From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Robert Pluim <rpluim@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#66098: Crash in itree.c on macOS with incomplete backtrace
Date: Tue, 19 Sep 2023 12:09:24 +0200
Message-ID: <87jzsmiiej.fsf@gmail.com>
References: <CADwFkmmFP4YmeOOkSCBgSY8DNEERQdefMHBaNchsoJK_j5DpnQ@mail.gmail.com>
 <87o7hyikiv.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="23717"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: 66098@debbugs.gnu.org, Paul Eggert <eggert@cs.ucla.edu>
To: Stefan Kangas <stefankangas@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Tue Sep 19 12:10:07 2023
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1qiXgD-0005sk-Uv
	for geb-bug-gnu-emacs@m.gmane-mx.org; Tue, 19 Sep 2023 12:10:05 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1qiXg2-0002Cm-Te; Tue, 19 Sep 2023 06:09:54 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qiXg1-00026J-Kt
 for bug-gnu-emacs@gnu.org; Tue, 19 Sep 2023 06:09:53 -0400
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1qiXg1-0004qC-DD
 for bug-gnu-emacs@gnu.org; Tue, 19 Sep 2023 06:09:53 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1qiXgA-0006tH-3H
 for bug-gnu-emacs@gnu.org; Tue, 19 Sep 2023 06:10:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Robert Pluim <rpluim@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 19 Sep 2023 10:10:02 +0000
Resent-Message-ID: <handler.66098.B66098.169511818426455@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 66098
X-GNU-PR-Package: emacs
Original-Received: via spool by 66098-submit@debbugs.gnu.org id=B66098.169511818426455
 (code B ref 66098); Tue, 19 Sep 2023 10:10:02 +0000
Original-Received: (at 66098) by debbugs.gnu.org; 19 Sep 2023 10:09:44 +0000
Original-Received: from localhost ([127.0.0.1]:55405 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1qiXfr-0006sc-V3
 for submit@debbugs.gnu.org; Tue, 19 Sep 2023 06:09:44 -0400
Original-Received: from mail-wm1-x336.google.com ([2a00:1450:4864:20::336]:59770)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rpluim@gmail.com>) id 1qiXfo-0006sK-Qb
 for 66098@debbugs.gnu.org; Tue, 19 Sep 2023 06:09:43 -0400
Original-Received: by mail-wm1-x336.google.com with SMTP id
 5b1f17b1804b1-3ff1c397405so59284915e9.3
 for <66098@debbugs.gnu.org>; Tue, 19 Sep 2023 03:09:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1695118166; x=1695722966; darn=debbugs.gnu.org;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=sxJAaWoyV0OV+6mOEdMzMhD9YI9gjUo63auBLIPC2Tc=;
 b=XgY5F70GiTT+bsRZKscfAnBgj0TgMdsSBzpeJNTvv1shmMMmyBA56bdkhabN5uew88
 xmmTFkKlVf329boOqZS+oEDT5gv16iTmjZZVUdv1X/3znSfaldVfA9VUA0X5+45Ah5cJ
 jmIuoBmVVafhxg3a2LoV8AlBxmBw48RJNCzYjHY0q/BWvE9/sLbbUE8St3fd9EqInnVx
 hOhHHZSIcdNqdOfnzLWE+mKoBLrY4puA0XuyULo4K5uluGIf8a4bbK+jFzPPbH9O50cD
 v39IwKNkifQLfYFGMK3BhZgbpafAdzMuZAdrIHcVx+3hapOrkt2MGHBOsphUYehI+9is
 zyLw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1695118166; x=1695722966;
 h=content-transfer-encoding:mime-version:message-id:date:references
 :in-reply-to:subject:cc:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=sxJAaWoyV0OV+6mOEdMzMhD9YI9gjUo63auBLIPC2Tc=;
 b=uci0W4RfTOtYrd7YUXYHfQdUt9HzTzK/Z2x9OqQ0+tXp7P8h9LSHkssi5k+bm5rNc3
 hFB5xohSHs+aB0kMLddl+38CjPwlRWCfLrZHpbdx5f7ByJGeNJz5hIzqFtq0DRxLToyt
 H24vd0cRqE8P+ezQjnQdmEpsRiEKcR/z7dm2aro/3x4f1/E319DnjVinMpW7gJ/6sw0A
 kPeqSl1WkZo9rWnhcqSyzOOq0i5xX9qNFrjFHsQuYPGlFkitGKkafBOdIKxuUOp4MwQq
 9ij3dOsyVfxlLi4k7GCteaM9JM8QmVGbUu7997plhMwLly6B6LmqqASz8OSExeV1dpdc
 KdfQ==
X-Gm-Message-State: AOJu0YxvTIIYKHqo9wsBYuNl/0Zbw8hh34GFDI5aWUjdsdVYERd04M2G
 dhsEgEqXbbJ53HeMhJbW1Qs=
X-Google-Smtp-Source: AGHT+IHTlzoa3ZEnQfvUjjZ/Q6N0Q1D80XzVv1OI9vNC3JU2U9oPs9EIhtVHm5FTHID9Rh021GwTcg==
X-Received: by 2002:adf:b1d6:0:b0:31f:fb7f:d701 with SMTP id
 r22-20020adfb1d6000000b0031ffb7fd701mr8405078wra.9.1695118165509; 
 Tue, 19 Sep 2023 03:09:25 -0700 (PDT)
Original-Received: from rltb ([2a01:e0a:3f3:fb50:d837:9a8f:f5d9:8bdc])
 by smtp.gmail.com with ESMTPSA id
 q8-20020a5d5748000000b0031de43fe9bfsm15241179wrw.0.2023.09.19.03.09.24
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 19 Sep 2023 03:09:24 -0700 (PDT)
In-Reply-To: <87o7hyikiv.fsf@gmail.com> (Robert Pluim's message of "Tue, 19
 Sep 2023 11:23:36 +0200")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:270859
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/270859>

