From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Herwig Hochleitner Newsgroups: gmane.emacs.devel Subject: Segfault during fontification of rgrep buffers [HELP NEEDED] Date: Wed, 26 Oct 2016 18:09:14 +0200 Message-ID: NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=94eb2c184a8ce04c7f053fc6d981 X-Trace: blaine.gmane.org 1477506537 20912 195.159.176.226 (26 Oct 2016 18:28:57 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 26 Oct 2016 18:28:57 +0000 (UTC) To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Oct 26 20:28:52 2016 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bzSwB-0002E4-Gm for ged-emacs-devel@m.gmane.org; Wed, 26 Oct 2016 20:28:31 +0200 Original-Received: from localhost ([::1]:36737 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bzSwE-0006gh-1A for ged-emacs-devel@m.gmane.org; Wed, 26 Oct 2016 14:28:34 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34432) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bzQlo-0005GU-Cw for emacs-devel@gnu.org; Wed, 26 Oct 2016 12:09:43 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bzQll-0005wA-QO for emacs-devel@gnu.org; Wed, 26 Oct 2016 12:09:40 -0400 Original-Received: from mail-lf0-x232.google.com ([2a00:1450:4010:c07::232]:40686) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1bzQll-0005v9-BC for emacs-devel@gnu.org; Wed, 26 Oct 2016 12:09:37 -0400 Original-Received: by mail-lf0-x232.google.com with SMTP id o16so9400203lff.7 for ; Wed, 26 Oct 2016 09:09:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to; bh=Q55cDG3Yi6WEfTYsMWErFvkosEwhOYhE1sto1FUqql8=; b=dWYV2NRL6maPNui1MYjguz2uf3ORxIl/Dhq7wKmsGOHWQr0mKd0xhjozbUcAI3H38G 2BApfdmflBVBUML6/HazHi2orRCeh//85yYR7NKX00R5mj2V81s/khU2NcXuGIzk1D4L uNlr9YegKhyLsnAO8TjWHNHHCEXpbH4fDtIg3zm1eZPgL1cUtO0RgT6jW8t3Fv1tfJ4i uGNtQ6HCLu9/uU/XOFe+pMV+uE5jCC6qhhefZzqLlUAJJdGdFvB731TNmhJqTkGxQ91Q mrv+3+ghYC8OO4/i8NypCpw0sfxpCrVqJPYk/Z7taWZUvhISmDuV06kXcWLZRAFkb4Z8 DX/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=Q55cDG3Yi6WEfTYsMWErFvkosEwhOYhE1sto1FUqql8=; b=AJDTmRP506QxslM84yUOAw3eIDdvs+cE/mSAMC4u1Q/aNn+9wcFp0PHJf2fp1h+803 j8n/8EsWlwJR0CElnKu8VSy6xTrE0f1XQMq3YQQcpf4ki3O3vua7MiLMvh3h3rcE/W/W y/Uggmtk6vu/R9zXlk4VBf8CgFh/2B+l7o/S+Ne3pXAakQmy6v/WrluXiSrlGWoiFtv6 bR1NOlHJ1yZ6BEWAesh1KNsHoAW1tY8b110AcO6TVL1iptvfKGuq6xWPpraiz+luFwFv gc9LLEI4BFTZxz+VOEsMey315UBuj93p8oWFIBmo1fR05sqhQqZUGpfyanTRNC2KXOc7 5aQg== X-Gm-Message-State: ABUngvcIVUcwfLFCzu7eeCexoVJxj/q9nK6fMJINZ30/XY+P2BClzKG+vhAGyzgT9q4eeC8frCWXGsdM+jT+Dw== X-Received: by 10.25.217.82 with SMTP id q79mr2096577lfg.13.1477498174981; Wed, 26 Oct 2016 09:09:34 -0700 (PDT) Original-Received: by 10.114.79.194 with HTTP; Wed, 26 Oct 2016 09:09:14 -0700 (PDT) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2a00:1450:4010:c07::232 X-Mailman-Approved-At: Wed, 26 Oct 2016 14:28:27 -0400 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:208848 Archived-At: --94eb2c184a8ce04c7f053fc6d981 Content-Type: text/plain; charset=UTF-8 Hi, I've been hunting a segfault during usage of rgrep for some time, now I've managed to catch it in gdb. From the looks of it, BEGV_ADDR is changed during a single run of