* 23.1; json-read-string crashes emacs with long string
@ 2010-05-18 16:08 Carl Worth
2010-05-18 17:16 ` bug#6214: " Leo
` (3 more replies)
0 siblings, 4 replies; 16+ messages in thread
From: Carl Worth @ 2010-05-18 16:08 UTC (permalink / raw)
To: bug-gnu-emacs-mXXj517/zsQ; +Cc: Notmuch mailing list
> Please describe exactly what actions triggered the bug
> and the precise symptoms of the bug:
A user of the emacs-based mail client, Notmuch [*], found that
attempting to display a particular message would consistently
causes a segmentation fault in emacs.
I tracked this down to calling `json-read-string' with a very long
string, (roughly 1 million characters). Rather than including that
enormous string in this message, here's a little snippet of emacs lisp
that creates and reads such a string. So, if evaluated, this code should
trigger the segmentation fault, (assuming a copy of GPLv3 exists at
/usr/share/emacs/23.1/etc/COPYING---adjust the filename if necessary).
;; Caution: Evaluating the block below has been known to crash emacs
(with-temp-buffer
(require 'json)
;; First we just need a lot of text. 32 copies of GPLv3 seems to do it
(dotimes (i 32)
(insert-file "/usr/share/emacs/23.1/etc/COPYING"))
;; Now create a buffer with a json-encoded version of the text
(let ((json-string (json-encode-string (buffer-string))))
(with-temp-buffer
(insert json-string)
(goto-char (point-min))
;; And try to read the string. This triggers the segfault.
(json-read-string))))
> If Emacs crashed, and you have the Emacs process in the gdb debugger,
> please include the output from the following gdb commands:
> `bt full' and `xbacktrace'.
I haven't attempted to debug this within gdb yet, (I'll have to get my
hands on a build of emacs with debugging symbols first). But I wanted to
share things right away, so that perhaps someone else could do further
debugging and follow up.
In the meantime, notmuch folks, if you've got a good idea for modifying
notmuch to avoid this bug I'd be glad to hear it. Adjust followups to
include the notmuch list and not the gnu.org bug address as appropriate.
-Carl
[*] http://notmuchmail.org
PS. Here are some of the details provided by `report-emacs-bug':
In GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.18.2)
of 2010-01-26 on raven, modified by Debian
Windowing system distributor `The X.Org Foundation', version 11.0.10799001
configured using `configure '--build=i486-linux-gnu' '--host=i486-linux-gnu' '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib' '--localstatedir=/var/lib' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-pop=yes' '--enable-locallisppath=/etc/emacs23:/etc/emacs:/usr/local/share/emacs/23.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/23.1/site-lisp:/usr/share/emacs/site-lisp:/usr/share/emacs/23.1/leim' '--with-x=yes' '--with-x-toolkit=gtk' '--with-toolkit-scroll-bars' 'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu' 'CFLAGS=-DDEBIAN -g -O2' 'LDFLAGS=-g' 'CPPFLAGS=''
Important settings:
value of $LC_ALL: nil
value of $LC_COLLATE: nil
value of $LC_CTYPE: nil
value of $LC_MESSAGES: nil
value of $LC_MONETARY: nil
value of $LC_NUMERIC: nil
value of $LC_TIME: nil
value of $LANG: en_US.UTF-8
value of $XMODIFIERS: nil
locale-coding-system: utf-8-unix
default-enable-multibyte-characters: t
--
carl.d.worth-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org
^ permalink raw reply [flat|nested] 16+ messages in thread* bug#6214: 23.1; json-read-string crashes emacs with long string 2010-05-18 16:08 23.1; json-read-string crashes emacs with long string Carl Worth @ 2010-05-18 17:16 ` Leo 2010-05-18 17:43 ` bug#6214: `bt full' output Nelson Elhage ` (2 subsequent siblings) 3 siblings, 0 replies; 16+ messages in thread From: Leo @ 2010-05-18 17:16 UTC (permalink / raw) To: bug-gnu-emacs; +Cc: notmuch On 2010-05-18 17:08 +0100, Carl Worth wrote: > ;; Caution: Evaluating the block below has been known to crash emacs > (with-temp-buffer > (require 'json) > ;; First we just need a lot of text. 32 copies of GPLv3 seems to do it > (dotimes (i 32) > (insert-file "/usr/share/emacs/23.1/etc/COPYING")) > ;; Now create a buffer with a json-encoded version of the text > (let ((json-string (json-encode-string (buffer-string)))) > (with-temp-buffer > (insert json-string) > (goto-char (point-min)) > ;; And try to read the string. This triggers the segfault. > (json-read-string)))) Crash emacs 23.2 too. Leo ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#6214: `bt full' output 2010-05-18 16:08 23.1; json-read-string crashes emacs with long string Carl Worth 2010-05-18 17:16 ` bug#6214: " Leo @ 2010-05-18 17:43 ` Nelson Elhage 2010-05-18 18:07 ` bug#6214: 23.1; json-read-string crashes emacs with long string Chong Yidong [not found] ` <handler.6214.D6214.12742060387114.notifdone@debbugs.gnu.org> 3 siblings, 0 replies; 16+ messages in thread From: Nelson Elhage @ 2010-05-18 17:43 UTC (permalink / raw) To: 6214 [-- Attachment #1: Type: text/plain, Size: 280 bytes --] I can reproduce the bug, and got it in gdb with debug symbols. I'm running: GNU Emacs 23.1.1 (x86_64-pc-linux-gnu, X toolkit, Xaw3d scroll bars) of 2010-03-26 on crested, modified by Debian Attached is the 'bt full' output from the SEGV after 'emacs --batch -l json-crash.el' [-- Attachment #2: 'bt full' from emacs segv --] [-- Type: text/plain, Size: 24925 bytes --] (gdb) bt full #0 Fstring (n=1122176, args=0x7fffff76c348) at character.c:973 i = 0 p = 0x7fffff2124d0 <Address 0x7fffff2124d0 out of bounds> c = 10 #1 0x000000000054aee1 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3026 fun = <value optimized out> original_fun = 11102209 funcar = <value optimized out> numargs = 1122176 val = <value optimized out> backtrace = { next = 0x7fffffffbfe0, function = 0x7fffff76c340, args = 0x7fffff76c348, nargs = 1122176, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffff76c348 i = <value optimized out> #2 0x000000000054c37e in Fapply (nargs=1, args=0x7fffffffc058) at eval.c:2533 ret_ungc_val = 10 i = <value optimized out> numargs = <value optimized out> spread_arg = 11008721 funcall_args = 0x7fffff76c340 fun = <value optimized out> #3 0x000000000054aee1 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3026 fun = <value optimized out> original_fun = 11233665 funcar = <value optimized out> numargs = 2 val = <value optimized out> backtrace = { next = 0x7fffffffc270, function = 0x7fffffffc050, args = 0x7fffffffc058, nargs = 2, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffffffc058 i = <value optimized out> #4 0x0000000000582c12 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:678 count = 48 op = <value optimized out> stack = { pc = 0xf8abd8 "\202|", top = 0x7fffffffc060, bottom = 0x7fffffffc050, byte_string = 17510211, byte_string_start = 0xf8ab60 "\303`f\211\030\206\t", constants = 16724260, next = 0x7fffffffd2b0 } top = 0x7fffffffc050 result = <value optimized out> #5 0x000000000054cf4f in funcall_lambda (fun=13220372, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3232 val = <value optimized out> syms_left = 11008721 next = 0 i = 0 optional = 0 rest = 16208176 #6 0x000000000054d0c4 in apply_lambda (fun=13220372, args=11008721, eval_flag=<value optimized out>) at eval.c:3156 args_left = 11008721 i = <value optimized out> tem = <value optimized out> #7 0x000000000054c773 in Feval (form=13220368) at eval.c:2436 fun = 10 val = <value optimized out> original_fun = 17493889 original_args = 11008721 funcar = 10 backtrace = { next = 0x7fffffffc360, function = 0x7fffffffc2a0, args = 0x7fffffffc190, nargs = 0, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #8 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450 val = 10 #9 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323 numargs = <value optimized out> args_left = 10997029 i = <value optimized out> argvals = {17369779, 8607304371, 11008721, 17564564, 17369747, 11008721, 1, 140737488340040} fun = <value optimized out> val = <value optimized out> original_fun = 11231505 original_args = 10997029 funcar = <value optimized out> backtrace = { next = 0x7fffffffc460, function = 0x7fffffffc390, args = 0x7fffffffc388, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #10 0x000000000054d195 in Funwind_protect (args=11362421) at eval.c:1354 val = <value optimized out> #11 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323 numargs = <value optimized out> args_left = 11362421 i = <value optimized out> argvals = {17564564, 5558095, 