* emacs-21.1.94 crash in gnus on Windows
@ 2010-03-15 23:40 Andy Moreton
2010-03-16 10:33 ` Eli Zaretskii
0 siblings, 1 reply; 20+ messages in thread
From: Andy Moreton @ 2010-03-15 23:40 UTC (permalink / raw)
To: emacs-devel
Hi,
I've built 21.1.94 pretest on WinXP SP3 with MinGW gcc, and I'm seeing
a repeatable crash in gnus. Running emacs under gdb I managed to capture
a crash, with the following results:
Program received signal SIGSEGV, Segmentation fault.
0x0102ef33 in pos_visible_p (w=0x2fa6e00, charpos=0x22fa, x=0x82eef8, y=0x82eef4, rtop=0x82ef08,
rbot=0x82ef04, rowh=0x82ef00, vpos=0x82eefc) at xdisp.c:1397
1397 && (!BUFFERP (glyph->object)
(gdb) warning: frame 02FA6400 (emacs@aji *Group*) obscured
warning: obscured frame 02FA6400 (emacs@aji *Group*) found to be visible
bt
#0 0x0102ef33 in pos_visible_p (w=0x2fa6e00, charpos=0x22fa, x=0x82eef8, y=0x82eef4,
rtop=0x82ef08, rbot=0x82ef04, rowh=0x82ef00, vpos=0x82eefc) at xdisp.c:1397
#1 0x010f62d8 in Fpos_visible_in_window_p (pos=0x8be8, window=0x2fa6e05, partially=0x2ba7802)
at window.c:357
#2 0x010228b1 in Ffuncall (nargs=0x3, args=0x82f010) at eval.c:3030
#3 0x01113471 in Fbyte_code (bytestr=0x3904201, vector=0x3aacc05, maxdepth=0x10) at bytecode.c:680
#4 0x01022fae in funcall_lambda (fun=0x3ab08c5, nargs=0x0, arg_vector=0x82f2c8) at eval.c:3211
#5 0x01022a86 in Ffuncall (nargs=0x1, args=0x82f2c4) at eval.c:3070
#6 0x01113471 in Fbyte_code (bytestr=0x39182e1, vector=0x3aac405, maxdepth=0x10) at bytecode.c:680
#7 0x01022fae in funcall_lambda (fun=0x3ab6125, nargs=0x1, arg_vector=0x82f574) at eval.c:3211
#8 0x01022a86 in Ffuncall (nargs=0x2, args=0x82f570) at eval.c:3070
#9 0x01113471 in Fbyte_code (bytestr=0x3ab7831, vector=0x3abad05, maxdepth=0x14) at bytecode.c:680
#10 0x01022fae in funcall_lambda (fun=0x3abbae5, nargs=0x1, arg_vector=0x82f884) at eval.c:3211
#11 0x01022a86 in Ffuncall (nargs=0x2, args=0x82f880) at eval.c:3070
#12 0x01117b8a in Fcall_interactively (function=0x3a6f6d2, record_flag=0x2ba7802, keys=0x2bacb05)
at callint.c:869
#13 0x010228b1 in Ffuncall (nargs=0x4, args=0x82fb50) at eval.c:3030
#14 0x0102244f in call3 (fn=0x2bcc5ca, arg1=0x3a6f6d2, arg2=0x2ba7802, arg3=0x2ba7802)
at eval.c:2850
#15 0x01014d20 in Fcommand_execute (cmd=0x3a6f6d2, record_flag=0x2ba7802, keys=0x2ba7802,
special=0x2ba7802) at keyboard.c:10507
#16 0x010076b0 in command_loop_1 () at keyboard.c:1904
#17 0x01020549 in internal_condition_case (bfun=0x100625a <command_loop_1>, handlers=0x2bb54da,
hfun=0x1005c3b <cmd_error>) at eval.c:1490
#18 0x01005fb3 in command_loop_2 () at keyboard.c:1360
#19 0x0102009a in internal_catch (tag=0x2bb51b2, func=0x1005f8e <command_loop_2>, arg=0x2ba7802)
at eval.c:1226
#20 0x01005f6c in command_loop () at keyboard.c:1339
#21 0x0100585e in recursive_edit_1 () at keyboard.c:954
#22 0x010059c7 in Frecursive_edit () at keyboard.c:1016
#23 0x010028c5 in main (argc=0x1, argv=0xa44418) at emacs.c:1833
Lisp Backtrace:
"pos-visible-in-window-p" (0x82f014)
"gnus-summary-recenter" (0x82f2c8)
"gnus-summary-display-article" (0x82f574)
"gnus-summary-next-page" (0x82f884)
"call-interactively" (0x82fb54)
(gdb)
Please let me know what other info/testing is needed to help fix this.
AndyM
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-15 23:40 emacs-21.1.94 crash in gnus on Windows Andy Moreton
@ 2010-03-16 10:33 ` Eli Zaretskii
2010-03-16 12:53 ` Andy Moreton
0 siblings, 1 reply; 20+ messages in thread
From: Eli Zaretskii @ 2010-03-16 10:33 UTC (permalink / raw)
To: Andy Moreton; +Cc: emacs-devel
> From: Andy Moreton <andrewjmoreton@gmail.com>
> Date: Mon, 15 Mar 2010 23:40:27 +0000
>
> I've built 21.1.94 pretest on WinXP SP3 with MinGW gcc, and I'm seeing
> a repeatable crash in gnus. Running emacs under gdb I managed to capture
> a crash, with the following results:
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x0102ef33 in pos_visible_p (w=0x2fa6e00, charpos=0x22fa, x=0x82eef8, y=0x82eef4, rtop=0x82ef08,
> rbot=0x82ef04, rowh=0x82ef00, vpos=0x82eefc) at xdisp.c:1397
> 1397 && (!BUFFERP (glyph->object)
Thank you for your report.
> Please let me know what other info/testing is needed to help fix this.
First, please file a bug report with this information.
Second, please type "bt full" and post the results.
Third, if this is an optimized build, please build Emacs without
optimizations, and when the crash happens again, please type "bt full"
and send the results.
Finally, could you tell what kind of text is at character position
(in this case, 0x22fa) with which pos_visible_p is called when it
crashes? Are there any unusual text properties there, like invisible
text, ellipsis (which stands for hidden text), or something similar?
