* [lekktu@gmail.com: Re: Crash when having malformed PBM image on screen and viewing *Messages* buffer (on Windows)]
@ 2007-06-17 21:49 Richard Stallman
0 siblings, 0 replies; 5+ messages in thread
From: Richard Stallman @ 2007-06-17 21:49 UTC (permalink / raw)
To: emacs-devel
Would someone please investigate this, then ack?
------- Start of forwarded message -------
X-Spam-Status: No, score=0.0 required=5.0 tests=UNPARSEABLE_RELAY
autolearn=failed version=3.1.0
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta;
h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
b=jjLYd6aVBHAs6P9cM8EZsL02ek3MANOqVQCZ4KwMxcaDF94J6qKr952PRwFrN01qhDa3jKt3FrrBkINnV6BYRL0K7Dr1o+6bgIydG46Y5FOt4iipKSwFL6NY5qdSwZgnbGypQOSHQcfiDOvhecKo1kgbE0iUtxfHOrne97V3IPc=
Date: Sat, 16 Jun 2007 02:20:10 +0200
From: "Juanma Barranquero" <lekktu@gmail.com>
To: "Michael Schierl" <schierlm@gmx.de>
In-Reply-To: <467300B7.9080501@gmx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Disposition: inline
Cc: bug-gnu-emacs@gnu.org
Subject: Re: Crash when having malformed PBM image on screen and viewing
*Messages* buffer (on Windows)
On 6/15/07, Michael Schierl <schierlm@gmx.de> wrote:
> Sorry, this should have been xpm (and not xbm and not pbm in the
> subject). And also in the bug report below it should be :type xpm,
> although it crashes with :type pbm as well.
It's perfectly reproducible, yes.
It is aborting in temp_set_point_both, in the "charpos > BUF_ZV
(buffer)" comparison. In test runs, I get charpos == 316, BUF_ZV
(buffer) = 293.
Time for someone versed in redisplay.
#0 0x7c911231 in _end__ ()
#1 0x01135627 in w32_abort () at w32fns.c:9087
#2 0x01119ed7 in temp_set_point_both (buffer=0x16c1200, charpos=350,
bytepos=350) at intervals.c:1954
#3 0x0102a503 in redisplay_window (window=24978436, just_this_one_p=0)
at xdisp.c:13523
#4 0x0102c924 in redisplay_window_0 (window=24978436) at xdisp.c:11790
#5 0x0100a0b4 in internal_condition_case_1 (
bfun=0x102c8fa <redisplay_window_0>, arg=24978436, handlers=23807125,
hfun=0x101f526 <redisplay_window_error>) at eval.c:1529
#6 0x0101f308 in redisplay_windows (window=2089944429) at xdisp.c:11769
#7 0x0101f2c9 in redisplay_windows (window=2089944429) at xdisp.c:11763
#8 0x0102e417 in redisplay_internal (preserve_echo_area=6) at xdisp.c:11329
#9 0x010596b9 in read_char (commandflag=1, nmaps=3, maps=0x82fb40,
prev_event=23824385, used_mouse_menu=0x82fb88, end_time=0x0)
at keyboard.c:2670
#10 0x0105ae41 in read_key_sequence (keybuf=0x82fcb0, bufsize=30,
prompt=23824385, dont_downcase_last=0, can_return_switch_frame=1,
fix_current_buffer=1) at keyboard.c:9218
#11 0x0105c617 in command_loop_1 () at keyboard.c:1618
#12 0x0100a347 in internal_condition_case (bfun=0x105c486 <command_loop_1>,
handlers=23892617, hfun=0x105645e <cmd_error>) at eval.c:1481
#13 0x01050656 in command_loop_2 () at keyboard.c:1329
#14 0x0100a27c in internal_catch (tag=23882753,
func=0x1050633 <command_loop_2>, arg=23824385) at eval.c:1222
#15 0x010504a3 in command_loop () at keyboard.c:1308
#16 0x01050537 in recursive_edit_1 () at keyboard.c:1006
#17 0x0105061c in Frecursive_edit () at keyboard.c:1067
#18 0x01002a2b in main (argc=2, argv=0xf826a8) at emacs.c:1768
#19 0x01001247 in __mingw_CRTStartup ()
#20 0x01001298 in mainCRTStartup ()
#21 0x7c816fd7 in _end__ ()
Juanma
_______________________________________________
bug-gnu-emacs mailing list
bug-gnu-emacs@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-gnu-emacs
------- End of forwarded message -------
^ permalink raw reply [flat|nested] 5+ messages in thread
* [lekktu@gmail.com: Re: Crash when having malformed PBM image on screen and viewing *Messages* buffer (on Windows)]
@ 2007-07-23 18:06 Richard Stallman
2007-07-25 10:57 ` Jason Rumney
0 siblings, 1 reply; 5+ messages in thread
From: Richard Stallman @ 2007-07-23 18:06 UTC (permalink / raw)
To: emacs-devel
[I sent this message month ago but did not get a response.]
