23.0.60; Crash in face_at_buffer_position

23.0.60; Crash in face_at_buffer_position

[Lennart Borgman (gmail)]

I am not sure if this bug report is of any value. I believe it might 
have something to do with that I have made some bad changes to 
syntax-ppss. Anyway, I did not expect Emacs to crash. Here is what I get 
from the debugger:



Program received signal SIGSEGV, Segmentation fault.
0x011cdbe7 in face_at_buffer_position (w=0x261a200, pos=36, region_beg=-1,
     region_end=-1, endptr=0x3320c, limit=136, mouse=0) at xfaces.c:8154
8154        GET_OVERLAYS_AT (pos, overlay_vec, noverlays, &next_overlay, 0);
(gdb) bt
#0  0x011cdbe7 in face_at_buffer_position (w=0x261a200, pos=36, 
region_beg=-1,
     region_end=-1, endptr=0x3320c, limit=136, mouse=0) at xfaces.c:8154
#1  0x01034931 in handle_face_prop (it=0x82e940) at xdisp.c:3354
#2  0x010341c2 in handle_stop (it=0x82e940) at xdisp.c:3069
#3  0x0103b426 in next_element_from_buffer (it=0x82e940) at xdisp.c:6470
#4  0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#5  0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#6  0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#7  0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#8  0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#9  0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#10 0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#11 0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#12 0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#13 0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#14 0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#15 0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#16 0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#17 0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#18 0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#19 0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#20 0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
#21 0x0103b43b in next_element_from_buffer (it=0x82e940) at xdisp.c:6471
---Type <return> to continue, or q <return> to quit---


The backtrace seems to be very, very long.



In GNU Emacs 23.0.60.1 (i386-mingw-nt5.1.2600)
  of 2008-04-14
Windowing system distributor `Microsoft Corp.', version 5.1.2600
configured using `configure --with-gcc (3.4) --no-opt --cflags 
-Ic:/g/include -fno-crossjumping'

Important settings:
   value of $LC_ALL: nil
   value of $LC_COLLATE: nil
   value of $LC_CTYPE: nil
   value of $LC_MESSAGES: nil
   value of $LC_MONETARY: nil
   value of $LC_NUMERIC: nil
   value of $LC_TIME: nil
   value of $LANG: ENU
   value of $XMODIFIERS: nil
   locale-coding-system: cp1252
   default-enable-multibyte-characters: t

Major mode: C/l

Minor modes in effect:
   pause-mode: t
   tabkey2-mode: t
   appmenu-mode: t
   rebind-keys-mode: t
   nxhtml-global-minor-mode: t
   which-function-mode: t
   show-paren-mode: t
   recentf-mode: t
   cua-mode: t
   tooltip-mode: t
   mouse-wheel-mode: t
   menu-bar-mode: t
   file-name-shadow-mode: t
   global-font-lock-mode: t
   font-lock-mode: t
   blink-cursor-mode: t
   global-auto-composition-mode: t
   auto-composition-mode: t
   auto-compression-mode: t
   line-number-mode: t
   transient-mark-mode: t
   abbrev-mode: t

Re: 23.0.60; Crash in face_at_buffer_position

[Stefan Monnier]

> I am not sure if this bug report is of any value. I believe it might have
> something to do with that I have made some bad changes to
> syntax-ppss.  Anyway, I did not expect Emacs to crash. Here is what I get
> from the debugger:

You mean you've made some changes to syntax-ppss but no changes to the
C code?  Then it indeed shouldn't be the cause of the bug (tho it might
have triggered it, of course).

> The backtrace seems to be very, very long.

Most likely the SIGSEGV is nothing more than stack-overflow because of
"infinite" recursion and the bug is probably not in
face_at_buffer_position.


        Stefan

Re: 23.0.60; Crash in face_at_buffer_position

[Lennart Borgman (gmail)]

Stefan Monnier wrote:
>> I am not sure if this bug report is of any value. I believe it might have
>> something to do with that I have made some bad changes to
>> syntax-ppss.  Anyway, I did not expect Emacs to crash. Here is what I get
>> from the debugger:
> 
> You mean you've made some changes to syntax-ppss but no changes to the
> C code?  Then it indeed shouldn't be the cause of the bug (tho it might
> have triggered it, of course).

Yes.

>> The backtrace seems to be very, very long.
> 
> Most likely the SIGSEGV is nothing more than stack-overflow because of
> "infinite" recursion and the bug is probably not in
> face_at_buffer_position.

But how can I see where it is? The parameters to face_at_buffer_position 
looks strange. Maybe that is something useful?

