From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Philipp Stephani Newsgroups: gmane.emacs.bugs Subject: bug#27258: 26.0.50; Possible undefined behavior in Fmapbacktrace Date: Mon, 05 Jun 2017 20:14:32 +0000 Message-ID: References: NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="001a113cd19254e4e505513c278f" X-Trace: blaine.gmane.org 1496693714 12189 195.159.176.226 (5 Jun 2017 20:15:14 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Mon, 5 Jun 2017 20:15:14 +0000 (UTC) To: 27258-done@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Jun 05 22:15:10 2017 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dHyP7-0002s0-5O for geb-bug-gnu-emacs@m.gmane.org; Mon, 05 Jun 2017 22:15:09 +0200 Original-Received: from localhost ([::1]:35014 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dHyPC-0002SS-I9 for geb-bug-gnu-emacs@m.gmane.org; Mon, 05 Jun 2017 16:15:14 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:53686) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dHyP5-0002QN-0r for bug-gnu-emacs@gnu.org; Mon, 05 Jun 2017 16:15:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dHyP0-0000QI-QO for bug-gnu-emacs@gnu.org; Mon, 05 Jun 2017 16:15:07 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:55438) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dHyP0-0000Q1-Mt for bug-gnu-emacs@gnu.org; Mon, 05 Jun 2017 16:15:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dHyP0-00045M-Il for bug-gnu-emacs@gnu.org; Mon, 05 Jun 2017 16:15:02 -0400 Resent-From: Philipp Stephani Original-Sender: "Debbugs-submit" Resent-To: bug-gnu-emacs@gnu.org Resent-Date: Mon, 05 Jun 2017 20:15:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 27258 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Mail-Followup-To: 27258@debbugs.gnu.org, p.stephani2@gmail.com, p.stephani2@gmail.com Original-Received: via spool by 27258-done@debbugs.gnu.org id=D27258.149669369115667 (code D ref 27258); Mon, 05 Jun 2017 20:15:02 +0000 Original-Received: (at 27258-done) by debbugs.gnu.org; 5 Jun 2017 20:14:51 +0000 Original-Received: from localhost ([127.0.0.1]:58113 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dHyOp-00044d-6j for submit@debbugs.gnu.org; Mon, 05 Jun 2017 16:14:51 -0400 Original-Received: from mail-oi0-f51.google.com ([209.85.218.51]:36630) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dHyOn-00044Q-Cn for 27258-done@debbugs.gnu.org; Mon, 05 Jun 2017 16:14:49 -0400 Original-Received: by mail-oi0-f51.google.com with SMTP id h4so168494585oib.3 for <27258-done@debbugs.gnu.org>; Mon, 05 Jun 2017 13:14:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=p6wvQ5r441/0YGP5+iRqmfIuibCYSfMKe5p3CaJcIMo=; b=ky0XM2/mcu2MjVDq+KzK35S4dh6boR08nbqc9SHnEjo9a3B9vreapOXxWkELbB2J4i uOH5FBpZH1aHJhFdR7/iVVZ9QXjuQqAcdniKrDONGtWdzgTdWFJxyEkDIrz2jOE1jriY 5cB/inIp0dc0+AJk/v4v4slqB868fR9RJFyDeQcYTu1mlYgEsQzw/XB0hbehLVyy/hm5 P3kJVvmcXa6hvG7KC9eyPaMKfduJtzKYvl7GPqTLU1IU8MBdUEzWUtdtn1+LIUwolEYP aKRRyPKguMiJBXoU1RmfdhaEJbJCcxAVe2VNX1/5hBmzUfFeOw8LNeVv26TLY6zOPB7Y ucHQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=p6wvQ5r441/0YGP5+iRqmfIuibCYSfMKe5p3CaJcIMo=; b=HsVCcQMQgQKW+96Noo1dPBwEpkbIw4sS/Hjf3PpCLjoNt9PJfJg42PSGySPHLc+E4l qyPQArouV+pr3129Sfm8Z1Fm7m4jGvx9DGRq+FItPUwzkkSNoL/GX/u4OLIZPONMNWjN bMAAISdrF+xxmyfn/1HSNzymkRwaWjGawSvaEbq7biynwzdPRlMOOBU/paoByI3dNJfL ZmYR0lIFwUEgdbo5MJfi/xblMefBy0yTthWXQtmY+HRdvXuGiPCzDz9B26G02PK/DTNC NEmHYDyiMBUOR4rYtCI4hm9f5mcMih6Ei5wgFlFe/18tX0LhuUn5VbXlJ/1nHk2nd1K0 gOgw== X-Gm-Message-State: AODbwcAIL4AWphEHQC2ypiPKPXgo0N30lXZuGNUyGm4CCCmfCcjySY72 bHe7Ei/4cSQ00DWYZIX9w41oCN7xBfqQ X-Received: by 10.202.51.7 with SMTP id z7mr10333185oiz.75.1496693683303; Mon, 05 Jun 2017 13:14:43 -0700 (PDT) In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:133319 Archived-At: --001a113cd19254e4e505513c278f Content-Type: text/plain; charset="UTF-8" Philipp Stephani schrieb am Mo., 5. Juni 2017 um 22:13 Uhr: > Philipp schrieb am Mo., 5. Juni 2017 um 21:51 Uhr: > >> >> Insert the following into /tmp/rec.el: >> >> ;; -*- lexical-binding: t; -*- >> >> (require 'cl-lib) >> >> (defun recurse (i g) >> (if (= i 0) >> (funcall g (cl-gensym)) >> (recurse (1- i) g))) >> >> (recurse 100 (lambda (sym) >> (message "outer: %s" sym) >> (mapbacktrace >> (lambda (_ _ args _) >> (recurse 100 (lambda (sym) >> (message "inner: %s %s" sym args))))))) >> >> Then run >> >> emacs -Q -batch -l /tmp/rec.el >> >> The printed messages will either be way too short, or Emacs will >> segfault. Re-running the command a couple of times consistently >> generated a segfault for me. >> >> My guess is that pdlvec got reallocated, but Fmapbacktrace uses pointers >> instead of indices to access its element, so they pointers became >> invalidated and point to garbage. > > > Fixed with commit 3d9d976aa476b1c1098359a1215ad1cabd022d33. > Woops, sent to wrong email address. --001a113cd19254e4e505513c278f Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


