unofficial mirror of bug-gnu-emacs@gnu.org 
 help / color / mirror / code / Atom feed
* bug#6266: 24.0.50; emacs core dump on delete-other-window
@ 2010-05-25  6:38 enami tsugutomo
  2010-05-25 11:33 ` Kenichi Handa
  0 siblings, 1 reply; 3+ messages in thread
From: enami tsugutomo @ 2010-05-25  6:38 UTC (permalink / raw)
  To: 6266

Emacs crashed while executing delete-other-window.  The backtrace is
below (bt full output is appended at the end of this mail).  It looks
like the emacs uses uninitialized stack variable `prop' if
find_composition() call on the line 1307 of composite.c fails.  We need
to check if the find_composition() success before proceeding.

enami@rplaca% gdb ./emacs-24.0.50.3 ../emacs.core 
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64--netbsd"...
Reading symbols from /usr/lib/libossaudio.so.1...done.
Loaded symbols for /usr/lib/libossaudio.so.1
Reading symbols from /usr/lib/libterminfo.so.1...done.
Loaded symbols for /usr/lib/libterminfo.so.1
Reading symbols from /usr/lib/libm.so.0...done.
Loaded symbols for /usr/lib/libm.so.0
Reading symbols from /usr/lib/libc.so.12...done.
Loaded symbols for /usr/lib/libc.so.12
Reading symbols from /usr/libexec/ld.elf_so...done.
Loaded symbols for /usr/libexec/ld.elf_so
Core was generated by `emacs'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12
DISPLAY = :0.0
TERM = kterm
Breakpoint 1 at 0x46fd7c: file emacs.c, line 436.
Breakpoint 2 at 0x48807e: file sysdep.c, line 1036.
(gdb) bt
#0  0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12
#1  <signal handler called>
#2  0x000000000052adcf in get_composition_id (charpos=25758, bytepos=25758, 
    nchars=4896095, prop=25758, string=10930226) at composite.c:203
#3  0x000000000052c32a in composition_reseat_it (cmp_it=0x7f7fffffd350, 
    charpos=<value optimized out>, bytepos=25758, 
    endpos=<value optimized out>, w=0x16e0000, face=0x0, string=10930226)
    at composite.c:1308
#4  0x00000000004ab65d in compute_motion (from=0, 
    fromvpos=<value optimized out>, fromhpos=<value optimized out>, 
    did_motion=0, to=25758, tovpos=32768, tohpos=32768, width=79, hscroll=0, 
    tab_offset=<value optimized out>, win=0x16e0000) at indent.c:1527
#5  0x00000000004ac171 in vmotion (from=25758, vtarget=-55, w=0x16e0000)
    at indent.c:1914
#6  0x0000000000435e69 in Fdelete_other_windows (window=<value optimized out>)
    at window.c:2532
#7  0x00000000004d9558 in Ffuncall (nargs=<value optimized out>, 
    args=<value optimized out>) at eval.c:3073
#8  0x00000000004d6651 in Fcall_interactively (function=11241170, 
    record_flag=10930226, keys=10958341) at callint.c:869
#9  0x00000000004d9586 in Ffuncall (nargs=<value optimized out>, 
    args=<value optimized out>) at eval.c:3079
#10 0x00000000004d97e6 in call3 (fn=<value optimized out>, 
    arg1=<value optimized out>, arg2=4896095, arg3=25758) at eval.c:2901
#11 0x000000000047f7a8 in command_loop_1 () at keyboard.c:1755
#12 0x00000000004d7eaf in internal_condition_case (
    bfun=0x47f43c <command_loop_1>, handlers=11018434, 
    hfun=0x479e36 <cmd_error>) at eval.c:1510
#13 0x0000000000479b66 in command_loop_2 () at keyboard.c:1356
#14 0x00000000004d7f9f in internal_catch (tag=<value optimized out>, 
    func=0x479b4c <command_loop_2>, arg=10930226) at eval.c:1246
#15 0x0000000000479ca3 in command_loop () at keyboard.c:1335
#16 0x0000000000479fc3 in recursive_edit_1 () at keyboard.c:950
#17 0x000000000047a0e7 in Frecursive_edit () at keyboard.c:1012
#18 0x0000000000470eb9 in main (argc=<value optimized out>, 
    argv=0x7f7fffffdc30) at emacs.c:1801