Thanks.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-16 10:33 ` Eli Zaretskii
@ 2010-03-16 12:53 ` Andy Moreton
2010-03-16 15:26 ` David Kastrup
2010-03-16 19:47 ` Eli Zaretskii
0 siblings, 2 replies; 20+ messages in thread
From: Andy Moreton @ 2010-03-16 12:53 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: emacs-devel
On 16/03/2010 10:33, Eli Zaretskii wrote:
>> From: Andy Moreton<andrewjmoreton@gmail.com>
>> Date: Mon, 15 Mar 2010 23:40:27 +0000
>>
>> I've built 21.1.94 pretest on WinXP SP3 with MinGW gcc, and I'm seeing
>> a repeatable crash in gnus. Running emacs under gdb I managed to capture
>> a crash, with the following results:
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x0102ef33 in pos_visible_p (w=0x2fa6e00, charpos=0x22fa, x=0x82eef8, y=0x82eef4, rtop=0x82ef08,
>> rbot=0x82ef04, rowh=0x82ef00, vpos=0x82eefc) at xdisp.c:1397
>> 1397&& (!BUFFERP (glyph->object)
>
> Thank you for your report.
>
>> Please let me know what other info/testing is needed to help fix this.
>
> First, please file a bug report with this information.
I've sent a bug report (from another machine after recreating the crash).
> Second, please type "bt full" and post the results.
>
> Third, if this is an optimized build, please build Emacs without
> optimizations, and when the crash happens again, please type "bt full"
> and send the results.
>
> Finally, could you tell what kind of text is at character position
> (in this case, 0x22fa) with which pos_visible_p is called when it
> crashes? Are there any unusual text properties there, like invisible
> text, ellipsis (which stands for hidden text), or something similar?
emacs was configured on both machines with "--no-opt". I've added details of
the crash in the bug report below.
Program received signal SIGSEGV, Segmentation fault.
0x01030355 in pos_visible_p (w=0x307c800, charpos=0x5ad, x=0x82f0c4,
y=0x82f0c0, rtop=0x82f0d8,
rbot=0x82f0d4, rowh=0x82f0d0, vpos=0x82f0cc) at xdisp.c:1396
1396 for (; glyph < end
(gdb) warning: reader_thread.SetEvent failed with 6 for fd -1
warning: reader_thread.SetEvent failed with 6 for fd -1
warning: reader_thread.SetEvent failed with 6 for fd -1
warning: reader_thread.SetEvent failed with 6 for fd -1
warning: reader_thread.SetEvent failed with 6 for fd -1
bt full
Reading in symbols for window.c...done.
Reading in symbols for eval.c...done.
Reading in symbols for bytecode.c...done.
Reading in symbols for callint.c...done.
Reading in symbols for keyboard.c...done.
#0 0x01030355 in pos_visible_p (w=0x307c800, charpos=0x5ad, x=0x82f0c4,
y=0x82f0c0,
rtop=0x82f0d8, rbot=0x82f0d4, rowh=0x82f0d0, vpos=0x82f0cc) at xdisp.c:1396
row = 0x380a098
glyph = 0x38d0020
end = 0x38d0ea0
x = 0x0
window = 0x307c805
prop = 0x33fb62a
top_y = 0x62
it_method = GET_FROM_BUFFER
window_top_y = 0xe
top_x = 0x333
bottom_y = 0x70
it = {
window = 0x307c805,
w = 0x307c800,
f = 0x307c000,
method = GET_FROM_BUFFER,
stop_charpos = 0x719,
end_charpos = 0x719,
s = 0x0,
string_nchars = 0x0,
region_beg_charpos = 0xffffffff,
region_end_charpos = 0xffffffff,
redisplay_end_trigger_charpos = 0x0,
multibyte_p = 0x1,
header_line_p = 0x1,
string_from_display_prop_p = 0x0,
ellipsis_p = 0x0,
avoid_cursor_p = 0x0,
dp = 0x48b4e00,
dpvec = 0x0,
dpend = 0x13da13c,
dpvec_char_len = 0x0,
dpvec_face_id = 0xffffffff,
saved_face_id = 0x0,
ctl_chars = {0x0 <repeats 16 times>},
start = {
pos = {
charpos = 0x1,
bytepos = 0x1
},
overlay_string_index = 0xffffffff,
string_pos = {
charpos = 0xffffffff,
bytepos = 0xffffffff
},
dpvec_index = 0xffffffff
},
current = {
pos = {
charpos = 0x719,
bytepos = 0x759
},
overlay_string_index = 0xffffffff,
string_pos = {
charpos = 0xffffffff,
bytepos = 0xffffffff
},
dpvec_index = 0xffffffff
},
n_overlay_strings = 0x0,
overlay_strings = {0x0 <repeats 16 times>},
string_overlays = {0x0 <repeats 16 times>},
string = 0x2b36802,
from_overlay = 0x0,
stack = {{
string = 0x0,
string_nchars = 0x0,
end_charpos = 0x0,
stop_charpos = 0x0,
cmp_it = {
stop_pos = 0x0,
id = 0x0,
ch = 0x0,
lookback = 0x0,
nglyphs = 0x0,
nchars = 0x0,
nbytes = 0x0,
from = 0x0,
to = 0x0,
width = 0x0
},
face_id = 0x0,
u = {
image = {
object = 0x0,
slice = {
x = 0x0,
y = 0x0,
width = 0x0,
height = 0x0
},
image_id = 0x0
},
comp = {
object = 0x0
},
stretch = {
object = 0x0
}
},
position = {
charpos = 0x0,
bytepos = 0x0
},
current = {
pos = {
charpos = 0x0,
bytepos = 0x0
},
overlay_string_index = 0x0,
string_pos = {
charpos = 0x0,
bytepos = 0x0
},
dpvec_index = 0x0
},
from_overlay = 0x0,
area = LEFT_MARGIN_AREA,
method = GET_FROM_BUFFER,
multibyte_p = 0x0,
string_from_display_prop_p = 0x0,
display_ellipsis_p = 0x0,
avoid_cursor_p = 0x0,
line_wrap = TRUNCATE,
