From mboxrd@z Thu Jan  1 00:00:00 1970
Path: main.gmane.org!not-for-mail
From: Jim Meyering <jim@meyering.net>
Newsgroups: gmane.emacs.devel
Subject: Re: editfns.c (Fformat): fix for segfault
Date: Sat, 03 May 2003 16:10:47 +0200
Sender: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org
Message-ID: <85n0i4yvbs.fsf@pi.meyering.net>
References: <851xzo9f2l.fsf@pi.meyering.net>
	<E19AICm-0005Qs-00@fencepost.gnu.org>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Trace: main.gmane.org 1051971139 20982 80.91.224.249 (3 May 2003 14:12:19 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Sat, 3 May 2003 14:12:19 +0000 (UTC)
Cc: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Sat May 03 16:12:17 2003
Return-path: <emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org>
Original-Received: from quimby.gnus.org ([80.91.224.244])
	by main.gmane.org with esmtp (Exim 3.35 #1 (Debian))
	id 19BxkP-0005SI-00
	for <emacs-devel@main.gmane.org>; Sat, 03 May 2003 16:12:17 +0200
Original-Received: from monty-python.gnu.org ([199.232.76.173])
	by quimby.gnus.org with esmtp (Exim 3.12 #1 (Debian))
	id 19BxmS-0000pd-00
	for <emacs-devel@quimby.gnus.org>; Sat, 03 May 2003 16:14:25 +0200
Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org)
	by monty-python.gnu.org with esmtp (Exim 4.10.13)
	id 19Bxjp-0001wa-08
	for emacs-devel@quimby.gnus.org; Sat, 03 May 2003 10:11:41 -0400
Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13)
	id 19BxjT-0001Em-00
	for emacs-devel@gnu.org; Sat, 03 May 2003 10:11:19 -0400
Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13)
	id 19Bxj7-0000Py-00
	for emacs-devel@gnu.org; Sat, 03 May 2003 10:11:00 -0400
Original-Received: from anice-201-1-1-11.abo.wanadoo.fr ([80.13.35.11]
	helo=elf.meyering.net)
	by monty-python.gnu.org with esmtp (Exim 4.10.13)
	id 19Bxiy-0008WO-00; Sat, 03 May 2003 10:10:48 -0400
Original-Received: by elf.meyering.net (Postfix, from userid 1002)
	id 84D4641D2; Sat,  3 May 2003 16:10:47 +0200 (CEST)
Original-To: rms@gnu.org
In-Reply-To: <E19AICm-0005Qs-00@fencepost.gnu.org> (Richard Stallman's message
	of "Mon, 28 Apr 2003 19:38:40 -0400")
Original-Lines: 121
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1b5
Precedence: list
List-Id: Emacs development discussions. <emacs-devel.gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Post: <mailto:emacs-devel@gnu.org>
List-Subscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
List-Archive: <http://mail.gnu.org/pipermail/emacs-devel>
List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
Errors-To: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org
Xref: main.gmane.org gmane.emacs.devel:13646
X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:13646

Richard Stallman <rms@gnu.org> wrote:
> The only way that the value of format should be so different
> from format_start, and yet with the same text, is if
> there was a GC and it moved the string.
>
> I don't see what could possibly have caused a GC there.
> It would have to be something that calls eval.
>
> If it was really due to a GC, I have doubts that this change is
> enough, because the old location of the string could get overwritten
> with some other string.  Perhaps it will happen just a minority of the
> time, but it can happen.
>
> I added a facility to make Emacs abort if it GCs in the middle
> of that code.  That way we will really get to the bottom of this.
>
>     This is my analysis.  In the first scan, Fchar_to_string or
>     Fprint1_to_string are called, and they will relocate a data
>     of a Lisp string (in the current case, args[0]).
>
> How can either of these functions cause a GC?

Using emacs checked out and built this morning along
with Oort gnus 0.20, that new abort was triggered.

Do you need any more information than the following?