Lisp Backtrace:
"delete-other-windows" (0xffffd578)
"call-interactively" (0xffffd778)
(gdb) up
#1  <signal handler called>
(gdb) 
#2  0x000000000052adcf in get_composition_id (charpos=25758, bytepos=25758, 
    nchars=4896095, prop=25758, string=10930226) at composite.c:203
warning: Source file is more recent than executable.
203       id = XCAR (prop);
(gdb) p prop
$1 = 25758
(gdb) xtype
Lisp_Cons
(gdb) xcons
$2 = (struct Lisp_Cons *) 0x6498
Cannot access memory at address 0x6498
(gdb) up
#3  0x000000000052c32a in composition_reseat_it (cmp_it=0x7f7fffffd350, 
    charpos=<value optimized out>, bytepos=25758, 
    endpos=<value optimized out>, w=0x16e0000, face=0x0, string=10930226)
    at composite.c:1308
1308          cmp_it->id = get_composition_id (charpos, bytepos, end - start,
(gdb) l
1303          /* We are looking at a static composition.  */
1304          EMACS_INT start, end;
1305          Lisp_Object prop;
1306
1307          find_composition (charpos, -1, &start, &end, &prop, string);
1308          cmp_it->id = get_composition_id (charpos, bytepos, end - start,
1309                                           prop, string);
1310          if (cmp_it->id < 0)
1311            goto no_composition;
1312          cmp_it->nchars = end - start;
(gdb) 


In GNU Emacs 24.0.50.3 (x86_64--netbsd)
 of 2010-05-25 on rplaca.sm.sony.co.jp
configured using `configure  'x86_64--netbsd' '--with-x=no' 'build_alias=x86_64--netbsd' 'host_alias=x86_64--netbsd' 'target_alias=x86_64--netbsd''

Important settings:
  value of $LC_ALL: nil
  value of $LC_COLLATE: nil
  value of $LC_CTYPE: nil
  value of $LC_MESSAGES: nil
  value of $LC_MONETARY: nil
  value of $LC_NUMERIC: nil
  value of $LC_TIME: nil
  value of $LANG: nil
  value of $XMODIFIERS: nil
  locale-coding-system: nil
  default enable-multibyte-characters: t

Major mode: Fundamental

Minor modes in effect:
  file-name-shadow-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t

Recent input:
ESC x r e p o SPC r TAB RET

Recent messages:
("./emacs-24.0.50.3")
For information about GNU Emacs and the GNU system, type C-h C-a.
Making completion list...

Load-path shadows:
None found.

Features:
(shadow sort gnus-util mail-extr message sendmail regexp-opt rfc822 mml
mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045
ietf-drums mm-util mail-prsvr mailabbrev mail-utils gmm-utils mailheader
emacsbug help-mode easymenu view japan-util ediff-hook vc-hooks
lisp-float-type lisp-mode register page menu-bar rfn-eshadow timer
jit-lock font-lock syntax facemenu font-core frame cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev
loaddefs button minibuffer faces cus-face files text-properties overlay
md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process multi-tty emacs)

