From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: enami tsugutomo Newsgroups: gmane.emacs.bugs Subject: bug#6266: 24.0.50; emacs core dump on delete-other-window Date: Tue, 25 May 2010 15:38:22 +0900 Message-ID: NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: dough.gmane.org 1274770666 13576 80.91.229.12 (25 May 2010 06:57:46 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 25 May 2010 06:57:46 +0000 (UTC) To: 6266@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue May 25 08:57:38 2010 connect(): No such file or directory Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1OGo51-00027z-FZ for geb-bug-gnu-emacs@m.gmane.org; Tue, 25 May 2010 08:57:36 +0200 Original-Received: from localhost ([127.0.0.1]:46538 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OGo50-0000C2-QK for geb-bug-gnu-emacs@m.gmane.org; Tue, 25 May 2010 02:57:34 -0400 Original-Received: from [140.186.70.92] (port=45381 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OGo4k-0000AJ-6x for bug-gnu-emacs@gnu.org; Tue, 25 May 2010 02:57:20 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OGo4i-0005cC-ED for bug-gnu-emacs@gnu.org; Tue, 25 May 2010 02:57:18 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:51314) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OGo4i-0005c7-CH for bug-gnu-emacs@gnu.org; Tue, 25 May 2010 02:57:16 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1OGnn4-0000T1-Kl; Tue, 25 May 2010 02:39:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: enami tsugutomo Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 25 May 2010 06:39:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 6266 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.12747695231787 (code B ref -1); Tue, 25 May 2010 06:39:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 25 May 2010 06:38:43 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OGnmj-0000Sm-F1 for submit@debbugs.gnu.org; Tue, 25 May 2010 02:38:42 -0400 Original-Received: from mail.gnu.org ([199.232.76.166] helo=mx10.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OGnmf-0000SV-IN for submit@debbugs.gnu.org; Tue, 25 May 2010 02:38:39 -0400 Original-Received: from lists.gnu.org ([199.232.76.165]:44028) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1OGnmc-0008TU-Fc for submit@debbugs.gnu.org; Tue, 25 May 2010 02:38:34 -0400 Original-Received: from [140.186.70.92] (port=42098 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1OGnma-000189-9u for bug-gnu-emacs@gnu.org; Tue, 25 May 2010 02:38:33 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1OGnmV-0003I6-Bo for bug-gnu-emacs@gnu.org; Tue, 25 May 2010 02:38:29 -0400 Original-Received: from ms4.sony.co.jp ([211.125.136.198]:54831) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1OGnmU-0003HT-R3 for bug-gnu-emacs@gnu.org; Tue, 25 May 2010 02:38:27 -0400 Original-Received: from mta6.sony.co.jp (mta6.Sony.CO.JP [137.153.71.9]) by ms4.sony.co.jp (R8/Sony) with ESMTP id o4P6cNSE007125 for ; Tue, 25 May 2010 15:38:23 +0900 (JST) Original-Received: from mta6.sony.co.jp (localhost [127.0.0.1]) by mta6.sony.co.jp (R8/Sony) with ESMTP id o4P6cMQ7027948 for ; Tue, 25 May 2010 15:38:22 +0900 (JST) Original-Received: from smail3.sm.sony.co.jp (smail3.sm.sony.co.jp [43.15.151.2]) by mta6.sony.co.jp (R8/Sony) with ESMTP id o4P6cM9C027935 for ; Tue, 25 May 2010 15:38:22 +0900 (JST) Original-Received: from email.sm.sony.co.jp (email.sm.sony.co.jp [43.15.151.3]) by smail3.sm.sony.co.jp (8.11.6p3/8.11.6) with ESMTP id o4P75Xk29252 for ; Tue, 25 May 2010 16:05:33 +0900 (JST) Original-Received: from rplaca.sm.sony.co.jp (rplaca.sm.sony.co.jp [43.15.152.87]) by email.sm.sony.co.jp (8.13.3/8.13.3) with ESMTP id o4P6cMcp015740 for ; Tue, 25 May 2010 15:38:22 +0900 (JST) Original-Received: by rplaca.sm.sony.co.jp (Postfix, from userid 8324) id 6601B3444A; Tue, 25 May 2010 15:38:22 +0900 (JST) X-detected-operating-system: by eggs.gnu.org: Solaris 10 (beta) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6, seldom 2.4 (older, 4) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Tue, 25 May 2010 02:39:02 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:37252 Archived-At: Emacs crashed while executing delete-other-window. The backtrace is below (bt full output is appended at the end of this mail). It looks like the emacs uses uninitialized stack variable `prop' if find_composition() call on the line 1307 of composite.c fails. We need to check if the find_composition() success before proceeding. enami@rplaca% gdb ./emacs-24.0.50.3 ../emacs.core GNU gdb 6.5 Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64--netbsd"... Reading symbols from /usr/lib/libossaudio.so.1...done. Loaded symbols for /usr/lib/libossaudio.so.1 Reading symbols from /usr/lib/libterminfo.so.1...done. Loaded symbols for /usr/lib/libterminfo.so.1 Reading symbols from /usr/lib/libm.so.0...done. Loaded symbols for /usr/lib/libm.so.0 Reading symbols from /usr/lib/libc.so.12...done. Loaded symbols for /usr/lib/libc.so.12 Reading symbols from /usr/libexec/ld.elf_so...done. Loaded symbols for /usr/libexec/ld.elf_so Core was generated by `emacs'. Program terminated with signal 11, Segmentation fault. #0 0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12 DISPLAY = :0.0 TERM = kterm Breakpoint 1 at 0x46fd7c: file emacs.c, line 436. Breakpoint 2 at 0x48807e: file sysdep.c, line 1036. (gdb) bt #0 0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12 #1 #2 0x000000000052adcf in get_composition_id (charpos=25758, bytepos=25758, nchars=4896095, prop=25758, string=10930226) at composite.c:203 #3 0x000000000052c32a in composition_reseat_it (cmp_it=0x7f7fffffd350, charpos=, bytepos=25758, endpos=, w=0x16e0000, face=0x0, string=10930226) at composite.c:1308 #4 0x00000000004ab65d in compute_motion (from=0, fromvpos=, fromhpos=, did_motion=0, to=25758, tovpos=32768, tohpos=32768, width=79, hscroll=0, tab_offset=, win=0x16e0000) at indent.c:1527 #5 0x00000000004ac171 in vmotion (from=25758, vtarget=-55, w=0x16e0000) at indent.c:1914 #6 0x0000000000435e69 in Fdelete_other_windows (window=) at window.c:2532 #7 0x00000000004d9558 in Ffuncall (nargs=, args=) at eval.c:3073 #8 0x00000000004d6651 in Fcall_interactively (function=11241170, record_flag=10930226, keys=10958341) at callint.c:869 #9 0x00000000004d9586 in Ffuncall (nargs=, args=) at eval.c:3079 #10 0x00000000004d97e6 in call3 (fn=, arg1=, arg2=4896095, arg3=25758) at eval.c:2901 #11 0x000000000047f7a8 in command_loop_1 () at keyboard.c:1755 #12 0x00000000004d7eaf in internal_condition_case ( bfun=0x47f43c , handlers=11018434, hfun=0x479e36 ) at eval.c:1510 #13 0x0000000000479b66 in command_loop_2 () at keyboard.c:1356 #14 0x00000000004d7f9f in internal_catch (tag=, func=0x479b4c , arg=10930226) at eval.c:1246 #15 0x0000000000479ca3 in command_loop () at keyboard.c:1335 #16 0x0000000000479fc3 in recursive_edit_1 () at keyboard.c:950 #17 0x000000000047a0e7 in Frecursive_edit () at keyboard.c:1012 #18 0x0000000000470eb9 in main (argc=, argv=0x7f7fffffdc30) at emacs.c:1801 Lisp Backtrace: "delete-other-windows" (0xffffd578) "call-interactively" (0xffffd778) (gdb) up #1 (gdb) #2 0x000000000052adcf in get_composition_id (charpos=25758, bytepos=25758, nchars=4896095, prop=25758, string=10930226) at composite.c:203 warning: Source file is more recent than executable. 203 id = XCAR (prop); (gdb) p prop $1 = 25758 (gdb) xtype Lisp_Cons (gdb) xcons $2 = (struct Lisp_Cons *) 0x6498 Cannot access memory at address 0x6498 (gdb) up #3 0x000000000052c32a in composition_reseat_it (cmp_it=0x7f7fffffd350, charpos=, bytepos=25758, endpos=, w=0x16e0000, face=0x0, string=10930226) at composite.c:1308 1308 cmp_it->id = get_composition_id (charpos, bytepos, end - start, (gdb) l 1303 /* We are looking at a static composition. */ 1304 EMACS_INT start, end; 1305 Lisp_Object prop; 1306 1307 find_composition (charpos, -1, &start, &end, &prop, string); 1308 cmp_it->id = get_composition_id (charpos, bytepos, end - start, 1309 prop, string); 1310 if (cmp_it->id < 0) 1311 goto no_composition; 