bug#53420: 29.0.50; NULL cairo context while frame resize, causes segfault with visible-bell

bug#53420: 29.0.50; NULL cairo context while frame resize, causes segfault with visible-bell

[Antonio Carzaniga]

M-x set-variable RET visible-bell

Now resize the emacs frame and at the same time give a keyboard command
that causes emacs to ring the bell.  I know it's not a common thing to
do, in fact I just happened to do that by mistake.  Specifically for me,
s-<up> maximizes the frame vertically, and I also pressed <down>, which
causes emacs to complain that s-<down> is undefined and therefore ring
the bell.

Anyway, now emacs crashes.  A bit of analysis reveals the following
sequence of events (logged using gdb) in which the cairo context
associated with the selected frame is temporarily set to null during the
frame-resize operation, and pgtk_ring_bell and then pgtk_flash are
called before the cairo context is properly restored.

Thread 1 "emacs" hit Hardware watchpoint 10: -location f->output_data.pgtk->cr_context

Old value = (cairo_t *) 0x55555634ce10
New value = (cairo_t *) 0x0
pgtk_cr_update_surface_desired_size (f=0x5555560db020, width=816, height=1060, force=<optimized out>) at /home/carzanig/tmp/emacs/src/pgtkterm.c:7059
7059	      FRAME_CR_SURFACE_DESIRED_WIDTH (f) = width;
(gdb) 
Thread 1 "emacs" hit Breakpoint 14, pgtk_ring_bell (f=0x5555560db020) at /home/carzanig/tmp/emacs/src/pgtkterm.c:3815
3815	{
(gdb) f->output_data.pgtk->cr_context = (nil)

Thread 1 "emacs" hit Hardware watchpoint 10: -location f->output_data.pgtk->cr_context

Old value = (cairo_t *) 0x0
New value = (cairo_t *) 0x55555634a410
0x000055555578aa8c in pgtk_begin_cr_clip (f=f@entry=0x5555560db020) at /home/carzanig/tmp/emacs/src/pgtkterm.c:7081
7081	      cr = FRAME_CR_CONTEXT (f) = cairo_create (surface);
(gdb) 
Thread 1 "emacs" hit Hardware watchpoint 10: -location f->output_data.pgtk->cr_context

Old value = (cairo_t *) 0x55555634a410
New value = (cairo_t *) 0x0
pgtk_cr_update_surface_desired_size (f=0x5555560db020, width=816, height=1060, force=<optimized out>) at /home/carzanig/tmp/emacs/src/pgtkterm.c:7059
7059	      FRAME_CR_SURFACE_DESIRED_WIDTH (f) = width;
(gdb) 
Thread 1 "emacs" hit Hardware watchpoint 10: -location f->output_data.pgtk->cr_context

Old value = (cairo_t *) 0x0
New value = (cairo_t *) 0x55555634ce10
0x000055555578aa8c in pgtk_begin_cr_clip (f=<optimized out>) at /home/carzanig/tmp/emacs/src/pgtkterm.c:7081
7081	      cr = FRAME_CR_CONTEXT (f) = cairo_create (surface);


