* bug#6266: 24.0.50; emacs core dump on delete-other-window
@ 2010-05-25 6:38 enami tsugutomo
2010-05-25 11:33 ` Kenichi Handa
0 siblings, 1 reply; 3+ messages in thread
From: enami tsugutomo @ 2010-05-25 6:38 UTC (permalink / raw)
To: 6266
Emacs crashed while executing delete-other-window. The backtrace is
below (bt full output is appended at the end of this mail). It looks
like the emacs uses uninitialized stack variable `prop' if
find_composition() call on the line 1307 of composite.c fails. We need
to check if the find_composition() success before proceeding.
enami@rplaca% gdb ./emacs-24.0.50.3 ../emacs.core
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "x86_64--netbsd"...
Reading symbols from /usr/lib/libossaudio.so.1...done.
Loaded symbols for /usr/lib/libossaudio.so.1
Reading symbols from /usr/lib/libterminfo.so.1...done.
Loaded symbols for /usr/lib/libterminfo.so.1
Reading symbols from /usr/lib/libm.so.0...done.
Loaded symbols for /usr/lib/libm.so.0
Reading symbols from /usr/lib/libc.so.12...done.
Loaded symbols for /usr/lib/libc.so.12
Reading symbols from /usr/libexec/ld.elf_so...done.
Loaded symbols for /usr/libexec/ld.elf_so
Core was generated by `emacs'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12
DISPLAY = :0.0
TERM = kterm
Breakpoint 1 at 0x46fd7c: file emacs.c, line 436.
Breakpoint 2 at 0x48807e: file sysdep.c, line 1036.
(gdb) bt
#0 0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12
#1 <signal handler called>
#2 0x000000000052adcf in get_composition_id (charpos=25758, bytepos=25758,
nchars=4896095, prop=25758, string=10930226) at composite.c:203
#3 0x000000000052c32a in composition_reseat_it (cmp_it=0x7f7fffffd350,
charpos=<value optimized out>, bytepos=25758,
endpos=<value optimized out>, w=0x16e0000, face=0x0, string=10930226)
at composite.c:1308
#4 0x00000000004ab65d in compute_motion (from=0,
fromvpos=<value optimized out>, fromhpos=<value optimized out>,
did_motion=0, to=25758, tovpos=32768, tohpos=32768, width=79, hscroll=0,
tab_offset=<value optimized out>, win=0x16e0000) at indent.c:1527
#5 0x00000000004ac171 in vmotion (from=25758, vtarget=-55, w=0x16e0000)
at indent.c:1914
#6 0x0000000000435e69 in Fdelete_other_windows (window=<value optimized out>)
at window.c:2532
#7 0x00000000004d9558 in Ffuncall (nargs=<value optimized out>,
args=<value optimized out>) at eval.c:3073
#8 0x00000000004d6651 in Fcall_interactively (function=11241170,
record_flag=10930226, keys=10958341) at callint.c:869
#9 0x00000000004d9586 in Ffuncall (nargs=<value optimized out>,
args=<value optimized out>) at eval.c:3079
#10 0x00000000004d97e6 in call3 (fn=<value optimized out>,
arg1=<value optimized out>, arg2=4896095, arg3=25758) at eval.c:2901
#11 0x000000000047f7a8 in command_loop_1 () at keyboard.c:1755
#12 0x00000000004d7eaf in internal_condition_case (
bfun=0x47f43c <command_loop_1>, handlers=11018434,
hfun=0x479e36 <cmd_error>) at eval.c:1510
#13 0x0000000000479b66 in command_loop_2 () at keyboard.c:1356
#14 0x00000000004d7f9f in internal_catch (tag=<value optimized out>,
func=0x479b4c <command_loop_2>, arg=10930226) at eval.c:1246
#15 0x0000000000479ca3 in command_loop () at keyboard.c:1335
#16 0x0000000000479fc3 in recursive_edit_1 () at keyboard.c:950
#17 0x000000000047a0e7 in Frecursive_edit () at keyboard.c:1012
#18 0x0000000000470eb9 in main (argc=<value optimized out>,
argv=0x7f7fffffdc30) at emacs.c:1801
Lisp Backtrace:
"delete-other-windows" (0xffffd578)
"call-interactively" (0xffffd778)
(gdb) up
#1 <signal handler called>
(gdb)
#2 0x000000000052adcf in get_composition_id (charpos=25758, bytepos=25758,
nchars=4896095, prop=25758, string=10930226) at composite.c:203
warning: Source file is more recent than executable.
