From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Dmitry Antipov <dmantipov@yandex.ru>
Newsgroups: gmane.emacs.bugs
Subject: bug#16502: segmentation fault with org-capture
Date: Mon, 20 Jan 2014 12:20:59 +0400
Message-ID: <52DCDC6B.9090209@yandex.ru>
References: <CAMkm6pqQqmQLVCxGgHEPyxWL639YUKe_CP0ymxvra-Q=47zQsw@mail.gmail.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: ger.gmane.org 1390206133 31944 80.91.229.3 (20 Jan 2014 08:22:13 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 20 Jan 2014 08:22:13 +0000 (UTC)
Cc: 16502@debbugs.gnu.org
To: Nathan Froyd <froydnj@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Jan 20 09:22:20 2014
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1W5A7g-0008G6-9T
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 20 Jan 2014 09:22:20 +0100
Original-Received: from localhost ([::1]:49259 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1W5A7f-0006Dp-Pl
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 20 Jan 2014 03:22:19 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36416)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1W5A7W-0006DW-3F
	for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 03:22:17 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1W5A7P-0006Jw-4h
	for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 03:22:10 -0500
Original-Received: from debbugs.gnu.org ([140.186.70.43]:43500)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1W5A7O-0006Jr-Up
	for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 03:22:03 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1W5A7O-0000C8-Hj
	for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 03:22:02 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Dmitry Antipov <dmantipov@yandex.ru>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 20 Jan 2014 08:22:02 +0000
Resent-Message-ID: <handler.16502.B16502.1390206068667@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 16502
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 16502-submit@debbugs.gnu.org id=B16502.1390206068667
	(code B ref 16502); Mon, 20 Jan 2014 08:22:02 +0000
Original-Received: (at 16502) by debbugs.gnu.org; 20 Jan 2014 08:21:08 +0000
Original-Received: from localhost ([127.0.0.1]:57519 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1W5A6V-0000Af-0S
	for submit@debbugs.gnu.org; Mon, 20 Jan 2014 03:21:07 -0500
Original-Received: from forward2l.mail.yandex.net ([84.201.143.145]:55607)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <dmantipov@yandex.ru>) id 1W5A6Q-0000A8-7G
	for 16502@debbugs.gnu.org; Mon, 20 Jan 2014 03:21:03 -0500
Original-Received: from smtp3h.mail.yandex.net (smtp3h.mail.yandex.net [84.201.186.20])
	by forward2l.mail.yandex.net (Yandex) with ESMTP id AD4A81AC07C3;
	Mon, 20 Jan 2014 12:21:00 +0400 (MSK)
Original-Received: from smtp3h.mail.yandex.net (localhost [127.0.0.1])
	by smtp3h.mail.yandex.net (Yandex) with ESMTP id 52B611B409F4;
	Mon, 20 Jan 2014 12:21:00 +0400 (MSK)
Original-Received: from unknown (unknown [37.139.80.10])
	by smtp3h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id
	vY0OlrZSxg-L0lausLJ; Mon, 20 Jan 2014 12:21:00 +0400
	(using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits))
	(Client certificate not present)
X-Yandex-Uniq: 57f150b5-2250-4eb1-8bc2-3b0887061207
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail;
	t=1390206060; bh=yPPz8x8QEbLnnEak+khBuzysnnIKZrYV/pv9U6oscZM=;
	h=Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:
	References:In-Reply-To:Content-Type:Content-Transfer-Encoding;
	b=bAfBuvH6n5dY7pswSM3SpI9WyYYNxv7Bj4AF2nmzvYSsjHorqHEWyTBMBM/l4PdCA
	tKudr9jfx4LcqQUhVhvvK8jmAzlnJ8GsBh2bVfVhWp7b+Z2fqqEf+zdRVLi9usYo32
	uJH56tifCXta8R5spA5AoxKr21ijxqUiJNPwCgkY=
Authentication-Results: smtp3h.mail.yandex.net; dkim=pass header.i=@yandex.ru
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:24.0) Gecko/20100101 Thunderbird/24.2.0
In-Reply-To: <CAMkm6pqQqmQLVCxGgHEPyxWL639YUKe_CP0ymxvra-Q=47zQsw@mail.gmail.com>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:83752
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/83752>

On 01/20/2014 01:15 AM, Nathan Froyd wrote:

> Given this initialization file, bug-init:
[...skip...]

Reproduced in trunk (as of r116077). Could you please run undumped (temacs)
under valgrind? With your recipe, I'm seeing nasty memory management error:

valgrind --tool=memcheck ./src/temacs -Q -l /tmp/bug16502.el

==>

==10951== Invalid read of size 8
==10951==    at 0x56142D: PSEUDOVECTOR_TYPEP (lisp.h:2377)
==10951==    by 0x56149C: PSEUDOVECTORP (lisp.h:2391)
==10951==    by 0x561575: BUFFERP (lisp.h:2437)
==10951==    by 0x673C47: find_interval (intervals.c:669)
==10951==    by 0x6796F7: validate_interval_range (textprop.c:212)
==10951==    by 0x67B190: Ftext_properties_at (textprop.c:601)
==10951==    by 0x67B245: Fget_text_property (textprop.c:621)
==10951==    by 0x51FAD4: face_at_buffer_position (xfaces.c:5987)
==10951==    by 0x4439FD: handle_face_prop (xdisp.c:3815)
==10951==    by 0x4427D0: handle_stop (xdisp.c:3319)
==10951==    by 0x44C416: reseat (xdisp.c:6359)
==10951==    by 0x441789: init_iterator (xdisp.c:2975)
==10951==  Address 0x763cb10 is 0 bytes inside a block of size 960 free'd
==10951==    at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==10951==    by 0x5E1470: lisp_free (alloc.c:931)
==10951==    by 0x5EA618: gc_sweep (alloc.c:6637)
==10951==    by 0x5E8181: Fgarbage_collect (alloc.c:5572)
==10951==    by 0x562277: maybe_gc (lisp.h:4518)
==10951==    by 0x60A36B: eval_sub (eval.c:2075)
==10951==    by 0x6084A3: internal_lisp_condition_case (eval.c:1314)
==10951==    by 0x656A46: exec_byte_code (bytecode.c:1169)
==10951==    by 0x60C8DD: funcall_lambda (eval.c:2974)
==10951==    by 0x60C275: Ffuncall (eval.c:2855)
==10951==    by 0x60AE7C: Fapply (eval.c:2292)
==10951==    by 0x60BF66: Ffuncall (eval.c:2787)

I.e. the buffer is swept by GC and then (de)referenced in find_interval.

Dmitry