search_buffer, which leaves a stale pointer in a local variable. I don't know enough about emacs to tell whether this is expected, or how to fix it. Here is some info from my gdb session, please tell me anything you might need to further investigate this. I'm also willing to hand out my core file individually: (gdb) dir /tmp/emacs-25.1/src/ Source directories searched: /tmp/emacs-25.1/src:$cdir:$cwd (gdb) bt #0 re_search_2 (bufp=bufp@entry=0xb9dac0 , str1=str1@entry=0x6154ca8 , size1=size1@entry =1559060, str2=str2@entry=0x62d1fec , size2=size2@entry=26, startpos=1556280, range=136, regs=0xb9c3f0 , stop=1556416) at regex.c:4464 #1 0x00000000005395ef in search_buffer (string=string@entry=48209668, pos=, pos_byte=, lim=lim@entry=1556364, lim_byte=lim_byte@entry=1556417, n=1, RE=1, trt=0, inverse_trt=0, posix=false) at search.c:1265 #2 0x0000000000539f52 in search_command (string=48209668, bound=, noerror=44832, count=, direction=direction@entry=1, RE=RE@entry=1, posix=false) at search.c:1058 #3 0x000000000053a167 in Fre_search_forward (regexp=, bound=, noerror=, count=) at search.c:2264 #4 0x00000000005686af in Ffuncall (nargs=4, args=args@entry=0x7ffc312cf088) at eval.c:2704 #5 0x00000000005a1803 in exec_byte_code (bytestr=, vector=, maxdepth=, args_template=args_template@entry=0, nargs=nargs@entry=0, args=, args@entry=0x0) at bytecode.c:880 #6 0x00000000005680cd in funcall_lambda (fun=10112541, nargs=nargs@entry=3, arg_vector=arg_vector@entry=0x7ffc312cf2c0) at eval.c:2921 #7 0x00000000005684cb in Ffuncall (nargs=4, args=args@entry=0x7ffc312cf2b8) at eval.c:2754 #8 0x00000000005a1803 in exec_byte_code (bytestr=, vector=, maxdepth=, args_template=args_template@entry=0, nargs=nargs@entry=0, args=, args@entry=0x0) at bytecode.c:880 #9 0x00000000005680cd in funcall_lambda (fun=10107237, nargs=nargs@entry=3, arg_vector=arg_vector@entry=0x7ffc312cf4d0) at eval.c:2921 #10 0x00000000005684cb in Ffuncall (nargs=4, args=args@entry=0x7ffc312cf4c8) at eval.c:2754 #11 0x00000000005a1803 in exec_byte_code (bytestr=, vector=, maxdepth=, args_template=args_template@entry=0, nargs=nargs@entry=0, args=, args@entry=0x0) at bytecode.c:880 #12 0x00000000005680cd in funcall_lambda (fun=10104949, nargs=nargs@entry=2, arg_vector=arg_vector@entry=0x7ffc312cf6e8) at eval.c:2921 #13 0x00000000005684cb in Ffuncall (nargs=3, args=args@entry=0x7ffc312cf6e0) at eval.c:2754 #14 0x00000000005a1803 in exec_byte_code (bytestr=, vector=, maxdepth=, args_template=, nargs=nargs@entry=11260497, args=, args@entry=0x9a8684 ) at bytecode.c:880 #15 0x000000000056820b in funcall_lambda (fun=140721133517472, nargs=11260497, nargs@entry=1, arg_vector=0x9a8684 , arg_vector@entry=0x7ffc312cf9e8) at eval.c:2855 #16 0x00000000005684cb in Ffuncall (nargs=2, args=args@entry=0x7ffc312cf9e0) at eval.c:2754 #17 0x000000000056877c in run_hook_wrapped_funcall (nargs=, args=0x7ffc312cf9e0) at eval.c:2428 #18 0x0000000000566f1d in run_hook_with_args (nargs=2, args=0x7ffc312cf9e0, funcall=0x568760 ) at eval.c:2509 #19 0x00000000005685e1 in Ffuncall (nargs=3, args=args@entry=0x7ffc312cf9d8) at eval.c:2673 #20 0x00000000005a1803 in exec_byte_code (bytestr=, vector=, maxdepth=, args_template=, nargs=nargs@entry=11260594, args=, args@entry=0x9a8604 ) at bytecode.c:880 #21 0x000000000056820b in funcall_lambda (fun=140721133518064, nargs=11260594, nargs@entry=2, arg_vector=0x9a8604 , arg_vector@entry=0x7ffc312cfbf0) at eval.c:2855 #22 0x00000000005684cb in Ffuncall (nargs=3, args=args@entry=0x7ffc312cfbe8) at eval.c:2754 #23 0x00000000005a1803 in exec_byte_code (bytestr=, vector=, maxdepth=, args_template=, nargs=nargs@entry=11260309, args=, args@entry=0x9a872c ) at bytecode.c:880 #24 0x000000000056820b in funcall_lambda (fun=140721133518544, nargs=11260309, nargs@entry=2, arg_vector=0x9a872c , arg_vector@entry=0x7ffc312cfe18) at eval.c:2855 #25 0x00000000005684cb in Ffuncall (nargs=3, args=args@entry=0x7ffc312cfe10) at eval.c:2754 #26 0x00000000005a1803 in exec_byte_code (bytestr=, vector=, maxdepth=, args_template=, nargs=nargs@entry=11260666, args=, args@entry=0x9a84bc ) at bytecode.c:880 #27 0x000000000056820b in funcall_lambda (fun=0, nargs=11260666, nargs@entry=1, arg_vector=0x9a84bc , arg_vector@entry=0x7ffc312d0018) at eval.c:2855 #28 0x00000000005684cb in Ffuncall (nargs=nargs@entry=2, args=args@entry=0x7ffc312d0010) at eval.c:2754 #29 0x0000000000566e80 in internal_condition_case_n (bfun=0x5682c0 , nargs=nargs@entry=2, args=args@entry=0x7ffc312d0010, handlers=handlers@entry=44832, hfun=hfun@entry=0x43dfb0 ) at eval.c:1389 #30 0x000000000042ef78 in safe__call (inhibit_quit=inhibit_quit@entry=false, nargs=nargs@entry=2, func=, ap=ap@entry=0x7ffc312d0090) at xdisp.c:2558 #31 0x000000000043afac in safe_call (nargs=nargs@entry=2, func=) at xdisp.c:2574 #32 0x000000000043afe2 in safe_call1 (fn=, arg=arg@entry=6222870) at xdisp.c:2585 #33 0x000000000043b110 in handle_fontified_prop (it=0x7ffc312d6300) at xdisp.c:3805 #34 0x000000000043fdfa in handle_stop (it=it@entry=0x7ffc312d6300) at xdisp.c:3371 #35 0x00000000004449b2 in next_element_from_buffer (it=0x7ffc312d6300) at xdisp.c:8321 #36 0x0000000000442d25 in get_next_display_element (it=it@entry=0x7ffc312d6300) at xdisp.c:6921 #37 0x0000000000444f62 in move_it_in_display_line_to (it=it@entry=0x7ffc312d6300, to_charpos=to_charpos@entry=1559034, to_x=to_x@entry=0, op=op@entry=(MOVE_TO_X | MOVE_TO_POS)) at xdisp.c:8662 #38 0x000000000044716c in move_it_to (it=it@entry=0x7ffc312d6300, to_charpos=to_charpos@entry=1559034, to_x=to_x@entry=-1, to_y=51, to_vpos=to_vpos@entry=-1, op=op@entry=10) at xdisp.c:9231 #39 0x000000000044ce7f in pos_visible_p (w=w@entry=0x375b290, charpos=1559034, x=x@entry=0x7ffc312d9c9c, y=y@entry=0x7ffc312d9ca0, rtop=rtop@entry=0x7ffc312d9cac, rbot=rbot@entry=0x7ffc312d9cb0, rowh=0x7ffc312d9ca4, vpos=0x7ffc312d9ca8) at xdisp.c:1336 #40 0x0000000000464ba9 in redisplay_window (window=58045077, just_this_one_p=just_this_one_p@entry=false) at xdisp.c:16626 #41 0x000000000046803b in redisplay_window_0 (window=window@entry=58045077) at xdisp.c:14446 #42 0x0000000000566d6c in internal_condition_case_1 (bfun=bfun@entry=0x468010 , arg=58045077, handlers=, hfun=hfun@entry=0x42d230 ) at eval.c:1333 #43 0x0000000000432273 in redisplay_windows (window=58045077) at xdisp.c:14426 #44 0x0000000000432238 