voffset = 0x0,
space_width = 0x0,
font_height = 0x0
}, {
string = 0x0,
string_nchars = 0x0,
end_charpos = 0x0,
stop_charpos = 0x0,
cmp_it = {
stop_pos = 0x0,
id = 0x0,
ch = 0x0,
lookback = 0x0,
nglyphs = 0x0,
nchars = 0x0,
nbytes = 0x0,
from = 0x0,
to = 0x0,
width = 0x0
},
face_id = 0x0,
u = {
image = {
object = 0x0,
slice = {
x = 0x0,
y = 0x0,
width = 0x0,
height = 0x0
},
image_id = 0x0
},
comp = {
object = 0x0
},
stretch = {
object = 0x0
}
},
position = {
charpos = 0x0,
bytepos = 0x0
},
current = {
pos = {
charpos = 0x0,
bytepos = 0x0
},
overlay_string_index = 0x0,
string_pos = {
charpos = 0x0,
bytepos = 0x0
},
dpvec_index = 0x0
},
from_overlay = 0x0,
area = LEFT_MARGIN_AREA,
method = GET_FROM_BUFFER,
multibyte_p = 0x0,
string_from_display_prop_p = 0x0,
display_ellipsis_p = 0x0,
avoid_cursor_p = 0x0,
line_wrap = TRUNCATE,
voffset = 0x0,
space_width = 0x0,
font_height = 0x0
}, {
string = 0x0,
string_nchars = 0x0,
end_charpos = 0x0,
stop_charpos = 0x0,
cmp_it = {
stop_pos = 0x0,
id = 0x0,
ch = 0x0,
lookback = 0x0,
nglyphs = 0x0,
nchars = 0x0,
nbytes = 0x0,
from = 0x0,
to = 0x0,
width = 0x0
},
face_id = 0x0,
u = {
image = {
object = 0x0,
slice = {
x = 0x0,
y = 0x0,
width = 0x0,
height = 0x0
},
image_id = 0x0
},
comp = {
object = 0x0
},
stretch = {
object = 0x0
}
},
position = {
charpos = 0x0,
bytepos = 0x0
},
current = {
pos = {
charpos = 0x0,
bytepos = 0x0
},
overlay_string_index = 0x0,
string_pos = {
charpos = 0x0,
bytepos = 0x0
},
dpvec_index = 0x0
},
from_overlay = 0x0,
area = LEFT_MARGIN_AREA,
method = GET_FROM_BUFFER,
multibyte_p = 0x0,
string_from_display_prop_p = 0x0,
display_ellipsis_p = 0x0,
avoid_cursor_p = 0x0,
line_wrap = TRUNCATE,
voffset = 0x0,
space_width = 0x0,
font_height = 0x0
}, {
string = 0x0,
string_nchars = 0x0,
end_charpos = 0x0,
stop_charpos = 0x0,
cmp_it = {
stop_pos = 0x0,
id = 0x0,
ch = 0x0,
lookback = 0x0,
nglyphs = 0x0,
nchars = 0x0,
nbytes = 0x0,
from = 0x0,
to = 0x0,
width = 0x0
},
face_id = 0x0,
u = {
image = {
object = 0x0,
slice = {
x = 0x0,
y = 0x0,
width = 0x0,
height = 0x0
},
image_id = 0x0
},
comp = {
object = 0x0
},
stretch = {
object = 0x0
}
},
position = {
charpos = 0x0,
bytepos = 0x0
},
current = {
pos = {
charpos = 0x0,
bytepos = 0x0
},
overlay_string_index = 0x0,
string_pos = {
charpos = 0x0,
bytepos = 0x0
},
dpvec_index = 0x0
},
from_overlay = 0x0,
area = LEFT_MARGIN_AREA,
method = GET_FROM_BUFFER,
multibyte_p = 0x0,
string_from_display_prop_p = 0x0,
display_ellipsis_p = 0x0,
avoid_cursor_p = 0x0,
line_wrap = TRUNCATE,
voffset = 0x0,
space_width = 0x0,
font_height = 0x0
}},
sp = 0x0,
selective = 0x0,
what = IT_CHARACTER,
face_id = 0x0,
selective_display_ellipsis_p = 0x0,
ctl_arrow_p = 0x1,
face_box_p = 0x0,
start_of_box_run_p = 0x0,
end_of_box_run_p = 0x0,
overlay_strings_at_end_processed_p = 0x0,
ignore_overlay_strings_at_pos_p = 0x0,
glyph_not_available_p = 0x0,
starts_in_middle_of_char_p = 0x0,
face_before_selective_p = 0x0,
constrain_row_ascent_descent_p = 0x0,
line_wrap = TRUNCATE,
base_face_id = 0x0,
c = 0xa,
len = 0x1,
cmp_it = {
stop_pos = 0x719,
id = 0xffffffff,
ch = 0xfffffffe,
lookback = 0x0,
nglyphs = 0x0,
nchars = 0x0,
nbytes = 0x0,
from = 0x0,
to = 0x0,
width = 0x0
},
char_to_display = 0x20,
image_id = 0x0,
slice = {
x = 0x2b36802,
y = 0x2b36802,
width = 0x2b36802,
height = 0x2b36802
},
space_width = 0x2b36802,
voffset = 0x0,
tab_width = 0x8,
font_height = 0x2b36802,
object = 0x48b4005,
position = {
charpos = 0x718,
bytepos = 0x758
},
truncation_pixel_width = 0x0,
continuation_pixel_width = 0x0,
first_visible_x = 0x0,
last_visible_x = 0x333,
last_visible_y = 0x134,
extra_line_spacing = 0x0,
max_extra_line_spacing = 0x0,
override_ascent = 0xffffffff,
override_descent = 0x0,
override_boff = 0x0,
glyph_row = 0x380a098,
area = TEXT_AREA,
nglyphs = 0x1,
pixel_width = 0x7,
ascent = 0xb,
descent = 0x3,
max_ascent = 0xb,
max_descent = 0x3,
phys_ascent = 0xb,
phys_descent = 0x3,
max_phys_ascent = 0xb,
max_phys_descent = 0x3,
current_x = 0x333,
continuation_lines_width = 0x0,
current_y = 0x62,
first_vpos = 0x1,
vpos = 0x6,
hpos = 0x75,
left_user_fringe_bitmap = 0x0,
right_user_fringe_bitmap = 0x0,
left_user_fringe_face_id = 0x0,
right_user_fringe_face_id = 0x0
}
top = {
charpos = 0x1,
bytepos = 0x1
}
visible_p = 0x1
old_buffer = 0x0
#1 0x010d0859 in Fpos_visible_in_window_p (pos=0x16b4, window=0x307c805,
partially=0x2b36802)
at window.c:352
w = 0x307c800
posint = 0x5ad
buf = 0x48b4000
top = {
charpos = 0x1,
bytepos = 0x1
}
in_window = 0x2b36802
rtop = 0x48b4000
rbot = 0x2b6d0f0
rowh = 0x2b638c2
vpos = 0x119bf77
fully_p = 0x1
x = 0x1
y = 0x48b4000
#2 0x010234f7 in Ffuncall (nargs=0x3, args=0x82f1b0) at eval.c:3030
fun = 0x138e5fd