140737488340208, 5778450, 140737488340280, 17197238963, 16208176, 16209648} fun = <value optimized out> val = <value optimized out> original_fun = 11232225 original_args = 11362421 funcar = <value optimized out> backtrace = { next = 0x7fffffffc570, function = 0x7fffffffc490, args = 0x7fffffffc488, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #12 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450 val = 10 #13 0x000000000053f71d in Fsave_current_buffer (args=11359957) at editfns.c:1024 val = <value optimized out> #14 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323 numargs = <value optimized out> args_left = 11359957 i = <value optimized out> argvals = {8526340, 15303857, 11361429, 11360789, 140737488340400, 5554887, 1, 2} fun = <value optimized out> val = <value optimized out> original_fun = 11306689 original_args = 11359957 funcar = <value optimized out> backtrace = { next = 0x7fffffffc650, function = 0x7fffffffc5a0, args = 0x7fffffffc598, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #15 0x000000000054c91c in Feval (form=<value optimized out>) at eval.c:2434 fun = <value optimized out> val = <value optimized out> original_fun = 11834817 original_args = 11360789 funcar = <value optimized out> backtrace = { next = 0x7fffffffc7c0, function = 0x7fffffffc680, args = 0x7fffffffc678, nargs = -1, evalargs = 1 '\001', debug_on_exit = 0 '\000' } #16 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450 val = 10 #17 0x000000000054d998 in Flet (args=11360453) at eval.c:1090 tem = 17564564 elt = <value optimized out> varlist = <value optimized out> #18 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323 numargs = <value optimized out> args_left = 11360453 i = <value optimized out> argvals = {8529660, 16856389, 16856341, 16856277, 140737488340992, 5554887, 2327040, 2} fun = <value optimized out> val = <value optimized out> original_fun = 11231937 original_args = 11360453 funcar = <value optimized out> backtrace = { next = 0x7fffffffc8a0, function = 0x7fffffffc7f0, args = 0x7fffffffc7e8, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #19 0x000000000054c91c in Feval (form=<value optimized out>) at eval.c:2434 fun = <value optimized out> val = <value optimized out> original_fun = 11835489 original_args = 16856357 funcar = <value optimized out> backtrace = { next = 0x7fffffffca10, function = 0x7fffffffc8d0, args = 0x7fffffffc8c8, nargs = -1, evalargs = 1 '\001', debug_on_exit = 0 '\000' } #20 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450 val = 10 #21 0x000000000054d998 in Flet (args=16856421) at eval.c:1090 tem = 76522627 elt = <value optimized out> varlist = <value optimized out> #22 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323 numargs = <value optimized out> args_left = 16856421 i = <value optimized out> argvals = {17493745, 11008721, 11008721, 11008721, 8529968, 5601525, 11008721, 5455855} fun = <value optimized out> val = <value optimized out> original_fun = 11231937 original_args = 16856421 funcar = <value optimized out> backtrace = { next = 0x7fffffffcb00, function = 0x7fffffffca40, args = 0x7fffffffca38, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #23 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450 val = 10 #24 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323 numargs = <value optimized out> args_left = 16856085 i = <value optimized out> argvals = {8529971, 8598464563, 11008721, 15652116, 17343363, 11866248, 11373969, 16758469} fun = <value optimized out> val = <value optimized out> original_fun = 11231505 original_args = 16856085 funcar = <value optimized out> backtrace = { next = 0x7fffffffcc00, function = 0x7fffffffcb30, args = 0x7fffffffcb28, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #25 0x000000000054d195 in Funwind_protect (args=16886565) at eval.c:1354 val = <value optimized out> #26 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323 numargs = <value optimized out> args_left = 16886565 i = <value optimized out> argvals = {15652116, 5558095, 140737488342160, 5778450, 140737488342232, 17188399155, 16208176, 16209520} fun = <value optimized out> val = <value optimized out> original_fun = 11232225 original_args = 16886565 funcar = <value optimized out> backtrace = { next = 0x7fffffffcd10, function = 0x7fffffffcc30, args = 0x7fffffffcc28, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #27 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450 val = 10 #28 0x000000000053f71d in Fsave_current_buffer (args=16886357) at editfns.c:1024 val = <value optimized out> #29 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323 numargs = <value optimized out> args_left = 16886357 i = <value optimized out> argvals = {8526340, 17493937, 16886549, 16886517, 140737488342352, 5554887, 1, 2} fun = <value optimized out> val = <value optimized out> original_fun = 11306689 original_args = 16886357 funcar = <value optimized out> backtrace = { next = 0x7fffffffcdf0, function = 0x7fffffffcd40, args = 0x7fffffffcd38, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #30 0x000000000054c91c in Feval (form=<value optimized out>) at eval.c:2434 fun = <value optimized out> val = <value optimized out> original_fun = 11834817 original_args = 16886517 funcar = <value optimized out> backtrace = { next = 0x7fffffffcf60, function = 0x7fffffffce20, args = 0x7fffffffce18, nargs = -1, evalargs = 1 '\001', debug_on_exit = 0 '\000' } #31 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450 val = 10 #32 0x000000000054d998 in Flet (args=16886469) at eval.c:1090 tem = 15652116 elt = <value optimized out> varlist = <value optimized out> #33 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323 numargs = <value optimized out> args_left = 16886469 i = <value optimized out> argvals = {8529660, 16856741, 16856661, 16856533, 140737488342944, 5554887, 140737488343728, 2} fun = <value optimized out> val = <value optimized out> original_fun = 11231937 original_args = 16886469 funcar = <value optimized out> backtrace = { next = 0x7fffffffd040, function = 0x7fffffffcf90, args = 0x7fffffffcf88, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #34 0x000000000054c91c in Feval (form=<value optimized out>) at eval.c:2434 fun = <value optimized out> val = <value optimized out> original_fun = 11835489 original_args = 16856677 funcar = <value optimized out> backtrace = { next = 0x7fffffffd1f0, function = 0x7fffffffd070, args = 0x7fffffffd068, nargs = -1, evalargs = 1 '\001', debug_on_exit = 0 '\000' } #35 0x000000000056fa56 in readevalloop (readcharfun=14353796, stream=0x0, sourcename=17342723, evalfun=<value optimized out>, printflag=<value optimized out>, unibyte=<value optimized out>, readfun=11008721, start=11008721, end=11008721) at lread.c:1785 count1 = 41 c = <value optimized out> val = 0 b = 0xdb0580 continue_reading_p = 1 whole_buffer = 1 first_sexp = <value optimized out> #36 0x000000000056fd4e in Feval_buffer (buffer=<value optimized out>, printflag=11008721, filename=17508755, unibyte=11008721, do_allow_print=<value optimized out>) at lread.c:1846 tem = <value optimized out> buf = 14353796 #37 0x000000000054ae17 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3059 fun = <value optimized out> original_fun = <value optimized out> funcar = <value optimized out> numargs = 5 val = <value optimized out> backtrace = { next = 0x7fffffffd3c0, function = 0x7fffffffd260, args = 0x7fffffffd268, nargs = 5, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffffffd268 i = 5 #38 0x0000000000582c12 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:678 count = 28 op = <value optimized out> stack = { pc = 0x9f3e46 "\210,\016$\204\231", top = 0x7fffffffd288, bottom = 0x7fffffffd260, byte_string = 8579483, byte_string_start = 0x9f3db8 "\306\b!