in redisplay_windows (window=58044589) at xdisp.c:14420 #45 0x0000000000454db9 in redisplay_internal () at xdisp.c:13986 #46 0x0000000000456ede in redisplay_preserve_echo_area (from_where=from_where@entry=12) at xdisp.c:14279 #47 0x00000000005ad119 in wait_reading_process_output (time_limit=time_limit@entry=120, nsecs=nsecs@entry=0, read_kbd=read_kbd@entry=-1, do_display=do_display@entry=true, wait_for_cell=wait_for_cell@entry=0, wait_proc=wait_proc@entry=0x0, just_wait_proc=0) at process.c:5074 #48 0x0000000000422d35 in sit_for (timeout=, reading=reading@entry=true, display_option=display_option@entry=1) at dispnew.c:5762 #49 0x00000000004fe971 in read_char (commandflag=commandflag@entry=1, map=map@entry=76057843, prev_event=0, used_mouse_menu=used_mouse_menu@entry=0x7ffc312de2bb, end_time=end_time@entry=0x0) at keyboard.c:2714 #50 0x00000000004ff59b in read_key_sequence (keybuf=keybuf@entry=0x7ffc312de3e0, prompt=prompt@entry=0, dont_downcase_last=dont_downcase_last@entry=false, can_return_switch_frame=can_return_switch_frame@entry=true, fix_current_buffer=fix_current_buffer@entry=true, prevent_redisplay=prevent_redisplay@entry=false, bufsize=30) at keyboard.c:9063 #51 0x000000000050131e in command_loop_1 () at keyboard.c:1365 #52 0x0000000000566cf6 in internal_condition_case (bfun=bfun@entry=0x5010e0 , handlers=handlers@entry=19056, hfun=hfun@entry=0x4f5d20 ) at eval.c:1309 #53 0x00000000004f2744 in command_loop_2 (ignore=ignore@entry=0) at keyboard.c:1107 #54 0x0000000000566c7b in internal_catch (tag=tag@entry=46224, func=func@entry=0x4f2720 , arg=arg@entry=0) at eval.c:1074 #55 0x00000000004f26ed in command_loop () at keyboard.c:1086 #56 0x00000000004f5913 in recursive_edit_1 () at keyboard.c:692 #57 0x00000000004f5c53 in Frecursive_edit () at keyboard.c:763 #58 0x0000000000418db4 in main (argc=2, argv=0x7ffc312de768) at emacs.c:1626 Lisp Backtrace: "re-search-forward" (0x312cf090) "font-lock-fontify-keywords-region" (0x312cf2c0) "font-lock-default-fontify-region" (0x312cf4d0) "font-lock-fontify-region" (0x312cf6e8) 0x429efa0 PVEC_COMPILED "run-hook-wrapped" (0x312cf9e0) "jit-lock--run-functions" (0x312cfbf0) "jit-lock-fontify-now" (0x312cfe18) "jit-lock-function" (0x312d0018) "redisplay_internal (C function)" (0x0) (gdb) up #1 0x00000000005395ef in search_buffer (string=string@entry=48209668, pos=, pos_byte=, lim=lim@entry=1556364, lim_byte=lim_byte@entry=1556417, n=1, RE=1, trt=0, inverse_trt=0, posix=false) at search.c:1265 1265 val = re_search_2 (bufp, (char *) p1, s1, (char *) p2, s2, (gdb) print p1 $30 = (unsigned char *) 0x6154ca8 (gdb) print BEGV_ADDR $31 = (unsigned char *) 0x5e0dca8 "-*- mode: grep; default-directory: \"/tmp/alt/\" -*-\nGrep started at Wed Oct 26 17:08:00\n\nfind . -type d \\( -path \\*/SCCS -o -path \\*/RCS -o -path \\*/CVS -o -path \\*/MCVS -o -path \\*/.src -o -path \\*/.s"... So, while BEGV_ADDR is valid, re_search_2 gets called with an invalid pointer, which is strange because p1 is initialized from BEGV_ADDR a few lines earlier and there are no locations within search_buffer, where p1 is updated. That can only mean, that BEGV_ADDR is updated somewhere within search_buffer. Is the rgrep process supposed to be able to write to (hence possibly reallocate) its buffer during a single search_buffer call? Can somebody help me with producing a test case for this for the bug report? thanks --94eb2c184a8ce04c7f053fc6d981 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi,

