From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Andreas Schwab Newsgroups: gmane.emacs.bugs Subject: bug#18140: [PATCH] macros.c: CHECK_VECTOR_OR_STRING invokes wrong_type_argument for Qnil instead of return 0 Date: Tue, 29 Jul 2014 09:52:34 +0200 Message-ID: References: <20140729053056.14713.45327.stgit@unused-4-157.brq.redhat.com> <53D73287.6020406@redhat.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1406620410 28333 80.91.229.3 (29 Jul 2014 07:53:30 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 29 Jul 2014 07:53:30 +0000 (UTC) Cc: 18140@debbugs.gnu.org To: Jan Chaloupka Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jul 29 09:53:20 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1XC2Dm-0005cy-FK for geb-bug-gnu-emacs@m.gmane.org; Tue, 29 Jul 2014 09:53:18 +0200 Original-Received: from localhost ([::1]:44069 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XC2Dm-0004H8-5c for geb-bug-gnu-emacs@m.gmane.org; Tue, 29 Jul 2014 03:53:18 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41652) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XC2Dc-00048P-U5 for bug-gnu-emacs@gnu.org; Tue, 29 Jul 2014 03:53:14 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1XC2DW-0007SZ-TW for bug-gnu-emacs@gnu.org; Tue, 29 Jul 2014 03:53:08 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:46319) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1XC2DW-0007SS-Q9 for bug-gnu-emacs@gnu.org; Tue, 29 Jul 2014 03:53:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1XC2DW-0007CJ-7N for bug-gnu-emacs@gnu.org; Tue, 29 Jul 2014 03:53:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Andreas Schwab Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 29 Jul 2014 07:53:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 18140 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch Original-Received: via spool by 18140-submit@debbugs.gnu.org id=B18140.140662035827632 (code B ref 18140); Tue, 29 Jul 2014 07:53:02 +0000 Original-Received: (at 18140) by debbugs.gnu.org; 29 Jul 2014 07:52:38 +0000 Original-Received: from localhost ([127.0.0.1]:41585 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XC2D7-0007Bb-MW for submit@debbugs.gnu.org; Tue, 29 Jul 2014 03:52:37 -0400 Original-Received: from cantor2.suse.de ([195.135.220.15]:46940 helo=mx2.suse.de) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1XC2D6-0007BT-70 for 18140@debbugs.gnu.org; Tue, 29 Jul 2014 03:52:36 -0400 Original-Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 0A294ACB4; Tue, 29 Jul 2014 07:52:35 +0000 (UTC) X-Yow: I guess it was all a DREAM.. or an episode of HAWAII FIVE-O... In-Reply-To: <53D73287.6020406@redhat.com> (Jan Chaloupka's message of "Tue, 29 Jul 2014 07:35:03 +0200") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:91917 Archived-At: Jan Chaloupka writes: > Changelog: > line wrapping to 80 characters > > In function Fstart_kbd_macro (macros.c), Vlast_kbd_macro of current_kboard is > Qnil for the first invocation. If NILP (append) is false, > current_kboard->kbd_macro_ptr has random value (in our case > 0x5353535353535353), which after CHECK_VECTOR_OR_STRING failure (invocation > of wrong_type_argument) results in garbage collecting. > During gc, marking of objects is processed and mark_kboards (keyboard.c) is > invoked. Following for loop is fired: > > for (p = kb->kbd_macro_buffer; p < kb->kbd_macro_ptr; p++) > mark_object (*p); > > Since kb->kbd_macro_ptr is set to 0x5353535353535353, mark_object (*p) is > trying to mark object on address out of memory space (or memory that > cannot be accessed). Thus resulting in SIGSEGV signal. So the correct solution is to initialize kbd_macro_ptr together with kbd_macro_buffer. Otherwise the same situation can still happen any time garbage collection is called. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different."