(gdb) bt full
#0  0x00007ffff749f324 in cairo_get_target () at /lib/x86_64-linux-gnu/libcairo.so.2
#1  0x0000555555784844 in pgtk_flash (f=0x555555d64118) at /home/carzanig/tmp/emacs/src/pgtkterm.c:3737
        surface = <optimized out>
        surface_orig = <optimized out>
        width = <optimized out>
        height = <optimized out>
        cr = <optimized out>
#2  pgtk_ring_bell (f=0x555555d64118) at /home/carzanig/tmp/emacs/src/pgtkterm.c:3818
#3  0x00005555555af5b5 in Fding (arg=<optimized out>) at /home/carzanig/tmp/emacs/src/dispnew.c:6016
#4  0x00005555556ecd50 in Ffuncall (nargs=1, args=args@entry=0x7fffffffdd58) at /home/carzanig/tmp/emacs/src/eval.c:3078
        fun = <optimized out>
        original_fun = 0x2aaa9adb36b0
        funcar = <optimized out>
        numargs = 0
        val = <optimized out>
        count = 4
#5  0x000055555572bc2c in exec_byte_code (bytestr=<optimized out>, vector=<optimized out>, maxdepth=<optimized out>, args_template=<optimized out>, nargs=<optimized out>, args=<optimized out>) at /home/carzanig/tmp/emacs/src/bytecode.c:632
        op = <optimized out>
        type = <optimized out>
        targets = {0x5555555a16ac <exec_byte_code-1614244>, 0x55555572beb5 <exec_byte_code+1637>, 0x55555572beac <exec_byte_code+1628>, 0x55555572bea3 <exec_byte_code+1619>, 0x55555572badf <exec_byte_code+655>, 0x55555572bae3 <exec_byte_code+659>, 0x55555572be5d <exec_byte_code+1549>, 0x55555572be0d <exec_byte_code+1469>, 0x55555572c9c6 <exec_byte_code+4470>, 0x55555572c9bd <exec_byte_code+4461>, 0x55555572c9b4 <exec_byte_code+4452>, 0x55555572cae1 <exec_byte_code+4753>, 0x55555572bb25 <exec_byte_code+725>, 0x55555572bb30 <exec_byte_code+736>, 0x55555572cad0 <exec_byte_code+4736>, 0x55555572c9cf <exec_byte_code+4479>, 0x55555572cc13 <exec_byte_code+5059>, 0x55555572cc0a <exec_byte_code+5050>, 0x55555572cc01 <exec_byte_code+5041>, 0x55555572cbf8 <exec_byte_code+5032>, 0x55555572ba5f <exec_byte_code+527>, 0x55555572ba68 <exec_byte_code+536>, 0x55555572cbcc <exec_byte_code+4988>, 0x55555572cbdd <exec_byte_code+5005>, 0x55555572cc25 <exec_byte_code+5077>, 0x55555572cc1c <exec_byte_code+5068>, 0x55555572cc63 <exec_byte_code+5139>, 0x55555572cc5a <exec_byte_code+5130>, 0x55555572bc59 <exec_byte_code+1033>, 0x55555572bc60 <exec_byte_code+1040>, 0x55555572cc49 <exec_byte_code+5113>, 0x55555572cc2e <exec_byte_code+5086>, 0x55555572ce67 <exec_byte_code+5655>, 0x55555572ce5e <exec_byte_code+5646>, 0x55555572ce55 <exec_byte_code+5637>, 0x55555572ce4c <exec_byte_code+5628>, 0x55555572bbfe <exec_byte_code+942>, 0x55555572bc08 <exec_byte_code+952>, 0x55555572cb7f <exec_byte_code+4911>, 0x55555572ce70 <exec_byte_code+5664>, 0x55555572ce17 <exec_byte_code+5575>, 0x55555572ce0e <exec_byte_code+5566>, 0x55555572ce05 <exec_byte_code+5557>, 0x55555572cdfc <exec_byte_code+5548>, 0x55555572bb95 <exec_byte_code+837>, 0x55555572bba0 <exec_byte_code+848>, 0x55555572ce3b <exec_byte_code+5611>, 0x55555572ce20 <exec_byte_code+5584>, 0x55555572e3a9 <exec_byte_code+11097>, 0x55555572e3e6 <exec_byte_code+11158>, 0x55555572cc6c <exec_byte_code+5148>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x55555572e189 <exec_byte_code+10553>, 0x55555572e13c <exec_byte_code+10476>, 0x55555572e4d2 <exec_byte_code+11394>, 0x55555572e482 <exec_byte_code+11314>, 0x55555572e433 <exec_byte_code+11235>, 0x55555572caea <exec_byte_code+4762>, 0x55555572ca2d <exec_byte_code+4573>, 0x55555572e3f8 <exec_byte_code+11176>, 0x55555572cb3c <exec_byte_code+4844>, 0x55555572c9ea <exec_byte_code+4506>, 0x55555572e55f <exec_byte_code+11535>, 0x55555572e522 <exec_byte_code+11474>, 0x55555572e5b6 <exec_byte_code+11622>, 0x55555572dc55 <exec_byte_code+9221>, 0x55555572debc <exec_byte_code+9836>, 0x55555572de22 <exec_byte_code+9682>, 0x55555572ddcb <exec_byte_code+9595>, 