I've been hunting a segfault during usage o= f rgrep for some time, now I've managed to catch it in gdb. From the lo= oks of it, BEGV_ADDR is changed during a single run of search_buffer, which= leaves a stale pointer in a local variable. I don't know enough about = emacs to tell whether this is expected, or how to fix it. Here is some info= from my gdb session, please tell me anything you might need to further inv= estigate this. I'm also willing to hand out my core file individually:<= br>
(gdb) dir /tmp/emacs-25.1/src/Source directories searched: /tmp/emacs-25.1/src:$cdir:$cwd

(gdb) = bt
#0 =C2=A0re_search_2 (bufp=3Dbufp@entry=3D0xb9dac0 <searchbufs+579= 2>, str1=3Dstr1@entry=3D0x6154ca8 <error: Cannot access memory at add= ress 0x6154ca8>, size1=3Dsize1@entry=3D1559060,
=C2=A0 =C2=A0 str2=3D= str2@entry=3D0x62d1fec <error: Cannot access memory at address 0x62d1fec= >, size2=3Dsize2@entry=3D26, startpos=3D1556280, range=3D136, regs=3D0xb= 9c3f0 <search_regs>, stop=3D1556416) at regex.c:4464
#1 =C2=A00x00= 000000005395ef in search_buffer (string=3Dstring@entry=3D48209668, pos=3D&l= t;optimized out>, pos_byte=3D<optimized out>, lim=3Dlim@entry=3D15= 56364, lim_byte=3Dlim_byte@entry=3D1556417, n=3D1, RE=3D1, trt=3D0, inverse= _trt=3D0,
=C2=A0 =C2=A0 posix=3Dfalse) at search.c:1265
#2 =C2=A00x00= 00000000539f52 in search_command (string=3D48209668, bound=3D<optimized = out>, noerror=3D44832, count=3D<optimized out>, direction=3Ddirect= ion@entry=3D1, RE=3DRE@entry=3D1, posix=3Dfalse) at search.c:1058
#3 =C2= =A00x000000000053a167 in Fre_search_forward (regexp=3D<optimized out>= , bound=3D<optimized out>, noerror=3D<optimized out>, count=3D&= lt;optimized out>) at search.c:2264
#4 =C2=A00x00000000005686af in Ff= uncall (nargs=3D4, args=3Dargs@entry=3D0x7ffc312cf088) at eval.c:2704
#5= =C2=A00x00000000005a1803 in exec_byte_code (bytestr=3D<optimized out>= ;, vector=3D<optimized out>, maxdepth=3D<optimized out>, args_t= emplate=3Dargs_template@entry=3D0, nargs=3Dnargs@entry=3D0, args=3D<opti= mized out>,
=C2=A0 =C2=A0 args@entry=3D0x0) at bytecode.c:880
#6 = =C2=A00x00000000005680cd in funcall_lambda (fun=3D10112541, nargs=3Dnargs@e= ntry=3D3, arg_vector=3Darg_vector@entry=3D0x7ffc312cf2c0) at eval.c:2921#7 =C2=A00x00000000005684cb in Ffuncall (nargs=3D4, args=3Dargs@entry=3D0x= 7ffc312cf2b8) at eval.c:2754
#8 =C2=A00x00000000005a1803 in exec_byte_co= de (bytestr=3D<optimized out>, vector=3D<optimized out>, maxdep= th=3D<optimized out>, args_template=3Dargs_template@entry=3D0, nargs= =3Dnargs@entry=3D0, args=3D<optimized out>,
=C2=A0 =C2=A0 args@ent= ry=3D0x0) at bytecode.c:880
#9 =C2=A00x00000000005680cd in funcall_lambd= a (fun=3D10107237, nargs=3Dnargs@entry=3D3, arg_vector=3Darg_vector@entry= =3D0x7ffc312cf4d0) at eval.c:2921
#10 0x00000000005684cb in Ffuncall (na= rgs=3D4, args=3Dargs@entry=3D0x7ffc312cf4c8) at eval.c:2754
