From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Stefan Monnier <monnier@iro.umontreal.ca>
Newsgroups: gmane.emacs.bugs
Subject: bug#9401: 24.0.50; Crash during fontification
Date: Mon, 29 Aug 2011 14:59:36 -0400
Message-ID: <jwvzkis82qi.fsf-monnier+emacs@gnu.org>
References: <87obz8i4gr.fsf@stupidchicken.com>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; CHARSET=US-ASCII
Content-Transfer-Encoding: 7BIT
X-Trace: dough.gmane.org 1314644414 16742 80.91.229.12 (29 Aug 2011 19:00:14 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Mon, 29 Aug 2011 19:00:14 +0000 (UTC)
Cc: 9401@debbugs.gnu.org
To: Chong Yidong <cyd@stupidchicken.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Aug 29 21:00:07 2011
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([140.186.70.17])
	by lo.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1Qy73z-0000xV-G7
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 29 Aug 2011 21:00:03 +0200
Original-Received: from localhost ([::1]:38725 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1Qy73y-0002Ta-DV
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 29 Aug 2011 15:00:02 -0400
Original-Received: from eggs.gnu.org ([140.186.70.92]:42413)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1Qy73w-0002Sc-JM
	for bug-gnu-emacs@gnu.org; Mon, 29 Aug 2011 15:00:01 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1Qy73v-0002CC-KJ
	for bug-gnu-emacs@gnu.org; Mon, 29 Aug 2011 15:00:00 -0400
Original-Received: from debbugs.gnu.org ([140.186.70.43]:41155)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1Qy73v-0002C8-HZ
	for bug-gnu-emacs@gnu.org; Mon, 29 Aug 2011 14:59:59 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1Qy76r-0007RM-Ml; Mon, 29 Aug 2011 15:03:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Stefan Monnier <monnier@iro.umontreal.ca>
Original-Sender: debbugs-submit-bounces@debbugs.gnu.org
Resent-To: owner@debbugs.gnu.org
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 29 Aug 2011 19:03:01 +0000
Resent-Message-ID: <handler.9401.B9401.131464456428577@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 9401
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 9401-submit@debbugs.gnu.org id=B9401.131464456428577
	(code B ref 9401); Mon, 29 Aug 2011 19:03:01 +0000
Original-Received: (at 9401) by debbugs.gnu.org; 29 Aug 2011 19:02:44 +0000
Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1Qy76Z-0007Qr-DU
	for submit@debbugs.gnu.org; Mon, 29 Aug 2011 15:02:44 -0400
Original-Received: from relais.videotron.ca ([24.201.245.36])
	by debbugs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <monnier@iro.umontreal.ca>) id 1Qy76X-0007Qj-93
	for 9401@debbugs.gnu.org; Mon, 29 Aug 2011 15:02:42 -0400
Original-Received: from ceviche.home ([96.22.109.87]) by vl-mo-mrz24.ip.videotron.ca
	(Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008;
	32bit))
	with ESMTP id <0LQP00CISE1JTP20@vl-mo-mrz24.ip.videotron.ca> for
	9401@debbugs.gnu.org; Mon, 29 Aug 2011 14:58:31 -0400 (EDT)
Original-Received: by ceviche.home (Postfix, from userid 20848)	id 8EAF5660B6; Mon,
	29 Aug 2011 14:59:36 -0400 (EDT)
In-reply-to: <87obz8i4gr.fsf@stupidchicken.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.11
Precedence: list
Resent-Date: Mon, 29 Aug 2011 15:03:01 -0400
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 1)
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: </archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:50406
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/50406>

> I can trigger this crash about 50 percent of the time by doing
> emacs -q trunk/src/buffer.h
> C-s defvar

> Emacs then crashes with a segfault.

> The problem involves a call to scan_sexps_forward (frame#4) with
> from_byte larger than the byte size of the buffer.

[...]

> #4  0x00000000006300a5 in scan_sexps_forward (stateptr=0x7fffffff30b0,
>     from=26298, from_byte=48082, end=38471, targetdepth=-10000, stopbefore=0,
>     oldstate=12552834, commentstop=0) at syntax.c:3133
> #5  0x000000000061e721 in back_comment (from=38165, from_byte=38165, stop=1,
>     comnested=0, comstyle=0, charpos_ptr=0x7fffffff3418,
>     bytepos_ptr=0x7fffffff3420) at syntax.c:733

There's something pretty fishy going on, indeed, since we end going
"back" from 38165/38165 to 26298/38471, i.e. the char position is
smaller but the byte position is larger.


        Stefan