1312 cmp_it->nchars = end - start; (gdb) In GNU Emacs 24.0.50.3 (x86_64--netbsd) of 2010-05-25 on rplaca.sm.sony.co.jp configured using `configure 'x86_64--netbsd' '--with-x=no' 'build_alias=x86_64--netbsd' 'host_alias=x86_64--netbsd' 'target_alias=x86_64--netbsd'' Important settings: value of $LC_ALL: nil value of $LC_COLLATE: nil value of $LC_CTYPE: nil value of $LC_MESSAGES: nil value of $LC_MONETARY: nil value of $LC_NUMERIC: nil value of $LC_TIME: nil value of $LANG: nil value of $XMODIFIERS: nil locale-coding-system: nil default enable-multibyte-characters: t Major mode: Fundamental Minor modes in effect: file-name-shadow-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t Recent input: ESC x r e p o SPC r TAB RET Recent messages: ("./emacs-24.0.50.3") For information about GNU Emacs and the GNU system, type C-h C-a. Making completion list... Load-path shadows: None found. Features: (shadow sort gnus-util mail-extr message sendmail regexp-opt rfc822 mml mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mailabbrev mail-utils gmm-utils mailheader emacsbug help-mode easymenu view japan-util ediff-hook vc-hooks lisp-float-type lisp-mode register page menu-bar rfn-eshadow timer jit-lock font-lock syntax facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev loaddefs button minibuffer faces cus-face files text-properties overlay md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote make-network-process multi-tty emacs) Backtrace full: enami@rplaca% gdb ./emacs-24.0.50.3 ../emacs.core GNU gdb 6.5 Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "x86_64--netbsd"... Reading symbols from /usr/lib/libossaudio.so.1...done. Loaded symbols for /usr/lib/libossaudio.so.1 Reading symbols from /usr/lib/libterminfo.so.1...done. Loaded symbols for /usr/lib/libterminfo.so.1 Reading symbols from /usr/lib/libm.so.0...done. Loaded symbols for /usr/lib/libm.so.0 Reading symbols from /usr/lib/libc.so.12...done. Loaded symbols for /usr/lib/libc.so.12 Reading symbols from /usr/libexec/ld.elf_so...done. Loaded symbols for /usr/libexec/ld.elf_so Core was generated by `emacs'. Program terminated with signal 11, Segmentation fault. #0 0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12 DISPLAY = :0.0 TERM = kterm Breakpoint 1 at 0x46fd7c: file emacs.c, line 436. Breakpoint 2 at 0x48807e: file sysdep.c, line 1036. (gdb) bt full #0 0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12 No symbol table info available. #1 No symbol table info available. #2 0x000000000052adcf in get_composition_id (charpos=25758, bytepos=25758, nchars=4896095, prop=25758, string=10930226) at composite.c:203 id = length = components = key = key_contents = glyph_len = hash_table = hash_index = hash_code = cmp = i = ch = #3 0x000000000052c32a in composition_reseat_it (cmp_it=0x7f7fffffd350, charpos=, bytepos=25758, endpos=, w=0x16e0000, face=0x0, string=10930226) at composite.c:1308 start = 140187732530064 end = 4884719 prop = 25758 #4 0x00000000004ab65d in compute_motion (from=0, fromvpos=, fromhpos=, did_motion=0, to=25758, tovpos=32768, tohpos=32768, width=79, hscroll=0, tab_offset=, win=0x16e0000) at indent.c:1527 c = ptr = bytes = 32639 width = hpos = 0 vpos = 1 pos = pos_byte = c = tab_width = 8 dp = (struct Lisp_Char_Table *) 0x0 selective = 0 selective_rlen = 0 next_boundary = 152696 width_run_start = 25733 width_run_end = 25733 width_run_width = 0 width_table = (Lisp_Object *) 0x0 next_width_run = 25733 window = 23986181 multibyte = 1 wide_column_end_hpos = 0 prev_pos = 25757 prev_pos_byte = 25757 prev_hpos = 45 prev_vpos = 0 contin_hpos = 0 prev_tab_offset = 0 cmp_it = { stop_pos = 25758, id = -1, ch = -2, lookback = 0, nglyphs = 0, nchars = 0, nbytes = 0, from = 0, to = 0, width = 0, reversed_p = 0 } #5 0x00000000004ac171 in vmotion (from=25758, vtarget=-55, w=0x16e0000) at indent.c:1914 propval = hscroll = 0 vpos = -25 prevline = 25733 first = lmargin = 0 selective = 0 did_motion = text_prop_object = 23986181 #6 0x0000000000435e69 in Fdelete_other_windows (window=) at