Backtrace full:
enami@rplaca% gdb ./emacs-24.0.50.3 ../emacs.core
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "x86_64--netbsd"...
Reading symbols from /usr/lib/libossaudio.so.1...done.
Loaded symbols for /usr/lib/libossaudio.so.1
Reading symbols from /usr/lib/libterminfo.so.1...done.
Loaded symbols for /usr/lib/libterminfo.so.1
Reading symbols from /usr/lib/libm.so.0...done.
Loaded symbols for /usr/lib/libm.so.0
Reading symbols from /usr/lib/libc.so.12...done.
Loaded symbols for /usr/lib/libc.so.12
Reading symbols from /usr/libexec/ld.elf_so...done.
Loaded symbols for /usr/libexec/ld.elf_so
Core was generated by `emacs'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12
DISPLAY = :0.0
TERM = kterm
Breakpoint 1 at 0x46fd7c: file emacs.c, line 436.
Breakpoint 2 at 0x48807e: file sysdep.c, line 1036.
(gdb) bt full
#0  0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12
No symbol table info available.
#1  <signal handler called>
No symbol table info available.
#2  0x000000000052adcf in get_composition_id (charpos=25758, bytepos=25758, 
    nchars=4896095, prop=25758, string=10930226) at composite.c:203
	id = <value optimized out>
	length = <value optimized out>
	components = <value optimized out>
	key = <value optimized out>
	key_contents = <value optimized out>
	glyph_len = <value optimized out>
	hash_table = <value optimized out>
	hash_index = <value optimized out>
	hash_code = <value optimized out>
	cmp = <value optimized out>
	i = <value optimized out>
	ch = <value optimized out>
#3  0x000000000052c32a in composition_reseat_it (cmp_it=0x7f7fffffd350, 
    charpos=<value optimized out>, bytepos=25758, 
    endpos=<value optimized out>, w=0x16e0000, face=0x0, string=10930226)
    at composite.c:1308
	start = 140187732530064
	end = 4884719
	prop = 25758
#4  0x00000000004ab65d in compute_motion (from=0, 
    fromvpos=<value optimized out>, fromhpos=<value optimized out>, 
    did_motion=0, to=25758, tovpos=32768, tohpos=32768, width=79, hscroll=0, 
    tab_offset=<value optimized out>, win=0x16e0000) at indent.c:1527
	c = <value optimized out>
	ptr = <value optimized out>
	bytes = 32639
	width = <value optimized out>
	hpos = 0
	vpos = 1
	pos = <value optimized out>
	pos_byte = <value optimized out>
	c = <value optimized out>
	tab_width = 8
	dp = (struct Lisp_Char_Table *) 0x0
	selective = 0
	selective_rlen = 0
	next_boundary = 152696
	width_run_start = 25733
	width_run_end = 25733
	width_run_width = 0
	width_table = (Lisp_Object *) 0x0
	next_width_run = 25733
	window = 23986181
	multibyte = 1
	wide_column_end_hpos = 0
	prev_pos = 25757
	prev_pos_byte = 25757
	prev_hpos = 45
	prev_vpos = 0
	contin_hpos = 0
	prev_tab_offset = 0
	cmp_it = {
  stop_pos = 25758, 
  id = -1, 
  ch = -2, 
  lookback = 0, 
  nglyphs = 0, 
  nchars = 0, 
  nbytes = 0, 
  from = 0, 
  to = 0, 
  width = 0, 
  reversed_p = 0
}
#5  0x00000000004ac171 in vmotion (from=25758, vtarget=-55, w=0x16e0000)
    at indent.c:1914
	propval = <value optimized out>
	hscroll = 0
	vpos = -25
	prevline = 25733
	first = <value optimized out>
	lmargin = 0
	selective = 0
	did_motion = <value optimized out>
	text_prop_object = 23986181
#6  0x0000000000435e69 in Fdelete_other_windows (window=<value optimized out>)
    at window.c:2532
	obuf = (struct buffer *) 0x13d2400
	startpos = <value optimized out>
	top = -55
#7  0x00000000004d9558 in Ffuncall (nargs=<value optimized out>, 
    args=<value optimized out>) at eval.c:3073
	fun = <value optimized out>
	original_fun = <value optimized out>
	funcar = <value optimized out>
	numargs = 0
	val = <value optimized out>
	backtrace = {
  next = 0x7f7fffffd710, 
  function = 0x7f7fffffd570, 
  args = 0x7f7fffffd578, 
  nargs = 0, 
  evalargs = 0 '\0', 
  debug_on_exit = 0 '\0'
}
	internal_args = (Lisp_Object *) 0x7f7fffffd4a0
	i = 25758
#8  0x00000000004d6651 in Fcall_interactively (function=11241170, 
    record_flag=10930226, keys=10958341) at callint.c:869
	val = <value optimized out>
	args = (Lisp_Object *) 0x7f7fffffd570