Would someone please investigate this, then ack?
------- Start of forwarded message -------
X-Spam-Status: No, score=0.0 required=5.0 tests=UNPARSEABLE_RELAY
autolearn=failed version=3.1.0
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta;
h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
b=jjLYd6aVBHAs6P9cM8EZsL02ek3MANOqVQCZ4KwMxcaDF94J6qKr952PRwFrN01qhDa3jKt3FrrBkINnV6BYRL0K7Dr1o+6bgIydG46Y5FOt4iipKSwFL6NY5qdSwZgnbGypQOSHQcfiDOvhecKo1kgbE0iUtxfHOrne97V3IPc=
Date: Sat, 16 Jun 2007 02:20:10 +0200
From: "Juanma Barranquero" <lekktu@gmail.com>
To: "Michael Schierl" <schierlm@gmx.de>
In-Reply-To: <467300B7.9080501@gmx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Disposition: inline
Cc: bug-gnu-emacs@gnu.org
Subject: Re: Crash when having malformed PBM image on screen and viewing
*Messages* buffer (on Windows)
On 6/15/07, Michael Schierl <schierlm@gmx.de> wrote:
> Sorry, this should have been xpm (and not xbm and not pbm in the
> subject). And also in the bug report below it should be :type xpm,
> although it crashes with :type pbm as well.
It's perfectly reproducible, yes.
It is aborting in temp_set_point_both, in the "charpos > BUF_ZV
(buffer)" comparison. In test runs, I get charpos == 316, BUF_ZV
(buffer) = 293.
Time for someone versed in redisplay.
#0 0x7c911231 in _end__ ()
#1 0x01135627 in w32_abort () at w32fns.c:9087
#2 0x01119ed7 in temp_set_point_both (buffer=0x16c1200, charpos=350,
bytepos=350) at intervals.c:1954
#3 0x0102a503 in redisplay_window (window=24978436, just_this_one_p=0)
at xdisp.c:13523
#4 0x0102c924 in redisplay_window_0 (window=24978436) at xdisp.c:11790
#5 0x0100a0b4 in internal_condition_case_1 (
bfun=0x102c8fa <redisplay_window_0>, arg=24978436, handlers=23807125,
hfun=0x101f526 <redisplay_window_error>) at eval.c:1529
#6 0x0101f308 in redisplay_windows (window=2089944429) at xdisp.c:11769
#7 0x0101f2c9 in redisplay_windows (window=2089944429) at xdisp.c:11763
#8 0x0102e417 in redisplay_internal (preserve_echo_area=6) at xdisp.c:11329
#9 0x010596b9 in read_char (commandflag=1, nmaps=3, maps=0x82fb40,
prev_event=23824385, used_mouse_menu=0x82fb88, end_time=0x0)
at keyboard.c:2670
#10 0x0105ae41 in read_key_sequence (keybuf=0x82fcb0, bufsize=30,
prompt=23824385, dont_downcase_last=0, can_return_switch_frame=1,
fix_current_buffer=1) at keyboard.c:9218
#11 0x0105c617 in command_loop_1 () at keyboard.c:1618
#12 0x0100a347 in internal_condition_case (bfun=0x105c486 <command_loop_1>,
handlers=23892617, hfun=0x105645e <cmd_error>) at eval.c:1481
#13 0x01050656 in command_loop_2 () at keyboard.c:1329
#14 0x0100a27c in internal_catch (tag=23882753,
func=0x1050633 <command_loop_2>, arg=23824385) at eval.c:1222
#15 0x010504a3 in command_loop () at keyboard.c:1308
#16 0x01050537 in recursive_edit_1 () at keyboard.c:1006
#17 0x0105061c in Frecursive_edit () at keyboard.c:1067
#18 0x01002a2b in main (argc=2, argv=0xf826a8) at emacs.c:1768
#19 0x01001247 in __mingw_CRTStartup ()
#20 0x01001298 in mainCRTStartup ()
#21 0x7c816fd7 in _end__ ()
Juanma
_______________________________________________
bug-gnu-emacs mailing list
bug-gnu-emacs@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-gnu-emacs
------- End of forwarded message -------
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [lekktu@gmail.com: Re: Crash when having malformed PBM image on screen and viewing *Messages* buffer (on Windows)]
2007-07-23 18:06 [lekktu@gmail.com: Re: Crash when having malformed PBM image on screen and viewing *Messages* buffer (on Windows)] Richard Stallman
@ 2007-07-25 10:57 ` Jason Rumney
2007-07-25 20:12 ` Richard Stallman
0 siblings, 1 reply; 5+ messages in thread
From: Jason Rumney @ 2007-07-25 10:57 UTC (permalink / raw)
To: rms; +Cc: emacs-devel
Richard Stallman wrote:
> [I sent this message month ago but did not get a response.]