Re: 23.0.60; Crash in face_at_buffer_position

[Chong Yidong]

>> Most likely the SIGSEGV is nothing more than stack-overflow because of
>> "infinite" recursion and the bug is probably not in
>> face_at_buffer_position.
>
> But how can I see where it is? The parameters to
> face_at_buffer_position looks strange. Maybe that is something useful?

It might be that the code in xdisp.c could be rewritten to avoid the
risk of buffer overflow.  Could you send a reproducible crash recipe, if
possible?

Re: 23.0.60; Crash in face_at_buffer_position

[Lennart Borgman (gmail)]

Chong Yidong wrote:
>>> Most likely the SIGSEGV is nothing more than stack-overflow because of
>>> "infinite" recursion and the bug is probably not in
>>> face_at_buffer_position.
>> But how can I see where it is? The parameters to
>> face_at_buffer_position looks strange. Maybe that is something useful?
> 
> It might be that the code in xdisp.c could be rewritten to avoid the
> risk of buffer overflow.  Could you send a reproducible crash recipe, if
> possible?

I am sorry. Somehow I have lost it when fighting this.

Before that I saw however that the source of the problem was a bit 
different from what I originally thought. I had (in a rather despetate 
move) put a

    (font-lock -1)

in the error handling part of a condition-case in one of my 
fontification functions. That seems to be the immediate source.

At the moment it beats me why I can't reproduce it. I just tested adding 
(font-lock-mode -1) again, but the looping just continues this time.

Re: 23.0.60; Crash in face_at_buffer_position

[Lennart Borgman (gmail)]

Lennart Borgman (gmail) wrote:
> Chong Yidong wrote:
>>>> Most likely the SIGSEGV is nothing more than stack-overflow because of
>>>> "infinite" recursion and the bug is probably not in
>>>> face_at_buffer_position.
>>> But how can I see where it is? The parameters to
>>> face_at_buffer_position looks strange. Maybe that is something useful?
>>
>> It might be that the code in xdisp.c could be rewritten to avoid the
>> risk of buffer overflow.  Could you send a reproducible crash recipe, if
>> possible?
> 
> I am sorry. Somehow I have lost it when fighting this.
> 
> Before that I saw however that the source of the problem was a bit 
> different from what I originally thought. I had (in a rather despetate 
> move) put a
> 
>    (font-lock -1)
> 
> in the error handling part of a condition-case in one of my 
> fontification functions. That seems to be the immediate source.
> 
> At the moment it beats me why I can't reproduce it. I just tested adding 
> (font-lock-mode -1) again, but the looping just continues this time.

Eh, and now I know how to reproduce that crash. I just have to make 
certain that (font-lock-mode -1) is executed too.

I have no simple example though. Would it ok if I upload a zip file to 
my server containing this and some other (unrelated) things and give 
some very simple instructions?

That is the quickest way for me and I think it is easy for you too.

Re: 23.0.60; Crash in face_at_buffer_position

[Chong Yidong]

"Lennart Borgman (gmail)" <lennart.borgman@gmail.com> writes:

> Eh, and now I know how to reproduce that crash. I just have to make
> certain that (font-lock-mode -1) is executed too.
>
> I have no simple example though. Would it ok if I upload a zip file to
> my server containing this and some other (unrelated) things and give
> some very simple instructions?
>
> That is the quickest way for me and I think it is easy for you too.

That will be fine.

Re: 23.0.60; Crash in face_at_buffer_position

[Chong Yidong]

Chong Yidong <cyd@stupidchicken.com> writes:

> "Lennart Borgman (gmail)" <lennart.borgman@gmail.com> writes:
>
>> Eh, and now I know how to reproduce that crash. I just have to make
>> certain that (font-lock-mode -1) is executed too.
>>
>> I have no simple example though. Would it ok if I upload a zip file to
>> my server containing this and some other (unrelated) things and give
>> some very simple instructions?
>>
>> That is the quickest way for me and I think it is easy for you too.
>
> That will be fine.

Any luck making the test-case?

Re: 23.0.60; Crash in face_at_buffer_position

[Lennart Borgman (gmail)]

Chong Yidong wrote:
> Chong Yidong <cyd@stupidchicken.com> writes:
> 
>> "Lennart Borgman (gmail)" <lennart.borgman@gmail.com> writes:
>>
>>> Eh, and now I know how to reproduce that crash. I just have to make
>>> certain that (font-lock-mode -1) is executed too.
>>>
>>> I have no simple example though. Would it ok if I upload a zip file to
>>> my server containing this and some other (unrelated) things and give
>>> some very simple instructions?
>>>
>>> That is the quickest way for me and I think it is easy for you too.
>> That will be fine.
> 
> Any luck making the test-case?

Sorry for not coming back. I wanted to build a new Emacs to test with 
before making the test-case, but I had a lot of other trouble on the way 
so I had not had time to do it yet. I have not forgotten it.