203 id = XCAR (prop);
(gdb) p prop
$1 = 25758
(gdb) xtype
Lisp_Cons
(gdb) xcons
$2 = (struct Lisp_Cons *) 0x6498
Cannot access memory at address 0x6498
(gdb) up
#3 0x000000000052c32a in composition_reseat_it (cmp_it=0x7f7fffffd350,
charpos=<value optimized out>, bytepos=25758,
endpos=<value optimized out>, w=0x16e0000, face=0x0, string=10930226)
at composite.c:1308
1308 cmp_it->id = get_composition_id (charpos, bytepos, end - start,
(gdb) l
1303 /* We are looking at a static composition. */
1304 EMACS_INT start, end;
1305 Lisp_Object prop;
1306
1307 find_composition (charpos, -1, &start, &end, &prop, string);
1308 cmp_it->id = get_composition_id (charpos, bytepos, end - start,
1309 prop, string);
1310 if (cmp_it->id < 0)
1311 goto no_composition;
1312 cmp_it->nchars = end - start;
(gdb)
In GNU Emacs 24.0.50.3 (x86_64--netbsd)
of 2010-05-25 on rplaca.sm.sony.co.jp
configured using `configure 'x86_64--netbsd' '--with-x=no' 'build_alias=x86_64--netbsd' 'host_alias=x86_64--netbsd' 'target_alias=x86_64--netbsd''
Important settings:
value of $LC_ALL: nil
value of $LC_COLLATE: nil
value of $LC_CTYPE: nil
value of $LC_MESSAGES: nil
value of $LC_MONETARY: nil
value of $LC_NUMERIC: nil
value of $LC_TIME: nil
value of $LANG: nil
value of $XMODIFIERS: nil
locale-coding-system: nil
default enable-multibyte-characters: t
Major mode: Fundamental
Minor modes in effect:
file-name-shadow-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
Recent input:
ESC x r e p o SPC r TAB RET
Recent messages:
("./emacs-24.0.50.3")
For information about GNU Emacs and the GNU system, type C-h C-a.
Making completion list...
Load-path shadows:
None found.
Features:
(shadow sort gnus-util mail-extr message sendmail regexp-opt rfc822 mml
mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045
ietf-drums mm-util mail-prsvr mailabbrev mail-utils gmm-utils mailheader
emacsbug help-mode easymenu view japan-util ediff-hook vc-hooks
lisp-float-type lisp-mode register page menu-bar rfn-eshadow timer
jit-lock font-lock syntax facemenu font-core frame cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev
loaddefs button minibuffer faces cus-face files text-properties overlay
md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process multi-tty emacs)
Backtrace full:
enami@rplaca% gdb ./emacs-24.0.50.3 ../emacs.core
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "x86_64--netbsd"...
Reading symbols from /usr/lib/libossaudio.so.1...done.
Loaded symbols for /usr/lib/libossaudio.so.1
Reading symbols from /usr/lib/libterminfo.so.1...done.
Loaded symbols for /usr/lib/libterminfo.so.1
Reading symbols from /usr/lib/libm.so.0...done.
Loaded symbols for /usr/lib/libm.so.0
Reading symbols from /usr/lib/libc.so.12...done.
Loaded symbols for /usr/lib/libc.so.12
Reading symbols from /usr/libexec/ld.elf_so...done.
Loaded symbols for /usr/libexec/ld.elf_so
Core was generated by `emacs'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12
DISPLAY = :0.0
TERM = kterm
Breakpoint 1 at 0x46fd7c: file emacs.c, line 436.
Breakpoint 2 at 0x48807e: file sysdep.c, line 1036.
(gdb) bt full
#0 0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12
No symbol table info available.
#1 <signal handler called>
No symbol table info available.