>
> Would someone please investigate this, then ack?
>
As I said in the original thread about this bug, the problem can be
reproduced on GNU/Linux. The recipe to reproduce it is:
- start emacs -Q
- run this in *scratch* buffer
(progn
(put-image '(image :type pbm :data "") 0)
(pop-to-buffer "*Messages*")
(goto-char (point-max)))
Now press <down> <right> <down> <right>.
The problem seems to be some mixup between the *scratch* buffer and the
*Messages* buffer during redisplay. The crash occurs during redisplay
of the window containing the *scratch* buffer, near the end of
redisplay_window.
/* Restore current_buffer and value of point in it. */
TEMP_SET_PT_BOTH (CHARPOS (opoint), BYTEPOS (opoint));
set_buffer_internal_1 (old);
TEMP_SET_PT_BOTH (CHARPOS (lpoint), BYTEPOS (lpoint));
opoint is 193, which is the value of zv in the *scratch* buffer. But
lpoint is 386, which I think may be the length of the *Messages* buffer
at some point in the redisplay cycle (multiple messages are output
during redisplay). Setting breakpoints in message_dolog seems to
prevent the bug from appearing, so it is difficult to tell for sure.
The only code that changes lpoint is on line 13062 of xdisp.c, and
should only be run if the window being redisplayed is the selected
window, and the current_buffer has not changed. But AFAICT, the
selected_window should be the *Messages* buffer's window at this point,
while we are redisplaying the *scratch* buffer, so the bug is probably
to do with something changing selected_window somewhere before this point.
The sequence of events I have figured out so far is:
1. Pressing right arrow when at the end of the *Messages* buffer causes
a message "call interactively: End of buffer" to be displayed.
2. This triggers redisplay, during which Emacs attempts to display the
broken image again.
3. Attempting to display the broken image results in a message: "Not a
PBM image: `(image :type pbm :data )'".
4. When Emacs does not crash, the above message is (sometimes?) printed
twice, the first such message appears on the same line as the "End of
buffer" message.
5. Point in the *Messages* buffer ends up after the "End of buffer"
message, but before the "Not a PBM image" messages. There is code in
message_dolog to keep point at the end of the buffer if it was there
before. The fact that this goes wrong may be related to the bug we are
investigating.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [lekktu@gmail.com: Re: Crash when having malformed PBM image on screen and viewing *Messages* buffer (on Windows)]
2007-07-25 10:57 ` Jason Rumney
@ 2007-07-25 20:12 ` Richard Stallman
2007-08-06 17:23 ` Chong Yidong
0 siblings, 1 reply; 5+ messages in thread
From: Richard Stallman @ 2007-07-25 20:12 UTC (permalink / raw)
To: emacs-devel; +Cc: Jason Rumney
Thanks for repeating the added info. Would someone please debug this
on GNU/Linux, then DTRT and ack?
X-Spam-Status: No, score=0.0 required=5.0 tests=none autolearn=failed
version=3.1.0
Date: Wed, 25 Jul 2007 11:57:56 +0100
From: Jason Rumney <jasonr@gnu.org>
MIME-Version: 1.0
To: rms@gnu.org
Cc: emacs-devel@gnu.org
Subject: Re: [lekktu@gmail.com: Re: Crash when having malformed PBM image
on screen and viewing *Messages* buffer (on Windows)]
In-Reply-To: <E1ID2Iv-00087H-OW@fencepost.gnu.org>
Content-Type: text/plain; charset=ISO-8859-15
Richard Stallman wrote:
> [I sent this message month ago but did not get a response.]