#11 0x000000= 00005a1803 in exec_byte_code (bytestr=3D<optimized out>, vector=3D<= ;optimized out>, maxdepth=3D<optimized out>, args_template=3Dargs_= template@entry=3D0, nargs=3Dnargs@entry=3D0, args=3D<optimized out>,<= br>=C2=A0 =C2=A0 args@entry=3D0x0) at bytecode.c:880
#12 0x0000000000568= 0cd in funcall_lambda (fun=3D10104949, nargs=3Dnargs@entry=3D2, arg_vector= =3Darg_vector@entry=3D0x7ffc312cf6e8) at eval.c:2921
#13 0x0000000000568= 4cb in Ffuncall (nargs=3D3, args=3Dargs@entry=3D0x7ffc312cf6e0) at eval.c:2= 754
#14 0x00000000005a1803 in exec_byte_code (bytestr=3D<optimized ou= t>, vector=3D<optimized out>, maxdepth=3D<optimized out>, ar= gs_template=3D<optimized out>, nargs=3Dnargs@entry=3D11260497, args= =3D<optimized out>,
=C2=A0 =C2=A0 args@entry=3D0x9a8684 <pure+1= 343396>) at bytecode.c:880
#15 0x000000000056820b in funcall_lambda (= fun=3D140721133517472, nargs=3D11260497, nargs@entry=3D1, arg_vector=3D0x9a= 8684 <pure+1343396>, arg_vector@entry=3D0x7ffc312cf9e8) at eval.c:285= 5
#16 0x00000000005684cb in Ffuncall (nargs=3D2, args=3Dargs@entry=3D0x7= ffc312cf9e0) at eval.c:2754
#17 0x000000000056877c in run_hook_wrapped_f= uncall (nargs=3D<optimized out>, args=3D0x7ffc312cf9e0) at eval.c:242= 8
#18 0x0000000000566f1d in run_hook_with_args (nargs=3D2, args=3D0x7ffc= 312cf9e0, funcall=3D0x568760 <run_hook_wrapped_funcall>) at eval.c:25= 09
#19 0x00000000005685e1 in Ffuncall (nargs=3D3, args=3Dargs@entry=3D0x= 7ffc312cf9d8) at eval.c:2673
#20 0x00000000005a1803 in exec_byte_code (b= ytestr=3D<optimized out>, vector=3D<optimized out>, maxdepth=3D= <optimized out>, args_template=3D<optimized out>, nargs=3Dnargs= @entry=3D11260594, args=3D<optimized out>,
=C2=A0 =C2=A0 args@entr= y=3D0x9a8604 <pure+1343268>) at bytecode.c:880
#21 0x0000000000568= 20b in funcall_lambda (fun=3D140721133518064, nargs=3D11260594, nargs@entry= =3D2, arg_vector=3D0x9a8604 <pure+1343268>, arg_vector@entry=3D0x7ffc= 312cfbf0) at eval.c:2855
#22 0x00000000005684cb in Ffuncall (nargs=3D3, = args=3Dargs@entry=3D0x7ffc312cfbe8) at eval.c:2754
#23 0x00000000005a180= 3 in exec_byte_code (bytestr=3D<optimized out>, vector=3D<optimize= d out>, maxdepth=3D<optimized out>, args_template=3D<optimized = out>, nargs=3Dnargs@entry=3D11260309, args=3D<optimized out>,
= =C2=A0 =C2=A0 args@entry=3D0x9a872c <pure+1343564>) at bytecode.c:880=
#24 0x000000000056820b in funcall_lambda (fun=3D140721133518544, nargs= =3D11260309, nargs@entry=3D2, arg_vector=3D0x9a872c <pure+1343564>, a= rg_vector@entry=3D0x7ffc312cfe18) at eval.c:2855
#25 0x00000000005684cb = in Ffuncall (nargs=3D3, args=3Dargs@entry=3D0x7ffc312cfe10) at eval.c:2754<= br>#26 0x00000000005a1803 in exec_byte_code (bytestr=3D<optimized out>= ;, vector=3D<optimized out>, maxdepth=3D<optimized out>, args_t= emplate=3D<optimized out>, nargs=3Dnargs@entry=3D11260666, args=3D<= ;optimized out>,
=C2=A0 =C2=A0 args@entry=3D0x9a84bc <pure+1342940= >) at bytecode.c:880
#27 0x000000000056820b in funcall_lambda (fun=3D= 0, nargs=3D11260666, nargs@entry=3D1, arg_vector=3D0x9a84bc <pure+134294= 0>, arg_vector@entry=3D0x7ffc312d0018) at eval.c:2855