original_fun = 0x2b69c92
funcar = 0x1
numargs = 0x2
lisp_numargs = 0x10a6d98
val = 0x4
backtrace = {
next = 0x82f380,
function = 0x82f1b0,
args = 0x82f1b4,
nargs = 0x2,
evalargs = 0x0,
debug_on_exit = 0x0
}
internal_args = 0x82f110
i = 0x3
#3 0x0116962f in Fbyte_code (bytestr=0x37e15b1, vector=0x3988605,
maxdepth=0x10) at bytecode.c:680
count = 0xd
op = 0x2
vectorp = 0x3988608
bytestr_length = 0xae
stack = {
pc = 0x33c6c06 "„†",
top = 0x82f1b8,
bottom = 0x82f1b0,
byte_string = 0x37e15b1,
byte_string_start = 0x33c6b90 "\b…",
constants = 0x3988605,
next = 0x82f4f0
}
top = 0x82f1b0
result = 0x0
#4 0x01023be1 in funcall_lambda (fun=0x39a4005, nargs=0x0,
arg_vector=0x82f3e8) at eval.c:3211
val = 0x6e44
syms_left = 0x2b36802
next = 0x2b8f582
count = 0xd
i = 0x0
optional = 0x0
rest = 0x0
#5 0x010236c0 in Ffuncall (nargs=0x1, args=0x82f3e4) at eval.c:3070
fun = 0x39a4005
original_fun = 0x399bc02
funcar = 0x395c3a6
numargs = 0x0
lisp_numargs = 0x101a6d7
val = 0x6e44
backtrace = {
next = 0x82f5b0,
function = 0x82f3e4,
args = 0x82f3e8,
nargs = 0x0,
evalargs = 0x0,
debug_on_exit = 0x0
}
internal_args = 0x82f3e8
i = 0x3c40ea3
#6 0x0116962f in Fbyte_code (bytestr=0x37f4ee1, vector=0x39aae05,
maxdepth=0x10) at bytecode.c:680
count = 0xd
op = 0x0
vectorp = 0x39aae08
bytestr_length = 0x73
stack = {
pc = 0x33c8060 "ˆ\016\030ƒi",
top = 0x82f3e4,
bottom = 0x82f3e0,
byte_string = 0x37f4ee1,
byte_string_start = 0x33c800c "Æ\b!ƒ\021",
constants = 0x39aae05,
next = 0x82f730
}
top = 0x82f3e4
result = 0x0
#7 0x01023be1 in funcall_lambda (fun=0x39a9885, nargs=0x1,
arg_vector=0x82f614) at eval.c:3211
val = 0x2b36802
syms_left = 0x2b36802
next = 0x399bf1a
count = 0xb
i = 0x1
optional = 0x1
rest = 0x0
#8 0x010236c0 in Ffuncall (nargs=0x2, args=0x82f610) at eval.c:3070
fun = 0x39a9885
original_fun = 0x399bf02
funcar = 0x2b6919b
numargs = 0x1
lisp_numargs = 0x101a6d7
val = 0x82f5f8
backtrace = {
next = 0x82f7f0,
function = 0x82f610,
args = 0x82f614,
nargs = 0x1,
evalargs = 0x0,
debug_on_exit = 0x0
}
internal_args = 0x2b36802
i = 0x3a8cc93
#9 0x0116962f in Fbyte_code (bytestr=0x37f8691, vector=0x39a3a05,
maxdepth=0x14) at bytecode.c:680
count = 0x8
op = 0x1
vectorp = 0x39a3a08
bytestr_length = 0xf8
stack = {
pc = 0x33c869a "ˆ\202ñ",
top = 0x82f614,
bottom = 0x82f610,
byte_string = 0x37f8691,
byte_string_start = 0x33c8628 "p\020Æ ˆÇ`È\"‰\031ƒ\022",
constants = 0x39a3a05,
next = 0x0
}
top = 0x82f610
result = 0x82f4f4
#10 0x01023be1 in funcall_lambda (fun=0x39a9265, nargs=0x1,
arg_vector=0x82f8a4) at eval.c:3211
val = 0x0
syms_left = 0x2b36802
next = 0x2b60c4a
count = 0x5
i = 0x1
optional = 0x1
rest = 0x0
#11 0x010236c0 in Ffuncall (nargs=0x2, args=0x82f8a0) at eval.c:3070
fun = 0x39a9265
original_fun = 0x3967f7a
funcar = 0x2b36802
numargs = 0x1
lisp_numargs = 0x1005b99
val = 0x82f838
backtrace = {
next = 0x82fab0,
function = 0x82f8a0,
args = 0x82f8a4,
nargs = 0x1,
evalargs = 0x0,
debug_on_exit = 0x0
}
internal_args = 0x82f808
i = 0x2b36802
#12 0x01168b17 in Fcall_interactively (function=0x3967f7a,
record_flag=0x2b36802, keys=0x2b3bb05)
at callint.c:869
val = 0x2cadb45
args = 0x82f8a0
visargs = 0x82f880
specs = 0x37fb191
filter_specs = 0x37fb191
teml = 0x11f25dd
up_event = 0x2b36802
enable = 0x2b36802
speccount = 0x3
next_event = 0x1
prefix_arg = 0x2b36802
string = 0x82f8c0 "P"
tem = 0x13a6b5c ""
varies = 0x82f860
i = 0x2
j = 0x1
count = 0x1
foo = 0x3a73dce
prompt1 = '\000' <repeats 99 times>
tem1 = 0x0
arg_from_tty = 0x0
gcpro1 = {
next = 0x2b41e42,
var = 0x2b36802,
nvars = 0x2b36802
}
gcpro2 = {
next = 0x2b41e42,
var = 0x2b41522,
nvars = 0x82f9b8
}
gcpro3 = {
next = 0x2bcb366,
var = 0x2b41522,
nvars = 0x2
}
gcpro4 = {
next = 0x2bcb37e,
var = 0x2b36802,
nvars = 0x2
}
gcpro5 = {
next = 0x4905268,
var = 0x2b36802,
nvars = 0x2b36802
}
key_count = 0x1
record_then_fail = 0x0
save_this_command = 0x3967f7a
save_last_command = 0x3967fda
save_this_original_command = 0x3967f7a
save_real_this_command = 0x3967f7a
#13 0x010234f7 in Ffuncall (nargs=0x4, args=0x82fb20) at eval.c:3030
fun = 0x139132d
original_fun = 0x2b5b5ca
funcar = 0x2b57b33
numargs = 0x3
lisp_numargs = 0x101ac15
val = 0x82fb18
backtrace = {
next = 0x0,
function = 0x82fb20,
args = 0x82fb24,
nargs = 0x3,
evalargs = 0x0,
debug_on_exit = 0x0
}
internal_args = 0x82fb24
i = 0x2b41a12
#14 0x0102308f in call3 (fn=0x2b5b5ca, arg1=0x3967f7a, arg2=0x2b36802,
arg3=0x2b36802)
at eval.c:2850
ret_ungc_val = 0x102422a
gcpro1 = {
next = 0x35fc086,
var = 0x2b36802,
nvars = 0x4
}
args = {0x2b5b5ca, 0x3967f7a, 0x2b36802, 0x2b36802}
#15 0x01014f36 in Fcommand_execute (cmd=0x3967f7a, record_flag=0x2b36802,
keys=0x2b36802,
special=0x2b36802) at keyboard.c:10507
final = 0x39a9265