\204\022", constants = 8579516, next = 0x7fffffffd780 } top = 0x7fffffffd260 result = <value optimized out> #39 0x000000000054cf4f in funcall_lambda (fun=8579348, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3232 val = <value optimized out> syms_left = 11008721 next = 11905841 i = 4 optional = 1 rest = 0 #40 0x000000000054ac83 in Ffuncall (nargs=<value optimized out>, args=0x82e910) at eval.c:3102 fun = 10 original_fun = 11905697 funcar = 10 numargs = 4 val = <value optimized out> backtrace = { next = 0x7fffffffd6a0, function = 0x7fffffffd430, args = 0x7fffffffd438, nargs = 4, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffffffd438 i = <value optimized out> #41 0x000000000054b049 in call4 (fn=<value optimized out>, arg1=<value optimized out>, arg2=0, arg3=4611686018427404288, arg4=0) at eval.c:2895 ret_ungc_val = 10 args = {11905697, 17508755, 17508755, 11008721, 11008817} #42 0x0000000000570c81 in Fload (file=17459939, noerror=4611686018427404288, nomessage=0, nosuffix=<value optimized out>, must_suffix=<value optimized out>) at lread.c:1208 val = <value optimized out> stream = <value optimized out> fd = 5 count = 21 found = 17508755 efound = <value optimized out> hist_file_name = 17508755 newer = 0 compiled = 0 handler = <value optimized out> safe_p = 16208848 tmp = {16859509, 12070965} version = 0 #43 0x000000000054ae17 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3059 fun = <value optimized out> original_fun = <value optimized out> funcar = <value optimized out> numargs = 5 val = <value optimized out> backtrace = { next = 0x7fffffffd890, function = 0x7fffffffd710, args = 0x7fffffffd718, nargs = 3, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffffffd650 i = 5 #44 0x0000000000582c12 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:678 count = 6 op = <value optimized out> stack = { pc = 0x9d8d0d "\210*\202\276\003\016K\ub743#\002\347\016M\206\016\002\f\211A\024@!\036R\346\016R!\036S\352\016S\314\u0649$\210*\202\276\003\016K\uc683L\002\331\026P\016M\206\067\002\f\211A\024@\211\026F;\204B\002\333\355!\210\356\347\016F!!\210\202\276\003\016K\uf683Z\002\360\331!\210\202\276\003\016K\361\232\203h\002\362\363!\210\202\276\003\321\364\016K\"\203y\002\365\016K!\026B\202\276\003\321\366\016K\"\203\226\002\365\325\326\016K\"!\026B\365\325\367\016K\"!\026A\202\276\003\332\016K\016H\"\211\026F\203\254\002\016FA@\f\233\024\202\276\003\332\016K\016J\"\211\026F\203\302\002\016FA@\f\233\024"..., top = 0x7fffffffd728, bottom = 0x7fffffffd710, byte_string = 8939563, byte_string_start = 0x9d8b16 "\306 \210\b\203\021", constants = 8939596, next = 0x7fffffffd960 } top = 0x7fffffffd710 result = <value optimized out> #45 0x000000000054cf4f in funcall_lambda (fun=8939500, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3232 val = <value optimized out> syms_left = 11008721 next = 12273265 i = 1 optional = 0 rest = 0 #46 0x000000000054ac83 in Ffuncall (nargs=<value optimized out>, args=0x8867e8) at eval.c:3102 fun = 10 original_fun = 12489681 funcar = 10 numargs = 1 val = <value optimized out> backtrace = { next = 0x7fffffffda70, function = 0x7fffffffd900, args = 0x7fffffffd908, nargs = 1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffffffd908 i = <value optimized out> #47 0x0000000000582c12 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:678 count = 5 op = <value optimized out> stack = { pc = 0x9db48d "\210\016L\203\060\006\201", <incomplete sequence \337>, top = 0x7fffffffd908, bottom = 0x7fffffffd900, byte_string = 8912619, byte_string_start = 0x9dae69 "\306 \020\307\021\n\023\310\311!\210\310\312!\210\310\313!\210\314\315!\211\034\307=\204;", constants = 8912652, next = 0x7fffffffdb30 } top = 0x7fffffffd900 result = <value optimized out> #48 0x000000000054cf4f in funcall_lambda (fun=8912572, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3232 val = <value optimized out> syms_left = 11008721 next = 12600881 i = 0 optional = 0 rest = 1 #49 0x000000000054ac83 in Ffuncall (nargs=<value optimized out>, args=0x87feb8) at eval.c:3102 fun = 10 original_fun = 12600881 funcar = 10 numargs = 0 val = <value optimized out> backtrace = { next = 0x7fffffffdd00, function = 0x7fffffffdae0, args = 0x7fffffffdae8, nargs = 0, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffffffdae8 i = <value optimized out> #50 0x0000000000582c12 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:678 count = 2 op = <value optimized out> stack = { pc = 0x9dbd46 "\210+\340\341\342\"\210\343\321\344\"\211\036$;\203\254", top = 0x7fffffffdae0, bottom = 0x7fffffffdae0, byte_string = 8905939, byte_string_start = 0x9dbcb5 "\b\203\b", constants = 8905972, next = 0x0 } top = 0x7fffffffdae0 result = <value optimized out> #51 0x000000000054cf4f in funcall_lambda (fun=8905892, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3232 val = <value optimized out> syms_left = 11008721 next = 0 i = 0 optional = 0 rest = 1 #52 0x000000000054d0c4 in apply_lambda (fun=8905892, args=11008721, eval_flag=<value optimized out>) at eval.c:3156 args_left = 11008721 i = <value optimized out> tem = <value optimized out> #53 0x000000000054c773 in Feval (form=8905888) at eval.c:2436 fun = 10 val = <value optimized out> original_fun = 12596913 original_args = 11008721 funcar = 10 backtrace = { next = 0x0, function = 0x7fffffffdd30, args = 0x7fffffffdc20, nargs = 0, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #54 0x000000000054a17f in internal_condition_case (bfun=<value optimized out>, handlers=<value optimized out>, hfun=<value optimized out>) at eval.c:1512 val = 10 c = { tag = 11008721, val = 11008721, next = 0x7fffffffdf10, gcpro = 0x0, jmp = {{ __jmpbuf = {11863808, 7856162650753843797, 11863840, 140737488347976, 1, 1, -7856163570770263467, 7856164021722006101}, __mask_was_saved = 0, __saved_mask = { __val = {4294967295, 140737274889536, 140737353947568, 17, 4294967295, 17, 0, 11863840, 140737488347976, 1, 1, 8355624, 140737351963084, 1, 0, 0} } }}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2, poll_suppress_count = 1, interrupt_input_blocked = 0, byte_stack = 0x0 } h = { handler = 11095681, var = 11008721, chosen_clause = 11008721, tag = 0x7fffffffdda0, next = 0x0 } #55 0x00000000004df736 in top_level_1 () at keyboard.c:1376 No locals. #56 0x000000000054a2aa in internal_catch (tag=<value optimized out>, func=<value optimized out>, arg=<value optimized out>) at eval.c:1248 c = { tag = 11077073, val = 11008721, next = 0x0, gcpro = 0x0, jmp = {{ __jmpbuf = {11863808, 7856162650753843797, 11863840, 140737488347976, 1, 1, -7856163570686377387, 7856164021742453333}, __mask_was_saved = 0, __saved_mask = { __val = {0, 0, 0, 0, 0, 0, 0, 0, 11008721, 11429745, 11048784, 11008769, 11421568, 1, 5485754, 11429745} } }}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2, poll_suppress_count = 1, interrupt_input_blocked = 0, byte_stack = 0x0 } #57 0x00000000004df7b9 in command_loop () at keyboard.c:1331 No locals. #58 0x00000000004dfbcc in recursive_edit_1 () at keyboard.c:953 val = <value optimized out> #59 0x00000000004dfd07 in Frecursive_edit () at keyboard.c:1015 buffer = 11008721 #60 0x00000000004d5777 in main (argc=0, argv=0x7fffffffe488) at emacs.c:1852 dummy = 0 stack_bottom_variable = 0 '\000' do_initial_setlocale = <value optimized out> skip_args = 1 rlim = { rlim_cur = 8720000, rlim_max = 18446744073709551615 } no_loadup = 0 junk = 0x0 dname_arg = 0x0 Lisp Backtrace: "string" (0xff76c348) "apply" (0xffffc058) "json-read-string" (0xffffc190) "progn" (0xffffc388) "unwind-protect" (0xffffc488) "save-current-buffer" (0xffffc598) "with-current-buffer" (0xffffc678) "let" (0xffffc7e8) "with-temp-buffer" (0xffffc8c8) "let" (0xffffca38) "progn" (0xffffcb28) "unwind-protect" (0xffffcc28) "save-current-buffer" (0xffffcd38) "with-current-buffer" (0xffffce18) "let" (0xffffcf88) "with-temp-buffer" (0xffffd068) "eval-buffer" (0xffffd268) "load-with-code-conversion" (0xffffd438) "load" (0xffffd718) "command-line-1" (0xffffd908) "command-line" (0xffffdae8) "normal-top-level" (0xffffdc20) ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#6214: 23.1; json-read-string crashes emacs with long string 2010-05-18 16:08 23.1; json-read-string crashes emacs with long string Carl Worth 2010-05-18 17:16 ` bug#6214: " Leo 2010-05-18 17:43 ` bug#6214: `bt full' output Nelson Elhage @ 2010-05-18 18:07 ` Chong Yidong 2010-08-12 21:58 ` Michal Sojka [not found] ` <87tymzv6ga.fsf@steelpick.2x.cz> [not found] ` <handler.6214.D6214.12742060387114.notifdone@debbugs.gnu.org> 3 siblings, 2 replies; 16+ messages in thread From: Chong Yidong @ 2010-05-18 18:07 UTC (permalink / raw) To: Carl Worth; +Cc: Notmuch mailing list, 6214-done, Dirk Hohndel Carl Worth <cworth@cworth.org> writes: > A user of the emacs-based mail client, Notmuch [*], found that > attempting to display a particular message would consistently > causes a segmentation fault in emacs. > > I haven't attempted to debug this within gdb yet, (I'll have to get my > hands on a build of emacs with debugging symbols first). But I wanted to > share things right away, so that perhaps someone else could do further > debugging and follow up. Looks like a stack overflow in the `string' function. I've checked in a fix, thanks for the bug report. ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#6214: 23.1; json-read-string crashes emacs with long string 2010-05-18 18:07 ` bug#6214: 23.1; json-read-string crashes emacs with long string Chong Yidong @ 2010-08-12 21:58 ` Michal Sojka [not found] ` <87tymzv6ga.fsf@steelpick.2x.cz> 1 sibling, 0 replies; 16+ messages in thread From: Michal Sojka @ 2010-08-12 21:58 UTC (permalink / raw) To: Chong Yidong, Carl Worth; +Cc: 6214, Notmuch mailing list [-- Attachment #1: Type: text/plain, Size: 409 bytes --] On Tue, 18 May 2010, Chong Yidong wrote: > Looks like a stack overflow in the `string' function. I've checked in a > fix, thanks for the bug report. It seems the bug is still in the current Emacs HEAD (http://repo.or.cz/w/emacs.git/commit/08d1bfbda3ef4a7038556f6c56bec1a37b4721f0). I can reproduce it with the lisp code sent by Carl, but the backtrace is different. My backtrace is attached. Thanks Michal [-- Attachment #2: gdb.txt --] [-- Type: text/plain, Size: 24831 bytes --] #0 0x0000000000566739 in Fapply (nargs=2, args=0x7fffffffbcf8) at eval.c:2492 i = 8997664 numargs = <value optimized out> spread_arg = 12020694 funcall_args = 0x7fffff767100 fun = <value optimized out> #1 0x0000000000565135 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:2964 fun = <value optimized out> original_fun = 11891218 funcar = <value optimized out> numargs = 2 val = <value optimized out> backtrace = { next = 0x7fffffffbf00, function = 0x7fffffffbcf0, args = 0x7fffffffbcf8, nargs = 2, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffffffbcf8 i = <value optimized out> #2 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679 count = 47 op = <value optimized out> stack = { pc = 0xea5250 "\202|", top = 0x7fffffffbd00, bottom = 0x7fffffffbcf0, byte_string = 18230033, byte_string_start = 0xea51d8 "\303`f\211\030\206\t", constants = 18231925, next = 0x7fffffffce20 } top = 0x7fffffffbcf0 result = <value optimized out> #3 0x00000000005672ef in funcall_lambda (fun=18232277, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165 val = <value optimized out> syms_left = 11721042 next = 0 i = 0 optional = 0 rest = 0 #4 0x0000000000567454 in apply_lambda (fun=18232277, args=11721042, eval_flag=<value optimized out>) at eval.c:3092 args_left = 11721042 i = <value optimized out> tem = <value optimized out> #5 0x0000000000566b53 in Feval (form=18232272) at eval.c:2408 fun = 140737479340288 val = <value optimized out> original_fun = 17897138 original_args = 11721042 funcar = 8997664 backtrace = { next = 0x7fffffffbfe0, function = 0x7fffffffbf28, args = 0x7fffffffbe30, nargs = 0, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #6 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395 val = 8997664 #7 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295 numargs = 8997664 args_left = 11697014 i = <value optimized out> argvals = {11721042, 74852149, 74124673, 11721042, 1, 140737488339112, 140737488338912, 5892710} fun = <value optimized out> val = <value optimized out> original_fun = 11890130 original_args = 11697014 funcar = <value optimized out> backtrace = { next = 0x7fffffffc0d0, function = 0x7fffffffc008, args = 0x7fffffffc000, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #8 0x0000000000567505 in Funwind_protect (args=11695302) at eval.c:1304 val = <value optimized out> #9 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295 numargs = 8997664 args_left = 11695302 i = <value optimized out> argvals = {74852149, 5665519, 74852149, 74124801, 140737488339352, 21480469067, 17767008, 17768448} fun = <value optimized out> val = <value optimized out> original_fun = 11890930 original_args = 11695302 funcar = <value optimized out> backtrace = { next = 0x7fffffffc1d0, function = 0x7fffffffc0f8, args = 0x7fffffffc0f0, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #10 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395 val = 8997664 #11 0x000000000055951d in Fsave_current_buffer (args=11693078) at editfns.c:1012 val = <value optimized out> #12 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295 numargs = 8997664 args_left = 11693078 i = <value optimized out> argvals = {8633005, 18237426, 11695062, 11695030, 140737488339456, 5662408, 1, 2} fun = <value optimized out> val = <value optimized out> original_fun = 11928034 original_args = 11693078 funcar = <value optimized out> backtrace = { next = 0x7fffffffc2a0, function = 0x7fffffffc1f8, args = 0x7fffffffc1f0, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #13 0x0000000000566cec in Feval (form=<value optimized out>) at eval.c:2406 fun = <value optimized out> val = <value optimized out> original_fun = 12595842 original_args = 11695030 funcar = <value optimized out> backtrace = { next = 0x7fffffffc3f0, function = 0x7fffffffc2c8, args = 0x7fffffffc2c0, nargs = -1, evalargs = 1 '\001', debug_on_exit = 0 '\000' } #14 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395 val = 8997664 #15 0x0000000000567d08 in Flet (args=11694902) at eval.c:1051 tem = 74852149 elt = <value optimized out> varlist = <value optimized out> #16 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295 numargs = 8997664 args_left = 11694902 i = <value optimized out> argvals = {8635685, 18755398, 18755446, 18755510, 140737488340000, 5662408, 1, 2} fun = <value optimized out> val = <value optimized out> original_fun = 11890562 original_args = 11694902 funcar = <value optimized out> backtrace = { next = 0x7fffffffc4c0, function = 0x7fffffffc418, args = 0x7fffffffc410, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #17 0x0000000000566cec in Feval (form=<value optimized out>) at eval.c:2406 fun = <value optimized out> val = <value optimized out> original_fun = 12606802 original_args = 18755430 funcar = <value optimized out> backtrace = { next = 0x7fffffffc610, function = 0x7fffffffc4e8, args = 0x7fffffffc4e0, nargs = -1, evalargs = 1 '\001', debug_on_exit = 0 '\000' } #18 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395 val = 8997664 #19 0x0000000000567d08 in Flet (args=18755366) at eval.c:1051 tem = 74125073 elt = <value optimized out> varlist = <value optimized out> #20 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295 numargs = 8997664 args_left = 18755366 i = <value optimized out> argvals = {17896994, 11721042, 11721042, 5561631, 140737488340688, 5708090, 41, 0} fun = <value optimized out> val = <value optimized out> original_fun = 11890562 original_args = 18755366 funcar = <value optimized out> backtrace = { next = 0x7fffffffc6f0, function = 0x7fffffffc638, args = 0x7fffffffc630, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #21 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395 val = 8997664 #22 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295 numargs = 8997664 args_left = 18752566 i = <value optimized out> argvals = {11721042, 15322325, 15321809, 11721042, 1, 140737488340920, 140737488340720, 17986768} fun = <value optimized out> val = <value optimized out> original_fun = 11890130 original_args = 18752566 funcar = <value optimized out> backtrace = { next = 0x7fffffffc7e0, function = 0x7fffffffc718, args = 0x7fffffffc710, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #23 0x0000000000567505 in Funwind_protect (args=18752758) at eval.c:1304 val = <value optimized out> #24 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295 numargs = 8997664 args_left = 18752758 i = <value optimized out> argvals = {15322325, 5665519, 15322325, 8618505, 140737488341160, 21474836480, 17767008, 17768320} fun = <value optimized out> val = <value optimized out> original_fun = 11890930 original_args = 18752758 funcar = <value optimized out> backtrace = { next = 0x7fffffffc8e0, function = 0x7fffffffc808, args = 0x7fffffffc800, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #25 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395 val = 8997664 #26 0x000000000055951d in Fsave_current_buffer (args=18752966) at editfns.c:1012 val = <value optimized out> #27 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295 numargs = 8997664 args_left = 18752966 i = <value optimized out> argvals = {8633005, 17897186, 18752774, 18752806, 140737488341264, 5662408, 1, 2} fun = <value optimized out> val = <value optimized out> original_fun = 11928034 original_args = 18752966 funcar = <value optimized out> backtrace = { next = 0x7fffffffc9b0, function = 0x7fffffffc908, args = 0x7fffffffc900, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #28 