23.0.60: segfault in syntax.c: char_quoted

23.0.60: segfault in syntax.c: char_quoted

[Adrian Robert]

I have for a long time received a segfault in syntax.c char_quoted()  
function DEC_BOTH() line as detailed in stack traces below.  This is  
in Emacs.app (the "Cocoa" port), and I am not 100% certain that it's  
not due to something there, though I'm uncertain how any code in this  
port could affect GUI syntax, or due to  some elisp in my environment,  
or due to the files involved.  Unfortunately it is not reliably  
reproducible.

Examining the definition of DEC_BOTH, it seems that calling it when  
charpos or bytepos < 2 will always cause segv.  In the crashes below  
they are called when they are 0, from back_comment().

I have patched in Emacs.app by a check for charpos/bytepos<2 in  
char_quoted, but I'm wondering if anyone familiar with the syntax code  
might spot something anomalous in the call stack leading there?



Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x17054fff
0x002065b8 in char_quoted (charpos=0, bytepos=0) at syntax.c:302
302	  DEC_BOTH (charpos, bytepos);
(gdb) bt
#0  0x002065b8 in char_quoted (charpos=0, bytepos=0) at syntax.c:302
#1  0x00209430 in back_comment (from=1, from_byte=1, stop=1,  
comnested=0, comstyle=0, charpos_ptr=0xbfffbca4,  
bytepos_ptr=0xbfffbca0) at syntax.c:587
#2  0x0021dedc in scan_lists (from=1153, count=-1, depth=1,  
sexpflag=0) at syntax.c:2740
#3  0x0021f010 in Fscan_lists (from=472480, count=-8, depth=8) at  
syntax.c:2833
#4  0x001c4d58 in Ffuncall (nargs=4, args=0xbfffc2a0) at eval.c:3054
#5  0x0022b7f8 in Fbyte_code (bytestr=3538459, vector=3538476,  
maxdepth=40) at bytecode.c:678
#6  0x001c58a0 in funcall_lambda (fun=3538412, nargs=1,  
arg_vector=0xbfffc624) at eval.c:3239
#7  0x001c5048 in Ffuncall (nargs=2, args=0xbfffc620) at eval.c:3094
#8  0x0022b7f8 in Fbyte_code (bytestr=3538355, vector=3538372,  
maxdepth=16) at bytecode.c:678
#9  0x001c58a0 in funcall_lambda (fun=3538308, nargs=1,  
arg_vector=0xbfffc994) at eval.c:3239
#10 0x001c5048 in Ffuncall (nargs=2, args=0xbfffc990) at eval.c:3094
#11 0x0022b7f8 in Fbyte_code (bytestr=54021875, vector=400887652,  
maxdepth=16) at bytecode.c:678
#12 0x001c3398 in Feval (form=382482037) at eval.c:2385
#13 0x001c0cd8 in internal_lisp_condition_case (var=25165833,  
bodyform=382482037, handlers=382481989) at eval.c:1460
#14 0x0022c914 in Fbyte_code (bytestr=53895747, vector=54275588,  
maxdepth=64) at bytecode.c:868
#15 0x001c58a0 in funcall_lambda (fun=400887940, nargs=0,  
arg_vector=0xbfffd414) at eval.c:3239
#16 0x001c5048 in Ffuncall (nargs=1, args=0xbfffd410) at eval.c:3094
#17 0x0022b7f8 in Fbyte_code (bytestr=54413427, vector=401236900,  
maxdepth=48) at bytecode.c:678
#18 0x001c58a0 in funcall_lambda (fun=401237188, nargs=0,  
arg_vector=0xbfffd794) at eval.c:3239
#19 0x001c5048 in Ffuncall (nargs=1, args=0xbfffd790) at eval.c:3094
#20 0x0022b7f8 in Fbyte_code (bytestr=3407483, vector=3407500,  
maxdepth=16) at bytecode.c:678
#21 0x001c58a0 in funcall_lambda (fun=3407452, nargs=0,  
arg_vector=0xbfffdb04) at eval.c:3239
#22 0x001c5048 in Ffuncall (nargs=1, args=0xbfffdb00) at eval.c:3094
#23 0x0022b7f8 in Fbyte_code (bytestr=54480403, vector=401191604,  
maxdepth=48) at bytecode.c:678
#24 0x001c58a0 in funcall_lambda (fun=401191844, nargs=1,  
arg_vector=0xbfffde84) at eval.c:3239
#25 0x001c5048 in Ffuncall (nargs=2, args=0xbfffde80) at eval.c:3094
#26 0x0022b7f8 in Fbyte_code (bytestr=54493075, vector=400949860,  
maxdepth=24) at bytecode.c:678
#27 0x001c58a0 in funcall_lambda (fun=400949988, nargs=2,  
arg_vector=0xbfffe1f4) at eval.c:3239
#28 0x001c5048 in Ffuncall (nargs=3, args=0xbfffe1f0) at eval.c:3094
#29 0x001c3be4 in Fapply (nargs=2, args=0xbfffe2ac) at eval.c:2536
#30 0x001c42d0 in apply1 (fn=54483113, arg=392999317) at eval.c:2797
warning: .o file "/Users/arobert/src/EmacsApp/emacs/branches/emacs-app/ 
src/callint.o" more recent than executable timestamp
#31 0x001bb188 in Fcall_interactively (function=54483113,  
record_flag=25165833, keys=55200260) at callint.c:389
#32 0x001c4d58 in Ffuncall (nargs=4, args=0xbfffe578) at eval.c:3054
#33 0x001c447c in call3 (fn=25276825, arg1=54483113, arg2=25165833,  
arg3=25165833) at eval.c:2874
#34 0x0010f24c in Fcommand_execute (cmd=54483113,  
record_flag=25165833, keys=25165833, special=25165833) at keyboard.c: 
10451
#35 0x000f9810 in command_loop_1 () at keyboard.c:1915
#36 0x001c0eb4 in internal_condition_case (bfun=0xf7450  
<command_loop_1>, handlers=25205449, hfun=0xf68e0 <cmd_error>) at  
eval.c:1515
#37 0x000f6f44 in command_loop_2 () at keyboard.c:1372
#38 0x001c06d0 in internal_catch (tag=25201521, func=0xf6f04  
<command_loop_2>, arg=25165833) at eval.c:1251
#39 0x000f6ea8 in command_loop () at keyboard.c:1351
#40 0x000f60cc in recursive_edit_1 () at keyboard.c:960
#41 0x000f63ac in Frecursive_edit () at keyboard.c:1022
#42 0x000f3e44 in main (argc=1, argv=0xbffff1d4) at emacs.c:1808

