ASAN crash

ASAN crash

[Po Lu]

I got this hitting C-g.  Anyone know what the problem is?  I don't
understand what that code is doing with jmp_bufs.

==2667724==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7ffec5617e60 at pc 0x7f912ac49e0b bp 0x7ffec5617e00 sp 0x7ffec56175b0
READ of size 200 at 0x7ffec5617e60 thread T0
    #0 0x7f912ac49e0a in __interceptor_memcpy (/lib64/libasan.so.8+0x49e0a)
    #1 0x761d5c in restore_getcjmp (/path/to/emacs/src/emacs+0x761d5c)
    #2 0x8b9837 in unbind_to (/path/to/emacs/src/emacs+0x8b9837)
    #3 0x788345 in read_char (/path/to/emacs/src/emacs+0x788345)
    #4 0x78c991 in read_key_sequence (/path/to/emacs/src/emacs+0x78c991)
    #5 0x791b8b in command_loop_1 (/path/to/emacs/src/emacs+0x791b8b)
    #6 0x8b5f89 in internal_condition_case (/path/to/emacs/src/emacs+0x8b5f89)
    #7 0x7615f4 in command_loop_2 (/path/to/emacs/src/emacs+0x7615f4)
    #8 0x8b5da4 in internal_catch (/path/to/emacs/src/emacs+0x8b5da4)
    #9 0x7614c9 in command_loop (/path/to/emacs/src/emacs+0x7614c9)
    #10 0x76ced6 in recursive_edit_1 (/path/to/emacs/src/emacs+0x76ced6)
    #11 0x7f2fb6 in Fread_from_minibuffer (/path/to/emacs/src/emacs+0x7f2fb6)
    #12 0x8c0857 in funcall_subr (/path/to/emacs/src/emacs+0x8c0857)
    #13 0x96b38c in exec_byte_code (/path/to/emacs/src/emacs+0x96b38c)
    #14 0x8c5b0a in funcall_lambda (/path/to/emacs/src/emacs+0x8c5b0a)
    #15 0x8c6424 in funcall_general (/path/to/emacs/src/emacs+0x8c6424)
    #16 0x8ba8e6 in Ffuncall (/path/to/emacs/src/emacs+0x8ba8e6)
    #17 0x7e84b1 in Fcompleting_read (/path/to/emacs/src/emacs+0x7e84b1)
    #18 0x8c09dc in funcall_subr (/path/to/emacs/src/emacs+0x8c09dc)
    #19 0x96b38c in exec_byte_code (/path/to/emacs/src/emacs+0x96b38c)
    #20 0x96b539 in Fbyte_code (/path/to/emacs/src/emacs+0x96b539)
    #21 0x8c43eb in eval_sub (/path/to/emacs/src/emacs+0x8c43eb)
    #22 0x8c9d56 in Feval (/path/to/emacs/src/emacs+0x8c9d56)
    #23 0x8b084e in Fcall_interactively (/path/to/emacs/src/emacs+0x8b084e)
    #24 0x8c0471 in funcall_subr (/path/to/emacs/src/emacs+0x8c0471)
    #25 0x96b38c in exec_byte_code (/path/to/emacs/src/emacs+0x96b38c)
    #26 0x8c5b0a in funcall_lambda (/path/to/emacs/src/emacs+0x8c5b0a)
    #27 0x8c6424 in funcall_general (/path/to/emacs/src/emacs+0x8c6424)
    #28 0x8ba8e6 in Ffuncall (/path/to/emacs/src/emacs+0x8ba8e6)
    #29 0x8af978 in Ffuncall_interactively (/path/to/emacs/src/emacs+0x8af978)
    #30 0x8c0a6f in funcall_subr (/path/to/emacs/src/emacs+0x8c0a6f)
    #31 0x8c644f in funcall_general (/path/to/emacs/src/emacs+0x8c644f)
    #32 0x8ba8e6 in Ffuncall (/path/to/emacs/src/emacs+0x8ba8e6)
    #33 0x8bb428 in Fapply (/path/to/emacs/src/emacs+0x8bb428)
    #34 0x8b0c60 in Fcall_interactively (/path/to/emacs/src/emacs+0x8b0c60)
    #35 0x8c0471 in funcall_subr (/path/to/emacs/src/emacs+0x8c0471)
    #36 0x96b38c in exec_byte_code (/path/to/emacs/src/emacs+0x96b38c)
    #37 0x8c5b0a in funcall_lambda (/path/to/emacs/src/emacs+0x8c5b0a)
    #38 0x8c6424 in funcall_general (/path/to/emacs/src/emacs+0x8c6424)
    #39 0x8ba8e6 in Ffuncall (/path/to/emacs/src/emacs+0x8ba8e6)
    #40 0x792236 in command_loop_1 (/path/to/emacs/src/emacs+0x792236)
    #41 0x8b5f89 in internal_condition_case (/path/to/emacs/src/emacs+0x8b5f89)
    #42 0x7615f4 in command_loop_2 (/path/to/emacs/src/emacs+0x7615f4)
    #43 0x8b5da4 in internal_catch (/path/to/emacs/src/emacs+0x8b5da4)
    #44 0x761599 in command_loop (/path/to/emacs/src/emacs+0x761599)
    #45 0x76ced6 in recursive_edit_1 (/path/to/emacs/src/emacs+0x76ced6)
    #46 0x76d6b1 in Frecursive_edit (/path/to/emacs/src/emacs+0x76d6b1)
    #47 0x75fe0a in main (/path/to/emacs/src/emacs+0x75fe0a)
    #48 0x7f9128a2954f in __libc_start_call_main (/lib64/libc.so.6+0x2954f)
    #49 0x7f9128a29608 in __libc_start_main@@GLIBC_2.34 (/lib64/libc.so.6+0x29608)
    #50 0x419c54 in _start (/path/to/emacs/src/emacs+0x419c54)

Address 0x7ffec5617e60 is located in stack of thread T0 at offset 0 in frame
    #0 0x8b9563 in unbind_to (/path/to/emacs/src/emacs+0x8b9563)

  This frame has 2 object(s):
    [32, 40) 'count' (line 3730) <== Memory access at offset 0 partially underflows this variable
    [64, 96) 'this_binding' (line 3744) <== Memory access at offset 0 partially underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-underflow (/lib64/libasan.so.8+0x49e0a) in __interceptor_memcpy
Shadow bytes around the buggy address:
  0x100058abaf70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100058abaf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100058abaf90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100058abafa0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100058abafb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100058abafc0: 00 00 00 00 00 00 00 00 00 00 00 00[f1]f1 f1 f1
  0x100058abafd0: 00 f2 f2 f2 00 00 00 00 f3 f3 f3 f3 00 00 00 00
  0x100058abafe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100058abaff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100058abb000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100058abb010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07 
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==2667724==ABORTING