0x55555572dd70 <exec_byte_code+9504>, 0x55555572dd33 <exec_byte_code+9443>, 0x55555572dcf6 <exec_byte_code+9382>, 0x55555572dc9f <exec_byte_code+9295>, 0x55555572e000 <exec_byte_code+10160>, 0x55555572dfa9 <exec_byte_code+10073>, 0x55555572df4e <exec_byte_code+9982>, 0x55555572df0a <exec_byte_code+9914>, 0x55555572e09b <exec_byte_code+10315>, 0x55555572e057 <exec_byte_code+10247>, 0x55555572dbf0 <exec_byte_code+9120>, 0x55555572db8b <exec_byte_code+9019>, 0x55555572db32 <exec_byte_code+8930>, 0x55555572dad6 <exec_byte_code+8838>, 0x55555572da7a <exec_byte_code+8746>, 0x55555572da1e <exec_byte_code+8654>, 0x55555572d9c2 <exec_byte_code+8562>, 0x55555572d97e <exec_byte_code+8494>, 0x55555572d918 <exec_byte_code+8392>, 0x55555572d8d4 <exec_byte_code+8324>, 0x55555572d890 <exec_byte_code+8256>, 0x55555572d84c <exec_byte_code+8188>, 0x55555572d808 <exec_byte_code+8120>, 0x55555572d71a <exec_byte_code+7882>, 0x55555572bcac <exec_byte_code+1116>, 0x55555572d6dd <exec_byte_code+7821>, 0x55555572d69e <exec_byte_code+7758>, 0x55555572d5ee <exec_byte_code+7582>, 0x55555572d59b <exec_byte_code+7499>, 0x55555572d55e <exec_byte_code+7438>, 0x55555572d523 <exec_byte_code+7379>, 0x55555572d4e8 <exec_byte_code+7320>, 0x55555572d4a5 <exec_byte_code+7253>, 0x55555572d466 <exec_byte_code+7190>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x55555572d42b <exec_byte_code+7131>, 0x55555572d3f0 <exec_byte_code+7072>, 0x55555572d3b5 <exec_byte_code+7013>, 0x55555572d37a <exec_byte_code+6954>, 0x55555572d33f <exec_byte_code+6895>, 0x55555572d302 <exec_byte_code+6834>, 0x55555572bcb0 <exec_byte_code+1120>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x55555572d2b7 <exec_byte_code+6759>, 0x55555572c7e3 <exec_byte_code+3987>, 0x55555572c7a6 <exec_byte_code+3926>, 0x55555572c74f <exec_byte_code+3839>, 0x55555572c6f8 <exec_byte_code+3752>, 0x55555572c6bb <exec_byte_code+3691>, 0x55555572c67e <exec_byte_code+3630>, 0x55555572c627 <exec_byte_code+3543>, 0x55555572c5d0 <exec_byte_code+3456>, 0x55555572c579 <exec_byte_code+3369>, 0x55555572c53e <exec_byte_code+3310>, 0x55555572c501 <exec_byte_code+3249>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x55555572d171 <exec_byte_code+6433>, 0x55555572cd9a <exec_byte_code+5450>, 0x55555572ca84 <exec_byte_code+4660>, 0x55555572cd4e <exec_byte_code+5374>, 0x55555572d0f9 <exec_byte_code+6313>, 0x55555572d0b0 <exec_byte_code+6240>, 0x55555572ce8b <exec_byte_code+5691>, 0x55555572d1bd <exec_byte_code+6509>, 0x55555572cb90 <exec_byte_code+4928>, 0x55555572d142 <exec_byte_code+6386>, 0x55555572d22a <exec_byte_code+6618>, 0x55555572d1ec <exec_byte_code+6556>, 0x55555572ccf0 <exec_byte_code+5280>, 0x55555572e340 <exec_byte_code+10992>, 0x55555572e2e5 <exec_byte_code+10901>, 0x55555572e292 <exec_byte_code+10818>, 0x55555572e1fe <exec_byte_code+10670>, 0x55555572cdc8 <exec_byte_code+5496>, 0x55555572c4a6 <exec_byte_code+3158>, 0x55555572c469 <exec_byte_code+3097>, 0x55555572c42c <exec_byte_code+3036>, 0x55555572c3ef <exec_byte_code+2975>, 0x55555572c3b2 <exec_byte_code+2914>, 0x55555572c35b <exec_byte_code+2827>, 0x55555572c304 <exec_byte_code+2740>, 0x55555572c2ad <exec_byte_code+2653>, 0x55555572c256 <exec_byte_code+2566>, 0x55555572c1da <exec_byte_code+2442>, 0x55555572c183 <exec_byte_code+2355>, 0x55555572c12c <exec_byte_code+2268>, 0x55555572c0ef <exec_byte_code+2207>, 0x55555572c098 <exec_byte_code+2120>, 0x55555572c041 <exec_byte_code+2033>, 0x55555572bffb <exec_byte_code+1963>, 0x55555572bfb5 <exec_byte_code+1893>, 0x55555572bf71 <exec_byte_code+1825>, 0x55555572d7c4 <exec_byte_code+8052>, 0x55555572d76d <exec_byte_code+7965>, 0x55555572bf11 <exec_byte_code+1729>, 0x55555572bebe <exec_byte_code+1646>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x55555572d049 <exec_byte_code+6137>, 0x55555572d002 <exec_byte_code+6066>, 