From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Stefan Monnier <monnier@iro.umontreal.ca>
Newsgroups: gmane.emacs.devel
Subject: Re: allocate_string_data memory corruption
Date: Sun, 22 Jan 2006 19:55:36 -0500
Message-ID: <874q3v6a65.fsf-monnier+emacs@gnu.org>
References: <87vewha2zl.fsf@stupidchicken.com>
	<E1Ezkqz-0008VZ-CM@fencepost.gnu.org>
	<m14q3zy2wf.fsf-monnier+emacs@gnu.org>
	<E1F05Ck-0005Pd-KH@fencepost.gnu.org>
	<87zmlq6w62.fsf-monnier+emacs@gnu.org>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1137977822 14689 80.91.229.2 (23 Jan 2006 00:57:02 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Mon, 23 Jan 2006 00:57:02 +0000 (UTC)
Cc: cyd@stupidchicken.com, emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Mon Jan 23 01:57:00 2006
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by ciao.gmane.org with esmtp (Exim 4.43)
	id 1F0q0w-0001Jp-5S
	for ged-emacs-devel@m.gmane.org; Mon, 23 Jan 2006 01:56:58 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1F0q3V-0000ME-KX
	for ged-emacs-devel@m.gmane.org; Sun, 22 Jan 2006 19:59:38 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1F0q2L-0000LX-Fu
	for emacs-devel@gnu.org; Sun, 22 Jan 2006 19:58:25 -0500
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1F0q2J-0000L8-12
	for emacs-devel@gnu.org; Sun, 22 Jan 2006 19:58:24 -0500
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1F0q2I-0000L4-GE
	for emacs-devel@gnu.org; Sun, 22 Jan 2006 19:58:22 -0500
Original-Received: from [209.226.175.74] (helo=tomts20-srv.bellnexxia.net)
	by monty-python.gnu.org with esmtp (Exim 4.34)
	id 1F0q6u-0004lW-GE; Sun, 22 Jan 2006 20:03:08 -0500
Original-Received: from alfajor ([67.71.115.65]) by tomts20-srv.bellnexxia.net
	(InterMail vM.5.01.06.13 201-253-122-130-113-20050324) with ESMTP
	id <20060123005536.TOER8316.tomts20-srv.bellnexxia.net@alfajor>;
	Sun, 22 Jan 2006 19:55:36 -0500
Original-Received: by alfajor (Postfix, from userid 1000)
	id 38076D73B3; Sun, 22 Jan 2006 19:55:36 -0500 (EST)
Original-To: rms@gnu.org
In-Reply-To: <87zmlq6w62.fsf-monnier+emacs@gnu.org> (Stefan Monnier's message
	of "Fri, 20 Jan 2006 23:48:30 -0500")
User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.50 (gnu/linux)
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:49423
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/49423>

>> Maybe eassert(!handling_signal) should be added to allocate_string
>> (and maybe it will catch the current bug).
>> It seems worth a try.

Attached is another candidate for "random memory corruption" (tho, here it
uses allocate_vectorlike, whose code is almost completely wrapped in
BLOCK_INPUT except for:

  p->next = all_vectors;
  all_vectors = p;

so it's probably not causing too much memory corrpution).

Contrary to the previous one, I have no idea how to fix this one.


        Stefan


(gdb) bt
#0  abort () at emacs.c:464
#1  0x081946fa in die (msg=0x8265950 "assertion failed: !handling_signal", file=0x8265209 "alloc.c", line=2866) at alloc.c:6126
#2  0x08197013 in allocate_vectorlike (len=391, type=MEM_TYPE_VECTOR) at alloc.c:2866
#3  0x081971f4 in allocate_vector (nslots=391) at alloc.c:2894
#4  0x08197223 in Fmake_vector (length=3128, init=138309641) at alloc.c:2990
#5  0x08197562 in Fmake_char_table (purpose=138537273, init=138309641) at alloc.c:3015
#6  0x0811a984 in make_fontset (frame=142414076, name=138309641, base=142390252) at fontset.c:401
#7  0x0811b03d in make_fontset_for_ascii_face (f=0x87d10f8, base_fontset_id=3) at fontset.c:580
#8  0x080f49f9 in realize_face (cache=0x87d1780, attrs=0xbfffce90, c=0, base_face=0x0, former_face_id=-1) at xfaces.c:7224
#9  0x080f6236 in lookup_face (f=0x87d10f8, attr=0xbfffce90, c=0, base_face=0x0) at xfaces.c:5685
#10 0x080f66d3 in face_at_buffer_position (w=0x87d1258, pos=768, region_beg=0, region_end=0, endptr=0xbfffd0b0, limit=769, mouse=1) at xfaces.c:7690
#11 0x0809dee9 in note_mouse_highlight (f=0x87d10f8, x=88, y=285) at xdisp.c:22533
#12 0x080fd0ee in note_mouse_movement (frame=0x87d10f8, event=0xbfffd624) at xterm.c:3614
#13 0x08103405 in handle_one_xevent (dpyinfo=0x871fb28, eventp=0xbfffd6f0, finish=0xbfffd77c, hold_quit=0xbfffe7b0) at xterm.c:6573
#14 0x0810683b in XTread_socket (sd=0, expected=1, hold_quit=0xbfffe7b0) at xterm.c:7021
#15 0x0813b1b9 in read_avail_input (expected=<value optimized out>) at keyboard.c:6712
#16 0x0813b35a in handle_async_input () at keyboard.c:6858
#17 0x0813b389 in input_available_signal (signo=29) at keyboard.c:6900
#18 <signal handler called>