From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#20802: Segfault when showing non-GTK+ tooltip Date: Sat, 13 Jun 2015 17:01:44 +0300 Message-ID: <83vberpv07.fsf@gnu.org> References: <1434187118.10061.4.camel@gmx.de> <83381wq76d.fsf@gnu.org> <557C0526.5050607@gmx.at> <831thfri91.fsf@gnu.org> <557C2EF2.5030308@gmx.at> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org X-Trace: ger.gmane.org 1434204141 10944 80.91.229.3 (13 Jun 2015 14:02:21 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 13 Jun 2015 14:02:21 +0000 (UTC) Cc: tobias.getzner@gmx.de, 20802@debbugs.gnu.org To: martin rudalics Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Jun 13 16:02:11 2015 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Z3m0g-0006g6-NC for geb-bug-gnu-emacs@m.gmane.org; Sat, 13 Jun 2015 16:02:10 +0200 Original-Received: from localhost ([::1]:56060 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Z3m0f-0004AP-Ub for geb-bug-gnu-emacs@m.gmane.org; Sat, 13 Jun 2015 10:02:09 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:39372) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Z3m0c-0004AD-CO for bug-gnu-emacs@gnu.org; Sat, 13 Jun 2015 10:02:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Z3m0Z-0005XC-25 for bug-gnu-emacs@gnu.org; Sat, 13 Jun 2015 10:02:06 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:38325) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Z3m0Y-0005X8-VV for bug-gnu-emacs@gnu.org; Sat, 13 Jun 2015 10:02:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1Z3m0Y-00056N-3V for bug-gnu-emacs@gnu.org; Sat, 13 Jun 2015 10:02:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 13 Jun 2015 14:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 20802 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 20802-submit@debbugs.gnu.org id=B20802.143420411919601 (code B ref 20802); Sat, 13 Jun 2015 14:02:02 +0000 Original-Received: (at 20802) by debbugs.gnu.org; 13 Jun 2015 14:01:59 +0000 Original-Received: from localhost ([127.0.0.1]:52785 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Z3m0U-000565-Ol for submit@debbugs.gnu.org; Sat, 13 Jun 2015 10:01:59 -0400 Original-Received: from mtaout28.012.net.il ([80.179.55.184]:53261) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Z3m0Q-00055o-0T for 20802@debbugs.gnu.org; Sat, 13 Jun 2015 10:01:56 -0400 Original-Received: from conversion-daemon.mtaout28.012.net.il by mtaout28.012.net.il (HyperSendmail v2007.08) id <0NPV00A00YRCCB00@mtaout28.012.net.il> for 20802@debbugs.gnu.org; Sat, 13 Jun 2015 17:01:18 +0300 (IDT) Original-Received: from HOME-C4E4A596F7 ([87.69.4.28]) by mtaout28.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NPV0061LYY6CZ50@mtaout28.012.net.il>; Sat, 13 Jun 2015 17:01:18 +0300 (IDT) In-reply-to: <557C2EF2.5030308@gmx.at> X-012-Sender: halo1@inter.net.il X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:103893 Archived-At: > Date: Sat, 13 Jun 2015 15:24:02 +0200 > From: martin rudalics > CC: tobias.getzner@gmx.de, 20802@debbugs.gnu.org > > > Thanks, but I still cannot reproduce this. (On what OS did you > > reproduce it?) > > A Gtk build on Debian. Run with all my customizations. I see that x_decode_color in xfns.c signals an error, while the same function in w32fns.c doesn't. But even if I add the call to signal_error to w32fns.c's implementation, I still cannot reproduce the crash. I do see an error message in the echo area, but no debugger pops up. > Sorry, I forgot to tell. Line 1775 of image.c here is > > for (i = 0; i < c->used; ++i) > > in the context of > > struct image_cache *c = FRAME_IMAGE_CACHE (f); > ptrdiff_t i; > > /* Find a free slot in c->images. */ > for (i = 0; i < c->used; ++i) > if (c->images[i] == NULL) > break; > > /* If no free slot found, maybe enlarge c->images. */ > > in cache_image. i is still 0 and I get > > (gdb) p c->used > Cannot access memory at address 0x18 So FRAME_IMAGE_CACHE returns a NULL pointer, I guess. But how did that happen? We allocate the cache in xfaces.c:init_frame_faces. I could understand why init_frame_faces was not yet called for the tip frame we were trying to create, but the crash happens because of a different frame. Look: #37 0x000000000054c091 in x_decode_color (f=0x24d2c30, color_name=..., mono_color=16777215) at ../../src/xfns.c:495 #38 0x000000000054c566 in x_set_background_color (f=0x24d2c30, arg=..., oldval=...) at ../../src/xfns.c:638 #39 0x000000000042d45d in x_set_frame_parameters (f=0x24d2c30, alist=...) at ../../src/frame.c:3152 #40 0x0000000000431ce6 in x_default_parameter (f=0x24d2c30, alist=..., prop=..., deflt=..., xprop=0x6fd49d "background", xclass=0x6fd908 "Background", type=RES_TYPE_STRING) at ../../src/frame.c:4374 #41 0x000000000055549d in x_create_tip_frame (dpyinfo=0x1621ee0, parms=..., text=...) at ../../src/xfns.c:5173 This is the tip frame we are creating, its pointer is 0x24d2c30. But when we crash, it's for a different frame, whose pointer is 0x13a7e00: #0 0x00000000006c9b5c in cache_image (f=0x13a7e00, img=0x249e010) at ../../src/image.c:1775 #1 0x00000000006c96e3 in lookup_image (f=0x13a7e00, spec=...) at ../../src/image.c:1686 Can you see what is that frame, and why we didn't call init_frame_faces for it? Also, which image are we trying to display here? Something on the toolbar, perhaps? Did you move mouse pointer over a tool-bar button to trigger a tooltip that failed?