, 0 replies; 41+ messages in thread From: Lars Ingebrigtsen @ 2022-05-28 10:58 UTC (permalink / raw) To: martin rudalics; +Cc: Eli Zaretskii, Tobias Getzner, 20802 Lars Ingebrigtsen <larsi@gnus.org> writes: > I may be missing something, but I didn't see an actual case to reproduce > this problem. But this was six years ago -- is this problem still > present in recent Emacs versions, Tobias? More information was requested, but no response was given within a month, so I'm closing this bug report. If the problem still exists, please respond to this email and we'll reopen the bug report. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-13 9:38 ` Eli Zaretskii 2015-06-13 10:25 ` martin rudalics @ 2015-06-16 7:21 ` Tobias Getzner 2015-06-16 13:30 ` martin rudalics 1 sibling, 1 reply; 41+ messages in thread From: Tobias Getzner @ 2015-06-16 7:21 UTC (permalink / raw) To: Eli Zaretskii, 20802 On Sa, 2015-06-13 at 12:38 +0300, Eli Zaretskii wrote: > > From: Tobias Getzner <tobias.getzner@gmx.de> > > Date: Sat, 13 Jun 2015 11:18:38 +0200 > > > > When x-gtk-use-system-tooltips is set to nil, and the tooltip face > > is > > customized using an invalid color string such as #zz, Emacs will > > segfault when a tooltip is being drawn. > > I cannot reproduce this on my system, so please show a backtrace from > running Emacs inside GDB. Also, please tell how you customized the > face color, exactly -- it could be that only some specific ways of > customizing it cause the problem. Thanks to Martin for reproducing. From what little I can infer, you seem to have made sense of this already, but just for the sake of completeness, below is my backtrace. The line numbers seem a bit different, but I guess it’s otherwise identical to Martin’s? This was after setting x-gtk-use-system-tooltip to nil and customizing the tooltip face to #qqq. Best, and thanks, TG Program received signal SIGSEGV, Segmentation fault. cache_image (f=0x1170a68, img=<optimized out>) at image.c:1782 1782 for (i = 0; i < c->used; ++i) (gdb) bt #0 cache_image (f=0x1170a68, img=<optimized out>) at image.c:1782 #1 lookup_image (f=0x1170a68, spec=spec@entry=19521878) at image.c:1693 #2 0x00000000004393ff in handle_single_display_spec (it=it@entry=0x7ff fffff7da0, spec=<optimized out>, object=object@entry=31549445, overlay=overlay@entry=12308786, position=position@entry=0x7fffffff7ed8, bufpos=bufpos@entry=255, display_replaced_p=0, frame_window_p=1) at xdisp.c:5310 #3 0x0000000000439fd8 in handle_display_spec (it=it@entry=0x7fffffff7d a0, spec=<optimized out>, object=object@entry=31549445, overlay=12308786, position=position@entry=0x7fffffff7ed8, bufpos=bufpos@entry=255, frame_window_p=1) at xdisp.c:4836 #4 0x000000000043a299 in handle_display_prop (it=0x7fffffff7da0) at xdisp.c:4759 #5 0x000000000043d002 in handle_stop (it=it@entry=0x7fffffff7da0) at xdisp.c:3492 #6 0x00000000004463a2 in next_element_from_buffer (it=0x7fffffff7da0) at xdisp.c:8290 #7 0x0000000000441275 in get_next_display_element (it=it@entry=0x7ffff fff7da0) at xdisp.c:6944 #8 0x0000000000447188 in display_line (it=it@entry=0x7fffffff7da0) at xdisp.c:20241 #9 0x000000000044b6ea in try_window (window=window@entry=18291325, pos=..., flags=flags@entry=1) at xdisp.c:17007 #10 0x000000000046170e in redisplay_window (window=18291325, just_this_one_p=just_this_one_p@entry=false) at xdisp.c:16486 #11 0x0000000000463aa3 in redisplay_window_0 (window=window@entry=18291 325) at xdisp.c:14373 #12 0x000000000055b53b in internal_condition_case_1 ( bfun=bfun@entry=0x463a70 <redisplay_window_0>, arg=18291325, handlers=<optimized out>, hfun=hfun@entry=0x42be50 <redisplay_window_error>) at eval.c:1372 #13 0x0000000000430caf in redisplay_windows (window=18291325) at xdisp.c:14353 #14 0x0000000000450331 in redisplay_internal () at xdisp.c:13949 #15 0x0000000000452530 in redisplay_preserve_echo_area ( from_where=from_where@entry=2) at xdisp.c:14206 #16 0x000000000041b065 in Fredisplay (force=12308786) at dispnew.c:5896 #17 0x000000000055d1a7 in Ffuncall (nargs=<optimized out>, args=args@entry=0x7fffffffc1f0) at eval.c:2811 #18 0x00000000005927c3 in exec_byte_code (bytestr=<optimized out>, vector=8822021, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs@entry=1, args=<optimized out>, args@entry=0x869ce1 <pure+123745>) at bytecode.c:916 #19 0x000000000055ccb7 in funcall_lambda (fun=140737488339872, nargs=nargs@entry=1, arg_vector=0x869ce1 <pure+123745>, arg_vector@entry=0x7fffffffc340) at eval.c:2978 #20 0x000000000055cfbb in Ffuncall (nargs=2, args=args@entry=0x7fffffff c338) at eval.c:2872 #21 0x00000000005927c3 in exec_byte_code (bytestr=<optimized out>, vector=10488933, maxdepth=<optimized out>, args_template=<optimized out>, nargs=<optimized out>, args=<optimized out>) at bytecode.c:916 #22 0x000000000055c4e3 in eval_sub (form=<optimized out>) at eval.c:2187 #23 0x000000000055fbc3 in Fprogn (body=10488838) at eval.c:462 #24 internal_lisp_condition_case (var=<optimized out>, bodyform=10488550, handlers=<optimized out>) at eval.c:1306 #25 0x0000000000593bcf in exec_byte_code (bytestr=<optimized out>, vector=10488493, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:1162 #26 0x000000000055cc1f in funcall_lambda (fun=10488365, nargs=nargs@entry=2, arg_vector=arg_vector@entry=0x7fffffffc720) at eval.c:3044 #27 0x000000000055cfbb in Ffuncall (nargs=3, args=args@entry=0x7fffffff c718) at eval.c:2872 #28 0x00000000005927c3 in exec_byte_code (bytestr=<optimized out>, vector=10490901, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:916 #29 0x000000000055cc1f in funcall_lambda (fun=10490821, nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffc978) at eval.c:3044 #30 0x000000000055cfbb in Ffuncall (nargs=2, args=0x7fffffffc970) at eval.c:2872 #31 0x000000000055b89d in run_hook_with_args (nargs=2, args=0x7fffffffc970, funcall=0x55cd90 <Ffuncall>) at eval.c:2547 #32 0x000000000055d09a in Ffuncall (nargs=<optimized out>, args=args@entry=0x7fffffffc968) at eval.c:2792 #33 0x00000000005927c3 in exec_byte_code (bytestr=<optimized out>, vector=10488085, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:916 #34 0x000000000055cc1f in funcall_lambda (fun=10488021, nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffcbf8) at eval.c:3044 #35 0x000000000055cfbb in Ffuncall (nargs=nargs@entry=2, args=args@entry=0x7fffffffcbf0) at eval.c:2872 #36 0x000000000055e6a2 in Fapply (nargs=2, args=0x7fffffffcbf0) at eval.c:2297 #37 0x000000000055d09a in Ffuncall (nargs=<optimized out>, args=args@entry=0x7fffffffcbe8) at eval.c:2792 #38 0x00000000005927c3 in exec_byte_code (bytestr=<optimized out>, vector=10054405, maxdepth=<optimized out>, args_template=<optimized out>, nargs=<optimized out>, args=<optimized out>) at bytecode.c:916 #39 0x000000000055c4e3 in eval_sub (form=form@entry=10054326) at eval.c:2187 #40 0x000000000055fade in internal_lisp_condition_case (var=<optimized out>, bodyform=10054326, handlers=<optimized out>) at eval.c:1317 #41 0x0000000000593bcf in exec_byte_code (bytestr=<optimized out>, vector=10054093, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:1162 #42 0x000000000055cc1f in funcall_lambda (fun=10054013, nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffcfe8) at eval.c:3044 #43 0x000000000055cfbb in Ffuncall (nargs=nargs@entry=2, args=args@entry=0x7fffffffcfe0) at eval.c:2872 #44 0x000000000055d2da in call1 (fn=<optimized out>, arg1=arg1@entry=18 809933) at eval.c:2610 #45 0x00000000004ef218 in timer_check_2 (idle_timers=<optimized out>, timers=<optimized out>) at keyboard.c:4515 #46 timer_check () at keyboard.c:4582 #47 0x00000000004ef5d1 in readable_events (flags=1) at keyboard.c:3448 #48 0x00000000004f0c78 in get_input_pending (flags=flags@entry=1) at keyboard.c:6766 #49 0x00000000004f3ea8 in detect_input_pending_run_timers ( do_display=do_display@entry=true) at keyboard.c:9895 #50 0x000000000059cd8c in wait_reading_process_output ( time_limit=time_limit@entry=30, nsecs=nsecs@entry=0, read_kbd=read_kbd@entry=-1, do_display=do_display@entry=true, wait_for_cell=12308786, wait_proc=wait_proc@entry=0x0, just_wait_proc=0) at process.c:4702 #51 0x00000000004221f3 in sit_for (timeout=<optimized out>, reading=reading@entry=true, display_option=display_option@entry=1) at dispnew.c:5867 #52 0x00000000004f4df4 in read_char (commandflag=1, map=map@entry=35325 094, prev_event=12308786, used_mouse_menu=used_mouse_menu@entry=0x7fffffffd7bb, end_time=end_time@entry=0x0) at keyboard.c:2810 #53 0x00000000004f5fcd in read_key_sequence (keybuf=keybuf@entry=0x7fff ffffd890, prompt=12308786, dont_downcase_last=dont_downcase_last@entry=false, can_return_switch_frame=can_return_switch_frame@entry=true, fix_current_buffer=fix_current_buffer@entry=true, prevent_redisplay=prevent_redisplay@entry=false, bufsize=30) at keyboard.c:9089 #54 0x00000000004f7d30 in command_loop_1 () at keyboard.c:1453 #55 0x000000000055b417 in internal_condition_case (bfun=bfun@entry=0x4f 7b30 <command_loop_1>, handlers=<optimized out>, hfun=hfun@entry=0x4ee880 <cmd_error>) at eval.c:1348 #56 0x00000000004e9d6e in command_loop_2 (ignore=ignore@entry=12308786) at keyboard.c:1178 #57 0x000000000055b2fb in internal_catch (tag=12356258, func=func@entry=0x4e9d50 <command_loop_2>, arg=12308786) at eval.c:1112 #58 0x00000000004ee467 in command_loop () at keyboard.c:1157 #59 recursive_edit_1 () at keyboard.c:778 #60 0x00000000004ee7a8 in Frecursive_edit () at keyboard.c:849 #61 0x00000000004181a9 in main (argc=<optimized out>, argv=0x7fffffffdbf8) at emacs.c:1642 ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-16 7:21 ` Tobias Getzner @ 2015-06-16 13:30 ` martin rudalics 2015-06-16 15:34 ` Tobias Getzner 0 siblings, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-16 13:30 UTC (permalink / raw) To: Tobias Getzner, Eli Zaretskii, 20802 > This was after setting x-gtk-use-system-tooltip to nil and customizing > the tooltip face to #qqq. [...] > Program received signal SIGSEGV, Segmentation fault. > cache_image (f=0x1170a68, img=<optimized out>) at image.c:1782 > 1782 for (i = 0; i < c->used; ++i) This should be indeed the same segfault I saw. Meanwhile I checked in a fix on trunk/master. If you can build Emacs please try it. Thanks for report and backtrace, martin ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-16 13:30 ` martin rudalics @ 2015-06-16 15:34 ` Tobias Getzner 2015-06-16 15:58 ` Eli Zaretskii 0 siblings, 1 reply; 41+ messages in thread From: Tobias Getzner @ 2015-06-16 15:34 UTC (permalink / raw) To: martin rudalics, Eli Zaretskii, 20802 On Di, 2015-06-16 at 15:30 +0200, martin rudalics wrote: > > This was after setting x-gtk-use-system-tooltip to nil and > customizing > > the tooltip face to #qqq. > [...] > > Program received signal SIGSEGV, Segmentation fault. > > cache_image (f=0x1170a68, img=<optimized out>) at image.c:1782 > > 1782 for (i = 0; i < c->used; ++i) > > This should be indeed the same segfault I saw. Meanwhile I checked > in a > fix on trunk/master. If you can build Emacs please try it. > Thanks! I built from master (34a43ba), which includes your 93ae9f4. I’m still seeing a segfault for the steps given above. Backtrace below. Best, TG Program received signal SIGSEGV, Segmentation fault. lookup_image (f=0x1195480, spec=spec@entry=16917427) at image.c:1744 1744 cache_image (f, img); (gdb) bt #0 lookup_image (f=0x1195480, spec=spec@entry=16917427) at image.c:1744 #1 0x000000000043737f in calc_pixel_width_or_height (res=res@entry=0x7fffffff37c8, it=it@entry=0x7fffffff72f0, prop=16917427, font=font@entry=0x11986c0, width_p=width_p@entry=true, align_to=align_to@entry=0x7fffffff3890) at xdisp.c:24019 #2 0x00000000004370e8 in calc_pixel_width_or_height (align_to=0x7fffffff3890, width_p=<optimized out>, font=0x11986c0, prop=<optimized out>, it=0x7fffffff72f0, res=0x7fffffff37c8) at xdisp.c:24056 #3 calc_pixel_width_or_height (res=res@entry=0x7fffffff3838, it=it@entry=0x7fffffff72f0, prop=16917347, font=font@entry=0x11986c0, width_p=width_p@entry=true, align_to=align_to@entry=0x7fffffff3890) at xdisp.c:24058 #4 0x00000000004372e6 in calc_pixel_width_or_height (align_to=0x7fffffff3890, width_p=true, font=0x11986c0, prop=<optimized out>, it=0x7fffffff72f0, res=0x7fffffff3838) at xdisp.c:23902 #5 calc_pixel_width_or_height (res=res@entry=0x7fffffff3898, it=it@entry=0x7fffffff72f0, prop=<optimized out>, font=font@entry=0x11986c0, width_p=width_p@entry=true, align_to=align_to@entry=0x7fffffff3890) at xdisp.c:24033 #6 0x000000000045b4f1 in calc_pixel_width_or_height (align_to=0x7fffffff3890, width_p=true, font=0x11986c0, prop=<optimized