Lisp Backtrace:
"scan-lists" (0xbfffc2a4)
"up-list" (0xbfffc624)
"backward-up-list" (0xbfffc994)
"byte-code" (0xbfffcc54)
"c-guess-basic-syntax" (0xbfffd414)
"c-indent-line" (0xbfffd794)
0x33fe5c warning: .o file "/Users/arobert/src/EmacsApp/emacs/branches/ 
emacs-app/src/image.o" more recent than executable timestamp
PVEC_COMPILED
"c-indent-command" (0xbfffde84)
"c-indent-line-or-region" (0xbfffe1f4)
"call-interactively" (0xbfffe57c)


-------------------------------------

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x02f12fff
0x002065b8 in char_quoted (charpos=0, bytepos=0) at syntax.c:302
302	  DEC_BOTH (charpos, bytepos);
(gdb) bt
#0  0x002065b8 in char_quoted (charpos=0, bytepos=0) at syntax.c:302
#1  0x00209430 in back_comment (from=1, from_byte=1, stop=1,  
comnested=0, comstyle=0, charpos_ptr=0xbfff9744,  
bytepos_ptr=0xbfff9748) at syntax.c:587
#2  0x00216ef4 in Fforward_comment (count=-8) at syntax.c:2376
#3  0x001c4cc0 in Ffuncall (nargs=2, args=0xbfff9a60) at eval.c:3048
#4  0x0022b7f8 in Fbyte_code (bytestr=54102067, vector=401504068,  
maxdepth=56) at bytecode.c:678
#5  0x001c58a0 in funcall_lambda (fun=401483492, nargs=0,  
arg_vector=0xbfff9de4) at eval.c:3239
#6  0x001c5048 in Ffuncall (nargs=1, args=0xbfff9de0) at eval.c:3094
#7  0x0022b7f8 in Fbyte_code (bytestr=54397043, vector=401519684,  
maxdepth=48) at bytecode.c:678
#8  0x001c58a0 in funcall_lambda (fun=401413412, nargs=1,  
arg_vector=0xbfffa164) at eval.c:3239
#9  0x001c5048 in Ffuncall (nargs=2, args=0xbfffa160) at eval.c:3094
#10 0x0022b7f8 in Fbyte_code (bytestr=3458051, vector=3458068,  
maxdepth=72) at bytecode.c:678
#11 0x001c58a0 in funcall_lambda (fun=3457988, nargs=3,  
arg_vector=0xbfffa4f4) at eval.c:3239
#12 0x001c5048 in Ffuncall (nargs=4, args=0xbfffa4f0) at eval.c:3094
#13 0x0022b7f8 in Fbyte_code (bytestr=3454659, vector=3454676,  
maxdepth=40) at bytecode.c:678
#14 0x001c58a0 in funcall_lambda (fun=3454612, nargs=3,  
arg_vector=0xbfffa874) at eval.c:3239
#15 0x001c5048 in Ffuncall (nargs=4, args=0xbfffa870) at eval.c:3094
#16 0x0022b7f8 in Fbyte_code (bytestr=3453419, vector=3453436,  
maxdepth=32) at bytecode.c:678
#17 0x001c58a0 in funcall_lambda (fun=3453364, nargs=2,  
arg_vector=0xbfffad58) at eval.c:3239
#18 0x001c5048 in Ffuncall (nargs=3, args=0xbfffad54) at eval.c:3094
#19 0x001c3ff4 in run_hook_with_args (nargs=3, args=0xbfffad54,  
cond=to_completion) at eval.c:2707
#20 0x001c3cd8 in Frun_hook_with_args (nargs=3, args=0xbfffad54) at  
eval.c:2595
#21 0x001c4ac0 in Ffuncall (nargs=4, args=0xbfffad50) at eval.c:3029
#22 0x0022b7f8 in Fbyte_code (bytestr=3465451, vector=3465476,  
maxdepth=32) at bytecode.c:678
#23 0x001c3398 in Feval (form=3465437) at eval.c:2385
#24 0x001c0cd8 in internal_lisp_condition_case (var=25480137,  
bodyform=3465437, handlers=3465509) at eval.c:1460
#25 0x0022c914 in Fbyte_code (bytestr=3465115, vector=3465132,  
maxdepth=64) at bytecode.c:868
#26 0x001c58a0 in funcall_lambda (fun=3465060, nargs=2,  
arg_vector=0xbfffb7d4) at eval.c:3239
#27 0x001c5048 in Ffuncall (nargs=3, args=0xbfffb7d0) at eval.c:3094
#28 0x0022b7f8 in Fbyte_code (bytestr=3464795, vector=3464812,  
maxdepth=72) at bytecode.c:678
#29 0x001c58a0 in funcall_lambda (fun=3464756, nargs=1,  
arg_vector=0xbfffbf6c) at eval.c:3239
#30 0x001c5048 in Ffuncall (nargs=2, args=0xbfffbf68) at eval.c:3094
#31 0x001c1284 in internal_condition_case_2 (bfun=0x1c4668 <Ffuncall>,  
nargs=2, args=0xbfffbf68, handlers=25165881, hfun=0x2a394  
