From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Andreas Schwab Newsgroups: gmane.emacs.bugs Subject: bug#23704: 25.1.50; Emacs crash in syntax.c Date: Mon, 06 Jun 2016 17:03:28 +0200 Message-ID: References: <84ziqyga76.fsf@gmail.com> <83inxmtlmu.fsf@gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1465229732 27005 80.91.229.3 (6 Jun 2016 16:15:32 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 6 Jun 2016 16:15:32 +0000 (UTC) Cc: 23704@debbugs.gnu.org, vincent.belaiche@gmail.com To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Jun 06 18:15:20 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1b9xBO-00051W-GN for geb-bug-gnu-emacs@m.gmane.org; Mon, 06 Jun 2016 18:15:18 +0200 Original-Received: from localhost ([::1]:43442 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b9xBN-0001yB-Hu for geb-bug-gnu-emacs@m.gmane.org; Mon, 06 Jun 2016 12:15:17 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:42793) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b9w4V-0005rK-ON for bug-gnu-emacs@gnu.org; Mon, 06 Jun 2016 11:04:08 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b9w4R-0004VN-Ej for bug-gnu-emacs@gnu.org; Mon, 06 Jun 2016 11:04:06 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:44565) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b9w4R-0004VJ-BQ for bug-gnu-emacs@gnu.org; Mon, 06 Jun 2016 11:04:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1b9w4R-0008WH-4o for bug-gnu-emacs@gnu.org; Mon, 06 Jun 2016 11:04:03 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Andreas Schwab Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 06 Jun 2016 15:04:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23704 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 23704-submit@debbugs.gnu.org id=B23704.146522541132680 (code B ref 23704); Mon, 06 Jun 2016 15:04:03 +0000 Original-Received: (at 23704) by debbugs.gnu.org; 6 Jun 2016 15:03:31 +0000 Original-Received: from localhost ([127.0.0.1]:56897 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b9w3v-0008V1-GB for submit@debbugs.gnu.org; Mon, 06 Jun 2016 11:03:31 -0400 Original-Received: from mx2.suse.de ([195.135.220.15]:39909) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b9w3t-0008Us-HS for 23704@debbugs.gnu.org; Mon, 06 Jun 2016 11:03:31 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Original-Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 75269AC3F; Mon, 6 Jun 2016 15:03:28 +0000 (UTC) X-Yow: Put FIVE DOZEN red GIRDLES in each CIRCULAR OPENING!! In-Reply-To: <83inxmtlmu.fsf@gnu.org> (Eli Zaretskii's message of "Mon, 06 Jun 2016 17:52:41 +0300") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:119155 Archived-At: Eli Zaretskii writes: >> From: Andreas Schwab >> Date: Mon, 06 Jun 2016 09:36:07 +0200 >> Cc: 23704@debbugs.gnu.org >> >> > 2233 if (! fastmap[SYNTAX (*p)]) >> >> I think I have seen a similar crash with the emacs-25 branch as well, >> but only once, and I couldn't reproduce it so far. > > If my reading of the code is correct, we have pointers to buffer text > and the gap lying around, while invoking code that can GC (which > compacts buffers). For example, the sequence of calls > > SETUP_SYNTAX_TABLE > -> SETUP_BUFFER_SYNTAX_TABLE > -> update_syntax_table_forward > -> parse_sexp_propertize > > could call Lisp, and that happens after we already computed the values > of p, endp, and stop. Likewise the call to UPDATE_SYNTAX_TABLE_FORWARD > we make inside the loop. > > If GC decides to compact the gap, it could well make a previously > valid pointer invalid. > > Could that be the reason? Yes, that looks very likely. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different."