out>, it=0x7fffffff72f0, res=0x7fffffff3898) at xdisp.c:25909 #7 produce_stretch_glyph (it=0x7fffffff72f0) at xdisp.c:25910 #8 0x000000000045a415 in x_produce_glyphs (it=0x7fffffff72f0) at xdisp.c:27136 #9 0x00000000004480ee in display_line (it=it@entry=0x7fffffff72f0) at xdisp.c:20223 #10 0x000000000044c6ca in try_window (window=window@entry=18441365, pos=..., flags=flags@entry=1) at xdisp.c:16889 #11 0x00000000004627d2 in redisplay_window (window=18441365, just_this_one_p=just_this_one_p@entry=false) at xdisp.c:16362 #12 0x000000000046548b in redisplay_window_0 (window=window@entry=18441365) at xdisp.c:14181 #13 0x000000000055765b in internal_condition_case_1 (bfun=bfun@entry=0x465460 <redisplay_window_0>, arg=18441365, handlers=<optimized out>, hfun=hfun@entry=0x42c260 <redisplay_window_error>) at eval.c:1372 #14 0x00000000004319df in redisplay_windows (window=18441365) at xdisp.c:14161 #15 0x0000000000452541 in redisplay_internal () at xdisp.c:13753 #16 0x000000000045469a in redisplay_preserve_echo_area (from_where=from_where@entry=2) at xdisp.c:14014 #17 0x000000000041d6de in Fredisplay (force=0) at dispnew.c:5777 #18 0x0000000000558f5e in Ffuncall (nargs=1, args=args@entry=0x7fffffffc140) at eval.c:2718 #19 0x000000000058c273 in exec_byte_code (bytestr=<optimized out>, vector=8816373, maxdepth=<optimized out>, args_template=<optimized out>, nargs=nargs@entry=1, args=<optimized out>, args@entry=0x7fffffffc140) at bytecode.c:919 #20 0x0000000000558ad4 in funcall_lambda (fun=8816340, nargs=nargs@entry=1, arg_vector=0x7fffffffc140, arg_vector@entry=0x7fffffffc2c0) at eval.c:2885 #21 0x0000000000558d7b in Ffuncall (nargs=2, args=args@entry=0x7fffffffc2b8) at eval.c:2779 #22 0x000000000058c273 in exec_byte_code (bytestr=<optimized out>, vector=10509325, maxdepth=<optimized out>, args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:919 #23 0x00000000005589af in funcall_lambda (fun=10509197, nargs=nargs@entry=2, arg_vector=arg_vector@entry=0x7fffffffc4c0) at eval.c:2951 #24 0x0000000000558d7b in Ffuncall (nargs=3, args=args@entry=0x7fffffffc4b8) at eval.c:2779 #25 0x000000000058c273 in exec_byte_code (bytestr=<optimized out>, vector=10511429, maxdepth=<optimized out>, args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:919 #26 0x00000000005589af in funcall_lambda (fun=10511333, nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffc778) at eval.c:2951 #27 0x0000000000558d7b in Ffuncall (nargs=2, args=0x7fffffffc770) at eval.c:2779 #28 0x0000000000556f95 in run_hook_with_args (nargs=2, args=0x7fffffffc770, funcall=0x558ba0 <Ffuncall>) at eval.c:2529 #29 0x0000000000558e69 in Ffuncall (nargs=3, args=args@entry=0x7fffffffc768) at eval.c:2698 #30 0x000000000058c273 in exec_byte_code (bytestr=<optimized out>, vector=10508605, maxdepth=<optimized out>, args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:919 #31 0x00000000005589af in funcall_lambda (fun=10508541, nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffca48) at eval.c:2951 #32 0x0000000000558d7b in Ffuncall (nargs=nargs@entry=2, args=args@entry=0x7fffffffca40) at eval.c:2779 #33 0x000000000055a1f3 in Fapply (nargs=2, args=0x7fffffffca40) at eval.c:2293 #34 0x0000000000558e69 in Ffuncall (nargs=3, args=args@entry=0x7fffffffca38) at eval.c:2698 #35 0x000000000058c273 in exec_byte_code (bytestr=<optimized out>, vector=10064605, maxdepth=<optimized out>, args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:919 #36 0x00000000005589af in funcall_lambda (fun=10064525, nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffcc38) at eval.c:2951 #37 0x0000000000558d7b in Ffuncall (nargs=nargs@entry=2, args=args@entry=0x7fffffffcc30) at eval.c:2779 #38 0x000000000055904a in call1 (fn=fn@entry=43776, arg1=arg1@entry=23853549) at eval.c:2573 #39 0x00000000004ee838 in timer_check_2 (idle_timers=<optimized out>, timers=<optimized out>) at keyboard.c:4536 #40 timer_check () at keyboard.c:4603 #41 0x00000000004eebe9 in readable_events (flags=flags@entry=1) at keyboard.c:3437 #42 0x00000000004f0218 in get_input_pending (flags=flags@entry=1) at keyboard.c:6821 #43 0x00000000004f2328 in detect_input_pending_run_timers (do_display=do_display@entry=true) at keyboard.c:9976 #44 0x000000000059719e in wait_reading_process_output (time_limit=time_limit@entry=30, nsecs=<optimized out>, nsecs@entry=0, read_kbd=read_kbd@entry=-1, do_display=do_display@entry=true, wait_for_cell=wait_for_cell@entry=0, wait_proc=wait_proc@entry=0x0, just_wait_proc=0) at process.c:5009 #45 0x00000000004221d2 in sit_for (timeout=<optimized out>, reading=reading@entry=true, display_option=display_option@entry=1) at dispnew.c:5748 #46 0x00000000004f48a4 in read_char (commandflag=commandflag@entry=1, map=map@entry=34697955, prev_event=0, used_mouse_menu=used_mouse_menu@entry=0x7fffffffd82b, end_time=end_time@entry=0x0) at keyboard.c:2784 #47 0x00000000004f542c in read_key_sequence (keybuf=keybuf@entry=0x7fffffffd900, prompt=prompt@entry=0, dont_downcase_last=dont_downcase_last@entry=false, can_return_switch_frame=can_return_switch_frame@entry=true, fix_current_buffer=fix_current_buffer@entry=true, prevent_redisplay=prevent_redisplay@entry=false, bufsize=30) at keyboard.c:9159 #48 0x00000000004f7051 in command_loop_1 () at keyboard.c:1407 #49 0x0000000000557537 in internal_condition_case (bfun=bfun@entry=0x4f6e20 <command_loop_1>, handlers=handlers@entry=18624, hfun=hfun@entry=0x4edf70 <cmd_error>) at eval.c:1348 #50 0x00000000004e95fc in command_loop_2 (ignore=ignore@entry=0) at keyboard.c:1139 #51 0x0000000000557413 in internal_catch (tag=tag@entry=44352, func=func@entry=0x4e95e0 <command_loop_2>, arg=arg@entry=0) at eval.c:1108 #52 0x00000000004e95b9 in command_loop () at keyboard.c:1118 #53 0x00000000004edb5b in recursive_edit_1 () at keyboard.c:728 #54 0x00000000004edea8 in Frecursive_edit () at keyboard.c:799 #55 0x0000000000418447 in main (argc=2, argv=0x7fffffffdc68) at emacs.c:1626 ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-16 15:34 ` Tobias Getzner @ 2015-06-16 15:58 ` Eli Zaretskii 2015-06-16 16:34 ` Tobias Getzner 0 siblings, 1 reply; 41+ messages in thread From: Eli Zaretskii @ 2015-06-16 15:58 UTC (permalink / raw) To: Tobias Getzner; +Cc: 20802 > From: Tobias Getzner <tobias.getzner@gmx.de> > Date: Tue, 16 Jun 2015 17:34:05 +0200 > > Thanks! I built from master (34a43ba), which includes your 93ae9f4. I’m > still seeing a segfault for the steps given above. Backtrace below. Please run Emacs under GDB, put a breakpoint in x_free_frame_resources, then perform your steps, and show backtrace each time the breakpoint breaks. Thanks. ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-16 15:58 ` Eli Zaretskii @ 2015-06-16 16:34 ` Tobias Getzner 2015-06-16 17:12 ` Eli Zaretskii 2015-06-16 17:31 ` martin rudalics 0 siblings, 2 replies; 41+ messages in thread From: Tobias Getzner @ 2015-06-16 16:34 UTC (permalink / raw) To: Eli Zaretskii; +Cc: 20802 On Di, 2015-06-16 at 18:58 +0300, Eli Zaretskii wrote: > > > > From: Tobias Getzner <tobias.getzner@gmx.de> > > Date: Tue, 16 Jun 2015 17:34:05 +0200 > > > > Thanks! I built from master (34a43ba), which includes your 93ae9f4. > > I’m > > still seeing a segfault for the steps given above. Backtrace below. > > Please run Emacs under GDB, put a breakpoint in > x_free_frame_resources, then perform your steps, and show backtrace > each time the breakpoint breaks. > > Thanks. > Breakpoint 1, x_free_frame_resources (f=0x124fd70) at xterm.c:10970 10970 { (gdb) bt #0 x_free_frame_resources (f=0x124fd70) at xterm.c:10970 #1 0x00000000004c9715 in unwind_create_frame (frame=19201397) at xfns.c:2842 #2 0x00000000004c9759 in unwind_create_tip_frame (frame=<optimized out>) at xfns.c:4997 #3 0x0000000000557b2e in unbind_to (count=<optimized out>, value=value@entry=0) at eval.c:3211 #4 0x0000000000557cf9 in unwind_to_catch (catch=catch@entry=0x140a040, value=value@entry=19849283) at eval.c:1157 #5 0x00000000005592ed in Fsignal (error_symbol=error_symbol@entry=18624, data=<optimized out>) at eval.c:1557 #6 0x00000000005595f9 in xsignal (error_symbol=error_symbol@entry=18624, data=<optimized out>) at eval.c:1581 #7 0x0000000000559c6d in signal_error (s=s@entry=0x5e3d1d "Undefined color", arg=19849315, arg@entry=34016084) at eval.c:1636 #8 0x00000000004ccc57 in x_decode_color (f=<optimized out>, color_name=34016084, mono_color=<optimized out>) at xfns.c:495 #9 0x00000000004ce96c in x_set_foreground_color (f=0x124fd70, arg=34016084, oldval=<optimized out>) at xfns.c:602 #10 0x0000000000426ff6 in x_set_frame_parameters (f=f@entry=0x124fd70, alist=alist@entry=140737488338931) at frame.c:3152 #11 0x0000000000429ac7 in x_default_parameter (f=f@entry=0x124fd70, alist=alist@entry=19856675, prop=prop@entry=22320, deflt=34090788, xprop=xprop@entry=0x5db8ca "foreground", xclass=xclass@entry=0x5e3f61 "Foreground", type=RES_TYPE_STRING) at frame.c:4374 #12 0x00000000004cd200 in x_create_tip_frame (dpyinfo=0x173c900, parms=19856675, parms@entry=19857043, text=text@entry=34092084) at xfns.c:5181 #13 0x00000000004cd94d in Fx_show_tip (string=34092084, frame=18429029, parms=19857043, timeout=42, dx=22, dy=82) at xfns.c:5540 #14 0x0000000000558efa in Ffuncall (nargs=7, args=args@entry=0x7fffffffc2a8) at eval.c:2739 #15 0x000000000058c273 in exec_byte_code (bytestr=<optimized out>, vector=10509325, maxdepth=<optimized out>, args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:919 #16 0x00000000005589af in funcall_lambda (fun=10509197, nargs=nargs@entry=2, arg_vector=arg_vector@entry=0x7fffffffc4b0) at eval.c:2951 #17 0x0000000000558d7b in Ffuncall (nargs=3, args=args@entry=0x7fffffffc4a8) at eval.c:2779 #18 0x000000000058c273 in exec_byte_code (bytestr=<optimized out>, vector=10511429, maxdepth=<optimized out>, args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:919 #19 0x00000000005589af in funcall_lambda (fun=10511333, nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffc768) at eval.c:2951 #20 0x0000000000558d7b in Ffuncall (nargs=2, args=0x7fffffffc760) at eval.c:2779 #21 0x0000000000556f95 in run_hook_with_args (nargs=2, args=0x7fffffffc760, funcall=0x558ba0 <Ffuncall>) at eval.c:2529 #22 0x0000000000558e69 in Ffuncall (nargs=3, args=args@entry=0x7fffffffc758) at eval.c:2698 #23 0x000000000058c273 in exec_byte_code (bytestr=<optimized out>, vector=10508605, maxdepth=<optimized out>, args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:919 #24 0x00000000005589af in funcall_lambda (fun=10508541, nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffca38) at eval.c:2951 #25 0x0000000000558d7b in Ffuncall (nargs=nargs@entry=2, args=args@entry=0x7fffffffca30) at eval.c:2779 #26 0x000000000055a1f3 in Fapply (nargs=2, args=0x7fffffffca30) at eval.c:2293 #27 0x0000000000558e69 in Ffuncall (nargs=3, args=args@entry=0x7fffffffca28) at eval.c:2698 #28 0x000000000058c273 in exec_byte_code (bytestr=<optimized out>, vector=10064605, maxdepth=<optimized out>, args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:919 #29 0x00000000005589af in funcall_lambda (fun=10064525, nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffcc28) at eval.c:2951 #30 0x0000000000558d7b in Ffuncall (nargs=nargs@entry=2, args=args@entry=0x7fffffffcc20) at eval.c:2779 #31 0x000000000055904a in call1 (fn=fn@entry=43776, arg1=arg1@entry=35546957) at eval.c:2573 #32 0x00000000004ee838 in timer_check_2 (idle_timers=<optimized out>, timers=<optimized out>) at keyboard.c:4536 #33 timer_check () at keyboard.c:4603 #34 0x00000000004eebe9 in readable_events (flags=flags@entry=1) at keyboard.c:3437 #35 0x00000000004f0218 in get_input_pending (flags=flags@entry=1) at keyboard.c:6821 #36 0x00000000004f2328 in detect_input_pending_run_timers (do_display=do_display@entry=true) at keyboard.c:9976 #37 0x000000000059719e in wait_reading_process_output (time_limit=time_limit@entry=30, nsecs=<optimized out>, nsecs@entry=0, read_kbd=read_kbd@entry=-1, do_display=do_display@entry=true, wait_for_cell=wait_for_cell@entry=0, wait_proc=wait_proc@entry=0x0, just_wait_proc=0) at process.c:5009 #38 0x00000000004221d2 in sit_for (timeout=<optimized out>, reading=reading@entry=true, display_option=display_option@entry=1) at dispnew.c:5748 #39 0x00000000004f48a4 in read_char (commandflag=commandflag@entry=1, map=map@entry=35527283, prev_event=0, used_mouse_menu=used_mouse_menu@entry=0x7fffffffd81b, end_time=end_time@entry=0x0) at keyboard.c:2784 #40 0x00000000004f542c in read_key_sequence (keybuf=keybuf@entry=0x7fffffffd8f0, prompt=prompt@entry=0, dont_downcase_last=dont_downcase_last@entry=false, can_return_switch_frame=can_return_switch_frame@entry=true, fix_current_buffer=fix_current_buffer@entry=true, prevent_redisplay=prevent_redisplay@entry=false, bufsize=30) at keyboard.c:9159 #41 0x00000000004f7051 in command_loop_1 () at keyboard.c:1407 #42 0x0000000000557537 in internal_condition_case (bfun=bfun@entry=0x4f6e20 <command_loop_1>, handlers=handlers@entry=18624, hfun=hfun@entry=0x4edf70 <cmd_error>) at eval.c:1348 #43 0x00000000004e95fc in command_loop_2 (ignore=ignore@entry=0) at keyboard.c:1139 #44 0x0000000000557413 in internal_catch (tag=tag@entry=44352, func=func@entry=0x4e95e0 <command_loop_2>, arg=arg@entry=0) at eval.c:1108 #45 0x00000000004e95b9 in command_loop () at keyboard.c:1118 #46 0x00000000004edb5b in recursive_edit_1 () at keyboard.c:728 #47 0x00000000004edea8 in Frecursive_edit () at keyboard.c:799 #48 0x0000000000418447 in main (argc=2, argv=0x7fffffffdc58) at emacs.c:1626 (gdb) cont Continuing. Program received signal SIGSEGV, Segmentation fault. 