From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.ciao.gmane.io!not-for-mail
From: Daniel Pittman <slippycheeze@google.com>
Newsgroups: gmane.emacs.devel
Subject: Re: macOS NS GUI crash due to invalid font pointer in frame struct
 while marking
Date: Fri, 24 Jan 2020 10:04:00 -0500
Message-ID: <CAC45yQuaHHnRSS+2TVMZ6iE=4V=oeOBGbus1ms0vobhZ4aGMig@mail.gmail.com>
References: <CAC45yQtYtgGZsfp0R4wSmnomHRgzczH5t9kS46zr_ukYPbdmNA@mail.gmail.com>
 <m2pnfaat0s.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="00000000000072b89c059ce413cd"
Injection-Info: ciao.gmane.io; posting-host="ciao.gmane.io:159.69.161.202";
	logging-data="49239"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: emacs-devel <emacs-devel@gnu.org>
To: Robert Pluim <rpluim@gmail.com>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Fri Jan 24 16:05:21 2020
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1iv0WP-000Clg-Cs
	for ged-emacs-devel@m.gmane-mx.org; Fri, 24 Jan 2020 16:05:21 +0100
Original-Received: from localhost ([::1]:43462 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1iv0WO-0006JG-Fc
	for ged-emacs-devel@m.gmane-mx.org; Fri, 24 Jan 2020 10:05:20 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:49716)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <slippycheeze@google.com>) id 1iv0Vi-0005rV-Vn
 for emacs-devel@gnu.org; Fri, 24 Jan 2020 10:04:40 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <slippycheeze@google.com>) id 1iv0Vh-0007Vj-I8
 for emacs-devel@gnu.org; Fri, 24 Jan 2020 10:04:38 -0500
Original-Received: from mail-qk1-x72e.google.com ([2607:f8b0:4864:20::72e]:46553)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <slippycheeze@google.com>)
 id 1iv0Vh-0007Uz-Bc
 for emacs-devel@gnu.org; Fri, 24 Jan 2020 10:04:37 -0500
Original-Received: by mail-qk1-x72e.google.com with SMTP id g195so2260292qke.13
 for <emacs-devel@gnu.org>; Fri, 24 Jan 2020 07:04:37 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=xO8lufFISSfomLU0yapbLXv93wBcRXDwLyfNuyXmVG0=;
 b=qAlSte7vPSR3/JyGm3Z2C14qkZk/4vygUKMp8F81fzboNuEjcvnmMr02/pqctOTnBs
 vLFoXRqlInPp7s1PzfUMVeUWT8XEW/vd4pwYCZg5Ag60hwUCFBDkXfa71SN7YqN2L+Q7
 V/EOWVzDZcGsZPBeo0i4rCqUYe+ZHXv9EYgd6XSofKjN0lt6bowOulWVJyXjwpGB7Xw6
 5hqK1WeDCM1BJA2JQLQLS+bj1PAP5yPZ6wMAnEFyGjXAIoe2FqQhDLXoEUEruFsoTwvk
 YnuAPvb3epela8EFq9C4Xen8Gu6D9wR0Pa0+pCg5vPF2cx2zQVErCfVlWWJJTTMKEQkQ
 qwIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=xO8lufFISSfomLU0yapbLXv93wBcRXDwLyfNuyXmVG0=;
 b=JenQkO8kZd2I7eHIMpatl8WMiw2jPmE2g84prMz0AbIe0EhfbKISLwt8+crvuigJCl
 WuCmTTuQADsEACWJJIENZtztKay7IAibyV18RwHg1hoIY45q4RaNZumz7sMHVuXcU4Nv
 3fnlUVctSgfzNOWbhP3cq1Za/yeuiK0a/pSq5aRsFNGPera58KiFQ7DXb83emJZqiVKp
 XYaiMA7FDOfD7dAGn2kTXdewi2ZaOOkXqkkmlHObeUdzcl1cVGGbNwg/CUoW/4dr1Q09
 xuaskndMAyftXNn8yJL7KPy0D37mJ5fJ4WwwX+wWIQoCgLrVQua3pvz6rbnq8yn8mw5N
 sLQg==
X-Gm-Message-State: APjAAAUtaxP7BV9YHSHJe09wDPY1woW6hoDtqq9hH6NF73dL7YiMp3PH
 5kR/IQ1TuvqFQurrWkF/N2QOZFhPLPTIwEhu0k/C5w==
X-Google-Smtp-Source: APXvYqyqjjbh3Sy8enIg5M4CqMk4uWQTvR4tRsIB8b+kL9JOZ7ELfZ586h5Pnp8rk9uuSdGUE2Wdq/ufRNrPwmb4Vb4=
X-Received: by 2002:a05:620a:91c:: with SMTP id
 v28mr3055980qkv.248.1579878276286; 
 Fri, 24 Jan 2020 07:04:36 -0800 (PST)
In-Reply-To: <m2pnfaat0s.fsf@gmail.com>
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::72e
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: "Emacs-devel"
 <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.devel:244569
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/244569>