tem = 0x2b36802
prefixarg = 0x2b36802
#16 0x0100787b in command_loop_1 () at keyboard.c:1904
scount = 0x2
cmd = 0x3967f7a
lose = 0x82fcd8
keybuf = {0x80, 0x144, 0x82fc98, 0x1197215, 0x1000, 0x1bc, 0x30a8,
0x2b54a00, 0x2, 0x0,
0x2, 0x2, 0x0, 0x2, 0x82fde0, 0x0, 0x0, 0x82fcb4, 0x82fb50, 0x0,
0x0, 0x0, 0x0, 0x0,
0x0, 0x0, 0x0, 0x0, 0x2b36802, 0x2c0a702}
i = 0x1
prev_modiff = 0x62
prev_buffer = 0x48b4000
already_adjusted = 0x0
#17 0x01020fc4 in internal_condition_case (bfun=0x10061fd <command_loop_1>,
handlers=0x2b444da,
hfun=0x1005bee <cmd_error>) at eval.c:1490
val = 0x31f77de
c = {
tag = 0x2b36802,
val = 0x2b36802,
next = 0x82fde0,
gcpro = 0x0,
jmp = {0x82fda8, 0x7ffde000, 0x65002e, 0x650078, 0x82fcdc,
0x1020f5c, 0x82ffe0, 0x0,
0x82fdd8, 0x3, 0x1, 0x82fde4, 0x77c30065, 0x0, 0x1, 0xa452f0},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0x0,
pdlcount = 0x2,
poll_suppress_count = 0x0,
interrupt_input_blocked = 0x0,
byte_stack = 0x0
}
h = {
handler = 0x2b444da,
var = 0x2b36802,
chosen_clause = 0x82fde4,
tag = 0x82fd20,
next = 0x0
}
#18 0x01005f62 in command_loop_2 () at keyboard.c:1360
val = 0x0
#19 0x01020ab5 in internal_catch (tag=0x2b441b2, func=0x1005f3f
<command_loop_2>, arg=0x2b36802)
at eval.c:1226
c = {
tag = 0x2b441b2,
val = 0x2b36802,
next = 0x0,
gcpro = 0x0,
jmp = {0x82fe58, 0x7ffde000, 0x65002e, 0x650078, 0x82fdcc,
0x1020aa6, 0x82ffe0, 0x0,
0x2b69aea, 0x2b691cb, 0x2b36802, 0x2b40000, 0x2f2a5f4, 0x2b36802,
0x82fe48,
0x2b691cb},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0x0,
pdlcount = 0x2,
poll_suppress_count = 0x0,
interrupt_input_blocked = 0x0,
byte_stack = 0x0
}
#20 0x01005f18 in command_loop () at keyboard.c:1339
No locals.
#21 0x0100580a in recursive_edit_1 () at keyboard.c:954
count = 0x1
val = 0x82feb0
#22 0x0100596e in Frecursive_edit () at keyboard.c:1016
count = 0x0
buffer = 0x2b36802
#23 0x010027c6 in main (argc=0x1, argv=0xa42678) at emacs.c:1833
dummy = 0x7ffde000
stack_bottom_variable = 0x7f
do_initial_setlocale = 0x1
skip_args = 0x0
no_loadup = 0x0
junk = 0x0
dname_arg = 0x0
Lisp Backtrace:
"pos-visible-in-window-p" (0x82f1b4)
"gnus-summary-recenter" (0x82f3e8)
"gnus-summary-display-article" (0x82f614)
"gnus-summary-next-page" (0x82f8a4)
"call-interactively" (0x82fb24)
(gdb)
(gdb)
(gdb) frame
#0 0x01030355 in pos_visible_p (w=0x307c800, charpos=0x5ad, x=0x82f0c4,
y=0x82f0c0,
rtop=0x82f0d8, rbot=0x82f0d4, rowh=0x82f0d0, vpos=0x82f0cc) at xdisp.c:1396
1396 for (; glyph < end
(gdb) p rowh
$1 = (int *) 0x82f0d0
(gdb) prow
y=14 x=0 pwid=819 a+d=11+3=14 phys=11+3=14 vis=14 L=0 T=117 R=0
start=1 end=122 DISP TRUNC:R
(gdb) p w
$2 = (struct window *) 0x307c800
(gdb) pwin
Window 1 *Summary nntp+news.gmane.org:gmane.text.xml.schema.devel*
start=1 end:pos=0 vpos=3 vscroll=0
cursor: y=14 x=273 vpos=1 hpos=39 phys: y=14 x=273 vpos=1 hpos=39 ON blk=OFF
(gdb) p glyph
$3 = (struct glyph *) 0x38d0020
(gdb) pg
STRETCH[0+0] pos=0 w=5 a+d=0+0 face=47 vof=909 N/A OVL [ slice=24,909,0,0
(gdb)
--------------------------------------------------------------------------------
With charpos=0x5ad in the trace above, I ran gnus again and opened the summary
buffer for the same group. Doing 'M-x goto-char 1453' puts point on '...' in
the summary buffer, and 'M-x describe char' shows:
character: C-j (10, #o12, #xa)
preferred charset: ascii (ASCII (ISO646 IRV))
code point: 0x0A
syntax: which means: whitespace
buffer code: #x0A
file code: #x0A (encoded by coding system utf-8-dos)
display: by this font (glyph code)
uniscribe:-outline-DejaVu Sans
Mono-normal-normal-normal-mono-12-*-*-*-c-*-iso8859-1 (#x03)
Character code properties: customize what to show
name: <control>
old-name: LINE FEED (LF)
general-category: Cc (Other, Control)
There is an overlay here:
From 1453 to 1816
evaporate t
invisible gnus-sum
There are text properties here:
gnus-number 7068
--------------------------------------------------------------------------------
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-16 12:53 ` Andy Moreton
@ 2010-03-16 15:26 ` David Kastrup
2010-03-16 20:34 ` Andy Moreton
2010-03-16 19:47 ` Eli Zaretskii
1 sibling, 1 reply; 20+ messages in thread
From: David Kastrup @ 2010-03-16 15:26 UTC (permalink / raw)
To: emacs-devel
Andy Moreton <andrewjmoreton@googlemail.com> writes:
> On 16/03/2010 10:33, Eli Zaretskii wrote:
>>> From: Andy Moreton<andrewjmoreton@gmail.com>
>>> Date: Mon, 15 Mar 2010 23:40:27 +0000
>>>
>>> I've built 21.1.94 pretest on WinXP SP3 with MinGW gcc, and I'm seeing
>>> a repeatable crash in gnus. Running emacs under gdb I managed to capture
>>> a crash, with the following results:
If it is really 21.1.94, it is rather old. Can't you build a newer version?