0x000000000042c4e2 in fill_image_glyph_string (s=s@entry=0x7fffffffaff0) at xdisp.c:24517 24517 s->img = IMAGE_FROM_ID (s->f, s->first_glyph->u.img_id); (gdb) bt #0 0x000000000042c4e2 in fill_image_glyph_string (s=s@entry=0x7fffffffaff0) at xdisp.c:24517 #1 0x00000000004562f4 in draw_glyphs (w=w@entry=0x1194470, x=<optimized out>, row=row@entry=0x2125e40, area=area@entry=TEXT_AREA, start=<optimized out>, end=3, hl=DRAW_NORMAL_TEXT, overlaps=0) at xdisp.c:25149 #2 0x0000000000458d95 in expose_area (w=w@entry=0x1194470, row=row@entry=0x2125e40, r=r@entry=0x7fffffffb3c0, area=area@entry=TEXT_AREA) at xdisp.c:30082 #3 0x0000000000458e91 in expose_line (w=w@entry=0x1194470, row=row@entry=0x2125e40, r=r@entry=0x7fffffffb3c0) at xdisp.c:30107 #4 0x00000000004660f4 in expose_window (fr=0x7fffffffb430, w=0x1194470) at xdisp.c:30372 #5 expose_window_tree (w=0x1194470, r=r@entry=0x7fffffffb430) at xdisp.c:30446 #6 0x000000000046665a in expose_frame (f=f@entry=0x1193460, x=<optimized out>, y=<optimized out>, w=<optimized out>, h=<optimized out>) at xdisp.c:30501 #7 0x00000000004c601c in handle_one_xevent (dpyinfo=dpyinfo@entry=0x173c900, event=event@entry=0x7fffffffbaa0, finish=finish@entry=0xb42de0, hold_quit=0x7fffffffbd20) at xterm.c:7683 #8 0x00000000004c6e10 in event_handler_gdk (gxev=0x7fffffffbaa0, ev=<optimized out>, data=<optimized out>) at xterm.c:7294 #9 0x00007ffff6750511 in ?? () from /usr/lib/libgdk-3.so.0 #10 0x00007ffff67507d0 in ?? () from /usr/lib/libgdk-3.so.0 #11 0x00007ffff67239f9 in gdk_display_get_event () from /usr/lib/libgdk-3.so.0 #12 0x00007ffff6750592 in ?? () from /usr/lib/libgdk-3.so.0 #13 0x00007ffff50889fd in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #14 0x00007ffff5088ce0 in ?? () from /usr/lib/libglib-2.0.so.0 #15 0x00007ffff5088d8c in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #16 0x00007ffff6bc80f5 in gtk_main_iteration () from /usr/lib/libgtk-3.so.0 #17 0x00000000004bcc92 in XTread_socket (terminal=<optimized out>, hold_quit=0x7fffffffbd20) at xterm.c:8647 #18 0x00000000004f00c9 in gobble_input () at keyboard.c:6906 #19 0x00000000004efae5 in handle_async_input () at keyboard.c:7158 #20 process_pending_signals () at keyboard.c:7172 #21 0x00000000004c9715 in unwind_create_frame (frame=19201397) at xfns.c:2842 #22 0x00000000004c9759 in unwind_create_tip_frame (frame=<optimized out>) at xfns.c:4997 #23 0x0000000000557b2e in unbind_to (count=<optimized out>, value=value@entry=0) at eval.c:3211 #24 0x0000000000557cf9 in unwind_to_catch (catch=catch@entry=0x140a040, value=value@entry=19849283) at eval.c:1157 #25 0x00000000005592ed in Fsignal (error_symbol=error_symbol@entry=18624, data=<optimized out>) at eval.c:1557 #26 0x00000000005595f9 in xsignal (error_symbol=error_symbol@entry=18624, data=<optimized out>) at eval.c:1581 #27 0x0000000000559c6d in signal_error (s=s@entry=0x5e3d1d "Undefined color", arg=19849315, arg@entry=34016084) at eval.c:1636 #28 0x00000000004ccc57 in x_decode_color (f=<optimized out>, color_name=34016084, mono_color=<optimized out>) at xfns.c:495 #29 0x00000000004ce96c in x_set_foreground_color (f=0x124fd70, arg=34016084, oldval=<optimized out>) at xfns.c:602 #30 0x0000000000426ff6 in x_set_frame_parameters (f=f@entry=0x124fd70, alist=alist@entry=140737488338931) at frame.c:3152 #31 0x0000000000429ac7 in x_default_parameter (f=f@entry=0x124fd70, alist=alist@entry=19856675, prop=prop@entry=22320, deflt=34090788, xprop=xprop@entry=0x5db8ca "foreground", xclass=xclass@entry=0x5e3f61 "Foreground", type=RES_TYPE_STRING) at frame.c:4374 #32 0x00000000004cd200 in x_create_tip_frame (dpyinfo=0x173c900, parms=19856675, parms@entry=19857043, text=text@entry=34092084) at xfns.c:5181 #33 0x00000000004cd94d in Fx_show_tip (string=34092084, frame=18429029, parms=19857043, timeout=42, dx=22, dy=82) at xfns.c:5540 #34 0x0000000000558efa in Ffuncall (nargs=7, args=args@entry=0x7fffffffc2a8) at eval.c:2739 #35 0x000000000058c273 in exec_byte_code (bytestr=<optimized out>, vector=10509325, maxdepth=<optimized out>, args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:919 #36 0x00000000005589af in funcall_lambda (fun=10509197, nargs=nargs@entry=2, arg_vector=arg_vector@entry=0x7fffffffc4b0) at eval.c:2951 #37 0x0000000000558d7b in Ffuncall (nargs=3, args=args@entry=0x7fffffffc4a8) at eval.c:2779 #38 0x000000000058c273 in exec_byte_code (bytestr=<optimized out>, vector=10511429, maxdepth=<optimized out>, args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:919 #39 0x00000000005589af in funcall_lambda (fun=10511333, nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffc768) at eval.c:2951 #40 0x0000000000558d7b in Ffuncall (nargs=2, args=0x7fffffffc760) at eval.c:2779 #41 0x0000000000556f95 in run_hook_with_args (nargs=2, args=0x7fffffffc760, funcall=0x558ba0 <Ffuncall>) at eval.c:2529 #42 0x0000000000558e69 in Ffuncall (nargs=3, args=args@entry=0x7fffffffc758) at eval.c:2698 #43 0x000000000058c273 in exec_byte_code (bytestr=<optimized out>, vector=10508605, maxdepth=<optimized out>, args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:919 #44 0x00000000005589af in funcall_lambda (fun=10508541, nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffca38) at eval.c:2951 #45 0x0000000000558d7b in Ffuncall (nargs=nargs@entry=2, args=args@entry=0x7fffffffca30) at eval.c:2779 #46 0x000000000055a1f3 in