0x55555572cfbb <exec_byte_code+5995>, 0x55555572cf77 <exec_byte_code+5927>, 0x55555572cf33 <exec_byte_code+5859>, 0x55555572de5f <exec_byte_code+9743>, 0x55555572e0df <exec_byte_code+10383>, 0x55555572d641 <exec_byte_code+7665>, 0x55555572bdbf <exec_byte_code+1391>, 0x55555572c95a <exec_byte_code+4362>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x55555572c908 <exec_byte_code+4280>, 0x55555572c85e <exec_byte_code+4110>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x5555555a16b0 <exec_byte_code-1614240>, 0x55555572c820 <exec_byte_code+4048> <repeats 64 times>}
        const_length = <optimized out>
        bytestr_length = <optimized out>
        vectorp = <optimized out>
        quitcounter = 1 '\001'
        stack_items = <optimized out>
        sa_avail = <optimized out>
        sa_count = <optimized out>
        alloc = <optimized out>
        stack_base = <optimized out>
        top = 0x7fffffffdd58
        stack_lim = <optimized out>
        bytestr_data = <optimized out>
        pc = <optimized out>
        count = 4
        result = <optimized out>
#6  0x00005555556ecbe7 in Ffuncall (nargs=1, args=0x7fffffffe038) at /home/carzanig/tmp/emacs/src/eval.c:3094
        fun = <optimized out>
        original_fun = 0xf450
        funcar = <optimized out>
        numargs = 0
        val = <optimized out>
        count = 3
#7  0x00005555556ecdfc in call0 (fn=<optimized out>, fn@entry=0xf450) at /home/carzanig/tmp/emacs/src/eval.c:2931
#8  0x000055555567b2da in command_loop_1 () at /home/carzanig/tmp/emacs/src/keyboard.c:1482
        cmd = 0x0
        keybuf = {0xb015a0, 0x4, 0x7ffff0c26f25, 0x7fffffffe090, 0x53474e, 0xa3abe6a415239f00, 0x6f6e280000000000, 0x0, 0x4000000010000000, 0x400000003f000000, 0x555555bd3840 <lispsym>, 0x2aaa9b0536b0, 0x7fffffffe1c0, 0x5555556ef277 <eval_sub+487>, 0x6f6e280000000000, 0x29656e, 0xa0, 0x4, 0x0, 0x7fffffffe548, 0x7fffffffe8cb, 0xa3abe6a415239f00, 0x7ffff71b9b00, 0x78, 0x7fffffffe190, 0x0, 0x0, 0x7fffffffe330, 0x2, 0x5555556ec7f4 <unbind_to+148>}
        i = <optimized out>
        prev_modiff = 23
        prev_buffer = 0x7ffff093b708
        already_adjusted = false
#9  0x00005555556ebba7 in internal_condition_case (bfun=bfun@entry=0x55555567ab80 <command_loop_1>, handlers=handlers@entry=0x90, hfun=hfun@entry=0x555555671410 <cmd_error>) at /home/carzanig/tmp/emacs/src/eval.c:1492
        val = <optimized out>
        c = 0x555555c2a200
#10 0x000055555566b13e in command_loop_2 (handlers=handlers@entry=0x90) at /home/carzanig/tmp/emacs/src/keyboard.c:1135
        val = <optimized out>
#11 0x00005555556ebae9 in internal_catch (tag=tag@entry=0xed00, func=func@entry=0x55555566b110 <command_loop_2>, arg=arg@entry=0x90) at /home/carzanig/tmp/emacs/src/eval.c:1223
        val = <optimized out>
        c = 0x555555c2a800
#12 0x000055555566b0d9 in command_loop () at /home/carzanig/tmp/emacs/src/keyboard.c:1113
#13 0x0000555555671000 in recursive_edit_1 () at /home/carzanig/tmp/emacs/src/keyboard.c:722
        count = 1
        val = <optimized out>
#14 0x0000555555671359 in Frecursive_edit () at /home/carzanig/tmp/emacs/src/keyboard.c:805
        count = 0
        buffer = <optimized out>
#15 0x00005555555a4f53 in main (argc=<optimized out>, argv=<optimized out>) at /home/carzanig/tmp/emacs/src/emacs.c:2427
        stack_bottom_variable = 0x0
        no_loadup = false
        junk = 0x0
        dname_arg = 0x0
        ch_to_dir = 0x0
        original_pwd = <optimized out>
        dump_mode = <optimized out>
        skip_args = 0
        temacs = 0x0
        attempt_load_pdump = <optimized out>
        rlim = {
          rlim_cur = 10022912,
          rlim_max = 18446744073709551615
        }
        lc_all = <optimized out>
        sockfd = -1
        module_assertions = <optimized out>
(gdb) 