--00000000000072b89c059ce413cd
Content-Type: text/plain; charset="UTF-8"

I'm glad I asked, thank you so much for that.  :)

On Thu, Jan 23, 2020 at 2:10 PM Robert Pluim <rpluim@gmail.com> wrote:

> >>>>> On Thu, 23 Jan 2020 11:16:39 -0500, Daniel Pittman <
> slippycheeze@google.com> said:
>
>     Daniel> G'day.  I've come across a crash during GC on macOS 10.15.2,
> GNU Emacs
>     Daniel> built from source, git
> d97a77c481ec913d8c3c24f2eecdc41a28243678.
>
>     Daniel> The crash is located at:
>     ...-> mark_window->mark_vectorlike->mark_frame
>
>     Daniel> In this the bad pointer is in (struct
> frame).output_data.ns.font, where the
>     Daniel> pointer is wildly out of the memory map, and so crashes trying
> to determine
>     Daniel> if that was marked.
>
>     Daniel> I haven't yet tracked this down to a root cause, but before I
> invest
>     Daniel> significant time in that I'd like to know if anyone else is
> investigating
>     Daniel> this, or something similar to this?
>
>     Daniel> Reproduction is, painfully, just a matter of waiting for a
> crash.  It seems
>     Daniel> to be vaguely correlated to external process interactions, but
> can't find a
>     Daniel> clear root cause.
>
>     Daniel> I'll work to get a fix, of course, but wanted to avoid
> duplicating work if
>     Daniel> someone else already has this in hand, or knows more.
>
> git sh 2eb834ead401fa83270cad585a4310e2e05b8baa
> commit 2eb834ead401fa83270cad585a4310e2e05b8baa
> Author:     Pip Cet <pipcet@gmail.com>
> AuthorDate: Mon Jan 20 17:27:43 2020 +0100
> Commit:     Robert Pluim <rpluim@gmail.com>
> CommitDate: Mon Jan 20 17:27:43 2020 +0100
>
>     Clear output data pointer on NS
>
>     * src/nsterm.m (ns_free_frame_resources): Clear the output data
>     pointer to prevent attempting to reuse freed resources (Bug#38748).
>
> diff --git a/src/nsterm.m b/src/nsterm.m
> index 03754e5ae5..c1d1d41117 100644
> --- a/src/nsterm.m
> +++ b/src/nsterm.m
> @@ -1644,6 +1644,7 @@ Hide the window (X11 semantics)
>    [view release];
>
>    xfree (f->output_data.ns);
> +  f->output_data.ns = NULL;
>
>    unblock_input ();
>  }
>