	visargs = (Lisp_Object *) 0x7f7fffffd550
	specs = <value optimized out>
	filter_specs = 7748801
	teml = <value optimized out>
---Type <return> to continue, or q <return> to quit---
	up_event = 10930226
	enable = 10930226
	speccount = 2
	next_event = 2
	prefix_arg = 10930226
	string = <value optimized out>
	tem = <value optimized out>
	varies = (int *) 0x7f7fffffd530
	i = 1
	j = 0
	foo = <value optimized out>
	prompt1 = "\360\204\246\000\000\000\000\000\002\310\246\000\000\000\000\000\302\313\247\000\000\000\000\000\001\000\000\000\000\000\000\000\360\362)\000\000\000\000\000[2H\000\000\000\000\000\200\364\304\000\000\000\000\000\360\362)\000\000\000\000\000\002\000\000\000\000\000\000\000\226\236\246\000\000\000\000\0002\310\246\000\000\000\000\000\302\313\247\000\000\000\000\000\302\313\247"
	arg_from_tty = 0
	key_count = 2
	record_then_fail = 0
	save_this_command = 11241170
	save_last_command = 11765762
	save_this_original_command = 11241170
	save_real_this_command = 11241170
#9  0x00000000004d9586 in Ffuncall (nargs=<value optimized out>, 
    args=<value optimized out>) at eval.c:3079
	fun = <value optimized out>
	original_fun = <value optimized out>
	funcar = <value optimized out>
	numargs = 3
	val = <value optimized out>
	backtrace = {
  next = 0x0, 
  function = 0x7f7fffffd770, 
  args = 0x7f7fffffd778, 
  nargs = 3, 
  evalargs = 0 '\0', 
  debug_on_exit = 0 '\0'
}
	internal_args = (Lisp_Object *) 0x7f7fffffd778
	i = <value optimized out>
#10 0x00000000004d97e6 in call3 (fn=<value optimized out>, 
    arg1=<value optimized out>, arg2=4896095, arg3=25758) at eval.c:2901
	ret_ungc_val = 6
	args = {11136386, 11241170, 10930226, 10930226}
#11 0x000000000047f7a8 in command_loop_1 () at keyboard.c:1755
	cmd = 11241170
	keybuf = {96, 196, 7762193, 16723968, 10930274, 20784128, -1, 
  4294967295, 0, 10930226, 2, 10930226, 10930274, 11018482, 140187732531312, 
  5193072, 7762193, 140187732531360, 10930226, 140187732532272, 1, 
  140187732532168, 22768166, 4693490, 10930226, 22768166, 10930226, 4693730, 
  0, 140187732531400}
	i = 2
	prev_modiff = 2
	prev_buffer = (struct buffer *) 0x13d2400
#12 0x00000000004d7eaf in internal_condition_case (
    bfun=0x47f43c <command_loop_1>, handlers=11018434, 
    hfun=0x479e36 <cmd_error>) at eval.c:1510
	val = <value optimized out>
	c = {
  tag = 10930226, 
  val = 10930226, 
  next = 0x7f7fffffda30, 
  gcpro = 0x0, 
  jmp = {11837440, 11837472, 11837440, 140187732532272, 1, 140187732532168, 
    140187732531464, 5078578, 8175336, 8175352, 0}, 
  backlist = 0x0, 
  handlerlist = 0x0, 
  lisp_eval_depth = 0, 
  pdlcount = 2, 
  poll_suppress_count = 0, 
  interrupt_input_blocked = 0, 
  byte_stack = 0x0
}
	h = {
  handler = 11018434, 
  var = 10930226, 
  chosen_clause = 10930274, 
  tag = 0x7f7fffffd930, 
  next = 0x0
}
#13 0x0000000000479b66 in command_loop_2 () at keyboard.c:1356
	val = 6
#14 0x00000000004d7f9f in internal_catch (tag=<value optimized out>, 
    func=0x479b4c <command_loop_2>, arg=10930226) at eval.c:1246
	c = {
  tag = 11014722, 
  val = 10930226, 
  next = 0x0, 
  gcpro = 0x0, 
  jmp = {11837440, 11837472, 11837440, 140187732532272, 1, 140187732532168, 
    140187732531736, 5078931, 8175256, 0, 11837440}, 
  backlist = 0x0, 
  handlerlist = 0x0, 
  lisp_eval_depth = 0, 
  pdlcount = 2, 
  poll_suppress_count = 0, 
  interrupt_input_blocked = 0, 
  byte_stack = 0x0
}
#15 0x0000000000479ca3 in command_loop () at keyboard.c:1335
No locals.
#16 0x0000000000479fc3 in recursive_edit_1 () at keyboard.c:950
	val = <value optimized out>
#17 0x000000000047a0e7 in Frecursive_edit () at keyboard.c:1012
	buffer = 10930226
#18 0x0000000000470eb9 in main (argc=<value optimized out>, 
    argv=0x7f7fffffdc30) at emacs.c:1801
	tz = 0x0
	dummy = 140187681291328
	stack_bottom_variable = 0 '\0'
	do_initial_setlocale = <value optimized out>
---Type <return> to continue, or q <return> to quit---
	skip_args = 0
	rlim = {
  rlim_cur = 33554432, 
  rlim_max = 33554432
}
	no_loadup = 0
	junk = 0x0
	dname_arg = 0x0
	ch_to_dir = 0x0

