From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Andrea Corallo <akrl@sdf.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#51688: ELC+ELN  international/emoji.elc crashes
Date: Wed, 17 Nov 2021 16:27:44 +0000
Message-ID: <xjfv90q4uin.fsf@ma.sdf.org>
References: <87tugmyeow.fsf@igel.home> <xjf7dd66br8.fsf@ma.sdf.org>
 <8735nu23v7.fsf@igel.home> <xjf35nu6baa.fsf@ma.sdf.org>
 <87tugazt49.fsf@igel.home>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="22405"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
Cc: 51688@debbugs.gnu.org
To: Andreas Schwab <schwab@linux-m68k.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Nov 17 17:28:33 2021
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1mnNnU-0005bo-Eb
	for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 17 Nov 2021 17:28:32 +0100
Original-Received: from localhost ([::1]:42464 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1mnNnT-0001g4-Ad
	for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 17 Nov 2021 11:28:31 -0500
Original-Received: from eggs.gnu.org ([209.51.188.92]:58918)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mnNn5-0001ch-3r
 for bug-gnu-emacs@gnu.org; Wed, 17 Nov 2021 11:28:09 -0500
Original-Received: from debbugs.gnu.org ([209.51.188.43]:50316)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1mnNn0-0007CN-AV
 for bug-gnu-emacs@gnu.org; Wed, 17 Nov 2021 11:28:06 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1mnNn0-0005VU-7Y
 for bug-gnu-emacs@gnu.org; Wed, 17 Nov 2021 11:28:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Andrea Corallo <akrl@sdf.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Wed, 17 Nov 2021 16:28:02 +0000
Resent-Message-ID: <handler.51688.B51688.163716646921142@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 51688
X-GNU-PR-Package: emacs
Original-Received: via spool by 51688-submit@debbugs.gnu.org id=B51688.163716646921142
 (code B ref 51688); Wed, 17 Nov 2021 16:28:02 +0000
Original-Received: (at 51688) by debbugs.gnu.org; 17 Nov 2021 16:27:49 +0000
Original-Received: from localhost ([127.0.0.1]:33629 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1mnNmn-0005Uw-KP
 for submit@debbugs.gnu.org; Wed, 17 Nov 2021 11:27:49 -0500
Original-Received: from mx.sdf.org ([205.166.94.24]:58010)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <akrl@sdf.org>) id 1mnNmj-0005Uj-Qb
 for 51688@debbugs.gnu.org; Wed, 17 Nov 2021 11:27:48 -0500
Original-Received: from ma.sdf.org (ma.sdf.org [205.166.94.33])
 by mx.sdf.org (8.15.2/8.14.5) with ESMTPS id 1AHGRiPE006971
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits) verified NO);
 Wed, 17 Nov 2021 16:27:45 GMT
In-Reply-To: <87tugazt49.fsf@igel.home> (Andreas Schwab's message of "Wed, 17
 Nov 2021 16:42:14 +0100")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:220220
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/220220>

Andreas Schwab <schwab@linux-m68k.org> writes:

> On Nov 17 2021, Andrea Corallo wrote:
>
>> Andreas Schwab <schwab@linux-m68k.org> writes:
>>
>>> On Nov 17 2021, Andrea Corallo wrote:
>>>
>>>> If the crash is on the libgccjit side IMO it indicates it's a libgccjit
>>>> bug.
>>>
>>> It can easily be a wrong use of it, too.
>>
>> Agree, but it should not crash.
>
> If you pass it invalid data (like use-after-free), it may not be able to
> avoid a crash.

That is true.  OTOH the API of libgccjit AFAIK is made to copy any
region of memory passed to it during the libgccjit record phase so it's
quite robust in this sense.

Here we are crashing calling from 'comp_compile_ctxt_to_file' therfore
we are in the replay phase and use-after-free should have caused a
problem earlier.

I can't prove my conclusion is correct, but that's what my knowledge and
experience on this system tells me here.

Anyway, if someone has access to a machine were we can reproduce it,
creating a libgccjit reproducer using `comp-libgccjit-reproducer' should
be the way to look at it and test if my idea is correct or not.

Regards

  Andrea