--
David Kastrup
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-16 12:53 ` Andy Moreton
2010-03-16 15:26 ` David Kastrup
@ 2010-03-16 19:47 ` Eli Zaretskii
2010-03-16 20:42 ` Andy Moreton
1 sibling, 1 reply; 20+ messages in thread
From: Eli Zaretskii @ 2010-03-16 19:47 UTC (permalink / raw)
To: Andy Moreton; +Cc: emacs-devel
> Date: Tue, 16 Mar 2010 12:53:51 +0000
> From: Andy Moreton <andrewjmoreton@googlemail.com>
> CC: emacs-devel@gnu.org
>
> > First, please file a bug report with this information.
>
> I've sent a bug report (from another machine after recreating the crash).
Didn't see it yet. So I'm responding here, for the time being.
> emacs was configured on both machines with "--no-opt". I've added details of
> the crash in the bug report below.
>
> Program received signal SIGSEGV, Segmentation fault.
> 0x01030355 in pos_visible_p (w=0x307c800, charpos=0x5ad, x=0x82f0c4,
> y=0x82f0c0, rtop=0x82f0d8,
> rbot=0x82f0d4, rowh=0x82f0d0, vpos=0x82f0cc) at xdisp.c:1396
> 1396 for (; glyph < end
Hmm, that's a strange place to get hit by SIGSEGV. Can you try to see
what exactly caused the crash? When in doubt, I usually disassemble
the vicinity of the address where it crashed (0x01030355 in this
case), find the instruction that crashed, and then compare the
disassembly to the source to find which source line the failed
instruction came from. The GDB command "info line" might help in the
initial estimation of the source line to which the failed address
belongs.
Thanks.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-16 15:26 ` David Kastrup
@ 2010-03-16 20:34 ` Andy Moreton
0 siblings, 0 replies; 20+ messages in thread
From: Andy Moreton @ 2010-03-16 20:34 UTC (permalink / raw)
To: emacs-devel
On Tue 16 Mar 2010, David Kastrup wrote:
> Andy Moreton <andrewjmoreton@googlemail.com> writes:
>
>> On 16/03/2010 10:33, Eli Zaretskii wrote:
>>>> From: Andy Moreton<andrewjmoreton@gmail.com>
>>>> Date: Mon, 15 Mar 2010 23:40:27 +0000
>>>>
>>>> I've built 21.1.94 pretest on WinXP SP3 with MinGW gcc, and I'm seeing
>>>> a repeatable crash in gnus. Running emacs under gdb I managed to capture
>>>> a crash, with the following results:
>
> If it is really 21.1.94, it is rather old. Can't you build a newer version?
Typo - its 23.1.94.1 (the latest pretest tarball).
AndyM
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-16 19:47 ` Eli Zaretskii
@ 2010-03-16 20:42 ` Andy Moreton
2010-03-16 21:49 ` Eli Zaretskii
0 siblings, 1 reply; 20+ messages in thread
From: Andy Moreton @ 2010-03-16 20:42 UTC (permalink / raw)
To: emacs-devel
On Tue 16 Mar 2010, Eli Zaretskii wrote:
>> Date: Tue, 16 Mar 2010 12:53:51 +0000
>> From: Andy Moreton <andrewjmoreton@googlemail.com>
>> CC: emacs-devel@gnu.org
>>
>> > First, please file a bug report with this information.
>>
>> I've sent a bug report (from another machine after recreating the crash).
>
> Didn't see it yet. So I'm responding here, for the time being.
Details at http://debbugs.gnu.org/cgi/bugreport.cgi?bug=5730
>> emacs was configured on both machines with "--no-opt". I've added details of
>> the crash in the bug report below.
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x01030355 in pos_visible_p (w=0x307c800, charpos=0x5ad, x=0x82f0c4,
>> y=0x82f0c0, rtop=0x82f0d8,
>> rbot=0x82f0d4, rowh=0x82f0d0, vpos=0x82f0cc) at xdisp.c:1396
>> 1396 for (; glyph < end
>
> Hmm, that's a strange place to get hit by SIGSEGV. Can you try to see
> what exactly caused the crash? When in doubt, I usually disassemble
> the vicinity of the address where it crashed (0x01030355 in this
> case), find the instruction that crashed, and then compare the
> disassembly to the source to find which source line the failed
> instruction came from. The GDB command "info line" might help in the
> initial estimation of the source line to which the failed address
> belongs.
I'll try to reproduce it and report back if I can shed any further
light. I haven't supplied any command line arguments when running under
gdb - do I need to use "-Q" to get something you can reproduce ?
AndyM
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-16 20:42 ` Andy Moreton
@ 2010-03-16 21:49 ` Eli Zaretskii
2010-03-20 12:19 ` Andreas Schwab
0 siblings, 1 reply; 20+ messages in thread
From: Eli Zaretskii @ 2010-03-16 21:49 UTC (permalink / raw)
To: Andy Moreton; +Cc: emacs-devel
> From: Andy Moreton <andrewjmoreton@gmail.com>
> Date: Tue, 16 Mar 2010 20:42:02 +0000
>
> >> Program received signal SIGSEGV, Segmentation fault.
> >> 0x01030355 in pos_visible_p (w=0x307c800, charpos=0x5ad, x=0x82f0c4,
> >> y=0x82f0c0, rtop=0x82f0d8,
> >> rbot=0x82f0d4, rowh=0x82f0d0, vpos=0x82f0cc) at xdisp.c:1396
> >> 1396 for (; glyph < end
> >
> > Hmm, that's a strange place to get hit by SIGSEGV. Can you try to see
> > what exactly caused the crash? When in doubt, I usually disassemble
> > the vicinity of the address where it crashed (0x01030355 in this
> > case), find the instruction that crashed, and then compare the
> > disassembly to the source to find which source line the failed
> > instruction came from. The GDB command "info line" might help in the
> > initial estimation of the source line to which the failed address
> > belongs.
>
> I'll try to reproduce it and report back if I can shed any further
> light. I haven't supplied any command line arguments when running under
> gdb - do I need to use "-Q" to get something you can reproduce ?
I doubt that this will help: it's hard to use Gnus with absolutely no
customizations, especially on Windows.
For now, I'm trying to understand what object causes the crash, and
why. That might give more ideas.
Thanks.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-16 21:49 ` Eli Zaretskii
@ 2010-03-20 12:19 ` Andreas Schwab
2010-03-20 15:45 ` Andreas Schwab
0 siblings, 1 reply; 20+ messages in thread
From: Andreas Schwab @ 2010-03-20 12:19 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: Andy Moreton, emacs-devel
Eli Zaretskii <eliz@gnu.org> writes:
> For now, I'm trying to understand what object causes the crash, and
> why. That might give more ideas.