--00000000000072b89c059ce413cd
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">I&#39;m glad I asked, thank you so much for that.=C2=A0 :)=
</div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmail_attr">=
On Thu, Jan 23, 2020 at 2:10 PM Robert Pluim &lt;<a href=3D"mailto:rpluim@g=
mail.com">rpluim@gmail.com</a>&gt; wrote:<br></div><blockquote class=3D"gma=
il_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,2=
04,204);padding-left:1ex">&gt;&gt;&gt;&gt;&gt; On Thu, 23 Jan 2020 11:16:39=
 -0500, Daniel Pittman &lt;<a href=3D"mailto:slippycheeze@google.com" targe=
t=3D"_blank">slippycheeze@google.com</a>&gt; said:<br>
<br>
=C2=A0 =C2=A0 Daniel&gt; G&#39;day.=C2=A0 I&#39;ve come across a crash duri=
ng GC on macOS 10.15.2, GNU Emacs<br>
=C2=A0 =C2=A0 Daniel&gt; built from source, git d97a77c481ec913d8c3c24f2eec=
dc41a28243678.<br>
<br>
=C2=A0 =C2=A0 Daniel&gt; The crash is located at:<br>
=C2=A0 =C2=A0 ...-&gt; mark_window-&gt;mark_vectorlike-&gt;mark_frame<br>
<br>
=C2=A0 =C2=A0 Daniel&gt; In this the bad pointer is in (struct frame).outpu=
t_data.ns.font, where the<br>
=C2=A0 =C2=A0 Daniel&gt; pointer is wildly out of the memory map, and so cr=
ashes trying to determine<br>
=C2=A0 =C2=A0 Daniel&gt; if that was marked.<br>
<br>
=C2=A0 =C2=A0 Daniel&gt; I haven&#39;t yet tracked this down to a root caus=
e, but before I invest<br>
=C2=A0 =C2=A0 Daniel&gt; significant time in that I&#39;d like to know if a=
nyone else is investigating<br>
=C2=A0 =C2=A0 Daniel&gt; this, or something similar to this?<br>
<br>
=C2=A0 =C2=A0 Daniel&gt; Reproduction is, painfully, just a matter of waiti=
ng for a crash.=C2=A0 It seems<br>
=C2=A0 =C2=A0 Daniel&gt; to be vaguely correlated to external process inter=
actions, but can&#39;t find a<br>
=C2=A0 =C2=A0 Daniel&gt; clear root cause.<br>
<br>
=C2=A0 =C2=A0 Daniel&gt; I&#39;ll work to get a fix, of course, but wanted =
to avoid duplicating work if<br>
=C2=A0 =C2=A0 Daniel&gt; someone else already has this in hand, or knows mo=
re.<br>
<br>
git sh 2eb834ead401fa83270cad585a4310e2e05b8baa<br>
commit 2eb834ead401fa83270cad585a4310e2e05b8baa<br>
Author:=C2=A0 =C2=A0 =C2=A0Pip Cet &lt;<a href=3D"mailto:pipcet@gmail.com" =
target=3D"_blank">pipcet@gmail.com</a>&gt;<br>
AuthorDate: Mon Jan 20 17:27:43 2020 +0100<br>
Commit:=C2=A0 =C2=A0 =C2=A0Robert Pluim &lt;<a href=3D"mailto:rpluim@gmail.=
com" target=3D"_blank">rpluim@gmail.com</a>&gt;<br>
CommitDate: Mon Jan 20 17:27:43 2020 +0100<br>
<br>
=C2=A0 =C2=A0 Clear output data pointer on NS<br>
<br>
=C2=A0 =C2=A0 * src/nsterm.m (ns_free_frame_resources): Clear the output da=
ta<br>
=C2=A0 =C2=A0 pointer to prevent attempting to reuse freed resources (Bug#3=
8748).<br>
<br>
diff --git a/src/nsterm.m b/src/nsterm.m<br>
index 03754e5ae5..c1d1d41117 100644<br>
--- a/src/nsterm.m<br>
+++ b/src/nsterm.m<br>
@@ -1644,6 +1644,7 @@ Hide the window (X11 semantics)<br>
=C2=A0 =C2=A0[view release];<br>
<br>
=C2=A0 =C2=A0xfree (f-&gt;output_data.ns);<br>
+=C2=A0 f-&gt;output_data.ns =3D NULL;<br>
<br>
=C2=A0 =C2=A0unblock_input ();<br>
=C2=A0}<br>
</blockquote></div>

--00000000000072b89c059ce413cd--