From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Jim Meyering Newsgroups: gmane.emacs.devel,gmane.emacs.bugs Subject: suspected use-after-free leads to bootstrap failure Date: Thu, 31 Mar 2011 11:37:37 +0200 Message-ID: <87pqp7r5pa.fsf@rho.meyering.net> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: dough.gmane.org 1301564278 21029 80.91.229.12 (31 Mar 2011 09:37:58 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Thu, 31 Mar 2011 09:37:58 +0000 (UTC) Cc: Stefan Monnier To: emacs-devel@gnu.org, bug-gnu-emacs@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Mar 31 11:37:54 2011 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Q5EKA-0001xz-2b for ged-emacs-devel@m.gmane.org; Thu, 31 Mar 2011 11:37:54 +0200 Original-Received: from localhost ([127.0.0.1]:43548 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q5EK6-0006N9-UR for ged-emacs-devel@m.gmane.org; Thu, 31 Mar 2011 05:37:50 -0400 Original-Received: from [140.186.70.92] (port=42618 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Q5EK0-0006Gt-Nm for emacs-devel@gnu.org; Thu, 31 Mar 2011 05:37:45 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Q5EJz-0001FK-Ck for emacs-devel@gnu.org; Thu, 31 Mar 2011 05:37:44 -0400 Original-Received: from mx.meyering.net ([82.230.74.64]:46643) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Q5EJw-0001Di-08; Thu, 31 Mar 2011 05:37:40 -0400 Original-Received: by rho.meyering.net (Acme Bit-Twister, from userid 1000) id 0D9D9602E7; Thu, 31 Mar 2011 11:37:38 +0200 (CEST) Original-Lines: 84 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 82.230.74.64 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:137942 gmane.emacs.bugs:45521 Archived-At: Jim Meyering wrote: > Eli Zaretskii wrote: >>> From: Jim Meyering >>> Date: Wed, 30 Mar 2011 09:42:42 +0200 >>> Cc: eggert@cs.ucla.edu, emacs-devel@gnu.org >>> >>> This command, >>> env MALLOC_PERTURB_=0 MALLOC_CHECK_=0 make -j9 bootstrap >>> has succeeded for me on each of the last three mornings (Mar 28-30). >>> >>> I manually set those two MALLOC_*_ variables to 0 because >>> when I don't, emacs fails to bootstrap. >> >> It's a pity this problem was not reported to the bug tracker. (At >> least I couldn't find it; apologies if I missed it.) > > I thought I reported it to some emacs development list months ago, > but a quick search didn't find it. > >>> I suspect that emacs is using free'd memory containing >>> values that would normally be unoffensive, but when you set >>> those envvars (esp MALLOC_PERTURB_) to nonzero, it makes >>> glibc scribble on free'd buffers, and that makes emacs >>> exhibit an actual failure. >> >> Can you use bisect to find the guilty commit? > > Finding a commit for which a perturbed "make bootstrap" succeeds > was a challenge. > > I bootstrapped 8 or 10 times, going back to 2009 > in steps of 500, then 1500 commits. Same failure > each time, until I started getting link errors: > > /usr/bin/ld: xftfont.o: undefined reference to symbol 'XRenderQueryExtension' > /usr/bin/ld: note: 'XRenderQueryExtension' is defined in DSO /usr/lib64/libXrender.so.1 so try adding it to the linker command line > /usr/lib64/libXrender.so.1: could not read symbols: Invalid operation > > I worked around that by inserting -lXrender into the generated Makefile: > > perl -pi -e 's/(-lfreetype )/$1-lXrender /' src/Makefile > > With that, I finally found a successful build at this git commit: > > commit 84655cfe88efb24c256302d016cd037d22544cca > Author: Stefan Monnier > Date: Fri Nov 6 18:47:48 2009 +0000 > > Let integers use up 2 tags to give them one extra bit and double their range. > * lisp.h (USE_2_TAGS_FOR_INTS): New macro. > (LISP_INT_TAG, case_Lisp_Int, LISP_STRING_TAG, LISP_INT_TAG_P): New macros. > ... > > Maybe someone else will do the actual bisection: > > Bisecting: 4164 revisions left to test after this (roughly 12 steps) > > This is the command to run: > > env MALLOC_PERTURB_=44 MALLOC_CHECK_=3 make -j9 bootstrap > > If not, I'll get to it, eventually. I did that. This is the offending commit: 5a98a2a69b1a15173ce4bfa53307608a7150b407 is the first bad commit commit 5a98a2a69b1a15173ce4bfa53307608a7150b407 Author: Stefan Monnier Date: Sun Apr 18 17:49:33 2010 -0400 Hash-cons pure data. * alloc.c (Fpurecopy): Hash-cons if requested. (syms_of_alloc): Update purify-flag docstring. * loadup.el: Setup hash-cons for pure data. Bootstrapping (with MALLOC_PERTURB_=44 MALLOC_CHECK_=3) from there, I get this failure: In toplevel form: /e/emacs/lisp/language/thai-word.el:10738:5:Error: \ Memory exhausted--use C-x s then exit and restart Emacs Bootstrapping from the one just before succeeds.