I have seen exactly the same crash. It appears to be some issue with
GC, because glyph.object was overwritten with string data.
Andreas.
--
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-20 12:19 ` Andreas Schwab
@ 2010-03-20 15:45 ` Andreas Schwab
2010-03-20 16:20 ` Eli Zaretskii
` (2 more replies)
0 siblings, 3 replies; 20+ messages in thread
From: Andreas Schwab @ 2010-03-20 15:45 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: Andy Moreton, emacs-devel
I appears to happen when the last line in a buffer is made invisible
with an elipsis spec (like the gnus-sum spec). Apparently the
code is accessing an uninitialized glyph row.
Andreas.
--
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-20 15:45 ` Andreas Schwab
@ 2010-03-20 16:20 ` Eli Zaretskii
2010-03-20 16:24 ` Andreas Schwab
2010-03-20 16:29 ` Eli Zaretskii
2 siblings, 0 replies; 20+ messages in thread
From: Eli Zaretskii @ 2010-03-20 16:20 UTC (permalink / raw)
To: Andreas Schwab; +Cc: andrewjmoreton, emacs-devel
> From: Andreas Schwab <schwab@linux-m68k.org>
> Cc: Andy Moreton <andrewjmoreton@gmail.com>, emacs-devel@gnu.org
> Date: Sat, 20 Mar 2010 16:45:45 +0100
>
> I appears to happen when the last line in a buffer is made invisible
> with an elipsis spec (like the gnus-sum spec). Apparently the
> code is accessing an uninitialized glyph row.
So it does not appear to be related to GC?
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-20 15:45 ` Andreas Schwab
2010-03-20 16:20 ` Eli Zaretskii
@ 2010-03-20 16:24 ` Andreas Schwab
2010-03-20 16:31 ` Eli Zaretskii
2010-03-24 21:34 ` Chong Yidong
2010-03-20 16:29 ` Eli Zaretskii
2 siblings, 2 replies; 20+ messages in thread
From: Andreas Schwab @ 2010-03-20 16:24 UTC (permalink / raw)
To: cyd; +Cc: Eli Zaretskii, Andy Moreton, emacs-devel
This is fundamentally broken. move_it_to never produces glyphs, so the
complete glyph row is uninitialized. This was first broken by this
change:
commit 9d73ed0ef33ba0502c03e546a09d175ab35fdc75
Author: Chong Yidong <cyd@stupidchicken.com>
Date: Sat Jan 26 01:00:44 2008 +0000
(pos_visible_p): Handle the case where charpos falls on
invisible text covered with an ellipsis.
Andreas.
--
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-20 15:45 ` Andreas Schwab
2010-03-20 16:20 ` Eli Zaretskii
2010-03-20 16:24 ` Andreas Schwab
@ 2010-03-20 16:29 ` Eli Zaretskii
2010-03-20 16:46 ` Andreas Schwab
2 siblings, 1 reply; 20+ messages in thread
From: Eli Zaretskii @ 2010-03-20 16:29 UTC (permalink / raw)
To: Andreas Schwab; +Cc: andrewjmoreton, emacs-devel
> From: Andreas Schwab <schwab@linux-m68k.org>
> Cc: Andy Moreton <andrewjmoreton@gmail.com>, emacs-devel@gnu.org
> Date: Sat, 20 Mar 2010 16:45:45 +0100
>
> I appears to happen when the last line in a buffer is made invisible
> with an elipsis spec (like the gnus-sum spec).
Last line in a buffer or last line on display? Lines that are not
displayed should not be subject to any processing during redisplay.
> Apparently the code is accessing an uninitialized glyph row.
Do you mean that in the code below
if (TEXT_PROP_MEANS_INVISIBLE (prop) == 2)
{
struct glyph_row *row = it.glyph_row;
struct glyph *glyph = row->glyphs[TEXT_AREA];
struct glyph *end = glyph + row->used[TEXT_AREA];
int x = row->x;
for (; glyph < end
&& (!BUFFERP (glyph->object)
|| glyph->charpos < charpos);
glyph++)
x += glyph->pixel_width;
top_x = x;
}
it.glyph_row points to uninitialized memory? That would be very
strange, since start_display and move_it_to, called just above this,
already worked on that glyph row. Did I miss something?
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-20 16:24 ` Andreas Schwab
@ 2010-03-20 16:31 ` Eli Zaretskii
2010-03-24 13:50 ` Andy Moreton
2010-03-24 21:34 ` Chong Yidong
1 sibling, 1 reply; 20+ messages in thread
From: Eli Zaretskii @ 2010-03-20 16:31 UTC (permalink / raw)
To: Andreas Schwab; +Cc: cyd, andrewjmoreton, emacs-devel
> From: Andreas Schwab <schwab@linux-m68k.org>
> Cc: Andy Moreton <andrewjmoreton@gmail.com>, emacs-devel@gnu.org, Eli Zaretskii <eliz@gnu.org>
> Date: Sat, 20 Mar 2010 17:24:06 +0100
>
> This is fundamentally broken. move_it_to never produces glyphs, so the
> complete glyph row is uninitialized.
Right, thanks.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-20 16:29 ` Eli Zaretskii
@ 2010-03-20 16:46 ` Andreas Schwab
0 siblings, 0 replies; 20+ messages in thread
From: Andreas Schwab @ 2010-03-20 16:46 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: andrewjmoreton, emacs-devel
Eli Zaretskii <eliz@gnu.org> writes:
>> From: Andreas Schwab <schwab@linux-m68k.org>
>> Cc: Andy Moreton <andrewjmoreton@gmail.com>, emacs-devel@gnu.org
>> Date: Sat, 20 Mar 2010 16:45:45 +0100
>>
>> I appears to happen when the last line in a buffer is made invisible
>> with an elipsis spec (like the gnus-sum spec).
>
> Last line in a buffer or last line on display?
There is an invisible overlay over the last line spanning from the
previous newline until before the last newline.
Andreas.
--
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5
"And now for something completely different."
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-20 16:31 ` Eli Zaretskii
@ 2010-03-24 13:50 ` Andy Moreton
0 siblings, 0 replies; 20+ messages in thread
From: Andy Moreton @ 2010-03-24 13:50 UTC (permalink / raw)
To: emacs-devel
On Sat 20 Mar 2010, Eli Zaretskii wrote:
>> From: Andreas Schwab <schwab@linux-m68k.org>
>> Cc: Andy Moreton <andrewjmoreton@gmail.com>, emacs-devel@gnu.org, Eli Zaretskii <eliz@gnu.org>
>> Date: Sat, 20 Mar 2010 17:24:06 +0100
>>
>> This is fundamentally broken. move_it_to never produces glyphs, so the
>> complete glyph row is uninitialized.
>
> Right, thanks.
