From: martin rudalics <rudalics@gmx.at>
To: Eli Zaretskii <eliz@gnu.org>
Cc: 60096@debbugs.gnu.org, juri@linkov.net
Subject: bug#60096: 29.0.60; Crash in format_mode_line_unwind_data
Date: Sat, 17 Dec 2022 16:26:36 +0100 [thread overview]
Message-ID: <a44363c8-3af7-932b-3517-6babfba68cec@gmx.at> (raw)
In-Reply-To: <838rj6ic34.fsf@gnu.org>
> It is needed in this case because it forces redisplay to recompute the
> window list (in propagate_buffer_redisplay, if not earlier). If the
> above is not done, Vwindow_list will be reused, and the problematic
> (bogus?) windows in it _will_ cause a crash.
>
> Specifically, here's what happens:
>
> . We call
>
> wset_buffer (w, other_buffer_safely (Fcurrent_buffer ()));
>
> . other_buffer_safely cannot find a single buffer that satisfies the
> candidate_buffer condition, so it ends up recreating *scratch*
> (whose deletion caused this mess to begin with) by calling
> get-scratch-buffer-create in Lisp
> . get-scratch-buffer-create calls substitute-command-keys to produce
> the blurb we put in the comment at the beginning of *scratch*
> . substitute-command-keys uses a temporary buffer to format the
> message, and calls kill-buffer to delete that buffer when it's done
> . kill-buffer calls replace_buffer_in_windows, which calls
> replace-buffer-in-windows in Lisp
> . replace-buffer-in-windows calls window-list-1, which calls
> window_list, which fills Vwindow_list with windows that have no
> buffer:
>
> (gdb) pp Vwindow_list
> (#<window 8> #<window 4>)
>
> . one of these windows gets assigned a buffer, eventually, since it's
> a selected-window, but the other window stays without a buffer, and
> causes a crash in the following redisplay
Thanks for the explanation. I must have tested with my own version of
'replace-buffer-in-windows' which starts with
(let ((buffer (window-normalize-buffer buffer-or-name)))
;; Don't scan 'window-list-1' unless necessary (often it isn't, for
;; example, when killing a temporary buffer).
(when (> (buffer-windows-count buffer) 0)
(dolist (window (window-list-1 nil nil t))
But since there's no guarantee that a temporary buffer will not be shown
in a window temporarily, your patch is a bit safer. Alternatively, we
could exclude windows with a nil buffer in add_window_to_list (think of
the case that within the blurb producing code someone wants to consult
the window list). In either case, we'd be accepting a temporarily
broken basic invariant - that a live window always shows a live buffer.
Principally, we should never run 'replace-buffer-in-windows' from within
'set-window-configuration'. That bloated window list is just the tip of
an iceberg here.
> What about the other parts of the changeset I installed -- do they
> look okay to you? any comments?
I see
- return safe_call (1, Qget_scratch_buffer_create);
+ /* This function must return a valid buffer, since it is frequently
+ our last line of defense in the face of the expected buffers
+ becoming dead under our feet. safe_call below could return nil
+ if recreating *scratch* in Lisp, which does some fancy stuff,
+ signals an error in some weird use case. */
+ buf = safe_call (1, Qget_scratch_buffer_create);
+ if (NILP (buf))
+ {
+ AUTO_STRING (scratch, "*scratch*");
+ buf = Fget_buffer_create (scratch, Qnil);
+ }
+ return buf;
and
+ Fset_buffer_major_mode (buf);
which look okay to me. Unless, again, the latter would try to deal with
the window list or do some other nasty stuff. Then other_buffer_safely
should not be allowed to recreate *scratch* but rather some fallback
buffer in fundamental mode with no hooks run and any buffer lists having
it as single element.
martin
next prev parent reply other threads:[~2022-12-17 15:26 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-15 17:04 bug#60096: 29.0.60; Crash in format_mode_line_unwind_data Juri Linkov
2022-12-15 21:42 ` Eli Zaretskii
2022-12-16 7:31 ` Juri Linkov
2022-12-16 11:46 ` Eli Zaretskii
2022-12-16 14:39 ` Eli Zaretskii
2022-12-16 15:03 ` Eli Zaretskii
2022-12-17 9:17 ` martin rudalics
2022-12-17 10:00 ` Eli Zaretskii
2022-12-17 10:53 ` Eli Zaretskii
2022-12-17 15:26 ` martin rudalics [this message]
2022-12-17 15:59 ` Eli Zaretskii
2022-12-17 17:05 ` martin rudalics
2022-12-17 17:52 ` Eli Zaretskii
2022-12-18 9:18 ` martin rudalics
2022-12-18 11:40 ` Eli Zaretskii
2022-12-17 17:23 ` Juri Linkov
2022-12-17 17:59 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a44363c8-3af7-932b-3517-6babfba68cec@gmx.at \
--to=rudalics@gmx.at \
--cc=60096@debbugs.gnu.org \
--cc=eliz@gnu.org \
--cc=juri@linkov.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).