<safe_eval_handler>) at eval.c:1614
#32 0x0002a4c4 in safe_call (nargs=2, args=0xbfffbf68) at xdisp.c:2369
#33 0x0002a534 in safe_call1 (fn=35634401, arg=12608) at xdisp.c:2389
#34 0x0002cb58 in handle_fontified_prop (it=0xbfffc728) at xdisp.c:3350
#35 0x0002c168 in handle_stop (it=0xbfffc728) at xdisp.c:3101
#36 0x0003683c in next_element_from_buffer (it=0xbfffc728) at xdisp.c: 
6496
#37 0x000345dc in get_next_display_element (it=0xbfffc728) at xdisp.c: 
5754
#38 0x00036dc4 in move_it_in_display_line_to (it=0xbfffc728,  
to_charpos=1576, to_x=0, op=9) at xdisp.c:6698
#39 0x00037bb4 in move_it_to (it=0xbfffc728, to_charpos=1576, to_x=-1,  
to_y=407, to_vpos=-1, op=10) at xdisp.c:7015
#40 0x000259c8 in pos_visible_p (w=0x17f267e0, charpos=1576,  
x=0xbfffd00c, y=0xbfffd010, rtop=0xbfffcffc, rbot=0xbfffd000,  
rowh=0xbfffd004, vpos=0xbfffd008) at xdisp.c:1337
warning: .o file "/Users/arobert/src/EmacsApp/emacs/branches/emacs-app/ 
src/window.o" more recent than executable timestamp
#41 0x0006e144 in Fpos_visible_in_window_p (pos=12608,  
window=25165833, partially=25165833) at window.c:342
#42 0x001c4d58 in Ffuncall (nargs=2, args=0xbfffd130) at eval.c:3054
#43 0x0022b7f8 in Fbyte_code (bytestr=58195203, vector=392333860,  
maxdepth=24) at bytecode.c:678
#44 0x001c58a0 in funcall_lambda (fun=392334036, nargs=4,  
arg_vector=0xbfffd4a4) at eval.c:3239
#45 0x001c5048 in Ffuncall (nargs=5, args=0xbfffd4a0) at eval.c:3094
#46 0x0022b7f8 in Fbyte_code (bytestr=57852387, vector=388358532,  
maxdepth=72) at bytecode.c:678
#47 0x001c58a0 in funcall_lambda (fun=388358788, nargs=1,  
arg_vector=0xbfffd834) at eval.c:3239
#48 0x001c5048 in Ffuncall (nargs=2, args=0xbfffd830) at eval.c:3094
#49 0x0022b7f8 in Fbyte_code (bytestr=58032803, vector=388703716,  
maxdepth=40) at bytecode.c:678
#50 0x001c58a0 in funcall_lambda (fun=388358468, nargs=1,  
arg_vector=0xbfffdbb4) at eval.c:3239
#51 0x001c5048 in Ffuncall (nargs=2, args=0xbfffdbb0) at eval.c:3094
#52 0x0022b7f8 in Fbyte_code (bytestr=58381427, vector=401674292,  
maxdepth=16) at bytecode.c:678
#53 0x001c58a0 in funcall_lambda (fun=401650148, nargs=1,  
arg_vector=0xbfffdf24) at eval.c:3239
#54 0x001c5048 in Ffuncall (nargs=2, args=0xbfffdf20) at eval.c:3094
#55 0x0022b7f8 in Fbyte_code (bytestr=58283699, vector=388967364,  
maxdepth=32) at bytecode.c:678
#56 0x001c58a0 in funcall_lambda (fun=388967556, nargs=1,  
arg_vector=0xbfffe2d4) at eval.c:3239
#57 0x001c5048 in Ffuncall (nargs=2, args=0xbfffe2d0) at eval.c:3094
#58 0x001bd4f8 in Fcall_interactively (function=58420537,  
record_flag=25165833, keys=58543108) at callint.c:857
#59 0x001c4d58 in Ffuncall (nargs=4, args=0xbfffe578) at eval.c:3054
#60 0x001c447c in call3 (fn=25276825, arg1=58420537, arg2=25165833,  
arg3=25165833) at eval.c:2874
#61 0x0010f24c in Fcommand_execute (cmd=58420537,  
record_flag=25165833, keys=25165833, special=25165833) at keyboard.c: 
10451
#62 0x000f9810 in command_loop_1 () at keyboard.c:1915
#63 0x001c0eb4 in internal_condition_case (bfun=0xf7450  
<command_loop_1>, handlers=25205449, hfun=0xf68e0 <cmd_error>) at  
eval.c:1515
#64 0x000f6f44 in command_loop_2 () at keyboard.c:1372
#65 0x001c06d0 in internal_catch (tag=25201521, func=0xf6f04  
<command_loop_2>, arg=25165833) at eval.c:1251
#66 0x000f6ea8 in command_loop () at keyboard.c:1351
#67 0x000f60cc in recursive_edit_1 () at keyboard.c:960
#68 0x000f63ac in Frecursive_edit () at keyboard.c:1022
#69 0x000f3e44 in main (argc=1, argv=0xbffff1d4) at emacs.c:1808