In GNU Emacs 29.0.50 (build 1, x86_64-pc-linux-gnu, GTK+ Version 3.24.30, cairo version 1.16.0)
 of 2022-01-21 built on siena
Repository revision: 1fefb15aa8ef1de3e78e55af0395bc543bb8018f
Repository branch: master
System Description: Ubuntu 21.10

Configured using:
 'configure --prefix=/opt/emacs-29 --with-native-compilation
 --with-pgtk'

Configured features:
CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GSETTINGS HARFBUZZ JPEG JSON
LIBSELINUX LIBXML2 MODULES NATIVE_COMP NOTIFY INOTIFY PDUMPER PGTK PNG
SECCOMP SOUND SQLITE3 THREADS TIFF TOOLKIT_SCROLL_BARS XIM GTK3 ZLIB

Important settings:
  value of $LC_ALL: en_US.utf8
  value of $LC_MONETARY: en_US.UTF-8
  value of $LC_NUMERIC: en_US.UTF-8
  value of $LC_TIME: en_US.UTF-8
  value of $LANG: en_US.UTF-8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8

Major mode: Group

Minor modes in effect:
  gnus-topic-mode: t
  gnus-undo-mode: t
  global-company-mode: t
  company-mode: t
  vertico-mode: t
  override-global-mode: t
  electric-pair-mode: t
  display-time-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  show-paren-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  buffer-read-only: t
  line-number-mode: t
  indent-tabs-mode: t

Load-path shadows:
/home/carzanig/.emacs.d/elpa/transient-0.3.7/transient hides /opt/emacs-29/share/emacs/29.0.50/lisp/transient