Lisp Backtrace:
"delete-other-windows" (0xffffd578)
"call-interactively" (0xffffd778)
(gdb) xbacktrace
"delete-other-windows" (0xffffd578)
"call-interactively" (0xffffd778)
(gdb) 





^ permalink raw reply	[flat|nested] 3+ messages in thread

* bug#6266: 24.0.50; emacs core dump on delete-other-window
  2010-05-25  6:38 bug#6266: 24.0.50; emacs core dump on delete-other-window enami tsugutomo
@ 2010-05-25 11:33 ` Kenichi Handa
  2010-05-31  4:24   ` enami tsugutomo
  0 siblings, 1 reply; 3+ messages in thread
From: Kenichi Handa @ 2010-05-25 11:33 UTC (permalink / raw)
  To: enami tsugutomo; +Cc: 6266

In article <tkrfx1gfpup.fsf@rplaca.sm.sony.co.jp>, enami tsugutomo <tsugutomo.enami@jp.sony.com> writes:

> Emacs crashed while executing delete-other-window.  The backtrace is
> below (bt full output is appended at the end of this mail).  It looks
> like the emacs uses uninitialized stack variable `prop' if
> find_composition() call on the line 1307 of composite.c fails.  We need
> to check if the find_composition() success before proceeding.

I think that bug is fixed in the latest trunk code.  Could
you please try again?

---
Kenichi Handa
handa@m17n.org





^ permalink raw reply	[flat|nested] 3+ messages in thread

* bug#6266: 24.0.50; emacs core dump on delete-other-window
  2010-05-25 11:33 ` Kenichi Handa
@ 2010-05-31  4:24   ` enami tsugutomo
  0 siblings, 0 replies; 3+ messages in thread
From: enami tsugutomo @ 2010-05-31  4:24 UTC (permalink / raw)
  To: Kenichi Handa; +Cc: 6266

Kenichi Handa <handa@m17n.org> writes:

> I think that bug is fixed in the latest trunk code.  Could
> you please try again?

I've used about a week but same symptom didn't occur.  Thanks.

enami.





^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2010-05-31  4:24 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-05-25  6:38 bug#6266: 24.0.50; emacs core dump on delete-other-window enami tsugutomo
2010-05-25 11:33 ` Kenichi Handa
2010-05-31  4:24   ` enami tsugutomo

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).