bug#31362: 24.5; Crash after eval a form

bug#31362: 24.5; Crash after eval a form

[Tino Calancha]

X-Debbugs-CC: Paul Eggert <eggert@cs.ucla.edu>, Stefan Monnier <monnier@iro.umontreal.ca>

emacs -Q
;; Emacs crash after evaluate the following form:
(let* ((lst (list 'x))
       (form (cons 'die
                   (list 'w '(pop lst)))))
  (while lst
    (setq form
          (cons 'die
                (cons form
                      (list '(pop lst))))))
  form)

;; Same behavior in Emacs 25, 26 and master.
;; The crash seems to happen because of the following assert (lisp.h:1468) fails:
INLINE ptrdiff_t
SCHARS (Lisp_Object string)
{
  ptrdiff_t nchars = XSTRING (string)->u.s.size;
  eassume (0 <= nchars);
  return nchars;
}

In GNU Emacs 24.5.1 (x86_64-pc-linux-gnu, GTK+ Version 3.22.11)
 of 2017-09-12 on hullmann, modified by Debian
Windowing system distributor `The X.Org Foundation', version 11.0.11902000
System Description:	Debian GNU/Linux 9.4 (stretch)

Configured using:
 `configure --build x86_64-linux-gnu --prefix=/usr
 --sharedstatedir=/var/lib --libexecdir=/usr/lib
 --localstatedir=/var/lib --infodir=/usr/share/info
 --mandir=/usr/share/man --with-pop=yes
 --enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-lisp:/usr/share/emacs/site-lisp
 --without-gnutls --build x86_64-linux-gnu --prefix=/usr
 --sharedstatedir=/var/lib --libexecdir=/usr/lib
 --localstatedir=/var/lib --infodir=/usr/share/info
 --mandir=/usr/share/man --with-pop=yes
 --enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-lisp:/usr/share/emacs/site-lisp
 --without-gnutls --with-x=yes --with-x-toolkit=gtk3
 --with-toolkit-scroll-bars 'CFLAGS=-g -O2
 -fdebug-prefix-map=/build/emacs24-24.5+1=. -fstack-protector-strong
 -Wformat -Werror=format-security -Wall -fno-PIE' 'CPPFLAGS=-Wdate-time
 -D_FORTIFY_SOURCE=2' 'LDFLAGS=-Wl,-z,relro -no-pie''

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix

Major mode: Emacs-Lisp

Minor modes in effect:
  tooltip-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.

Load-path shadows:
None found.

Features:
(shadow sort gnus-util mail-extr emacsbug message format-spec rfc822 mml
easymenu mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231
mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums
mm-util help-fns mail-prsvr mail-utils time-date tooltip electric
uniquify ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd tool-bar
dnd fontset image regexp-opt fringe tabulated-list newcomment lisp-mode
prog-mode register page menu-bar rfn-eshadow timer select scroll-bar
mouse jit-lock font-lock syntax facemenu font-core frame cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev
minibuffer nadvice loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote make-network-process
dbusbind gfilenotify dynamic-setting system-font-setting
font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs)

Memory information:
((conses 16 71508 4550)
 (symbols 48 17556 0)
 (miscs 40 38 88)
 (strings 32 9162 4602)
 (string-bytes 1 250704)
 (vectors 16 8910)
 (vector-slots 8 383182 18774)
 (floats 8 63 238)
 (intervals 56 244 4)
 (buffers 960 12))

bug#31362: 24.5; Crash after eval a form

[Andreas Schwab]

On Mai 04 2018, Tino Calancha <tino.calancha@gmail.com> wrote:

> ;; Emacs crash after evaluate the following form:
> (let* ((lst (list 'x))
>        (form (cons 'die
>                    (list 'w '(pop lst)))))
>   (while lst
>     (setq form
>           (cons 'die
>                 (cons form
>                       (list '(pop lst))))))
>   form)

This creates a degenerate list, causing stack overflow during GC.

Andreas.

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."

bug#31362: 24.5; Crash after eval a form

[Noam Postavsky]

forcemerge 2099 31362
retitle 2099 stack overflow in GC when creating large nested object
quit

Andreas Schwab <schwab@linux-m68k.org> writes:

> On Mai 04 2018, Tino Calancha <tino.calancha@gmail.com> wrote:
>
>> ;; Emacs crash after evaluate the following form:
>> (let* ((lst (list 'x))
>>        (form (cons 'die
>>                    (list 'w '(pop lst)))))
>>   (while lst
>>     (setq form
>>           (cons 'die
>>                 (cons form
>>                       (list '(pop lst))))))
>>   form)
>
> This creates a degenerate list, causing stack overflow during GC.

Right, this is just a more complicated version of #2099.

bug#31362: GC stack overflow fixed

[Mattias Engdegård]

Now that bug#54698 is resolved, we can close bug#31362 and bug#46900 which seem to have been about that, essentially.

If that didn't do it for you, please let us know.