Features:
(gnus-cite ecomplete gnus-topic nnselect gnus-search eieio-opt speedbar
ezimage dframe nnagent nnml nndraft nnmh nnmaildir org-agenda
gnus-icalendar org-capture org-refile org org-macro org-footnote
org-pcomplete pcomplete org-list org-faces org-entities noutline outline
org-version ob-C ob ob-tangle org-src ob-ref ob-lob ob-table ob-exp
ob-comint ob-emacs-lisp ob-core ob-eval org-table oc-basic bibtex ol
org-keys oc org-compat advice org-macs org-loaddefs find-func spam
spam-stat gnus-uu yenc gnus-registry registry eieio-base gnus-agent
gnus-srvr gnus-score score-mode nnvirtual nntp gnus-cache bbdb-com bbdb
bbdb-site timezone shadow sort mail-extr gnus-msg gnus-art mm-uu mml2015
gnus-sum shr pixel-fill kinsoku svg dom gnus-group gnus-undo gnus-start
gnus-dbus dbus xml gnus-cloud nnimap nnmail mail-source utf7 netrc nnoo
parse-time iso8601 gnus-spec gnus-int gnus-range gnus-win gnus nnheader
range emacsbug sendmail cl-print help-fns ggtags hippie-exp warnings
ewoc compile autoload radix-tree tar-mode arc-mode archive-mode cus-edit
cus-start lisp-mnt mm-archive mule-util gnutls network-stream url-http
url-gw nsm url-cache url-auth consult-vertico consult recentf
tree-widget bookmark pp vc-mtn vc-hg vc-bzr vc-src vc-sccs vc-svn vc-cvs
vc-rcs misearch multi-isearch vc-git vc vc-dispatcher bug-reference
cc-mode cc-fonts cc-guess cc-menus cc-cmds cc-styles cc-align cc-engine
cc-vars cc-defs dabbrev gdb-mi gud comint ansi-color bongo lastfm-submit
rx notmuch notmuch-tree notmuch-jump notmuch-hello wid-edit notmuch-show
notmuch-print notmuch-crypto notmuch-mua notmuch-message notmuch-draft
notmuch-maildir-fcc notmuch-address notmuch-company notmuch-parser
format-spec notmuch-wash diff-mode coolj notmuch-query goto-addr
thingatpt icalendar diary-lib diary-loaddefs cal-menu calendar
cal-loaddefs notmuch-tag crm notmuch-lib notmuch-compat hl-line message
yank-media rmc puny dired-x dired dired-loaddefs rfc822 mml mailabbrev
mail-utils gmm-utils mailheader mm-view mml-smime mml-sec epa derived
epg rfc6068 epg-config gnus-util text-property-search time-date smime
dig mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045
mm-util ietf-drums mail-prsvr org-install dictionary
dictionary-connection orderless company-oddmuse company-keywords
company-etags etags fileloop generator xref project ring company-gtags
company-dabbrev-code company-dabbrev company-files company-capf
company-cmake company-xcode company-clang company-semantic company-eclim
company-template company-bbdb company edmacro kmacro pcase vertico
cl-extra help-mode use-package use-package-ensure use-package-delight
use-package-diminish use-package-bind-key bind-key easy-mmode
use-package-core finder-inf elec-pair time cus-load tex-site info
package browse-url url url-proxy url-privacy url-expand url-methods
url-history url-cookie url-domsuf url-util mailcap url-handlers
url-parse auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs
password-cache json map url-vars seq gv subr-x byte-opt bytecomp
byte-compile cconv cl-loaddefs cl-lib iso-transl tooltip eldoc paren
electric uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel
term/pgtk-win pgtk-win term/common-win tool-bar dnd fontset image
regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu
timer select scroll-bar mouse jit-lock font-lock syntax font-core
term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese composite emoji-zwj charscript charprop case-table
epa-hook jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice
button loaddefs faces cus-face macroexp files window text-properties
overlay sha1 md5 base64 format env code-pages mule custom widget keymap
hashtable-print-readable backquote threads dbusbind inotify
dynamic-setting system-font-setting font-render-setting cairo
move-toolbar gtk x-toolkit pgtk multi-tty make-network-process
native-compile emacs)

