From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#43700: 28.0.50; Crash creating a second frame Date: Thu, 01 Oct 2020 15:53:53 +0300 Message-ID: <83y2kqgl9a.fsf@gnu.org> References: <83y2ksk5sb.fsf@gnu.org> <6b20df65-0c09-f54c-1018-e95f7509aa75@gmail.com> <86tuvf6ndi.fsf@gmail.com> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="24401"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 43700@debbugs.gnu.org To: Andy Moreton Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Oct 01 14:55:11 2020 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kNy74-0006G3-N6 for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 01 Oct 2020 14:55:10 +0200 Original-Received: from localhost ([::1]:54146 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kNy73-0004yS-P3 for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 01 Oct 2020 08:55:09 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:40426) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kNy6w-0004wz-HK for bug-gnu-emacs@gnu.org; Thu, 01 Oct 2020 08:55:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:51420) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kNy6w-00042T-7u for bug-gnu-emacs@gnu.org; Thu, 01 Oct 2020 08:55:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kNy6w-0006nG-6x for bug-gnu-emacs@gnu.org; Thu, 01 Oct 2020 08:55:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 01 Oct 2020 12:55:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 43700 X-GNU-PR-Package: emacs Original-Received: via spool by 43700-submit@debbugs.gnu.org id=B43700.160155684826045 (code B ref 43700); Thu, 01 Oct 2020 12:55:02 +0000 Original-Received: (at 43700) by debbugs.gnu.org; 1 Oct 2020 12:54:08 +0000 Original-Received: from localhost ([127.0.0.1]:34733 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kNy63-0006m1-K4 for submit@debbugs.gnu.org; Thu, 01 Oct 2020 08:54:07 -0400 Original-Received: from eggs.gnu.org ([209.51.188.92]:33394) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kNy61-0006lX-C0 for 43700@debbugs.gnu.org; Thu, 01 Oct 2020 08:54:05 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:54068) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kNy5w-0003vQ-2X; Thu, 01 Oct 2020 08:54:00 -0400 Original-Received: from [176.228.60.248] (port=3229 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kNy5u-0004zu-Qr; Thu, 01 Oct 2020 08:53:59 -0400 In-Reply-To: <86tuvf6ndi.fsf@gmail.com> (message from Andy Moreton on Wed, 30 Sep 2020 21:06:01 +0100) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:189513 Archived-At: > From: Andy Moreton > Date: Wed, 30 Sep 2020 21:06:01 +0100 > > #1 0x00000004002727cc in emacs_abort () at C:/emacs/git/emacs/master/src/w32fns.c:10832 > button = 0x6 > #2 0x000000040010d005 in terminate_due_to_signal (sig=0xb, backtrace_limit=0x28) at C:/emacs/git/emacs/master/src/emacs.c:408 > No locals. > #3 0x0000000400137156 in handle_fatal_signal (sig=0xb) at C:/emacs/git/emacs/master/src/sysdep.c:1768 > No locals. > #4 0x0000000400137129 in deliver_thread_signal (sig=0xb, handler=0x40013713e ) at C:/emacs/git/emacs/master/src/sysdep.c:1760 > old_errno = 0x2 > #5 0x0000000400137192 in deliver_fatal_thread_signal (sig=0xb) at C:/emacs/git/emacs/master/src/sysdep.c:1780 > No locals. > #6 0x0000000400313e52 in _gnu_exception_handler (exception_data=0xbf9380) at C:/_/M/mingw-w64-crt-git/src/mingw-w64/mingw-w64-crt/crt/crt_handler.c:223 > old_handler = > action = 0x0 > reset_fpu = 0x0 > #7 0x00007ff8cca57ff8 in msvcrt!__C_specific_handler () from C:\WINDOWS\System32\msvcrt.dll > No symbol table info available. > #8 0x00007ff8ce3b111f in ntdll!.chkstk () from C:\WINDOWS\SYSTEM32\ntdll.dll > No symbol table info available. > #9 0x00007ff8ce35b474 in ntdll!RtlRaiseException () from C:\WINDOWS\SYSTEM32\ntdll.dll > No symbol table info available. > #10 0x00007ff8ce3afc4e in ntdll!KiUserExceptionDispatcher () from C:\WINDOWS\SYSTEM32\ntdll.dll > No symbol table info available. > #11 0x00000004002c86e5 in lookup_image (f=0x5123410, spec=XIL(0xbc42793), face_id=0xffffffff) at C:/emacs/git/emacs/master/src/image.c:2334 > img = 0xbc42773 > hash = 0x5123410 > face = 0x0 > foreground = 0x4 > background = 0x2c0002 If you put a breakpoint in lookup_image, on the line indicated below: ptrdiff_t lookup_image (struct frame *f, Lisp_Object spec, int face_id) { struct image *img; EMACS_UINT hash; struct face *face = (face_id >= 0) ? FACE_FROM_ID (f, face_id) : FACE_FROM_ID (f, DEFAULT_FACE_ID); unsigned long foreground = FACE_COLOR_TO_PIXEL (face->foreground, f); <<<< unsigned long background = FACE_COLOR_TO_PIXEL (face->background, f); and condition the breakpoint by face == 0, does it break before the crash when you perform the steps that reproduces the problem? If 'face' is a NULL pointer there (as your backtrace shows), the next line will segfault, and the rest is more-or-less clear. What I don't understand is this part: > #11 0x00000004002c86e5 in lookup_image (f=0x5123410, spec=XIL(0xbc42793), face_id=0xffffffff) at C:/emacs/git/emacs/master/src/image.c:2334 Why does face_id have the value 0xffffffff? The caller passes -1: DEFUN ("image-mask-p", Fimage_mask_p, Simage_mask_p, 1, 2, 0, doc: /* Return t if image SPEC has a mask bitmap. FRAME is the frame on which the image will be displayed. FRAME nil or omitted means use the selected frame. */) (Lisp_Object spec, Lisp_Object frame) { Lisp_Object mask; mask = Qnil; if (valid_image_p (spec)) { struct frame *f = decode_window_system_frame (frame); ptrdiff_t id = lookup_image (f, spec, -1); <<<<<<<<<<<<<< and the prototype of lookup_image says its last argument is an 'int'. So either this is a GDB bug, or there's some subtle problem here that I cannot explain (a compiler bug, perhaps?). Did you change anything in your development environment lately, like installed a different version of the compiler or Binutils or the MinGW runtime?