(gdb) r
Starting program: /t/emacs/src/emacs -f gnus-no-server

Program received signal SIGABRT, Aborted.
0x402e2a41 in kill () from /lib/libc.so.6
(gdb) xbacktrace
"format"
"nnmail-generate-active"
"nnmail-save-active"
"nnmail-get-new-mail"
"nnml-request-scan"
"gnus-request-scan"
"gnus-activate-group"
"gnus-get-unread-articles"
"gnus-group-get-new-news"
"call-interactively"
(gdb) w
#0  0x402e2a41 in kill () from /lib/libc.so.6
#1  0x080fefdd in abort () at /mirror/d/emacs/src/emacs.c:412
#2  0x0815f135 in Fgarbage_collect () at /mirror/d/emacs/src/alloc.c:4103
#3  0x08179a9e in Ffuncall (nargs=3D3, args=3D0xbfffd910)
    at /mirror/d/emacs/src/eval.c:2664
#4  0x081798a6 in run_hook_list_with_args (funlist=3D1490478012, nargs=3D=
3,
    args=3D0xbfffd910) at /mirror/d/emacs/src/eval.c:2446
#5  0x0812ad24 in signal_before_change (start_int=3D1, end_int=3D1,
    preserve_ptr=3D0x0) at /mirror/d/emacs/src/insdel.c:2058
#6  0x0812aa5a in prepare_to_modify_buffer (start=3D1, end=3D1, preserve_=
ptr=3D0x0)
    at /mirror/d/emacs/src/insdel.c:1956
#7  0x081286f8 in insert_1_both (
    string=3D0x9271ba0 "u\\.seq<@eailebsd=CC=3D=F8\b=C0c\0378=AC\e'\t=C0c=
\0378=B4\e'\t=C0c\0378=BC\e'
\t=C0c\0378=C4\e'\t=C0c\0378=CC\e'\t=C0c\0378=D4\e'\t=C0c\0378=DC\e'\t=C0=
c\0378=E4\e'\t=C0c\0378=EC\e'\t=C0
c\0378=F4\e'\t=C0c\0378=FC\e'\t=C0c\0378\004\034'\t=C0c\0378\f\034'\t=C0c=
\0378\024\034'\t=C0c\0
378\034\034'\t=C0c\0378$\034'\t=C0c\0378,\034'\t=C0c\03784\034'\t=C0c\037=
8<\034'\t=C0c\0378
D\034'\t=C0c\0378L\034'\t=C0c\0378T\034'\t=C0c\0378"..., nchars=3D6, nbyt=
es=3D6,
    inherit=3D0, prepare=3D1, before_markers=3D0) at /mirror/d/emacs/src/=
insdel.c:1001
#8  0x0818c010 in Fprin1_to_string (object=3D411432292, noescape=3D405896=
804)
    at /mirror/d/emacs/src/print.c:775
#9  0x08171690 in Fformat (nargs=3D4, args=3D0xbfffdc24)
    at /mirror/d/emacs/src/editfns.c:3353
#10 0x08179c3c in Ffuncall (nargs=3D5, args=3D0xbfffdc20)
    at /mirror/d/emacs/src/eval.c:2705
#11 0x081b1b68 in Fbyte_code (bytestr=3D948814908, vector=3D1215031136, m=
axdepth=3D6)
    at /mirror/d/emacs/src/bytecode.c:709
#12 0x0817a494 in funcall_lambda (fun=3D1220009168, nargs=3D1,
    arg_vector=3D0xbfffdde4) at /mirror/d/emacs/src/eval.c:2911
#13 0x08179edd in Ffuncall (nargs=3D2, args=3D0xbfffdde0)
    at /mirror/d/emacs/src/eval.c:2772
#14 0x081b1b68 in Fbyte_code (bytestr=3D948817620, vector=3D1215289248, m=
axdepth=3D7)
    at /mirror/d/emacs/src/bytecode.c:709
#15 0x0817a494 in funcall_lambda (fun=3D1220005768, nargs=3D2,
    arg_vector=3D0xbfffdfa4) at /mirror/d/emacs/src/eval.c:2911