#2 0x000000000052adcf in get_composition_id (charpos=25758, bytepos=25758,
nchars=4896095, prop=25758, string=10930226) at composite.c:203
id = <value optimized out>
length = <value optimized out>
components = <value optimized out>
key = <value optimized out>
key_contents = <value optimized out>
glyph_len = <value optimized out>
hash_table = <value optimized out>
hash_index = <value optimized out>
hash_code = <value optimized out>
cmp = <value optimized out>
i = <value optimized out>
ch = <value optimized out>
#3 0x000000000052c32a in composition_reseat_it (cmp_it=0x7f7fffffd350,
charpos=<value optimized out>, bytepos=25758,
endpos=<value optimized out>, w=0x16e0000, face=0x0, string=10930226)
at composite.c:1308
start = 140187732530064
end = 4884719
prop = 25758
#4 0x00000000004ab65d in compute_motion (from=0,
fromvpos=<value optimized out>, fromhpos=<value optimized out>,
did_motion=0, to=25758, tovpos=32768, tohpos=32768, width=79, hscroll=0,
tab_offset=<value optimized out>, win=0x16e0000) at indent.c:1527
c = <value optimized out>
ptr = <value optimized out>
bytes = 32639
width = <value optimized out>
hpos = 0
vpos = 1
pos = <value optimized out>
pos_byte = <value optimized out>
c = <value optimized out>
tab_width = 8
dp = (struct Lisp_Char_Table *) 0x0
selective = 0
selective_rlen = 0
next_boundary = 152696
width_run_start = 25733
width_run_end = 25733
width_run_width = 0
width_table = (Lisp_Object *) 0x0
next_width_run = 25733
window = 23986181
multibyte = 1
wide_column_end_hpos = 0
prev_pos = 25757
prev_pos_byte = 25757
prev_hpos = 45
prev_vpos = 0
contin_hpos = 0
prev_tab_offset = 0
cmp_it = {
stop_pos = 25758,
id = -1,
ch = -2,
lookback = 0,
nglyphs = 0,
nchars = 0,
nbytes = 0,
from = 0,
to = 0,
width = 0,
reversed_p = 0
}
#5 0x00000000004ac171 in vmotion (from=25758, vtarget=-55, w=0x16e0000)
at indent.c:1914
propval = <value optimized out>
hscroll = 0
vpos = -25
prevline = 25733
first = <value optimized out>
lmargin = 0
selective = 0
did_motion = <value optimized out>
text_prop_object = 23986181
#6 0x0000000000435e69 in Fdelete_other_windows (window=<value optimized out>)
at window.c:2532
obuf = (struct buffer *) 0x13d2400
startpos = <value optimized out>
top = -55
#7 0x00000000004d9558 in Ffuncall (nargs=<value optimized out>,
args=<value optimized out>) at eval.c:3073
fun = <value optimized out>
original_fun = <value optimized out>
funcar = <value optimized out>
numargs = 0
val = <value optimized out>
backtrace = {
next = 0x7f7fffffd710,
function = 0x7f7fffffd570,
args = 0x7f7fffffd578,
nargs = 0,
evalargs = 0 '\0',
debug_on_exit = 0 '\0'
}
internal_args = (Lisp_Object *) 0x7f7fffffd4a0
i = 25758
#8 0x00000000004d6651 in Fcall_interactively (function=11241170,
record_flag=10930226, keys=10958341) at callint.c:869
val = <value optimized out>
args = (Lisp_Object *) 0x7f7fffffd570
visargs = (Lisp_Object *) 0x7f7fffffd550
specs = <value optimized out>
filter_specs = 7748801
teml = <value optimized out>
---Type <return> to continue, or q <return> to quit---
up_event = 10930226
enable = 10930226
speccount = 2
next_event = 2
prefix_arg = 10930226
string = <value optimized out>
tem = <value optimized out>
varies = (int *) 0x7f7fffffd530
i = 1
j = 0
foo = <value optimized out>
prompt1 = "\360\204\246\000\000\000\000\000\002\310\246\000\000\000\000\000\302\313\247\000\000\000\000\000\001\000\000\000\000\000\000\000\360\362)\000\000\000\000\000[2H\000\000\000\000\000\200\364\304\000\000\000\000\000\360\362)\000\000\000\000\000\002\000\000\000\000\000\000\000\226\236\246\000\000\000\000\0002\310\246\000\000\000\000\000\302\313\247\000\000\000\000\000\302\313\247"
arg_from_tty = 0
key_count = 2
record_then_fail = 0
save_this_command = 11241170
save_last_command = 11765762
save_this_original_command = 11241170
save_real_this_command = 11241170
#9 0x00000000004d9586 in Ffuncall (nargs=<value optimized out>,
args=<value optimized out>) at eval.c:3079
fun = <value optimized out>
original_fun = <value optimized out>
funcar = <value optimized out>
numargs = 3
val = <value optimized out>
backtrace = {
next = 0x0,
function = 0x7f7fffffd770,
args = 0x7f7fffffd778,
nargs = 3,
evalargs = 0 '\0',
debug_on_exit = 0 '\0'
}
internal_args = (Lisp_Object *) 0x7f7fffffd778
i = <value optimized out>