>>>>> On Tue, 19 Sep 2023 11:23:36 +0200, Robert Pluim <rpluim@gmail.com> s=
aid:

>>>>> On Tue, 19 Sep 2023 01:47:41 -0700, Stefan Kangas <stefankangas@gmail=
.com> said:
    Stefan> After rebuilding from master yesterday, I've started seeing fre=
quent
    Stefan> crashes (several times a day) on macOS.  Thus, I re-built with =
all the
    Stefan> debug flags to investigate, and was able to get Emacs to crash =
almost
    Stefan> immediately after start, with the command `M-x notmuch'.

    Stefan> I'm not able to get much of a backtrace (see below).  Could it =
be that
    Stefan> the stack got corrupted somehow?  I've left the gdb session of =
the
    Stefan> crashed process open in case anyone has any ideas.  Is valgrind=
 the best
    Stefan> tool for digging further, or are there any other tricks I can t=
ry?

    Robert> Does valgrind run on macOS these days? I=CA=BCd start by adding
    Robert> '-fsanitize=3Daddress' to your CFLAGS.

Which I just tried, and it gave me

=3D=3D22145=3D=3DERROR: AddressSanitizer: stack-buffer-underflow on address=
 0x00016dcc4540 at pc 0x000105924ee0 bp 0x00016dcc4090 sp 0x00016dcc3850
READ of size 8 at 0x00016dcc4540 thread T0
    #0 0x105924edc in __asan_memcpy+0x1a4 (libclang_rt.asan_osx_dynamic.dyl=
ib:arm64e+0x40edc) (BuildId: f0a7ac5c49bc3abc851181b6f92b308a32000000200000=
000100000000000b00)
    #1 0x1022d388c in vadd_to_log xdisp.c:11821
    #2 0x1022d32b4 in add_to_log xdisp.c:11798

Which I fixed like this:

diff --git a/src/xdisp.c b/src/xdisp.c
index 2944f3964e8..f1980c4f20c 100644
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -11808,7 +11808,7 @@ vadd_to_log (char const *format, va_list ap)
   eassert (nargs <=3D ARRAYELTS (args));
   AUTO_STRING (args0, format);
   args[0] =3D args0;
-  for (ptrdiff_t i =3D 1; i <=3D nargs; i++)
+  for (ptrdiff_t i =3D 1; i < nargs; i++)
     args[i] =3D va_arg (ap, Lisp_Object);
   Lisp_Object msg =3D Qnil;
   msg =3D Fformat_message (nargs, args);

Given that this code has been like this since 2015, please sanity
check the patch whilst I up my caffeine levels :-)

Robert
--=20