#16 0x08179edd in Ffuncall (nargs=3D3, args=3D0xbfffdfa0)
    at /mirror/d/emacs/src/eval.c:2772
#17 0x081b1b68 in Fbyte_code (bytestr=3D948766804, vector=3D1215174384, m=
axdepth=3D17)
    at /mirror/d/emacs/src/bytecode.c:709
#18 0x0817a494 in funcall_lambda (fun=3D1214748208, nargs=3D4,
    arg_vector=3D0xbfffe194) at /mirror/d/emacs/src/eval.c:2911
#19 0x08179edd in Ffuncall (nargs=3D5, args=3D0xbfffe190)
    at /mirror/d/emacs/src/eval.c:2772
#20 0x081b1b68 in Fbyte_code (bytestr=3D952458740, vector=3D1220896832, m=
axdepth=3D5)
    at /mirror/d/emacs/src/bytecode.c:709
#21 0x0817a494 in funcall_lambda (fun=3D1220896976, nargs=3D2,
    arg_vector=3D0xbfffe354) at /mirror/d/emacs/src/eval.c:2911
#22 0x08179edd in Ffuncall (nargs=3D3, args=3D0xbfffe350)
    at /mirror/d/emacs/src/eval.c:2772
#23 0x081b1b68 in Fbyte_code (bytestr=3D951599396, vector=3D1220038872, m=
axdepth=3D4)
    at /mirror/d/emacs/src/bytecode.c:709
#24 0x0817a494 in funcall_lambda (fun=3D1220039048, nargs=3D2,
    arg_vector=3D0xbfffe504) at /mirror/d/emacs/src/eval.c:2911
#25 0x08179edd in Ffuncall (nargs=3D3, args=3D0xbfffe500)
    at /mirror/d/emacs/src/eval.c:2772
#26 0x081b1b68 in Fbyte_code (bytestr=3D949718684, vector=3D1216787184, m=
axdepth=3D10)
    at /mirror/d/emacs/src/bytecode.c:709
#27 0x0817a494 in funcall_lambda (fun=3D1214237616, nargs=3D2,
    arg_vector=3D0xbfffe6d4) at /mirror/d/emacs/src/eval.c:2911
#28 0x08179edd in Ffuncall (nargs=3D3, args=3D0xbfffe6d0)
    at /mirror/d/emacs/src/eval.c:2772
#29 0x081b1b68 in Fbyte_code (bytestr=3D949686140, vector=3D1213293104, m=
axdepth=3D9)
    at /mirror/d/emacs/src/bytecode.c:709
#30 0x0817a494 in funcall_lambda (fun=3D1214365864, nargs=3D1,
    arg_vector=3D0xbfffe8a4) at /mirror/d/emacs/src/eval.c:2911
#31 0x08179edd in Ffuncall (nargs=3D2, args=3D0xbfffe8a0)
    at /mirror/d/emacs/src/eval.c:2772
#32 0x081b1b68 in Fbyte_code (bytestr=3D948486652, vector=3D1219379032, m=
axdepth=3D3)
    at /mirror/d/emacs/src/bytecode.c:709
#33 0x0817a494 in funcall_lambda (fun=3D1219952584, nargs=3D1,
    arg_vector=3D0xbfffea84) at /mirror/d/emacs/src/eval.c:2911
#34 0x08179edd in Ffuncall (nargs=3D2, args=3D0xbfffea80)
    at /mirror/d/emacs/src/eval.c:2772
#35 0x08175bfd in Fcall_interactively (function=3D413867092,
    record_flag=3D405896804, keys=3D1222607368) at /mirror/d/emacs/src/ca=
llint.c:850
#36 0x08110736 in Fcommand_execute (cmd=3D413867092, record_flag=3D405896=
804,
    keys=3D405896804, special=3D405896804) at /mirror/d/emacs/src/keyboar=
d.c:9641
---Type <return> to continue, or q <return> to quit---q