Fapply (nargs=2, args=0x7fffffffca30) at eval.c:2293 #47 0x0000000000558e69 in Ffuncall (nargs=3, args=args@entry=0x7fffffffca28) at eval.c:2698 #48 0x000000000058c273 in exec_byte_code (bytestr=<optimized out>, vector=10064605, maxdepth=<optimized out>, args_template=args_template@entry=0, nargs=nargs@entry=0, args=<optimized out>, args@entry=0x0) at bytecode.c:919 #49 0x00000000005589af in funcall_lambda (fun=10064525, nargs=nargs@entry=1, arg_vector=arg_vector@entry=0x7fffffffcc28) at eval.c:2951 #50 0x0000000000558d7b in Ffuncall (nargs=nargs@entry=2, args=args@entry=0x7fffffffcc20) at eval.c:2779 #51 0x000000000055904a in call1 (fn=fn@entry=43776, arg1=arg1@entry=35546957) at eval.c:2573 #52 0x00000000004ee838 in timer_check_2 (idle_timers=<optimized out>, timers=<optimized out>) at keyboard.c:4536 #53 timer_check () at keyboard.c:4603 #54 0x00000000004eebe9 in readable_events (flags=flags@entry=1) at keyboard.c:3437 #55 0x00000000004f0218 in get_input_pending (flags=flags@entry=1) at keyboard.c:6821 #56 0x00000000004f2328 in detect_input_pending_run_timers (do_display=do_display@entry=true) at keyboard.c:9976 #57 0x000000000059719e in wait_reading_process_output (time_limit=time_limit@entry=30, nsecs=<optimized out>, nsecs@entry=0, read_kbd=read_kbd@entry=-1, do_display=do_display@entry=true, wait_for_cell=wait_for_cell@entry=0, wait_proc=wait_proc@entry=0x0, just_wait_proc=0) at process.c:5009 #58 0x00000000004221d2 in sit_for (timeout=<optimized out>, reading=reading@entry=true, display_option=display_option@entry=1) at dispnew.c:5748 #59 0x00000000004f48a4 in read_char (commandflag=commandflag@entry=1, map=map@entry=35527283, prev_event=0, used_mouse_menu=used_mouse_menu@entry=0x7fffffffd81b, end_time=end_time@entry=0x0) at keyboard.c:2784 #60 0x00000000004f542c in read_key_sequence (keybuf=keybuf@entry=0x7fffffffd8f0, prompt=prompt@entry=0, dont_downcase_last=dont_downcase_last@entry=false, can_return_switch_frame=can_return_switch_frame@entry=true, fix_current_buffer=fix_current_buffer@entry=true, prevent_redisplay=prevent_redisplay@entry=false, bufsize=30) at keyboard.c:9159 #61 0x00000000004f7051 in command_loop_1 () at keyboard.c:1407 #62 0x0000000000557537 in internal_condition_case (bfun=bfun@entry=0x4f6e20 <command_loop_1>, handlers=handlers@entry=18624, hfun=hfun@entry=0x4edf70 <cmd_error>) at eval.c:1348 #63 0x00000000004e95fc in command_loop_2 (ignore=ignore@entry=0) at keyboard.c:1139 #64 0x0000000000557413 in internal_catch (tag=tag@entry=44352, func=func@entry=0x4e95e0 <command_loop_2>, arg=arg@entry=0) at eval.c:1108 #65 0x00000000004e95b9 in command_loop () at keyboard.c:1118 #66 0x00000000004edb5b in recursive_edit_1 () at keyboard.c:728 #67 0x00000000004edea8 in Frecursive_edit () at keyboard.c:799 #68 0x0000000000418447 in main (argc=2, argv=0x7fffffffdc58) at emacs.c:1626 (gdb) cont Continuing. Fatal error 11: Segmentation fault Program received signal SIGSEGV, Segmentation fault. 0x000000000045e51e in note_mouse_highlight (f=f@entry=0x1193460, x=<optimized out>, y=19) at xdisp.c:29600 29600 struct image *img = IMAGE_FROM_ID (f, glyph->u.img_id); ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-16 16:34 ` Tobias Getzner @ 2015-06-16 17:12 ` Eli Zaretskii 2015-06-16 17:31 ` martin rudalics 1 sibling, 0 replies; 41+ messages in thread From: Eli Zaretskii @ 2015-06-16 17:12 UTC (permalink / raw) To: Tobias Getzner; +Cc: 20802 > From: Tobias Getzner <tobias.getzner@gmx.de> > Cc: rudalics@gmx.at, 20802@debbugs.gnu.org > Date: Tue, 16 Jun 2015 18:34:32 +0200 > > On Di, 2015-06-16 at 18:58 +0300, Eli Zaretskii wrote: > > > > > > From: Tobias Getzner <tobias.getzner@gmx.de> > > > Date: Tue, 16 Jun 2015 17:34:05 +0200 > > > > > > Thanks! I built from master (34a43ba), which includes your 93ae9f4. > > > I’m > > > still seeing a segfault for the steps given above. Backtrace below. > > > > Please run Emacs under GDB, put a breakpoint in > > x_free_frame_resources, then perform your steps, and show backtrace > > each time the breakpoint breaks. > > > > Thanks. > > > > Breakpoint 1, x_free_frame_resources (f=0x124fd70) at xterm.c:10970 > 10970 { > (gdb) bt > #0 x_free_frame_resources (f=0x124fd70) at xterm.c:10970 > #1 0x00000000004c9715 in unwind_create_frame (frame=19201397) at xfns.c:2842 > #2 0x00000000004c9759 in unwind_create_tip_frame (frame=<optimized out>) at xfns.c:4997 > #3 0x0000000000557b2e in unbind_to (count=<optimized out>, value=value@entry=0) at eval.c:3211 > #4 0x0000000000557cf9 in unwind_to_catch (catch=catch@entry=0x140a040, value=value@entry=19849283) > at eval.c:1157 > #5 0x00000000005592ed in Fsignal (error_symbol=error_symbol@entry=18624, data=<optimized out>) > at eval.c:1557 > #6 0x00000000005595f9 in xsignal (error_symbol=error_symbol@entry=18624, data=<optimized out>) > at eval.c:1581 > #7 0x0000000000559c6d in signal_error (s=s@entry=0x5e3d1d "Undefined color", arg=19849315, > arg@entry=34016084) at eval.c:1636 > #8 0x00000000004ccc57 in x_decode_color (f=<optimized out>, color_name=34016084, > mono_color=<optimized out>) at xfns.c:495 Is that the only call? If so, I don't understand hy Martin's change didn't work. > (gdb) cont > Continuing. > Fatal error 11: Segmentation fault > Program received signal SIGSEGV, Segmentation fault. > 0x000000000045e51e in note_mouse_highlight (f=f@entry=0x1193460, x=<optimized out>, y=19) at xdisp.c:29600 > 29600 struct image *img = IMAGE_FROM_ID (f, glyph->u.img_id); And this is a different segfault from what you've shown before. Can you step into the call to x_free_frame_resources, then step from there into free_frame_faces, and see what it does there? You are supposed to see that image_cache->refcount is at least 2, and therefore free_image_cache is not called. ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-16 16:34 ` Tobias Getzner 2015-06-16 17:12 ` Eli Zaretskii @ 2015-06-16 17:31 ` martin rudalics 2015-06-17 7:34 ` Tobias Getzner 1 sibling, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-16 17:31 UTC (permalink / raw) To: Tobias Getzner, Eli Zaretskii; +Cc: 20802 > Breakpoint 1, x_free_frame_resources (f=0x124fd70) at xterm.c:10970 > 10970 { > (gdb) bt > #0 x_free_frame_resources (f=0x124fd70) at xterm.c:10970 > #1 0x00000000004c9715 in unwind_create_frame (frame=19201397) at xfns.c:2842 > #2 0x00000000004c9759 in unwind_create_tip_frame (frame=<optimized out>) at xfns.c:4997 > #3 0x0000000000557b2e in unbind_to (count=<optimized out>, value=value@entry=0) at eval.c:3211 > #4 0x0000000000557cf9 in unwind_to_catch (catch=catch@entry=0x140a040, value=value@entry=19849283) > at eval.c:1157 > #5 0x00000000005592ed in Fsignal (error_symbol=error_symbol@entry=18624, data=<optimized out>) > at eval.c:1557 > #6 0x00000000005595f9 in xsignal (error_symbol=error_symbol@entry=18624, data=<optimized out>) > at eval.c:1581 > #7 0x0000000000559c6d in signal_error (s=s@entry=0x5e3d1d "Undefined color", arg=19849315, > arg@entry=34016084) at eval.c:1636 > #8 0x00000000004ccc57 in x_decode_color (f=<optimized out>, color_name=34016084, > mono_color=<optimized out>) at xfns.c:495 > #9 0x00000000004ce96c in x_set_foreground_color (f=0x124fd70, arg=34016084, oldval=<optimized out>) > at xfns.c:602 > #10 0x0000000000426ff6 in x_set_frame_parameters (f=f@entry=0x124fd70, alist=alist@entry=140737488338931) > at frame.c:3152 > #11 0x0000000000429ac7 in x_default_parameter (f=f@entry=0x124fd70, alist=alist@entry=19856675, > prop=prop@entry=22320, deflt=34090788, xprop=xprop@entry=0x5db8ca "foreground", > xclass=xclass@entry=0x5e3f61 "Foreground", type=RES_TYPE_STRING) at frame.c:4374 > #12 0x00000000004cd200 in x_create_tip_frame (dpyinfo=0x173c900, parms=19856675, parms@entry=19857043, > text=text@entry=34092084) at xfns.c:5181 > #13 0x00000000004cd94d in Fx_show_tip (string=34092084, frame=18429029, parms=19857043, timeout=42, dx=22, > dy=82) at xfns.c:5540 Why am I not surprised? xfns.c sets image_cache_refcount on line 5192, that is, after it processes the foreground parameter on line 5181 so probably line 5192 is not executed. I initially tried to set it right after the record_unwind_protect on line 5061 but that got me a(nother?) segfault as well. Funnily I coudn't get a crash after my patch. Can you try whether my conjecture is true by putting a breakpoint on line 5192 and check whether the refcount gets set there for the tooltip frame? If it isn't, then could you experimentally try to move the image_cache_refcount = FRAME_IMAGE_CACHE (f) ? FRAME_IMAGE_CACHE (f)->refcount : 0; #ifdef GLYPH_DEBUG dpyinfo_refcount = dpyinfo->reference_count; #endif /* GLYPH_DEBUG */ block from line 5192 somewhere up in the code, first before line 5172, later maybe a bit further up and check whether it helps? Thanks, martin ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-16 17:31 ` martin rudalics @ 2015-06-17 7:34 ` Tobias Getzner 2015-06-17 8:04 ` martin rudalics 2015-06-17 16:30 ` Eli Zaretskii 0 siblings, 2 replies; 41+ messages in thread From: Tobias Getzner @ 2015-06-17 7:34 UTC (permalink / raw) To: martin rudalics, Eli Zaretskii; +Cc: 20802 On Di, 2015-06-16 at 19:31 +0200, martin rudalics wrote: > Can you try whether my conjecture is true by putting a breakpoint on > line 5192 and check whether the refcount gets set there for the > tooltip > frame? If it isn't, then could you experimentally try to move the > > image_cache_refcount = > FRAME_IMAGE_CACHE (f) ? FRAME_IMAGE_CACHE (f)->refcount : 0; > #ifdef GLYPH_DEBUG > dpyinfo_refcount = dpyinfo->reference_count; > #endif /* GLYPH_DEBUG */ > > block from line 5192 somewhere up in the code, first before line > 5172, > later maybe a bit further up and check whether it helps? I’m not a C guy, so bear with me if I fail to follow your instructions in a sensible way. After setting a breakpoint at 5192, the segfault would trigger without the breakpoint kicking in. I then moved that hunk up to line 5172 (diff below). Now the breakpoint there would kick in, and further, now segfault would trigger; instead, it gave the «error while displaying tooltip message», and fell back on showing the tooltip message in the echo area. Below is the state of «image_cache_refcount» for a few breaks. I fumbled a bit with the line history and only printed it for some of the breaks. Does this address your questions too, Eli, or do you want me to step into «x_free_frame_resources» to make sure everything is solid? Best, TG ========================diff============================= diff --git a/src/xfns.c b/src/xfns.c index d066043..2c1c772 100644 --- a/src/xfns.c +++ b/src/xfns.c @@ -5169,6 +5169,12 @@ x_create_tip_frame (struct x_display_info *dpyinfo, parms); } + image_cache_refcount = + FRAME_IMAGE_CACHE (f) ? FRAME_IMAGE_CACHE (f)->refcount : 0; +#ifdef GLYPH_DEBUG + dpyinfo_refcount = dpyinfo->reference_count; +#endif /* GLYPH_DEBUG */ + x_default_parameter (f, parms, Qinternal_border_width, make_number (1), "internalBorderWidth", "internalBorderWidth", RES_TYPE_NUMBER); @@ -5189,12 +5195,6 @@ x_create_tip_frame (struct x_display_info *dpyinfo, x_default_parameter (f, parms, Qborder_color, build_string ("black"), "borderColor", "BorderColor", RES_TYPE_STRING); - image_cache_refcount = - FRAME_IMAGE_CACHE (f) ? FRAME_IMAGE_CACHE (f)->refcount : 0; -#ifdef GLYPH_DEBUG - dpyinfo_refcount = dpyinfo->reference_count; -#endif /* GLYPH_DEBUG */ - /* Init faces before x_default_parameter is called for the scroll-bar-width parameter because otherwise we end up in init_iterator with a null face cache, which should not happen. */ ======================== gdb session ====================== Breakpoint 1, x_create_tip_frame (dpyinfo=0x1722e00, parms=35322131, parms@entry=35322003, text=text@entry=33649076) at xfns.c:5172 5172 image_cache_refcount = (gdb) p image_cache_refcount $1 = 0 (gdb) cont Continuing. Breakpoint 1, x_create_tip_frame (dpyinfo=0x1722e00, parms=35764115, parms@entry=35763987, text=text@entry=33650308) at xfns.c:5172 5172 image_cache_refcount = (gdb) cont Continuing. Breakpoint 1, x_create_tip_frame (dpyinfo=0x1722e00, parms=35830499, parms@entry=35830371, text=text@entry=33651252) at xfns.c:5172 5172 image_cache_refcount = (gdb) Continuing. Breakpoint 1, x_create_tip_frame (dpyinfo=0x1722e00, parms=35987299, parms@entry=35987171, text=text@entry=33650548) at xfns.c:5172 5172 image_cache_refcount = (gdb) p image_cache_refcount $2 = 1 (gdb) cont Continuing. Breakpoint 1, x_create_tip_frame (dpyinfo=0x1722e00, parms=19632051, parms@entry=19622915, text=text@entry=34077380) at xfns.c:5172 5172 image_cache_refcount = (gdb) cont Continuing. Breakpoint 