#28 0x000000000= 05684cb in Ffuncall (nargs=3Dnargs@entry=3D2, args=3Dargs@entry=3D0x7ffc312= d0010) at eval.c:2754
#29 0x0000000000566e80 in internal_condition_case_= n (bfun=3D0x5682c0 <Ffuncall>, nargs=3Dnargs@entry=3D2, args=3Dargs@e= ntry=3D0x7ffc312d0010, handlers=3Dhandlers@entry=3D44832, hfun=3Dhfun@entry= =3D0x43dfb0 <safe_eval_handler>)
=C2=A0 =C2=A0 at eval.c:1389
#= 30 0x000000000042ef78 in safe__call (inhibit_quit=3Dinhibit_quit@entry=3Dfa= lse, nargs=3Dnargs@entry=3D2, func=3D<optimized out>, ap=3Dap@entry= =3D0x7ffc312d0090) at xdisp.c:2558
#31 0x000000000043afac in safe_call (= nargs=3Dnargs@entry=3D2, func=3D<optimized out>) at xdisp.c:2574
#= 32 0x000000000043afe2 in safe_call1 (fn=3D<optimized out>, arg=3Darg@= entry=3D6222870) at xdisp.c:2585
#33 0x000000000043b110 in handle_fontif= ied_prop (it=3D0x7ffc312d6300) at xdisp.c:3805
#34 0x000000000043fdfa in= handle_stop (it=3Dit@entry=3D0x7ffc312d6300) at xdisp.c:3371
#35 0x0000= 0000004449b2 in next_element_from_buffer (it=3D0x7ffc312d6300) at xdisp.c:8= 321
#36 0x0000000000442d25 in get_next_display_element (it=3Dit@entry=3D= 0x7ffc312d6300) at xdisp.c:6921
#37 0x0000000000444f62 in move_it_in_dis= play_line_to (it=3Dit@entry=3D0x7ffc312d6300, to_charpos=3Dto_charpos@entry= =3D1559034, to_x=3Dto_x@entry=3D0, op=3Dop@entry=3D(MOVE_TO_X | MOVE_TO_POS= )) at xdisp.c:8662
#38 0x000000000044716c in move_it_to (it=3Dit@entry= =3D0x7ffc312d6300, to_charpos=3Dto_charpos@entry=3D1559034, to_x=3Dto_x@ent= ry=3D-1, to_y=3D51, to_vpos=3Dto_vpos@entry=3D-1, op=3Dop@entry=3D10) at xd= isp.c:9231
#39 0x000000000044ce7f in pos_visible_p (w=3Dw@entry=3D0x375b= 290, charpos=3D1559034, x=3Dx@entry=3D0x7ffc312d9c9c, y=3Dy@entry=3D0x7ffc3= 12d9ca0, rtop=3Drtop@entry=3D0x7ffc312d9cac, rbot=3Drbot@entry=3D0x7ffc312d= 9cb0,
=C2=A0 =C2=A0 rowh=3D0x7ffc312d9ca4, vpos=3D0x7ffc312d9ca8) at xdi= sp.c:1336
#40 0x0000000000464ba9 in redisplay_window (window=3D58045077,= just_this_one_p=3Djust_this_one_p@entry=3Dfalse) at xdisp.c:16626
#41 0= x000000000046803b in redisplay_window_0 (window=3Dwindow@entry=3D58045077) = at xdisp.c:14446
#42 0x0000000000566d6c in internal_condition_case_1 (bf= un=3Dbfun@entry=3D0x468010 <redisplay_window_0>, arg=3D58045077, hand= lers=3D<optimized out>, hfun=3Dhfun@entry=3D0x42d230 <redisplay_wi= ndow_error>) at eval.c:1333
#43 0x0000000000432273 in redisplay_windo= ws (window=3D58045077) at xdisp.c:14426
#44 0x0000000000432238 in redisp= lay_windows (window=3D58044589) at xdisp.c:14420
#45 0x0000000000454db9 = in redisplay_internal () at xdisp.c:13986
#46 0x0000000000456ede in redi= splay_preserve_echo_area (from_where=3Dfrom_where@entry=3D12) at xdisp.c:14= 279
#47 0x00000000005ad119 in wait_reading_process_output (time_limit=3D= time_limit@entry=3D120, nsecs=3Dnsecs@entry=3D0, read_kbd=3Dread_kbd@entry= =3D-1, do_display=3Ddo_display@entry=3Dtrue, wait_for_cell=3Dwait_for_cell@= entry=3D0,
=C2=A0 =C2=A0 wait_proc=3Dwait_proc@entry=3D0x0, just_wait_pr= oc=3D0) at process.c:5074
#48 0x0000000000422d35 in sit_for (timeout=3D&= lt;optimized out>, reading=3Dreading@entry=3Dtrue, display_option=3Ddisp= lay_option@entry=3D1) at dispnew.c:5762
