bug#18473: 24.4.50; SEGFAULT when vconcatting more than 2048 vectors

all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Dmitry Antipov <dmantipov@yandex.ru>
To: Michael Welsh Duggan <md5i@md5i.com>,
	Stefan Monnier <monnier@IRO.UMontreal.CA>
Cc: 18473@debbugs.gnu.org
Subject: bug#18473: 24.4.50; SEGFAULT when vconcatting more than 2048 vectors
Date: Mon, 15 Sep 2014 10:38:19 +0400	[thread overview]
Message-ID: <5416895B.4080807@yandex.ru> (raw)
In-Reply-To: <5415CC07.2010702@yandex.ru>

[-- Attachment #1: Type: text/plain, Size: 1469 bytes --]

On 09/14/2014 09:10 PM, Dmitry Antipov wrote:

> In eval.c:
>
>    2134        else if (XSUBR (fun)->max_args == MANY)
>    2135          {
>    2136            /* Pass a vector of evaluated arguments.  */
>    2137            Lisp_Object *vals;
>    2138            ptrdiff_t argnum = 0;
>    2139            USE_SAFE_ALLOCA;
>    2140
>    2141            SAFE_ALLOCA_LISP (vals, XINT (numargs));
>    2142
>    2143            GCPRO3 (args_left, fun, fun);
>    2144            gcpro3.var = vals;
>    2145            gcpro3.nvars = 0;
>    2146
>    2147            while (!NILP (args_left))
>    2148              {
>    2149                vals[argnum++] = eval_sub (Fcar (args_left));
>    2150                args_left = Fcdr (args_left);
>    2151                gcpro3.nvars = argnum;
>    2152              }
>    2153
>    2154            set_backtrace_args (specpdl_ptr - 1, vals);
>    2155            set_backtrace_nargs (specpdl_ptr - 1, XINT (numargs));
>    2156
>    2157            val = (XSUBR (fun)->function.aMANY) (XINT (numargs), vals);
>    2158            UNGCPRO;
>    2159            SAFE_FREE ();
>    2160          }
>
> At 2141, if numargs is > 2047 (and so allocation size exceeds MAX_ALLOCA on
> a 64-bit system), SAFE_ALLOCA_LISP pushes an entry of type SPECPDL_UNWIND to
> specpdl stack.  At line 2154, set_backtrace_args modifies this entry assuming
> SPECPDL_BACKTRACE.  Oops.

Michael, try this.  Stefan, please review.

Dmitry



[-- Attachment #2: bug18473.patch --]
[-- Type: text/x-diff, Size: 1487 bytes --]

=== modified file 'src/eval.c'
--- src/eval.c	2014-09-02 06:29:01 +0000
+++ src/eval.c	2014-09-15 06:22:26 +0000
@@ -179,17 +179,11 @@
 /* Functions to modify slots of backtrace records.  */
 
 static void
-set_backtrace_args (union specbinding *pdl, Lisp_Object *args)
+set_backtrace_args (union specbinding *pdl, Lisp_Object *args, ptrdiff_t nargs)
 {
   eassert (pdl->kind == SPECPDL_BACKTRACE);
   pdl->bt.args = args;
-}
-
-static void
-set_backtrace_nargs (union specbinding *pdl, ptrdiff_t n)
-{
-  eassert (pdl->kind == SPECPDL_BACKTRACE);
-  pdl->bt.nargs = n;
+  pdl->bt.nargs = nargs;
 }
 
 static void
@@ -2151,8 +2145,7 @@
 	      gcpro3.nvars = argnum;
 	    }
 
-	  set_backtrace_args (specpdl_ptr - 1, vals);
-	  set_backtrace_nargs (specpdl_ptr - 1, XINT (numargs));
+	  set_backtrace_args (backtrace_top (), vals, XINT (numargs));
 
 	  val = (XSUBR (fun)->function.aMANY) (XINT (numargs), vals);
 	  UNGCPRO;
@@ -2173,8 +2166,7 @@
 
 	  UNGCPRO;
 
-	  set_backtrace_args (specpdl_ptr - 1, argvals);
-	  set_backtrace_nargs (specpdl_ptr - 1, XINT (numargs));
+	  set_backtrace_args (backtrace_top (), argvals, XINT (numargs));
 
 	  switch (i)
 	    {
@@ -2919,8 +2911,8 @@
 
   UNGCPRO;
 
-  set_backtrace_args (specpdl_ptr - 1, arg_vector);
-  set_backtrace_nargs (specpdl_ptr - 1, i);
+  set_backtrace_args (backtrace_top (), arg_vector, i);
+
   tem = funcall_lambda (fun, numargs, arg_vector);
 
   /* Do the debug-on-exit now, while arg_vector still exists.  */

next prev parent reply	other threads:[~2014-09-15  6:38 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-14  2:37 bug#18473: 24.4.50; SEGFAULT when vconcatting more than 2048 vectors Michael Welsh Duggan
2014-09-14 17:10 ` Dmitry Antipov
2014-09-15  6:38   ` Dmitry Antipov [this message]
2014-09-15 13:09     ` Stefan Monnier
2014-09-15 15:04       ` Dmitry Antipov
2014-09-15 19:15         ` Stefan Monnier
2014-09-16  4:19           ` Dmitry Antipov
2014-09-23 15:52 ` Paul Eggert

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5416895B.4080807@yandex.ru \
    --to=dmantipov@yandex.ru \
    --cc=18473@debbugs.gnu.org \
    --cc=md5i@md5i.com \
    --cc=monnier@IRO.UMontreal.CA \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.