0x0000000000566cec in Feval (form=<value optimized out>) at eval.c:2406 fun = <value optimized out> val = <value optimized out> original_fun = 12595842 original_args = 18752806 funcar = <value optimized out> backtrace = { next = 0x7fffffffcb00, function = 0x7fffffffc9d8, args = 0x7fffffffc9d0, nargs = -1, evalargs = 1 '\001', debug_on_exit = 0 '\000' } #29 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395 val = 8997664 #30 0x0000000000567d08 in Flet (args=18752854) at eval.c:1051 tem = 15322325 elt = <value optimized out> varlist = <value optimized out> #31 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295 numargs = 8997664 args_left = 18752854 i = <value optimized out> argvals = {8635685, 18755046, 18755126, 18755254, 140737488341808, 5662408, 11739872, 2} fun = <value optimized out> val = <value optimized out> original_fun = 11890562 original_args = 18752854 funcar = <value optimized out> backtrace = { next = 0x7fffffffcbd0, function = 0x7fffffffcb28, args = 0x7fffffffcb20, nargs = -1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #32 0x0000000000566cec in Feval (form=<value optimized out>) at eval.c:2406 fun = <value optimized out> val = <value optimized out> original_fun = 12606802 original_args = 18755110 funcar = <value optimized out> backtrace = { next = 0x7fffffffcd70, function = 0x7fffffffcbf8, args = 0x7fffffffcbf0, nargs = -1, evalargs = 1 '\001', debug_on_exit = 0 '\000' } #33 0x000000000058ae4f in readevalloop (readcharfun=18093061, stream=0x0, sourcename=18361409, printflag=<value optimized out>, unibyte=<value optimized out>, readfun=<value optimized out>, start=11721042, end=11721042, evalfun=<value optimized out>) at lread.c:1739 count1 = 40 c = <value optimized out> val = <value optimized out> b = 0x1141400 continue_reading_p = 1 whole_buffer = 1 first_sexp = <value optimized out> #34 0x000000000058bb71 in Feval_buffer (buffer=<value optimized out>, printflag=11721042, filename=15002881, unibyte=11721042, do_allow_print=<value optimized out>) at lread.c:1799 tem = <value optimized out> buf = 18093061 #35 0x0000000000565073 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:2997 fun = <value optimized out> original_fun = <value optimized out> funcar = <value optimized out> numargs = 5 val = <value optimized out> backtrace = { next = 0x7fffffffcf30, function = 0x7fffffffcdd0, args = 0x7fffffffcdd8, nargs = 5, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffffffcdd8 i = 5 #36 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679 count = 27 op = <value optimized out> stack = { pc = 0xaa6e3a "\210,\336\b!\210\016\"\204\256", top = 0x7fffffffcdf8, bottom = 0x7fffffffcdd0, byte_string = 8682273, byte_string_start = 0xaa6dae "\306\b!\204\022", constants = 8682309, next = 0x7fffffffd2c0 } top = 0x7fffffffcdd0 result = <value optimized out> #37 0x00000000005672ef in funcall_lambda (fun=8682141, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165 val = <value optimized out> syms_left = 11721042 next = 12593154 i = 4 optional = 1 rest = 0 #38 0x0000000000564f03 in Ffuncall (nargs=<value optimized out>, args=0x847a98) at eval.c:3040 fun = 140737479340288 original_fun = 12593010 funcar = 8997664 numargs = 4 val = <value optimized out> backtrace = { next = 0x7fffffffd1f0, function = 0x7fffffffcf90, args = 0x7fffffffcf98, nargs = 4, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffffffcf98 i = <value optimized out> #39 0x00000000005652d9 in call4 (fn=<value optimized out>, arg1=<value optimized out>, arg2=16, arg3=8473480, arg4=0) at eval.c:2831 ret_ungc_val = 8997664 args = {12593010, 15002881, 15002881, 11721042, 11721090} #40 0x000000000058b71d in Fload (file=18663777, noerror=8473480, nomessage=11721090, nosuffix=<value optimized out>, must_suffix=<value optimized out>) at lread.c:1183 val = <value optimized out> stream = <value optimized out> fd = 5 count = 20 found = 15002881 efound = <value optimized out> hist_file_name = 15002881 newer = 0 compiled = 17487280 handler = <value optimized out> safe_p = 17767648 tmp = {18737654, 13154870} version = 0 #41 0x0000000000565073 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:2997 fun = <value optimized out> original_fun = <value optimized out> funcar = <value optimized out> numargs = 5 val = <value optimized out> backtrace = { next = 0x7fffffffd3d0, function = 0x7fffffffd250, args = 0x7fffffffd258, nargs = 3, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffffffd1a0 i = 5 #42 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679 count = 5 op = <value optimized out> stack = { pc = 0xa88814 "\210*\202\300\003\016L띃!\002\347\016N\206\f\002\f\211A\024@!\036S\346\016S!\036T\352\016T\314ى$\210*\202\300\003\016L욃J\002\331\026Q\016N\206\065\002\f\211A\024@\211\026F;\204@\002\332\355!\210\356\347\016F!!\210\202\300\003\016LX\002\360\331!\210\202\300\003\016L\361\232\203f\002\362\363!\210\202\300\003\321\364\016L\"\203w\002\365\016L!\026B\202\300\003\321\366\016L\"\203\224\002\365\325\326\016L\"!\026B\365\325\367\016L\"!\026A\202\300\003\334\016M\016H\"\211\026F\203\252\002\016FA@\f\233\024\202\300\003\334\016M\016K\"\211\026F\203\300\002\016FA@\f\233\024"..., top = 0x7fffffffd268, bottom = 0x7fffffffd250, byte_string = 9032857, byte_string_start = 0xa8861f "\306 \210\b\203\021", constants = 9032893, next = 0x7fffffffd490 } top = 0x7fffffffd250 result = <value optimized out> #43 0x00000000005672ef in funcall_lambda (fun=9032797, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165 val = <value optimized out> syms_left = 11721042 next = 13750050 i = 1 optional = 0 rest = 0 #44 0x0000000000564f03 in Ffuncall (nargs=<value optimized out>, args=0x89d458) at eval.c:3040 fun = 140737479340288 original_fun = 13756226 funcar = 8997664 numargs = 1 val = <value optimized out> backtrace = { next = 0x7fffffffd5a0, function = 0x7fffffffd430, args = 0x7fffffffd438, nargs = 1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffffffd438 i = <value optimized out> #45 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679 count = 4 op = <value optimized out> stack = { pc = 0xa8b2dc "\210\016N\203s\006\201", <incomplete sequence \346>, top = 0x7fffffffd438, bottom = 0x7fffffffd430, byte_string = 9005745, byte_string_start = 0xa8ac75 "\306 \020\307\021\n\023\307\024\310\311!\211\035\307=\204\064", constants = 9005781, next = 0x7fffffffd650 } top = 0x7fffffffd430 result = <value optimized out> #46 0x00000000005672ef in funcall_lambda (fun=9005701, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165 val = <value optimized out> syms_left = 11721042 next = 12575218 i = 0 optional = 0 rest = 2 #47 0x0000000000564f03 in Ffuncall (nargs=<value optimized out>, args=0x896a80) at eval.c:3040 fun = 140737479340288 original_fun = 12575218 funcar = 8997664 numargs = 0 val = <value optimized out> backtrace = { next = 0x7fffffffd810, function = 0x7fffffffd600, args = 0x7fffffffd608, nargs = 0, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffffffd608 i = <value optimized out> #48 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679 count = 2 op = <value optimized out> stack = { pc = 0xa8ba98 "\210*\340\341\342\"\210\343\321\344\"\211\036$;\203\251", top = 0x7fffffffd600, bottom = 0x7fffffffd600, byte_string = 9000737, byte_string_start = 0xa8ba0a "\b\203\b", constants = 9000773, next = 0x0 } top = 0x7fffffffd600 result = <value optimized out> #49 0x00000000005672ef in funcall_lambda (fun=9000693, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165 val = <value optimized out> syms_left = 11721042 next = 0 i = 0 optional = 32767 rest = 0 #50 0x0000000000567454 in apply_lambda (fun=9000693, args=11721042, eval_flag=<value optimized out>) at eval.c:3092 args_left = 11721042 i = <value optimized out> tem = <value optimized out> #51 0x0000000000566b53 in Feval (form=9000688) at eval.c:2408 fun = 140737479340288 val = <value optimized out> original_fun = 13749474 original_args = 11721042 funcar = 8997664 backtrace = { next = 0x0, function = 0x7fffffffd838, args = 0x7fffffffd740, nargs = 0, evalargs = 0 '\000', debug_on_exit = 0 '\000' } #52 0x000000000056437d in internal_condition_case (bfun=<value optimized out>, handlers=<value optimized out>, hfun=<value optimized out>) at eval.c:1458 val = 8997664 c = { tag = 11721042, val = 11721042, next = 0x7fffffffda10, gcpro = 0x0, jmp = {{ __jmpbuf = {13365184, 3949921905019383304, 13365216, 140737488346744, 1, 1, -3949921426383376888, 3949920965887585800}, __mask_was_saved = 