window.c:2532 obuf = (struct buffer *) 0x13d2400 startpos = top = -55 #7 0x00000000004d9558 in Ffuncall (nargs=, args=) at eval.c:3073 fun = original_fun = funcar = numargs = 0 val = backtrace = { next = 0x7f7fffffd710, function = 0x7f7fffffd570, args = 0x7f7fffffd578, nargs = 0, evalargs = 0 '\0', debug_on_exit = 0 '\0' } internal_args = (Lisp_Object *) 0x7f7fffffd4a0 i = 25758 #8 0x00000000004d6651 in Fcall_interactively (function=11241170, record_flag=10930226, keys=10958341) at callint.c:869 val = args = (Lisp_Object *) 0x7f7fffffd570 visargs = (Lisp_Object *) 0x7f7fffffd550 specs = filter_specs = 7748801 teml = ---Type to continue, or q to quit--- up_event = 10930226 enable = 10930226 speccount = 2 next_event = 2 prefix_arg = 10930226 string = tem = varies = (int *) 0x7f7fffffd530 i = 1 j = 0 foo = prompt1 = "\360\204\246\000\000\000\000\000\002\310\246\000\000\000\000\000\302\313\247\000\000\000\000\000\001\000\000\000\000\000\000\000\360\362)\000\000\000\000\000[2H\000\000\000\000\000\200\364\304\000\000\000\000\000\360\362)\000\000\000\000\000\002\000\000\000\000\000\000\000\226\236\246\000\000\000\000\0002\310\246\000\000\000\000\000\302\313\247\000\000\000\000\000\302\313\247" arg_from_tty = 0 key_count = 2 record_then_fail = 0 save_this_command = 11241170 save_last_command = 11765762 save_this_original_command = 11241170 save_real_this_command = 11241170 #9 0x00000000004d9586 in Ffuncall (nargs=, args=) at eval.c:3079 fun = original_fun = funcar = numargs = 3 val = backtrace = { next = 0x0, function = 0x7f7fffffd770, args = 0x7f7fffffd778, nargs = 3, evalargs = 0 '\0', debug_on_exit = 0 '\0' } internal_args = (Lisp_Object *) 0x7f7fffffd778 i = #10 0x00000000004d97e6 in call3 (fn=, arg1=, arg2=4896095, arg3=25758) at eval.c:2901 ret_ungc_val = 6 args = {11136386, 11241170, 10930226, 10930226} #11 0x000000000047f7a8 in command_loop_1 () at keyboard.c:1755 cmd = 11241170 keybuf = {96, 196, 7762193, 16723968, 10930274, 20784128, -1, 4294967295, 0, 10930226, 2, 10930226, 10930274, 11018482, 140187732531312, 5193072, 7762193, 140187732531360, 10930226, 140187732532272, 1, 140187732532168, 22768166, 4693490, 10930226, 22768166, 10930226, 4693730, 0, 140187732531400} i = 2 prev_modiff = 2 prev_buffer = (struct buffer *) 0x13d2400 #12 0x00000000004d7eaf in internal_condition_case ( bfun=0x47f43c , handlers=11018434, hfun=0x479e36 ) at eval.c:1510 val = c = { tag = 10930226, val = 10930226, next = 0x7f7fffffda30, gcpro = 0x0, jmp = {11837440, 11837472, 11837440, 140187732532272, 1, 140187732532168, 140187732531464, 5078578, 8175336, 8175352, 0}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2, poll_suppress_count = 0, interrupt_input_blocked = 0, byte_stack = 0x0 } h = { handler = 11018434, var = 10930226, chosen_clause = 10930274, tag = 0x7f7fffffd930, next = 0x0 } #13 0x0000000000479b66 in command_loop_2 () at keyboard.c:1356 val = 6 #14 0x00000000004d7f9f in internal_catch (tag=, func=0x479b4c , arg=10930226) at eval.c:1246 c = { tag = 11014722, val = 10930226, next = 0x0, gcpro = 0x0, jmp = {11837440, 11837472, 11837440, 140187732532272, 1, 140187732532168, 140187732531736, 5078931, 8175256, 0, 11837440}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2, poll_suppress_count = 0, interrupt_input_blocked = 0, byte_stack = 0x0 } #15 0x0000000000479ca3 in command_loop () at keyboard.c:1335 No locals. #16 0x0000000000479fc3 in recursive_edit_1 () at keyboard.c:950 val = #17 0x000000000047a0e7 in Frecursive_edit () at keyboard.c:1012 buffer = 10930226 #18 0x0000000000470eb9 in main (argc=, argv=0x7f7fffffdc30) at emacs.c:1801 tz = 0x0 dummy = 140187681291328 stack_bottom_variable = 0 '\0' do_initial_setlocale = ---Type to continue, or q to quit--- skip_args = 0 rlim = { rlim_cur = 33554432, rlim_max = 33554432 } no_loadup = 0 junk = 0x0 dname_arg = 0x0 ch_to_dir = 0x0 Lisp Backtrace: "delete-other-windows" (0xffffd578) "call-interactively" (0xffffd778) (gdb) xbacktrace "delete-other-windows" (0xffffd578) "call-interactively" (0xffffd778) (gdb)