1, x_create_tip_frame (dpyinfo=0x1722e00, parms=33536019, parms@entry=33536531, text=text@entry=34075236) at xfns.c:5172 5172 image_cache_refcount = (gdb) cont Continuing. Breakpoint 1, x_create_tip_frame (dpyinfo=0x1722e00, parms=34033603, parms@entry=34033971, text=text@entry=34074788) at xfns.c:5172 5172 image_cache_refcount = (gdb) p image_cache_refcount $3 = 1 (gdb) clear Deleted breakpoint 1 (gdb) cont Continuing. ^ permalink raw reply related [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-17 7:34 ` Tobias Getzner @ 2015-06-17 8:04 ` martin rudalics 2015-06-17 14:11 ` Tobias Getzner 2015-06-17 16:30 ` Eli Zaretskii 1 sibling, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-17 8:04 UTC (permalink / raw) To: Tobias Getzner, Eli Zaretskii; +Cc: 20802 > After setting a breakpoint at 5192, the segfault would trigger without > the breakpoint kicking in. I then moved that hunk up to line 5172 (diff > below). Now the breakpoint there would kick in, and further, now ^^^ Hopefully, that's a "no" up there. > segfault would trigger; instead, it gave the «error while displaying > tooltip message», and fell back on showing the tooltip message in the > echo area. Below is the state of «image_cache_refcount» for a few > breaks. I fumbled a bit with the line history and only printed it for > some of the breaks. martin ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-17 8:04 ` martin rudalics @ 2015-06-17 14:11 ` Tobias Getzner 2015-06-18 13:37 ` martin rudalics 0 siblings, 1 reply; 41+ messages in thread From: Tobias Getzner @ 2015-06-17 14:11 UTC (permalink / raw) To: martin rudalics, Eli Zaretskii; +Cc: 20802 On Mi, 2015-06-17 at 10:04 +0200, martin rudalics wrote: > > After setting a breakpoint at 5192, the segfault would trigger > without > > the breakpoint kicking in. I then moved that hunk up to line 5172 > (diff > > below). Now the breakpoint there would kick in, and further, now > ^^^ > Hopefully, that's a "no" up there. Indeed, «now the breakpoint», «no segfault». :-) ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-17 14:11 ` Tobias Getzner @ 2015-06-18 13:37 ` martin rudalics 2015-06-18 14:09 ` Tobias Getzner 0 siblings, 1 reply; 41+ messages in thread From: martin rudalics @ 2015-06-18 13:37 UTC (permalink / raw) To: Tobias Getzner, Eli Zaretskii; +Cc: 20802 > Indeed, «now the breakpoint», «no segfault». :-) I now moved that part in front of the first call to x_default_parameter. Please try once more. I suppose that with your change alone we could still get a crash by, for example, setting font-backend to a number in ‘default-frame-alist’. martin ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-18 13:37 ` martin rudalics @ 2015-06-18 14:09 ` Tobias Getzner 0 siblings, 0 replies; 41+ messages in thread From: Tobias Getzner @ 2015-06-18 14:09 UTC (permalink / raw) To: martin rudalics, Eli Zaretskii; +Cc: 20802 On Do, 2015-06-18 at 15:37 +0200, martin rudalics wrote: > > Indeed, «now the breakpoint», «no segfault». :-) > > I now moved that part in front of the first call to x_default_parameter. > Please try once more. I suppose that with your change alone we could > still get a crash by, for example, setting font-backend to a number in > ‘default-frame-alist’. Seems to work for me. I built from 711e14d and could only observe the expected behavior, i. e., error message in echo area, tool-tip falling back to echo area; no crash. Thanks again! TG ^ permalink raw reply [flat|nested] 41+ messages in thread
* bug#20802: Segfault when showing non-GTK+ tooltip 2015-06-17 7:34 ` Tobias Getzner 2015-06-17 8:04 ` martin rudalics @ 2015-06-17 16:30 ` Eli Zaretskii 1 sibling, 0 replies; 41+ messages in thread From: Eli Zaretskii @ 2015-06-17 16:30 UTC (permalink / raw) To: Tobias Getzner; +Cc: 20802 > From: Tobias Getzner <tobias.getzner@gmx.de> > Cc: 20802@debbugs.gnu.org > Date: Wed, 17 Jun 2015 09:34:47 +0200 > > After setting a breakpoint at 5192, the segfault would trigger without > the breakpoint kicking in. I then moved that hunk up to line 5172 (diff > below). Now the breakpoint there would kick in, and further, now > segfault would trigger; instead, it gave the «error while displaying > tooltip message», and fell back on showing the tooltip message in the > echo area. Which AFAIU means the bug is solved by that change, because this is the effect of setting an invalid face I'd expect. > Does this address your questions too, Eli, or do you want me to step > into «x_free_frame_resources» to make sure everything is solid? No need, thanks. ^ permalink raw reply [flat|nested] 41+ messages in thread
end of thread, other threads:[~2022-05-28 10:58 UTC | newest] Thread overview: 41+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2015-06-13 9:18 bug#20802: Segfault when showing non-GTK+ tooltip Tobias Getzner 2015-06-13 9:38 ` Eli Zaretskii 2015-06-13 10:25 ` martin rudalics 2015-06-13 10:54 ` Eli Zaretskii 2015-06-13 13:24 ` martin rudalics 2015-06-13 14:01 ` Eli Zaretskii 2015-06-13 14:28 ` martin rudalics 2015-06-13 14:42 ` Eli Zaretskii 2015-06-14 11:00 ` martin rudalics 2015-06-14 14:12 ` Eli Zaretskii 2015-06-15 8:22 ` martin rudalics 2015-06-15 15:01 ` Eli Zaretskii 2015-06-15 16:00 ` martin rudalics 2015-06-15 17:29 ` Eli Zaretskii 2015-06-16 13:30 ` martin rudalics 2015-06-16 14:54 ` Eli Zaretskii 2015-06-17 9:36 ` martin rudalics 2015-06-17 16:39 ` Eli Zaretskii 2015-06-17 18:56 ` Stefan Monnier 2015-06-18 13:37 ` martin rudalics 2015-06-18 15:53 ` Eli Zaretskii 2015-06-18 16:48 ` martin rudalics 2015-06-18 17:17 ` Eli Zaretskii 2015-06-18 17:36 ` martin rudalics 2015-06-18 18:00 ` Eli Zaretskii 2015-06-19 6:43 ` martin rudalics 2022-04-29 11:45 ` Lars Ingebrigtsen 2022-05-28 10:58 ` Lars Ingebrigtsen 2015-06-16 7:21 ` Tobias Getzner 2015-06-16 13:30 ` martin rudalics 2015-06-16 15:34 ` Tobias Getzner 2015-06-16 15:58 ` Eli Zaretskii 2015-06-16 16:34 ` Tobias Getzner 2015-06-16 17:12 ` Eli Zaretskii 2015-06-16 17:31 ` martin rudalics 2015-06-17 7:34 ` Tobias Getzner 2015-06-17 8:04 ` martin rudalics 2015-06-17 14:11 ` Tobias Getzner 2015-06-18 13:37 ` martin rudalics 2015-06-18 14:09 ` Tobias Getzner 2015-06-17 16:30 ` Eli Zaretskii
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/emacs.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).