Lisp Backtrace:
"forward-comment" (0xbfff9a64)
"c-backward-sws" (0xbfff9de4)
"c-font-lock-complex-decl-prepare" (0xbfffa164)
"font-lock-fontify-keywords-region" (0xbfffa4f4)
"font-lock-default-fontify-region" (0xbfffa874)
"font-lock-fontify-region" (0xbfffad58)
"run-hook-with-args" (0xbfffad54)
"byte-code" (0xbfffb014)
"jit-lock-fontify-now" (0xbfffb7d4)
"jit-lock-function" (0xbfffbf6c)
"pos-visible-in-window-p" (0xbfffd134)
"ediff-position-region" (0xbfffd4a4)
"ediff-recenter-one-window" (0xbfffd834)
"ediff-recenter" (0xbfffdbb4)
"ediff-unselect-and-select-difference" (0xbfffdf24)
"ediff-next-difference" (0xbfffe2d4)
"call-interactively" (0xbfffe57c)
(gdb)

Re: 23.0.60: segfault in syntax.c: char_quoted

[Adrian Robert]

[-- Attachment #1: Type: text/plain, Size: 7750 bytes --]


This crash bug also occurs when running under X11 on OS X -- it's not  
related to Emacs.app.  It cannot be triggered deterministically -- may  
depend on where emacs resides in memory.  However here is a test case  
that reproduces reliably:

emacs -Q syntaxDecBoth.el (attached)
M-x show-paren-mode
C-M-x C-g C-_

repeat the last key sequence a few times to get the crash.

The C backtrace is similar to posted below, but the lisp backtrace  
differs:

"scan-sexps" (0xbfffbe08)
"byte-code" (0xbfffc0c4)
"show-paren-function" (0xbfffc9a8)
"apply" (0xbfffc9a4)
"byte-code" (0xbfffcc64)
"timer-event-handler" (0xbfffd42c)

It would be interesting to know if this can be reproduced on other  
systems.



On Jun 9, 2008, at 1:22 PM, Adrian Robert wrote:

> I have for a long time received a segfault in syntax.c char_quoted()  
> function DEC_BOTH() line as detailed in stack traces below.  This is  
> in Emacs.app (the "Cocoa" port), and I am not 100% certain that it's  
> not due to something there, though I'm uncertain how any code in  
> this port could affect GUI syntax, or due to  some elisp in my  
> environment, or due to the files involved.  Unfortunately it is not  
> reliably reproducible.
>
> Examining the definition of DEC_BOTH, it seems that calling it when  
> charpos or bytepos < 2 will always cause segv.  In the crashes below  
> they are called when they are 0, from back_comment().
>
> I have patched in Emacs.app by a check for charpos/bytepos<2 in  
> char_quoted, but I'm wondering if anyone familiar with the syntax  
> code might spot something anomalous in the call stack leading there?
>
>
>
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_INVALID_ADDRESS at address: 0x17054fff
> 0x002065b8 in char_quoted (charpos=0, bytepos=0) at syntax.c:302
> 302	  DEC_BOTH (charpos, bytepos);
> (gdb) bt
> #0  0x002065b8 in char_quoted (charpos=0, bytepos=0) at syntax.c:302
> #1  0x00209430 in back_comment (from=1, from_byte=1, stop=1,  
> comnested=0, comstyle=0, charpos_ptr=0xbfffbca4,  
> bytepos_ptr=0xbfffbca0) at syntax.c:587
> #2  0x0021dedc in scan_lists (from=1153, count=-1, depth=1,  
> sexpflag=0) at syntax.c:2740
> #3  0x0021f010 in Fscan_lists (from=472480, count=-8, depth=8) at  
> syntax.c:2833
> #4  0x001c4d58 in Ffuncall (nargs=4, args=0xbfffc2a0) at eval.c:3054
> #5  0x0022b7f8 in Fbyte_code (bytestr=3538459, vector=3538476,  
> maxdepth=40) at bytecode.c:678
> #6  0x001c58a0 in funcall_lambda (fun=3538412, nargs=1,  
> arg_vector=0xbfffc624) at eval.c:3239
> #7  0x001c5048 in Ffuncall (nargs=2, args=0xbfffc620) at eval.c:3094
> #8  0x0022b7f8 in Fbyte_code (bytestr=3538355, vector=3538372,  
> maxdepth=16) at bytecode.c:678
> #9  0x001c58a0 in funcall_lambda (fun=3538308, nargs=1,  
> arg_vector=0xbfffc994) at eval.c:3239
> #10 0x001c5048 in Ffuncall (nargs=2, args=0xbfffc990) at eval.c:3094
> #11 0x0022b7f8 in Fbyte_code (bytestr=54021875, vector=400887652,  
> maxdepth=16) at bytecode.c:678
> #12 0x001c3398 in Feval (form=382482037) at eval.c:2385
> #13 0x001c0cd8 in internal_lisp_condition_case (var=25165833,  
> bodyform=382482037, handlers=382481989) at eval.c:1460
> #14 0x0022c914 in Fbyte_code (bytestr=53895747, vector=54275588,  
> maxdepth=64) at bytecode.c:868
> #15 0x001c58a0 in funcall_lambda (fun=400887940, nargs=0,  
> arg_vector=0xbfffd414) at eval.c:3239
> #16 0x001c5048 in Ffuncall (nargs=1, args=0xbfffd410) at eval.c:3094
> #17 0x0022b7f8 in Fbyte_code (bytestr=54413427, vector=401236900,  
> maxdepth=48) at bytecode.c:678
> #18 0x001c58a0 in funcall_lambda (fun=401237188, nargs=0,  
> arg_vector=0xbfffd794) at eval.c:3239
> #19 0x001c5048 in Ffuncall (nargs=1, args=0xbfffd790) at eval.c:3094
> #20 0x0022b7f8 in Fbyte_code (bytestr=3407483, vector=3407500,  
> maxdepth=16) at bytecode.c:678
> #21 0x001c58a0 in funcall_lambda (fun=3407452, nargs=0,  
> arg_vector=0xbfffdb04) at eval.c:3239
> #22 0x001c5048 in Ffuncall (nargs=1, args=0xbfffdb00) at eval.c:3094
> #23 0x0022b7f8 in Fbyte_code (bytestr=54480403, vector=401191604,  
> maxdepth=48) at bytecode.c:678
> #24 0x001c58a0 in funcall_lambda (fun=401191844, nargs=1,  
> arg_vector=0xbfffde84) at eval.c:3239
> #25 0x001c5048 in Ffuncall (nargs=2, args=0xbfffde80) at eval.c:3094