0, __saved_mask = { __val = {140737353880784, 140737353835656, 4294967295, 4238812, 1, 8460504, 0, 1, 1, 0, 140737351959490, 140733193388033, 0, 140737488345816, 140737251616176, 226670640} } }}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2, poll_suppress_count = 1, interrupt_input_blocked = 0, byte_stack = 0x0 } h = { handler = 11773138, var = 11721042, chosen_clause = 11721042, tag = 0x7fffffffd8a0, next = 0x0 } #53 0x00000000004f9e06 in top_level_1 (ignore=<value optimized out>) at keyboard.c:1355 No locals. #54 0x00000000005644a8 in internal_catch (tag=<value optimized out>, func=<value optimized out>, arg=<value optimized out>) at eval.c:1202 c = { tag = 11769202, val = 11721042, next = 0x0, gcpro = 0x0, jmp = {{ __jmpbuf = {13365184, 3949921905019383304, 13365216, 140737488346744, 1, 1, -3949921426333045240, 3949920965646937608}, __mask_was_saved = 0, __saved_mask = { __val = {0, 0, 0, 0, 112, 140737255104152, 352, 140737255104152, 140737255104168, 30064771072, 344, 94489280656, 30064771072, 384, 94489280612, 11993394} } }}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2, poll_suppress_count = 1, interrupt_input_blocked = 0, byte_stack = 0x0 } #55 0x00000000004f9e7b in command_loop () at keyboard.c:1310 No locals. #56 0x00000000004fa278 in recursive_edit_1 () at keyboard.c:940 val = <value optimized out> #57 0x00000000004fa3b7 in Frecursive_edit () at keyboard.c:1002 buffer = 11721042 #58 0x00000000004ed995 in main (argc=0, argv=0x7fffffffdf98) at emacs.c:1764 dummy = 0 stack_bottom_variable = 0 '\000' do_initial_setlocale = <value optimized out> skip_args = 1 rlim = { rlim_cur = 8720000, rlim_max = 18446744073709551615 } no_loadup = 0 junk = 0x0 dname_arg = 0x0 ch_to_dir = 0x0 Lisp Backtrace: "apply" (0xffffbcf8) "json-read-string" (0xffffbe30) "progn" (0xffffc000) "unwind-protect" (0xffffc0f0) "save-current-buffer" (0xffffc1f0) "with-current-buffer" (0xffffc2c0) "let" (0xffffc410) "with-temp-buffer" (0xffffc4e0) "let" (0xffffc630) "progn" (0xffffc710) "unwind-protect" (0xffffc800) "save-current-buffer" (0xffffc900) "with-current-buffer" (0xffffc9d0) "let" (0xffffcb20) "with-temp-buffer" (0xffffcbf0) "eval-buffer" (0xffffcdd8) "load-with-code-conversion" (0xffffcf98) "load" (0xffffd258) "command-line-1" (0xffffd438) "command-line" (0xffffd608) "normal-top-level" (0xffffd740) ^ permalink raw reply [flat|nested] 16+ messages in thread
[parent not found: <87tymzv6ga.fsf@steelpick.2x.cz>]
* bug#6214: 23.1; json-read-string crashes emacs with long string [not found] ` <87tymzv6ga.fsf@steelpick.2x.cz> @ 2010-08-13 16:37 ` Chong Yidong 2010-08-14 7:39 ` Michal Sojka [not found] ` <87sk2hbq3s.fsf@steelpick.2x.cz> 0 siblings, 2 replies; 16+ messages in thread From: Chong Yidong @ 2010-08-13 16:37 UTC (permalink / raw) To: Michal Sojka; +Cc: 6214, Notmuch mailing list, Carl Worth Michal Sojka <sojkam1@fel.cvut.cz> writes: > It seems the bug is still in the current Emacs HEAD > (http://repo.or.cz/w/emacs.git/commit/08d1bfbda3ef4a7038556f6c56bec1a37b4721f0). > I can reproduce it with the lisp code sent by Carl, but the backtrace is > different. My backtrace is attached. I can't reproduce it with the BZR repository. Maybe the git mirror you are using is not up to date. Without any further information from you about your Emacs build (information that would have been available if you had used `M-x report-emacs-bug'), it is impossible to say. ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#6214: 23.1; json-read-string crashes emacs with long string 2010-08-13 16:37 ` Chong Yidong @ 2010-08-14 7:39 ` Michal Sojka [not found] ` <87sk2hbq3s.fsf@steelpick.2x.cz> 1 sibling, 0 replies; 16+ messages in thread From: Michal Sojka @ 2010-08-14 7:39 UTC (permalink / raw) To: Chong Yidong; +Cc: 6214, Notmuch mailing list, Carl Worth On Fri, 13 Aug 2010, Chong Yidong wrote: > Michal Sojka <sojkam1@fel.cvut.cz> writes: > > > It seems the bug is still in the current Emacs HEAD > > (http://repo.or.cz/w/emacs.git/commit/08d1bfbda3ef4a7038556f6c56bec1a37b4721f0). > > I can reproduce it with the lisp code sent by Carl, but the backtrace is > > different. My backtrace is attached. > > I can't reproduce it with the BZR repository. Maybe the git mirror you > are using is not up to date. Without any further information from you > about your Emacs build (information that would have been available if > you had used `M-x report-emacs-bug'), it is impossible to say. I cloned bzr repo (trunk:101071) and I can reproduce the bug (./emacs --batch -l ~/q/json-emacs-bug.el). Backtrace is the same as in my previous mail and report-emacs-bug information is bellow. Let me know if you need additional info. Thanks -Michal In GNU Emacs 24.0.50.1 (x86_64-unknown-linux-gnu, GTK+ Version 2.20.1) of 2010-08-14 on steelpick Windowing system distributor `The X.Org Foundation', version 11.0.10707000 Important settings: value of $LC_ALL: nil value of $LC_COLLATE: nil value of $LC_CTYPE: nil value of $LC_MESSAGES: en_US.UTF-8 value of $LC_MONETARY: nil value of $LC_NUMERIC: nil value of $LC_TIME: nil value of $LANG: en_US.utf8 value of $XMODIFIERS: nil locale-coding-system: utf-8-unix default enable-multibyte-characters: t Major mode: Fundamental Minor modes in effect: tooltip-mode: t mouse-wheel-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t blink-cursor-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t Recent input: M-x r e p o r t SPC e m a SPC SPC <return> Recent messages: For information about GNU Emacs and the GNU system, type C-h C-a. Load-path shadows: None found. Features: (shadow sort gnus-util mail-extr message sendmail regexp-opt rfc822 mml easymenu mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mailabbrev mail-utils gmm-utils mailheader emacsbug package warnings tooltip ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd tool-bar dnd fontset image fringe lisp-mode register page menu-bar rfn-eshadow timer select scroll-bar mldrag mouse jit-lock font-lock syntax facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev loaddefs button minibuffer faces cus-face files text-properties overlay md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote make-network-process dbusbind dynamic-setting system-font-setting font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs) ^ permalink raw reply [flat|nested] 16+ messages in thread
[parent not found: <87sk2hbq3s.fsf@steelpick.2x.cz>]
* bug#6214: 23.1; json-read-string crashes emacs with long string [not found] ` <87sk2hbq3s.fsf@steelpick.2x.cz> @ 2010-08-14 21:30 ` Chong Yidong [not found] ` <8739ug3mrr.fsf@stupidchicken.com> 1 sibling, 0 replies; 16+ messages in thread From: Chong Yidong @ 2010-08-14 21:30 UTC (permalink / raw) To: Michal Sojka; +Cc: 6214, Notmuch mailing list, Carl Worth Michal Sojka <sojkam1@fel.cvut.cz> writes: > I cloned bzr repo (trunk:101071) and I can reproduce the bug (./emacs > --batch -l ~/q/json-emacs-bug.el). Backtrace is the same as in my > previous mail and report-emacs-bug information is bellow. Let me know if > you need additional info. First, please check if this equivalent and simpler recipe also reproduces the problem, to make sure this is the same bug: emacs --batch -q --eval "(apply 'string (make-list 1122176 ?a)))" If so, please recompile without optimizations: CFLAGS="-g" ./configure make and see if you can obtain a cleaner backtrace. ^ permalink raw reply [flat|nested] 16+ messages in thread
[parent not found: <8739ug3mrr.fsf@stupidchicken.com>]