Philip= p Stephani <p.stephani2@gmail.c= om> schrieb am Mo., 5. Juni 2017 um 22:13=C2=A0Uhr:
Philipp <p.stephani2@gmail.com> schrieb am Mo., 5. Juni 2017 um 21:51= =C2=A0Uhr:

Insert the following into /tmp/rec.el:

;; -*- lexical-binding: t; -*-

(require 'cl-lib)

(defun recurse (i g)
=C2=A0 (if (=3D i 0)
=C2=A0 =C2=A0 =C2=A0 (funcall g (cl-gensym))
=C2=A0 =C2=A0 (recurse (1- i) g)))

(recurse 100 (lambda (sym)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(message "outer= : %s" sym)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(mapbacktrace
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (lambda (_ _ args _= )
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (recurse 100= (lambda (sym)
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0(message "inner: %s %s&qu= ot; sym args)))))))

Then run

=C2=A0 emacs -Q -batch -l /tmp/rec.el

The printed messages will either be way too short, or Emacs will
segfault.=C2=A0 Re-running the command a couple of times consistently
generated a segfault for me.

My guess is that pdlvec got reallocated, but Fmapbacktrace uses pointers instead of indices to access its element, so they pointers became
invalidated and point to garbage.

Fixed with commit 3d9d976aa4= 76b1c1098359a1215ad1cabd022d33.=C2=A0
Woops, sent to wrong email address.=C2=A0
--001a113cd19254e4e505513c278f--