> #26 0x0022b7f8 in Fbyte_code (bytestr=54493075, vector=400949860,  
> maxdepth=24) at bytecode.c:678
> #27 0x001c58a0 in funcall_lambda (fun=400949988, nargs=2,  
> arg_vector=0xbfffe1f4) at eval.c:3239
> #28 0x001c5048 in Ffuncall (nargs=3, args=0xbfffe1f0) at eval.c:3094
> #29 0x001c3be4 in Fapply (nargs=2, args=0xbfffe2ac) at eval.c:2536
> #30 0x001c42d0 in apply1 (fn=54483113, arg=392999317) at eval.c:2797
> warning: .o file "/Users/arobert/src/EmacsApp/emacs/branches/emacs- 
> app/src/callint.o" more recent than executable timestamp
> #31 0x001bb188 in Fcall_interactively (function=54483113,  
> record_flag=25165833, keys=55200260) at callint.c:389
> #32 0x001c4d58 in Ffuncall (nargs=4, args=0xbfffe578) at eval.c:3054
> #33 0x001c447c in call3 (fn=25276825, arg1=54483113, arg2=25165833,  
> arg3=25165833) at eval.c:2874
> #34 0x0010f24c in Fcommand_execute (cmd=54483113,  
> record_flag=25165833, keys=25165833, special=25165833) at keyboard.c: 
> 10451
> #35 0x000f9810 in command_loop_1 () at keyboard.c:1915
> #36 0x001c0eb4 in internal_condition_case (bfun=0xf7450  
> <command_loop_1>, handlers=25205449, hfun=0xf68e0 <cmd_error>) at  
> eval.c:1515
> #37 0x000f6f44 in command_loop_2 () at keyboard.c:1372
> #38 0x001c06d0 in internal_catch (tag=25201521, func=0xf6f04  
> <command_loop_2>, arg=25165833) at eval.c:1251
> #39 0x000f6ea8 in command_loop () at keyboard.c:1351
> #40 0x000f60cc in recursive_edit_1 () at keyboard.c:960
> #41 0x000f63ac in Frecursive_edit () at keyboard.c:1022
> #42 0x000f3e44 in main (argc=1, argv=0xbffff1d4) at emacs.c:1808
>
> Lisp Backtrace:
> "scan-lists" (0xbfffc2a4)
> "up-list" (0xbfffc624)
> "backward-up-list" (0xbfffc994)
> "byte-code" (0xbfffcc54)
> "c-guess-basic-syntax" (0xbfffd414)
> "c-indent-line" (0xbfffd794)
> 0x33fe5c warning: .o file "/Users/arobert/src/EmacsApp/emacs/ 
> branches/emacs-app/src/image.o" more recent than executable timestamp
> PVEC_COMPILED
> "c-indent-command" (0xbfffde84)
> "c-indent-line-or-region" (0xbfffe1f4)
> "call-interactively" (0xbfffe57c)
>
>
> -------------------------------------
>
> Program received signal EXC_BAD_ACCESS, Could not access memory.
> Reason: KERN_INVALID_ADDRESS at address: 0x02f12fff
> 0x002065b8 in char_quoted (charpos=0, bytepos=0) at syntax.c:302
> 302	  DEC_BOTH (charpos, bytepos);
> (gdb) bt
> #0  0x002065b8 in char_quoted (charpos=0, bytepos=0) at syntax.c:302
> #1  0x00209430 in back_comment (from=1, from_byte=1, stop=1,  
> comnested=0, comstyle=0, charpos_ptr=0xbfff9744,  
> bytepos_ptr=0xbfff9748) at syntax.c:587
> #2  0x00216ef4 in Fforward_comment (count=-8) at syntax.c:2376
> #3  0x001c4cc0 in Ffuncall (nargs=2, args=0xbfff9a60) at eval.c:3048
> ...
> #69 0x000f3e44 in main (argc=1, argv=0xbffff1d4) at emacs.c:1808
>
> Lisp Backtrace:
> "forward-comment" (0xbfff9a64)
> "c-backward-sws" (0xbfff9de4)
> "c-font-lock-complex-decl-prepare" (0xbfffa164)
> "font-lock-fontify-keywords-region" (0xbfffa4f4)
> "font-lock-default-fontify-region" (0xbfffa874)
> "font-lock-fontify-region" (0xbfffad58)
> "run-hook-with-args" (0xbfffad54)
> "byte-code" (0xbfffb014)
> "jit-lock-fontify-now" (0xbfffb7d4)
> "jit-lock-function" (0xbfffbf6c)
> "pos-visible-in-window-p" (0xbfffd134)
> "ediff-position-region" (0xbfffd4a4)
> "ediff-recenter-one-window" (0xbfffd834)
> "ediff-recenter" (0xbfffdbb4)
> "ediff-unselect-and-select-difference" (0xbfffdf24)
> "ediff-next-difference" (0xbfffe2d4)
> "call-interactively" (0xbfffe57c)
> (gdb)


