From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#18438: 24.4.50; assertion failed in bidi.c Date: Mon, 20 Oct 2014 18:46:13 +0300 Message-ID: <83vbnebv7e.fsf@gnu.org> References: <4745242cd3e424a6c4d5db0e8d3e33d0@amuri.net> <83h9zrlzc8.fsf@gnu.org> <54297FDB.6090606@cornell.edu> <837g0mmkf3.fsf@gnu.org> <6b19fab333f3d362ae61b30b299d7206@amuri.net> <83iok5ku74.fsf@gnu.org> <88ccbe34bf58322ae4b2a5657390c041@amuri.net> <83ppe1itu9.fsf@gnu.org> <837g08bdcy.fsf@gnu.org> <1c93d571dbd64d473e8c53ba59063425@amuri.net> <83k3416hlf.fsf@gnu.org> <02fd9e39e5724b113eb47ecef0408ae5@amuri.net> <83mw8w4gp6.fsf@gnu.org> <543FC3F6.9010101@cornell.edu> <83mw8scedk.fsf@gnu.org> <8fb0816e369e7468b2de862558dbbcbc@amuri.net> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org X-Trace: ger.gmane.org 1413820044 3345 80.91.229.3 (20 Oct 2014 15:47:24 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 20 Oct 2014 15:47:24 +0000 (UTC) Cc: 18438@debbugs.gnu.org To: aidalgol@amuri.net Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Oct 20 17:47:17 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XgFAx-0007Ey-C7 for geb-bug-gnu-emacs@m.gmane.org; Mon, 20 Oct 2014 17:47:15 +0200 Original-Received: from localhost ([::1]:45556 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XgFAx-0003PC-1A for geb-bug-gnu-emacs@m.gmane.org; Mon, 20 Oct 2014 11:47:15 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:35668) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XgFAp-0003It-Hf for bug-gnu-emacs@gnu.org; Mon, 20 Oct 2014 11:47:12 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XgFAk-00073G-M8 for bug-gnu-emacs@gnu.org; Mon, 20 Oct 2014 11:47:07 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:37098) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XgFAk-000735-Jr for bug-gnu-emacs@gnu.org; Mon, 20 Oct 2014 11:47:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1XgFAk-0006gb-4J for bug-gnu-emacs@gnu.org; Mon, 20 Oct 2014 11:47:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 20 Oct 2014 15:47:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 18438 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: moreinfo Original-Received: via spool by 18438-submit@debbugs.gnu.org id=B18438.141381999225661 (code B ref 18438); Mon, 20 Oct 2014 15:47:02 +0000 Original-Received: (at 18438) by debbugs.gnu.org; 20 Oct 2014 15:46:32 +0000 Original-Received: from localhost ([127.0.0.1]:57429 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XgFAF-0006fp-9N for submit@debbugs.gnu.org; Mon, 20 Oct 2014 11:46:31 -0400 Original-Received: from mtaout25.012.net.il ([80.179.55.181]:43722) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XgFAC-0006fZ-II for 18438@debbugs.gnu.org; Mon, 20 Oct 2014 11:46:30 -0400 Original-Received: from conversion-daemon.mtaout25.012.net.il by mtaout25.012.net.il (HyperSendmail v2007.08) id <0NDR0070021R3300@mtaout25.012.net.il> for 18438@debbugs.gnu.org; Mon, 20 Oct 2014 18:41:42 +0300 (IDT) Original-Received: from HOME-C4E4A596F7 ([87.69.4.28]) by mtaout25.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NDR00NS029IPQ80@mtaout25.012.net.il>; Mon, 20 Oct 2014 18:41:42 +0300 (IDT) In-reply-to: <8fb0816e369e7468b2de862558dbbcbc@amuri.net> X-012-Sender: halo1@inter.net.il X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:94829 > Date: Mon, 20 Oct 2014 09:20:52 +1300 > From: aidalgol@amuri.net > Cc: Ken Brown , <18438@debbugs.gnu.org> > > Not sure whether this is relevant, but I have been getting a recurring > seg. fault in w32xfns.c, but in a different function, and in lisp.h. > (Why is there code complex enough in a header file to warrant asserts > there?) The assertions are in inline functions that manipulate Lisp objects. In a binary configured with --enable-checking, each Lisp object is tested for validity when the C code extracts from it a C pointer to the corresponding structure. > #0 0x000000010051ce24 in CHAR_TABLE_REF_ASCII (ct=25778897525, idx=112) at lisp.h:1492 > tbl = 0x0 > val = 2230448 > #1 0x000000010051cefa in CHAR_TABLE_REF (ct=25778897525, idx=112) at lisp.h:1510 > No locals. > #2 0x0000000100520ea9 in syntax_property_entry (c=112, via_property=true) at syntax.h:96 > No locals. This is again a non-sensical backtrace. The code near line 1492 of lisp.h, where it crashes is this (line 1492 is the last one): INLINE Lisp_Object CHAR_TABLE_REF_ASCII (Lisp_Object ct, ptrdiff_t idx) { struct Lisp_Char_Table *tbl = NULL; Lisp_Object val; do { tbl = tbl ? XCHAR_TABLE (tbl->parent) : XCHAR_TABLE (ct); <<<<<<<<< So, if 'tbl' is a NULL pointer, it cannot be dereferenced, right? And yet the local variables clearly show that 'tbl' _is_ NULL, and it still is dereferenced (and causes the segfault)! > #0 0x000000010051ceb4 in CHAR_TABLE_REF_ASCII (ct=25787135005, idx=44) at lisp.h:1492 > tbl = 0x0 > val = 2230320 > #1 0x000000010051cf8a in CHAR_TABLE_REF (ct=25787135005, idx=44) at lisp.h:1510 > No locals. Same here. > #0 0x0000000100680609 in deselect_palette (f=0x0, hdc=0x0) at w32xfns.c:123 > No locals. > #1 0x00000001006806d8 in release_frame_dc (f=0x0, hdc=0x0) at w32xfns.c:154 > ret = 0 > #2 0x0000000100683d36 in uniscribe_encode_char (font=0x600764000, c=32) at w32uniscribe.c:585 > context = 0x0 > f = 0x0 > old_font = 0x0 And this is a similar situation, just in a different place (see bug#18659): if (context) { SelectObject (context, old_font); release_frame_dc (f, context); <<<<<<<<<<<<<<<<<<<<<< } As you see, if 'context' is a NULL pointer, release_frame_dc should NOT be called. And yet the locals in frame #2 above clearly show that it _is_ NULL, and release_frame_dc _is_ called! > #0 0x0000000100680609 in deselect_palette (f=0x0, hdc=0x0) at w32xfns.c:123 > No locals. > #1 0x00000001006806d8 in release_frame_dc (f=0x0, hdc=0x0) at w32xfns.c:154 > ret = 0 > #2 0x0000000100683d36 in uniscribe_encode_char (font=0x600b25360, c=48) at w32uniscribe.c:585 > context = 0x0 > f = 0x0 > old_font = 0x0 > code = 19 Same here. IOW, these all exhibit the same bug, just in different places in the Emacs sources.