* bug#6214: 23.1; json-read-string crashes emacs with long string [not found] ` <8739ug3mrr.fsf@stupidchicken.com> @ 2010-08-15 7:37 ` Michal Sojka [not found] ` <87r5i02uo7.fsf@steelpick.2x.cz> 1 sibling, 0 replies; 16+ messages in thread From: Michal Sojka @ 2010-08-15 7:37 UTC (permalink / raw) To: Chong Yidong; +Cc: 6214, Notmuch mailing list, Carl Worth On Sat, 14 Aug 2010, Chong Yidong wrote: > First, please check if this equivalent and simpler recipe also > reproduces the problem, to make sure this is the same bug: > > emacs --batch -q --eval "(apply 'string (make-list 1122176 ?a)))" Yes, the problem is still here. > If so, please recompile without optimizations: > > CFLAGS="-g" ./configure > make > > and see if you can obtain a cleaner backtrace. Program received signal SIGSEGV, Segmentation fault. 0x00000000005f81fc in Fapply (nargs=2, args=0x7fffffffc670) at eval.c:2492 2492 memcpy (funcall_args, args, nargs * sizeof (Lisp_Object)); #0 0x00000000005f81fc in Fapply (nargs=2, args=0x7fffffffc670) at eval.c:2492 i = 0 numargs = 1122176 spread_arg = 38164022 funcall_args = 0x7fffff76c9d0 fun = 9260085 gcpro1 = { next = 0x2465636, var = 0x95cb41, nvars = 1122177 } #1 0x00000000005f7ade in Feval (form=19244870) at eval.c:2321 vals = 0x7fffffffc670 argnum = 2 numargs = 8 args_left = 12507474 i = 2 maxargs = -14728 argvals = {19244854, 18642001, 0, 6, 6, 25769803776, 16350976, 12420200} fun = 12011021 val = 24 original_fun = 12677650 original_args = 19244918 funcar = 19244870 backtrace = { next = 0x7fffffffc800, function = 0x7fffffffc770, args = 0x7fffffffc670, nargs = 2, evalargs = 1 '\001', debug_on_exit = 0 '\000' } gcpro1 = { next = 0x0, var = 0x11c7471, nvars = 39 } gcpro2 = { next = 0x0, var = 0x7fffffffd530, nvars = -14512 } gcpro3 = { next = 0x125a416, var = 0x7fffffffc670, nvars = 2 } #2 0x00000000005f8ead in Ffuncall (nargs=2, args=0x7fffffffc880) at eval.c:2983 fun = 12010973 original_fun = 12677602 funcar = 9817142 numargs = 1 lisp_numargs = 6302634 val = 19244870 backtrace = { next = 0x7fffffffcc80, function = 0x7fffffffc880, args = 0x7fffffffc888, nargs = 1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x7fffffffc888 i = 0 #3 0x0000000000645887 in Fbyte_code (bytestr=9815377, vector=9815413, maxdepth=40) at bytecode.c:679 count = 5 op = 1 vectorp = 0x95c580 bytestr_length = 1187 stack = { pc = 0xb48b63 "\210\202\300\003\016L坃\311\001\346\347\016N\206\241\001\f\211A\024@!!\026F\016E\203\274\001\016E\016F\016EAB\241\210\016EA\026E\202\300\003\016F\016RB\211\026R\026E\202\300\003\016L蝃\372\001\347\016N\206\333\001\f\211A\024@!\036S\346\016S!\036T\351\016T!\203\357\001\016T\026S\352\016S\314\331#\210*\202\300\003\016L띃!\002\347\016N\206\f\002\f\211A\024@!\036S\346\016S!\036T\352\016T\314ى$\210*\202\300\003\016L욃J\002\331\026Q\016N\206\065\002\f\211A\024@\211\026F;\204@\002\332\355!\210\356\347\016F!!\210\202\300\003\016LX\002", <incomplete sequence \360>..., top = 0x7fffffffc888, bottom = 0x7fffffffc880, byte_string = 9815377, byte_string_start = 0xb489d9 "\306 \210\b\203\021", constants = 9815413, next = 0x7fffffffcd70 } top = 0x7fffffffc880 result = 140737488341184 #4 0x00000000005f9701 in funcall_lambda (fun=9815317, nargs=1, arg_vector=0x7fffffffcd08) at eval.c:3165 val = 12535520 syms_left = 12507474 next = 14517122 count = 4 i = 1 optional = 0 rest = 0 #5 0x00000000005f90bb in Ffuncall (nargs=2, args=0x7fffffffcd00) at eval.c:3029 fun = 9815317 original_fun = 14191698 funcar = 12535520 numargs = 1 lisp_numargs = 6152191 val = 19245862 backtrace = { next = 0x7fffffffd0f0, function = 0x7fffffffcd00, args = 0x7fffffffcd08, nargs = 1, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0x125ab36 i = 0 #6 0x0000000000645887 in Fbyte_code (bytestr=9788449, vector=9788485, maxdepth=28) at bytecode.c:679 count = 4 op = 1 vectorp = 0x955c50 bytestr_length = 1723 stack = { pc = 0xb4b681 "\210\016N\203^\006\201", <incomplete sequence \343>, top = 0x7fffffffcd08, bottom = 0x7fffffffcd00, byte_string = 9788449, byte_string_start = 0xb4b02f "\306 \020\307\021\n\023\307\024\310\311!\211\035\307=\204\064", constants = 9788485, next = 0x7fffffffd1d0 } top = 0x7fffffffcd00 result = 13467377 #7 0x00000000005f9701 in funcall_lambda (fun=9788405, nargs=0, arg_vector=0x7fffffffd178) at eval.c:3165 val = 12535520 syms_left = 12507474 next = 13258642 count = 4 i = 0 optional = 0 rest = 0 #8 0x00000000005f90bb in Ffuncall (nargs=1, args=0x7fffffffd170) at eval.c:3029 fun = 9788405 original_fun = 13569954 funcar = 13569906 numargs = 0 lisp_numargs = 6152191 val = 13467377 backtrace = { next = 0x7fffffffd6c0, function = 0x7fffffffd170, args = 0x7fffffffd178, nargs = 0, evalargs = 0 '\000', debug_on_exit = 0 '\000' } internal_args = 0xcd7ef1 i = 0 #9 0x0000000000645887 in Fbyte_code (bytestr=9783473, vector=9783509, maxdepth=24) at bytecode.c:679 count = 2 op = 0 vectorp = 0x9548e0 bytestr_length = 220 stack = { pc = 0xb4be2e "\210*\340\341\342\"\210\343\321\344\"\211\036$;\203\251", top = 0x7fffffffd170, bottom = 0x7fffffffd170, byte_string = 9783473, byte_string_start = 0xb4bda0 "\b\203\b", constants = 9783509, next = 0x0 } top = 0x7fffffffd170 result = 4294967295 #10 0x00000000005f9701 in funcall_lambda (fun=9783429, nargs=0, arg_vector=0x7fffffffd530) at eval.c:3165 val = 1 syms_left = 12507474 next = 140733193388033 count = 2 i = 0 optional = 0 rest = 0 #11 0x00000000005f932f in apply_lambda (fun=9783429, args=12507474, eval_flag=1) at eval.c:3092 args_left = 12507474 numargs = 0 arg_vector = 0x7fffffffd530 gcpro1 = { next = 0x7ffff1e40970, var = 0x7ffff7fc14d0, nvars = 0 } gcpro2 = { next = 0x83b, var = 0x1000, nvars = 8 } gcpro3 = { next = 0x1, var = 0x81a4, nvars = 0 } i = 0 tem = 5 #12 0x00000000005f7dea in Feval (form=12978838) at eval.c:2390 fun = 9783429 val = 140737488345192 original_fun = 14516546 original_args = 12507474 funcar = 140737354130560 backtrace = { next = 0x0, function = 0x7fffffffd6f0, args = 0x7fffffffd530, nargs = 0, evalargs = 0 '\000', debug_on_exit = 0 '\000' } gcpro1 = { next = 0x7ffff7fb6488, var = 0x7ffff7fc14d0, nvars = -134225624 } gcpro2 = { next = 0x7fffffffd810, var = 0x7ffff1e34c28, nvars = -236739152 } gcpro3 = { next = 0x0, var = 0x7fff00000017, nvars = 44108294 } #13 0x00000000005599d1 in top_level_2 () at keyboard.c:1347 No locals. #14 0x00000000005f5f8c in internal_condition_case (bfun=0x5599be <top_level_2>, handlers=12559570, hfun=0x5595a8 <cmd_error>) at eval.c:1458 val = 5609939 c = { tag = 12507474, val = 12507474, next = 0x7fffffffd930, gcpro = 0x0, jmp = {{ __jmpbuf = {5, 7988929332933021680, 4279008, 140737488346960, 0, 0, 7988929332880592880, -7988928721167724560}, __mask_was_saved = 0, __saved_mask = { __val = {4294967295, 140737488345248, 1, 9246952, 0, 0, 0, 0, 140737351959490, 1, 0, 0, 140737251616176, 12936662, 5, 140737488345664} } }}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2, poll_suppress_count = 1, interrupt_input_blocked = 0, byte_stack = 0x0 } h = { handler = 12559570, var = 12507474, chosen_clause = 140737488345104, tag = 0x7fffffffd7c0, next = 0x0 } #15 0x0000000000559a0b in top_level_1 (ignore=12507474) at keyboard.c:1355 No locals. #16 0x00000000005f592e in internal_catch (tag=12555634, func=0x5599d3 <top_level_1>, arg=12507474) at eval.c:1202 c = { tag = 12555634, val = 12507474, next = 0x0, gcpro = 0x0, jmp = {{ __jmpbuf = {5, 7988929332987547632, 4279008, 140737488346960, 0, 0, 7988929332960284656, -7988928721370886160}, __mask_was_saved = 0, __saved_mask = { __val = {6153582, 140737255104152, 4301629832, 0, 12507474, 12779824, 140737488345720, 60129542288, 12535520, 12033184, 6152158, 140737488345680, 12507474, 4279008, 140737488346960, 140737488345696} } }}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2, poll_suppress_count = 1, interrupt_input_blocked = 0, byte_stack = 0x0 } #17 0x0000000000559939 in command_loop () at keyboard.c:1310 No locals. #18 0x00000000005590df in recursive_edit_1 () at keyboard.c:940 count = 1 val = 5608104 #19 0x0000000000559292 in Frecursive_edit () at keyboard.c:1002 count = 0 buffer = 12507474 #20 0x00000000005575cc in main (argc=5, argv=0x7fffffffdf58) at emacs.c:1764 dummy = 140737251592752 stack_bottom_variable = 0 '\000' do_initial_setlocale = 1 skip_args = 1 rlim = { rlim_cur = 8720000, rlim_max = 18446744073709551615 } no_loadup = 0 junk = 0x0 dname_arg = 0x0 ch_to_dir = 0x45 <Address 0x45 out of bounds> Lisp Backtrace: "apply" (0xffffc670) "eval" (0xffffc888) "command-line-1" (0xffffcd08) "command-line" (0xffffd178) "normal-top-level" (0xffffd530) ^ permalink raw reply [flat|nested] 16+ messages in thread
[parent not found: <87r5i02uo7.fsf@steelpick.2x.cz>]