Memory information:
((conses 16 3987002 589173)
 (symbols 48 39911 7)
 (strings 32 1538416 233916)
 (string-bytes 1 72897931)
 (vectors 16 652835)
 (vector-slots 8 8585681 455119)
 (floats 8 24466 650347)
 (intervals 56 158425 37205)
 (buffers 992 50))

bug#53420: 29.0.50; NULL cairo context while frame resize, causes segfault with visible-bell

[Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors]

Antonio Carzaniga <antonio.carzaniga@usi.ch> writes:

> M-x set-variable RET visible-bell
>
> Now resize the emacs frame and at the same time give a keyboard command
> that causes emacs to ring the bell.  I know it's not a common thing to
> do, in fact I just happened to do that by mistake.  Specifically for me,
> s-<up> maximizes the frame vertically, and I also pressed <down>, which
> causes emacs to complain that s-<down> is undefined and therefore ring
> the bell.
>
> Anyway, now emacs crashes.  A bit of analysis reveals the following
> sequence of events (logged using gdb) in which the cairo context
> associated with the selected frame is temporarily set to null during the
> frame-resize operation, and pgtk_ring_bell and then pgtk_flash are
> called before the cairo context is properly restored.

Thanks, should be fixed now.

bug#53420: 29.0.50; NULL cairo context while frame resize, causes segfault with visible-bell

[Antonio Carzaniga]

Thank you!  But I think there's another problem now.  Input is blocked.
Shouldn't you get out of pgtk_flash *before* you call block_input, as in
the patch below?  (Or call unblock_input...)

-Antonio

diff --git a/src/pgtkterm.c b/src/pgtkterm.c
index 8073f51c61..c402dd3e74 100644
--- a/src/pgtkterm.c
+++ b/src/pgtkterm.c
@@ -3731,12 +3731,12 @@ recover_from_visible_bell (struct atimer *timer)
 static void
 pgtk_flash (struct frame *f)
 {
+  if (!FRAME_CR_CONTEXT (f))
+    return;
+
   block_input ();
 
   {
-    if (!FRAME_CR_CONTEXT (f))
-      return;
-
     cairo_surface_t *surface_orig = FRAME_CR_SURFACE (f);
 
     int width = FRAME_CR_SURFACE_DESIRED_WIDTH (f);


Po Lu <luangruo@yahoo.com> writes:

> Antonio Carzaniga <antonio.carzaniga@usi.ch> writes:
>
>> M-x set-variable RET visible-bell
>>
>> Now resize the emacs frame and at the same time give a keyboard command
>> that causes emacs to ring the bell.  I know it's not a common thing to
>> do, in fact I just happened to do that by mistake.  Specifically for me,
>> s-<up> maximizes the frame vertically, and I also pressed <down>, which
>> causes emacs to complain that s-<down> is undefined and therefore ring
>> the bell.
>>
>> Anyway, now emacs crashes.  A bit of analysis reveals the following
>> sequence of events (logged using gdb) in which the cairo context
>> associated with the selected frame is temporarily set to null during the
>> frame-resize operation, and pgtk_ring_bell and then pgtk_flash are
>> called before the cairo context is properly restored.
>
> Thanks, should be fixed now.

bug#53420: 29.0.50; NULL cairo context while frame resize, causes segfault with visible-bell

[Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors]

Antonio Carzaniga <antonio.carzaniga@usi.ch> writes:

> Thank you!  But I think there's another problem now.  Input is blocked.
> Shouldn't you get out of pgtk_flash *before* you call block_input, as in
> the patch below?  (Or call unblock_input...)

Thanks, should be fixed now.

bug#53420: 29.0.50; NULL cairo context while frame resize, causes segfault with visible-bell

[Antonio Carzaniga]

> Thanks, should be fixed now.

very good.  Thank you!

-Antonio

bug#53420: 29.0.50; NULL cairo context while frame resize, causes segfault with visible-bell

[Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors]

Antonio Carzaniga <antonio.carzaniga@usi.ch> writes:

>> Thanks, should be fixed now.
>
> very good.  Thank you!
>
> -Antonio

I'm closing this bug, thanks.