From: Po Lu via "Bug reports for GNU Emacs, the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
To: "Gerd Möllmann" <gerd.moellmann@gmail.com>
Cc: 58334@debbugs.gnu.org
Subject: bug#58334: 29.0.50; ASAN heap use after free in gui_produce_glyphs
Date: Fri, 07 Oct 2022 08:46:15 +0800 [thread overview]
Message-ID: <87mta8qx48.fsf@yahoo.com> (raw)
In-Reply-To: <m2a669atai.fsf@Mini.fritz.box> ("Gerd Möllmann"'s message of "Thu, 06 Oct 2022 17:03:17 +0200")
Gerd Möllmann <gerd.moellmann@gmail.com> writes:
> #0 0x1033f2ca8 in wrap_malloc+0x94 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3eca8)
> #1 0x1005af4f4 in lmalloc alloc.c:1361
> #2 0x1005af40c in xmalloc alloc.c:751
> #3 0x1003f92b4 in make_realized_face xfaces.c:4471
> #4 0x1003f5c00 in realize_gui_face xfaces.c:6023
> #5 0x1003e4000 in realize_face xfaces.c:5954
[...]
> #14 0x1005592d8 in Fvertical_motion indent.c:2241
I'm pretty sure the right fix is to block input around realize_face and
Fvertical_motion, since that code is clearly not reentrant.
> The problem here, it seems to me, is that the redisplay done in
> -[EmacsView layoutSublayersOfLayer:] nsterm.m:8675, frees realized faces
> at a moment that the code doesn't cannot expect.
Also, how come layoutSublayersOfLayer is called so often? AFAIU it's
only there to coax the system into actually resizing Emacs while the
system blocks the input loop from returning control to Emacs, which
should only happen during drag-to-resize.
next prev parent reply other threads:[~2022-10-07 0:46 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-06 15:03 bug#58334: 29.0.50; ASAN heap use after free in gui_produce_glyphs Gerd Möllmann
2022-10-06 16:00 ` Eli Zaretskii
2022-10-06 18:01 ` Gerd Möllmann
2022-10-06 18:30 ` Eli Zaretskii
2022-10-06 18:36 ` Gerd Möllmann
2022-10-07 12:01 ` Eli Zaretskii
2022-10-07 12:03 ` Gerd Möllmann
2022-10-07 12:06 ` Eli Zaretskii
2022-10-07 12:08 ` Gerd Möllmann
2022-10-07 12:12 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 12:16 ` Eli Zaretskii
2022-10-07 12:23 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 12:14 ` Eli Zaretskii
2022-10-07 12:34 ` Gerd Möllmann
2022-10-07 0:37 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 5:06 ` Gerd Möllmann
2022-10-07 7:12 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 7:20 ` Gerd Möllmann
2022-10-07 0:46 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors [this message]
2022-10-07 5:23 ` Gerd Möllmann
2022-10-07 7:03 ` Eli Zaretskii
2022-10-07 7:20 ` Gerd Möllmann
2022-10-07 8:07 ` Gerd Möllmann
2022-10-07 8:36 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 8:54 ` Gerd Möllmann
2022-10-07 10:28 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 11:11 ` Gerd Möllmann
2022-10-07 11:19 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 11:34 ` Eli Zaretskii
2022-10-07 11:38 ` Gerd Möllmann
2022-10-07 11:29 ` Eli Zaretskii
2022-10-07 12:16 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 12:27 ` Eli Zaretskii
2022-10-07 11:19 ` Eli Zaretskii
2022-10-07 11:34 ` Gerd Möllmann
2022-10-07 11:13 ` Eli Zaretskii
2022-10-07 11:08 ` Eli Zaretskii
2022-10-07 11:29 ` Gerd Möllmann
2022-10-07 11:44 ` Eli Zaretskii
2022-10-07 12:01 ` Gerd Möllmann
2022-10-07 12:05 ` Eli Zaretskii
2022-10-07 12:14 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 12:17 ` Gerd Möllmann
2022-10-07 12:22 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 12:36 ` Gerd Möllmann
2022-10-08 6:58 ` Gerd Möllmann
2022-10-08 7:59 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87mta8qx48.fsf@yahoo.com \
--to=bug-gnu-emacs@gnu.org \
--cc=58334@debbugs.gnu.org \
--cc=gerd.moellmann@gmail.com \
--cc=luangruo@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).