[-- Attachment #2: syntaxDecBoth.el --]
[-- Type: application/octet-stream, Size: 47 bytes --]

(while t
  (insert "(when t (if t t 'hi))\n"))

[-- Attachment #3: Type: text/plain, Size: 4 bytes --]

Re: 23.0.60: segfault in syntax.c: char_quoted

[Lennart Borgman (gmail)]

Adrian Robert wrote:
> 
> This crash bug also occurs when running under X11 on OS X -- it's not 
> related to Emacs.app.  It cannot be triggered deterministically -- may 
> depend on where emacs resides in memory.  However here is a test case 
> that reproduces reliably:
> 
> emacs -Q syntaxDecBoth.el (attached)
> M-x show-paren-mode
> C-M-x C-g C-_
> 
> repeat the last key sequence a few times to get the crash.
> 
> The C backtrace is similar to posted below, but the lisp backtrace differs:
> 
> "scan-sexps" (0xbfffbe08)
> "byte-code" (0xbfffc0c4)
> "show-paren-function" (0xbfffc9a8)
> "apply" (0xbfffc9a4)
> "byte-code" (0xbfffcc64)
> "timer-event-handler" (0xbfffd42c)
> 
> It would be interesting to know if this can be reproduced on other systems.


I tried a few time on w32 (CVS 2008-07-16) but did not get any crash.

Re: 23.0.60: segfault in syntax.c: char_quoted

[Adrian Robert]

On Jul 20, 2008, at 1:57 PM, Lennart Borgman (gmail) wrote:

> I tried a few time on w32 (CVS 2008-07-16) but did not get any crash.

OK..  right now it's reported at:

http://emacsbugs.donarmstrong.com/cgi-bin/bugreport.cgi?bug=580

as an OS X -only bug.

Re: 23.0.60: segfault in syntax.c: char_quoted

[Stefan Monnier]

> This crash bug also occurs when running under X11 on OS X -- it's not
> related to Emacs.app.  It cannot be triggered deterministically -- may
> depend on where emacs resides in memory.  However here is a test case  that
> reproduces reliably:

I believe I've fixed it, now.


        Stefan