unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed
From: Paul Eggert <eggert@cs.ucla.edu>
To: 25816@debbugs.gnu.org
Cc: Ricardo Wurmus <rekado@elephly.net>, Joakim Verona <joakim@verona.se>
Subject: bug#25816: Emacs xwidget GC issue with callback
Date: Mon, 20 Feb 2017 09:10:32 -0800	[thread overview]
Message-ID: <fbb40181-b500-1507-1d00-b9a036c479b0@cs.ucla.edu> (raw)

[-- Attachment #1: Type: text/plain, Size: 743 bytes --]

When configuring with --with-xwidgets --enable-check-lisp-object-type the Emacs 
build would fail due to a type confusion in src/xwidget.c, which I attempted to 
fix by installing the attached patch. However, as noted in the patch, this code 
appears to have a garbage-collection bug, as it converts a Lisp_Object to a C 
pointer and stores that pointer (for what appears to be an indefinite period of 
time) into a C object that the garbage collector does not know about. If 
garbage-collection reclaims the object before the callback is used, disaster can 
occur. As I don't know the lifetime of the C object I'm reluctant to try to fix 
this myself, so I'm filing this bug report in the hope that an xwidget expert 
can fix it.


[-- Attachment #2: 0001-Port-xwidget-to-DCHECK_LISP_OBJECT_TYPE.txt --]
[-- Type: text/plain, Size: 2455 bytes --]

From 5baceff92d8947ed5b64fadae808b366f5ca1da7 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 20 Feb 2017 08:53:50 -0800
Subject: [PATCH] Port xwidget to -DCHECK_LISP_OBJECT_TYPE
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* src/xwidget.c (webkit_javascript_finished_cb)
(Fxwidget_webkit_execute_script): Don't assume Lisp_Object is an
integer.  This fix is just a hack; I’ll file a bug report about
the underlying problem.
---
 src/xwidget.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/src/xwidget.c b/src/xwidget.c
index 5c276b1..dc705bb 100644
--- a/src/xwidget.c
+++ b/src/xwidget.c
@@ -389,7 +389,10 @@ webkit_javascript_finished_cb (GObject      *webview,
     /* Register an xwidget event here, which then runs the callback.
        This ensures that the callback runs in sync with the Emacs
        event loop.  */
-    store_xwidget_js_callback_event (xw, (Lisp_Object)lisp_callback,
+    /* FIXME: This might lead to disaster if LISP_CALLBACK’s object
+       was garbage collected before now.  See the FIXME in
+       Fxwidget_webkit_execute_script.  */
+    store_xwidget_js_callback_event (xw, XIL ((intptr_t) lisp_callback),
                                      lisp_value);
 }
 
@@ -714,8 +717,13 @@ argument procedure FUN.*/)
   if (!NILP (fun) && !FUNCTIONP (fun))
     wrong_type_argument (Qinvalid_function, fun);
 
-  void *callback = (FUNCTIONP (fun)) ?
-    &webkit_javascript_finished_cb : NULL;
+  GAsyncReadyCallback callback
+    = FUNCTIONP (fun) ? webkit_javascript_finished_cb : NULL;
+
+  /* FIXME: This hack might lead to disaster if FUN is garbage
+     collected before store_xwidget_js_callback_event makes it visible
+     to Lisp again.  See the FIXME in webkit_javascript_finished_cb.  */
+  gpointer callback_arg = (gpointer) (intptr_t) XLI (fun);
 
   /* JavaScript execution happens asynchronously.  If an elisp
      callback function is provided we pass it to the C callback
@@ -723,8 +731,7 @@ argument procedure FUN.*/)
   webkit_web_view_run_javascript (WEBKIT_WEB_VIEW (xw->widget_osr),
                                   SSDATA (script),
                                   NULL, /* cancelable */
-                                  callback,
-                                  (gpointer) fun);
+                                  callback, callback_arg);
   return Qnil;
 }
 
-- 
2.9.3


             reply	other threads:[~2017-02-20 17:10 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-20 17:10 Paul Eggert [this message]
2017-02-20 18:01 ` bug#25816: Emacs xwidget GC issue with callback Andreas Schwab
2017-02-20 21:05   ` Paul Eggert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://www.gnu.org/software/emacs/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fbb40181-b500-1507-1d00-b9a036c479b0@cs.ucla.edu \
    --to=eggert@cs.ucla.edu \
    --cc=25816@debbugs.gnu.org \
    --cc=joakim@verona.se \
    --cc=rekado@elephly.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).