>
> Would someone please investigate this, then ack?
>
As I said in the original thread about this bug, the problem can be
reproduced on GNU/Linux. The recipe to reproduce it is:
- start emacs -Q
- run this in *scratch* buffer
(progn
(put-image '(image :type pbm :data "") 0)
(pop-to-buffer "*Messages*")
(goto-char (point-max)))
Now press <down> <right> <down> <right>.
The problem seems to be some mixup between the *scratch* buffer and the
*Messages* buffer during redisplay. The crash occurs during redisplay
of the window containing the *scratch* buffer, near the end of
redisplay_window.
/* Restore current_buffer and value of point in it. */
TEMP_SET_PT_BOTH (CHARPOS (opoint), BYTEPOS (opoint));
set_buffer_internal_1 (old);
TEMP_SET_PT_BOTH (CHARPOS (lpoint), BYTEPOS (lpoint));
opoint is 193, which is the value of zv in the *scratch* buffer. But
lpoint is 386, which I think may be the length of the *Messages* buffer
at some point in the redisplay cycle (multiple messages are output
during redisplay). Setting breakpoints in message_dolog seems to
prevent the bug from appearing, so it is difficult to tell for sure.
The only code that changes lpoint is on line 13062 of xdisp.c, and
should only be run if the window being redisplayed is the selected
window, and the current_buffer has not changed. But AFAICT, the
selected_window should be the *Messages* buffer's window at this point,
while we are redisplaying the *scratch* buffer, so the bug is probably
to do with something changing selected_window somewhere before this point.
The sequence of events I have figured out so far is:
1. Pressing right arrow when at the end of the *Messages* buffer causes
a message "call interactively: End of buffer" to be displayed.
2. This triggers redisplay, during which Emacs attempts to display the
broken image again.
3. Attempting to display the broken image results in a message: "Not a
PBM image: `(image :type pbm :data )'".
4. When Emacs does not crash, the above message is (sometimes?) printed
twice, the first such message appears on the same line as the "End of
buffer" message.
5. Point in the *Messages* buffer ends up after the "End of buffer"
message, but before the "Not a PBM image" messages. There is code in
message_dolog to keep point at the end of the buffer if it was there
before. The fact that this goes wrong may be related to the bug we are
investigating.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [lekktu@gmail.com: Re: Crash when having malformed PBM image on screen and viewing *Messages* buffer (on Windows)]
2007-07-25 20:12 ` Richard Stallman
@ 2007-08-06 17:23 ` Chong Yidong
0 siblings, 0 replies; 5+ messages in thread
From: Chong Yidong @ 2007-08-06 17:23 UTC (permalink / raw)
To: rms; +Cc: Jason Rumney, emacs-devel
> As I said in the original thread about this bug, the problem can be
> reproduced on GNU/Linux. The recipe to reproduce it is:
>
> - start emacs -Q
> - run this in *scratch* buffer
>
> (progn
> (put-image '(image :type pbm :data "") 0)
> (pop-to-buffer "*Messages*")
> (goto-char (point-max)))
>
> Now press <down> <right> <down> <right>.
The problem is that the size of the *Messages* buffer shrinks during
redisplay_window, as a result of message log truncation: from
...
unsigned char *) 0x85da2f8 "pe pbm :data )'
call-interactively: End of bufferNot a PBM image: `(image :type pbm :data )'
call-interactively: End of buffer
to
...
unsigned char *) 0x85da4cc "pe pbm :data )'
call-interactively: End of bufferNot a PBM image: `(image :type pbm :data )' [2 times]
I've checked in code into both the trunk and branch to handle this
corner case.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-08-06 17:23 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-07-23 18:06 [lekktu@gmail.com: Re: Crash when having malformed PBM image on screen and viewing *Messages* buffer (on Windows)] Richard Stallman
2007-07-25 10:57 ` Jason Rumney
2007-07-25 20:12 ` Richard Stallman
2007-08-06 17:23 ` Chong Yidong
-- strict thread matches above, loose matches on Subject: below --
2007-06-17 21:49 Richard Stallman
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).