* bug#6214: 23.1; json-read-string crashes emacs with long string [not found] ` <87r5i02uo7.fsf@steelpick.2x.cz> @ 2010-08-16 17:40 ` Chong Yidong [not found] ` <874oeuv4le.fsf@stupidchicken.com> 1 sibling, 0 replies; 16+ messages in thread From: Chong Yidong @ 2010-08-16 17:40 UTC (permalink / raw) To: Michal Sojka; +Cc: 6214, Notmuch mailing list, Carl Worth Thanks, that is a useful backtrace. Could you apply this patch and see if it fixes the problem? === modified file 'src/eval.c' *** src/eval.c 2010-08-06 19:07:16 +0000 --- src/eval.c 2010-08-16 17:37:22 +0000 *************** *** 2430,2437 **** register int i, numargs; register Lisp_Object spread_arg; register Lisp_Object *funcall_args; ! Lisp_Object fun; struct gcpro gcpro1; fun = args [0]; funcall_args = 0; --- 2430,2438 ---- register int i, numargs; register Lisp_Object spread_arg; register Lisp_Object *funcall_args; ! Lisp_Object fun, retval; struct gcpro gcpro1; + USE_SAFE_ALLOCA; fun = args [0]; funcall_args = 0; *************** *** 2470,2477 **** { /* Avoid making funcall cons up a yet another new vector of arguments by explicitly supplying nil's for optional values */ ! funcall_args = (Lisp_Object *) alloca ((1 + XSUBR (fun)->max_args) ! * sizeof (Lisp_Object)); for (i = numargs; i < XSUBR (fun)->max_args;) funcall_args[++i] = Qnil; GCPRO1 (*funcall_args); --- 2471,2478 ---- { /* Avoid making funcall cons up a yet another new vector of arguments by explicitly supplying nil's for optional values */ ! SAFE_ALLOCA (funcall_args, Lisp_Object *, ((1 + XSUBR (fun)->max_args) ! * sizeof (Lisp_Object))); for (i = numargs; i < XSUBR (fun)->max_args;) funcall_args[++i] = Qnil; GCPRO1 (*funcall_args); *************** *** 2483,2490 **** function itself as well as its arguments. */ if (!funcall_args) { ! funcall_args = (Lisp_Object *) alloca ((1 + numargs) ! * sizeof (Lisp_Object)); GCPRO1 (*funcall_args); gcpro1.nvars = 1 + numargs; } --- 2484,2491 ---- function itself as well as its arguments. */ if (!funcall_args) { ! SAFE_ALLOCA (funcall_args, Lisp_Object *, ((1 + numargs) ! * sizeof (Lisp_Object))); GCPRO1 (*funcall_args); gcpro1.nvars = 1 + numargs; } *************** *** 2500,2506 **** } /* By convention, the caller needs to gcpro Ffuncall's args. */ ! RETURN_UNGCPRO (Ffuncall (gcpro1.nvars, funcall_args)); } \f /* Run hook variables in various ways. */ --- 2501,2511 ---- } /* By convention, the caller needs to gcpro Ffuncall's args. */ ! retval = Ffuncall (gcpro1.nvars, funcall_args); ! UNGCPRO; ! SAFE_FREE (); ! ! return retval; } \f /* Run hook variables in various ways. */ ^ permalink raw reply [flat|nested] 16+ messages in thread
[parent not found: <874oeuv4le.fsf@stupidchicken.com>]
* bug#6214: 23.1; json-read-string crashes emacs with long string [not found] ` <874oeuv4le.fsf@stupidchicken.com> @ 2010-08-16 20:39 ` Michal Sojka [not found] ` <87fwye2sxt.fsf@steelpick.2x.cz> 1 sibling, 0 replies; 16+ messages in thread From: Michal Sojka @ 2010-08-16 20:39 UTC (permalink / raw) To: Chong Yidong; +Cc: 6214, Notmuch mailing list, Carl Worth On Mon, 16 Aug 2010, Chong Yidong wrote: > Thanks, that is a useful backtrace. Could you apply this patch and see > if it fixes the problem? Great! The patch fixes the problem. Now I can view 20 MB email in notmuch. Thanks, Michal ^ permalink raw reply [flat|nested] 16+ messages in thread
[parent not found: <87fwye2sxt.fsf@steelpick.2x.cz>]
* bug#6214: 23.1; json-read-string crashes emacs with long string [not found] ` <87fwye2sxt.fsf@steelpick.2x.cz> @ 2010-08-17 15:10 ` Chong Yidong [not found] ` <87pqxhmg0i.fsf@stupidchicken.com> 1 sibling, 0 replies; 16+ messages in thread From: Chong Yidong @ 2010-08-17 15:10 UTC (permalink / raw) To: Stefan Monnier; +Cc: 6214, Notmuch mailing list, Carl Worth, Michal Sojka Michal Sojka <sojkam1@fel.cvut.cz> writes: > On Mon, 16 Aug 2010, Chong Yidong wrote: >> Thanks, that is a useful backtrace. Could you apply this patch and see >> if it fixes the problem? > > Great! The patch fixes the problem. Now I can view 20 MB email in > notmuch. Hmm, there is a problem, though. If we attempt to avoid a stack overflow in `apply' by using the heap rather than the stack to store large numbers of arguments, those arguments are invisible to the stack-marking gargbage collector. One workaround is to temporarily disable garbage collection if using the heap. Stefan, any ideas? ^ permalink raw reply [flat|nested] 16+ messages in thread
[parent not found: <87pqxhmg0i.fsf@stupidchicken.com>]
* bug#6214: 23.1; json-read-string crashes emacs with long string [not found] ` <87pqxhmg0i.fsf@stupidchicken.com> @ 2010-08-17 16:27 ` Chong Yidong [not found] ` <87sk2dxl01.fsf@stupidchicken.com> 1 sibling, 0 replies; 16+ messages in thread From: Chong Yidong @ 2010-08-17 16:27 UTC (permalink / raw) To: Stefan Monnier; +Cc: 6214, Notmuch mailing list, Carl Worth, Michal Sojka Chong Yidong <cyd@stupidchicken.com> writes: > Hmm, there is a problem, though. If we attempt to avoid a stack > overflow in `apply' by using the heap rather than the stack to store > large numbers of arguments, those arguments are invisible to the > stack-marking gargbage collector. Never mind, I got confused. SAFE_ALLOCA uses record_unwind_protect, so it's gc safe. ^ permalink raw reply [flat|nested] 16+ messages in thread
[parent not found: <87sk2dxl01.fsf@stupidchicken.com>]
* bug#6214: 23.1; json-read-string crashes emacs with long string [not found] ` <87sk2dxl01.fsf@stupidchicken.com> @ 2010-08-17 20:57 ` Andreas Schwab 2010-08-17 21:46 ` Chong Yidong 0 siblings, 1 reply; 16+ messages in thread From: Andreas Schwab @ 2010-08-17 20:57 UTC (permalink / raw) To: Chong Yidong; +Cc: 6214, Notmuch mailing list, Carl Worth, Michal Sojka Chong Yidong <cyd@stupidchicken.com> writes: > Never mind, I got confused. SAFE_ALLOCA uses record_unwind_protect, so > it's gc safe. No, it isn't. SAFE_ALLOCA only protects the memory block, you need to use SAVE_ALLOCA_LISP to protect also its contents. Andreas. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different." ^ permalink raw reply [flat|nested] 16+ messages in thread
* bug#6214: 23.1; json-read-string crashes emacs with long string 2010-08-17 20:57 ` Andreas Schwab @ 2010-08-17 21:46 ` Chong Yidong 0 siblings, 0 replies; 16+ messages in thread From: Chong Yidong @ 2010-08-17 21:46 UTC (permalink / raw) To: Andreas Schwab; +Cc: 6214, Notmuch mailing list, Carl Worth, Michal Sojka Andreas Schwab <schwab@linux-m68k.org> writes: > Chong Yidong <cyd@stupidchicken.com> writes: > >> Never mind, I got confused. SAFE_ALLOCA uses record_unwind_protect, so >> it's gc safe. > > No, it isn't. SAFE_ALLOCA only protects the memory block, you need to > use SAVE_ALLOCA_LISP to protect also its contents. Ah, OK. Thanks. ^ permalink raw reply [flat|nested] 16+ messages in thread
[parent not found: <handler.6214.D6214.12742060387114.notifdone@debbugs.gnu.org>]
* bug#6214: closed (Re: bug#6214: 23.1; json-read-string crashes emacs with long string) [not found] ` <handler.6214.D6214.12742060387114.notifdone@debbugs.gnu.org> @ 2010-05-18 19:15 ` Carl Worth 0 siblings, 0 replies; 16+ messages in thread From: Carl Worth @ 2010-05-18 19:15 UTC (permalink / raw) To: 6214 [-- Attachment #1: Type: text/plain, Size: 552 bytes --] On Tue, 18 May 2010 18:08:02 +0000, help-debbugs@gnu.org (GNU bug Tracking System) wrote: > The explanation is attached below, along with your original report. > If you require more details, please reply to 6214@debbugs.gnu.org. ... > Looks like a stack overflow in the `string' function. I've checked in a > fix, thanks for the bug report. Thanks for the quick fix! I'd be interested in seeing the actual patch here. So let me know if/when you can email it to me or point me to a publicly-visible repository that contains it. Thanks again, -Carl [-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 16+ messages in thread
end of thread, other threads:[~2010-08-17 21:46 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-05-18 16:08 23.1; json-read-string crashes emacs with long string Carl Worth
2010-05-18 17:16 ` bug#6214: " Leo
2010-05-18 17:43 ` bug#6214: `bt full' output Nelson Elhage
2010-05-18 18:07 ` bug#6214: 23.1; json-read-string crashes emacs with long string Chong Yidong
2010-08-12 21:58 ` Michal Sojka
[not found] ` <87tymzv6ga.fsf@steelpick.2x.cz>
2010-08-13 16:37 ` Chong Yidong
2010-08-14 7:39 ` Michal Sojka
[not found] ` <87sk2hbq3s.fsf@steelpick.2x.cz>
2010-08-14 21:30 ` Chong Yidong
[not found] ` <8739ug3mrr.fsf@stupidchicken.com>
2010-08-15 7:37 ` Michal Sojka
[not found] ` <87r5i02uo7.fsf@steelpick.2x.cz>
2010-08-16 17:40 ` Chong Yidong
[not found] ` <874oeuv4le.fsf@stupidchicken.com>
2010-08-16 20:39 ` Michal Sojka
[not found] ` <87fwye2sxt.fsf@steelpick.2x.cz>
2010-08-17 15:10 ` Chong Yidong
[not found] ` <87pqxhmg0i.fsf@stupidchicken.com>
2010-08-17 16:27 ` Chong Yidong
[not found] ` <87sk2dxl01.fsf@stupidchicken.com>
2010-08-17 20:57 ` Andreas Schwab
2010-08-17 21:46 ` Chong Yidong
[not found] ` <handler.6214.D6214.12742060387114.notifdone@debbugs.gnu.org>
2010-05-18 19:15 ` bug#6214: closed (Re: bug#6214: 23.1; json-read-string crashes emacs with long string) Carl Worth
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/emacs.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).