After looking at more gdb traces, I also see the glpyh being overwritten
with string data, so Andreas is seeing the same problem.
Can we have a fix for this in the next pretest please ?
AndyM
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-20 16:24 ` Andreas Schwab
2010-03-20 16:31 ` Eli Zaretskii
@ 2010-03-24 21:34 ` Chong Yidong
2010-03-25 4:14 ` Eli Zaretskii
1 sibling, 1 reply; 20+ messages in thread
From: Chong Yidong @ 2010-03-24 21:34 UTC (permalink / raw)
To: Andreas Schwab; +Cc: Eli Zaretskii, Andy Moreton, emacs-devel
Andreas Schwab <schwab@linux-m68k.org> writes:
> This is fundamentally broken. move_it_to never produces glyphs, so the
> complete glyph row is uninitialized. This was first broken by this
> change:
>
> commit 9d73ed0ef33ba0502c03e546a09d175ab35fdc75
> Author: Chong Yidong <cyd@stupidchicken.com>
> Date: Sat Jan 26 01:00:44 2008 +0000
>
> (pos_visible_p): Handle the case where charpos falls on
> invisible text covered with an ellipsis.
Yes, this patch is wrong. Looking through the archives, it seems to
have been meant to address the problem at
http://lists.gnu.org/archive/html/emacs-devel/2008-01/msg00945.html
However, looking at that recipe, it seems the problem is actually
handled by my 2009-01-10 (it_method == GET_FROM_DISPLAY_VECTOR) change
instead. So either my 2008-01-26 change was bogus all along, or some
other change in the meantime made it bogus.
I've reverted it in the branch; thanks for investigating.
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-24 21:34 ` Chong Yidong
@ 2010-03-25 4:14 ` Eli Zaretskii
2010-03-25 16:35 ` Chong Yidong
0 siblings, 1 reply; 20+ messages in thread
From: Eli Zaretskii @ 2010-03-25 4:14 UTC (permalink / raw)
To: Chong Yidong; +Cc: andrewjmoreton, schwab, emacs-devel
> From: Chong Yidong <cyd@stupidchicken.com>
> Cc: Andy Moreton <andrewjmoreton@gmail.com>, emacs-devel@gnu.org,
> Eli Zaretskii <eliz@gnu.org>
> Date: Wed, 24 Mar 2010 17:34:14 -0400
>
> However, looking at that recipe, it seems the problem is actually
> handled by my 2009-01-10 (it_method == GET_FROM_DISPLAY_VECTOR) change
> instead. So either my 2008-01-26 change was bogus all along, or some
> other change in the meantime made it bogus.
>
> I've reverted it in the branch; thanks for investigating.
But the part that you left in the code also uses it.glyph_row, which
is garbage after a call to move_it_to. There's a single use of
it.glyph_row->x before the call to PRODUCE_GLYPHS (&it2), and I think
that needs to be fixed as well, because it potentially dereferences a
bad pointer.
Or did I miss something?
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-25 4:14 ` Eli Zaretskii
@ 2010-03-25 16:35 ` Chong Yidong
2010-03-25 19:51 ` Eli Zaretskii
0 siblings, 1 reply; 20+ messages in thread
From: Chong Yidong @ 2010-03-25 16:35 UTC (permalink / raw)
To: Eli Zaretskii; +Cc: andrewjmoreton, schwab, emacs-devel
Eli Zaretskii <eliz@gnu.org> writes:
> But the part that you left in the code also uses it.glyph_row, which
> is garbage after a call to move_it_to. There's a single use of
> it.glyph_row->x before the call to PRODUCE_GLYPHS (&it2), and I think
> that needs to be fixed as well, because it potentially dereferences a
> bad pointer.
>
> Or did I miss something?
I don't see the failure condition. This branch handles the special case
of charpos == 1 or charpos above the top of the window. Since
start_display initialized the iterator using the desired matrix of the
window, it.glyph_row should always be valid.
Or am I confused?
^ permalink raw reply [flat|nested] 20+ messages in thread
* Re: emacs-21.1.94 crash in gnus on Windows
2010-03-25 16:35 ` Chong Yidong
@ 2010-03-25 19:51 ` Eli Zaretskii
0 siblings, 0 replies; 20+ messages in thread
From: Eli Zaretskii @ 2010-03-25 19:51 UTC (permalink / raw)
To: Chong Yidong; +Cc: andrewjmoreton, schwab, emacs-devel
> From: Chong Yidong <cyd@stupidchicken.com>
> Cc: schwab@linux-m68k.org, andrewjmoreton@gmail.com, emacs-devel@gnu.org
> Date: Thu, 25 Mar 2010 12:35:05 -0400
>
> Eli Zaretskii <eliz@gnu.org> writes:
>
> > But the part that you left in the code also uses it.glyph_row, which
> > is garbage after a call to move_it_to. There's a single use of
> > it.glyph_row->x before the call to PRODUCE_GLYPHS (&it2), and I think
> > that needs to be fixed as well, because it potentially dereferences a
> > bad pointer.
> >
> > Or did I miss something?
>
> I don't see the failure condition. This branch handles the special case
> of charpos == 1 or charpos above the top of the window. Since
> start_display initialized the iterator using the desired matrix of the
> window, it.glyph_row should always be valid.
>
> Or am I confused?
it.glyph_row is indeed initialized in start_display. But are you sure
it.glyph_row->x is set correctly? move_it_to does not produce glyphs
in glyph_row, so who computes glyph_row->x ?
^ permalink raw reply [flat|nested] 20+ messages in thread
end of thread, other threads:[~2010-03-25 19:51 UTC | newest]
Thread overview: 20+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-03-15 23:40 emacs-21.1.94 crash in gnus on Windows Andy Moreton
2010-03-16 10:33 ` Eli Zaretskii
2010-03-16 12:53 ` Andy Moreton
2010-03-16 15:26 ` David Kastrup
2010-03-16 20:34 ` Andy Moreton
2010-03-16 19:47 ` Eli Zaretskii
2010-03-16 20:42 ` Andy Moreton
2010-03-16 21:49 ` Eli Zaretskii
2010-03-20 12:19 ` Andreas Schwab
2010-03-20 15:45 ` Andreas Schwab
2010-03-20 16:20 ` Eli Zaretskii
2010-03-20 16:24 ` Andreas Schwab
2010-03-20 16:31 ` Eli Zaretskii
2010-03-24 13:50 ` Andy Moreton
2010-03-24 21:34 ` Chong Yidong
2010-03-25 4:14 ` Eli Zaretskii
2010-03-25 16:35 ` Chong Yidong
2010-03-25 19:51 ` Eli Zaretskii
2010-03-20 16:29 ` Eli Zaretskii
2010-03-20 16:46 ` Andreas Schwab
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).