#49 0x00000000004fe971 in read_c= har (commandflag=3Dcommandflag@entry=3D1, map=3Dmap@entry=3D76057843, prev_= event=3D0, used_mouse_menu=3Dused_mouse_menu@entry=3D0x7ffc312de2bb, end_ti= me=3Dend_time@entry=3D0x0) at keyboard.c:2714
#50 0x00000000004ff59b in = read_key_sequence (keybuf=3Dkeybuf@entry=3D0x7ffc312de3e0, prompt=3Dprompt@= entry=3D0, dont_downcase_last=3Ddont_downcase_last@entry=3Dfalse,
=C2=A0= =C2=A0 can_return_switch_frame=3Dcan_return_switch_frame@entry=3Dtrue, fix= _current_buffer=3Dfix_current_buffer@entry=3Dtrue, prevent_redisplay=3Dprev= ent_redisplay@entry=3Dfalse, bufsize=3D30) at keyboard.c:9063
#51 0x0000= 00000050131e in command_loop_1 () at keyboard.c:1365
#52 0x0000000000566= cf6 in internal_condition_case (bfun=3Dbfun@entry=3D0x5010e0 <command_lo= op_1>, handlers=3Dhandlers@entry=3D19056, hfun=3Dhfun@entry=3D0x4f5d20 &= lt;cmd_error>) at eval.c:1309
#53 0x00000000004f2744 in command_loop_= 2 (ignore=3Dignore@entry=3D0) at keyboard.c:1107
#54 0x0000000000566c7b = in internal_catch (tag=3Dtag@entry=3D46224, func=3Dfunc@entry=3D0x4f2720 &l= t;command_loop_2>, arg=3Darg@entry=3D0) at eval.c:1074
#55 0x00000000= 004f26ed in command_loop () at keyboard.c:1086
#56 0x00000000004f5913 in= recursive_edit_1 () at keyboard.c:692
#57 0x00000000004f5c53 in Frecurs= ive_edit () at keyboard.c:763
#58 0x0000000000418db4 in main (argc=3D2, = argv=3D0x7ffc312de768) at emacs.c:1626

Lisp Backtrace:
"re-s= earch-forward" (0x312cf090)
"font-lock-fontify-keywords-region= " (0x312cf2c0)
"font-lock-default-fontify-region" (0x312c= f4d0)
"font-lock-fontify-region" (0x312cf6e8)
0x429efa0 PVE= C_COMPILED
"run-hook-wrapped" (0x312cf9e0)
"jit-lock--= run-functions" (0x312cfbf0)
"jit-lock-fontify-now" (0x312= cfe18)
"jit-lock-function" (0x312d0018)
"redisplay_int= ernal (C function)" (0x0)

(gdb) up
#1 =C2=A00x00000000005395= ef in search_buffer (string=3Dstring@entry=3D48209668, pos=3D<optimized = out>, pos_byte=3D<optimized out>, lim=3Dlim@entry=3D1556364, lim_b= yte=3Dlim_byte@entry=3D1556417, n=3D1, RE=3D1, trt=3D0, inverse_trt=3D0,=C2=A0 =C2=A0 posix=3Dfalse) at search.c:1265
1265 =C2=A0val =3D re_sea= rch_2 (bufp, (char *) p1, s1, (char *) p2, s2,

(gdb) print p1
$30= =3D (unsigned char *) 0x6154ca8 <error: Cannot access memory at address= 0x6154ca8>

(gdb) print BEGV_ADDR
$31 =3D (unsigned char *) 0x= 5e0dca8 "-*- mode: grep; default-directory: \"/tmp/alt/\" -*= -\nGrep started at Wed Oct 26 17:08:00\n\nfind . -type d \\( -path \\*/SCCS= -o -path \\*/RCS -o -path \\*/CVS -o -path \\*/MCVS -o -path \\*/.src -o -= path \\*/.s"...

So, while BEGV_ADDR is valid, re_search_= 2 gets called with an invalid pointer, which is strange because p1 is initi= alized from BEGV_ADDR a few lines earlier and there are no locations within= search_buffer, where p1 is updated. That can only mean, that BEGV_ADDR is = updated somewhere within search_buffer. Is the rgrep process supposed to be= able to write to (hence possibly reallocate) its buffer during a single se= arch_buffer call? Can somebody help me with producing a test case for this = for the bug report?


thanks
--94eb2c184a8ce04c7f053fc6d981--