#10 0x00000000004d97e6 in call3 (fn=<value optimized out>,
arg1=<value optimized out>, arg2=4896095, arg3=25758) at eval.c:2901
ret_ungc_val = 6
args = {11136386, 11241170, 10930226, 10930226}
#11 0x000000000047f7a8 in command_loop_1 () at keyboard.c:1755
cmd = 11241170
keybuf = {96, 196, 7762193, 16723968, 10930274, 20784128, -1,
4294967295, 0, 10930226, 2, 10930226, 10930274, 11018482, 140187732531312,
5193072, 7762193, 140187732531360, 10930226, 140187732532272, 1,
140187732532168, 22768166, 4693490, 10930226, 22768166, 10930226, 4693730,
0, 140187732531400}
i = 2
prev_modiff = 2
prev_buffer = (struct buffer *) 0x13d2400
#12 0x00000000004d7eaf in internal_condition_case (
bfun=0x47f43c <command_loop_1>, handlers=11018434,
hfun=0x479e36 <cmd_error>) at eval.c:1510
val = <value optimized out>
c = {
tag = 10930226,
val = 10930226,
next = 0x7f7fffffda30,
gcpro = 0x0,
jmp = {11837440, 11837472, 11837440, 140187732532272, 1, 140187732532168,
140187732531464, 5078578, 8175336, 8175352, 0},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 0,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
h = {
handler = 11018434,
var = 10930226,
chosen_clause = 10930274,
tag = 0x7f7fffffd930,
next = 0x0
}
#13 0x0000000000479b66 in command_loop_2 () at keyboard.c:1356
val = 6
#14 0x00000000004d7f9f in internal_catch (tag=<value optimized out>,
func=0x479b4c <command_loop_2>, arg=10930226) at eval.c:1246
c = {
tag = 11014722,
val = 10930226,
next = 0x0,
gcpro = 0x0,
jmp = {11837440, 11837472, 11837440, 140187732532272, 1, 140187732532168,
140187732531736, 5078931, 8175256, 0, 11837440},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 0,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
#15 0x0000000000479ca3 in command_loop () at keyboard.c:1335
No locals.
#16 0x0000000000479fc3 in recursive_edit_1 () at keyboard.c:950
val = <value optimized out>
#17 0x000000000047a0e7 in Frecursive_edit () at keyboard.c:1012
buffer = 10930226
#18 0x0000000000470eb9 in main (argc=<value optimized out>,
argv=0x7f7fffffdc30) at emacs.c:1801
tz = 0x0
dummy = 140187681291328
stack_bottom_variable = 0 '\0'
do_initial_setlocale = <value optimized out>
---Type <return> to continue, or q <return> to quit---
skip_args = 0
rlim = {
rlim_cur = 33554432,
rlim_max = 33554432
}
no_loadup = 0
junk = 0x0
dname_arg = 0x0
ch_to_dir = 0x0
Lisp Backtrace:
"delete-other-windows" (0xffffd578)
"call-interactively" (0xffffd778)
(gdb) xbacktrace
"delete-other-windows" (0xffffd578)
"call-interactively" (0xffffd778)
(gdb)
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#6266: 24.0.50; emacs core dump on delete-other-window
2010-05-25 6:38 bug#6266: 24.0.50; emacs core dump on delete-other-window enami tsugutomo
@ 2010-05-25 11:33 ` Kenichi Handa
2010-05-31 4:24 ` enami tsugutomo
0 siblings, 1 reply; 3+ messages in thread
From: Kenichi Handa @ 2010-05-25 11:33 UTC (permalink / raw)
To: enami tsugutomo; +Cc: 6266
In article <tkrfx1gfpup.fsf@rplaca.sm.sony.co.jp>, enami tsugutomo <tsugutomo.enami@jp.sony.com> writes:
> Emacs crashed while executing delete-other-window. The backtrace is
> below (bt full output is appended at the end of this mail). It looks
> like the emacs uses uninitialized stack variable `prop' if
> find_composition() call on the line 1307 of composite.c fails. We need
> to check if the find_composition() success before proceeding.
I think that bug is fixed in the latest trunk code. Could
you please try again?
---
Kenichi Handa
handa@m17n.org
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#6266: 24.0.50; emacs core dump on delete-other-window
2010-05-25 11:33 ` Kenichi Handa
@ 2010-05-31 4:24 ` enami tsugutomo
0 siblings, 0 replies; 3+ messages in thread
From: enami tsugutomo @ 2010-05-31 4:24 UTC (permalink / raw)
To: Kenichi Handa; +Cc: 6266
Kenichi Handa <handa@m17n.org> writes:
> I think that bug is fixed in the latest trunk code. Could
> you please try again?
I've used about a week but same symptom didn't occur. Thanks.
enami.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-05-31 4:24 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-05-25 6:38 bug#6266: 24.0.50; emacs core dump on delete-other-window enami tsugutomo
2010-05-25 11:33 ` Kenichi Handa
2010-05-31 4:24 ` enami tsugutomo
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).