From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: martin rudalics Newsgroups: gmane.emacs.bugs Subject: bug#20802: Segfault when showing non-GTK+ tooltip Date: Sat, 13 Jun 2015 15:24:02 +0200 Message-ID: <557C2EF2.5030308@gmx.at> References: <1434187118.10061.4.camel@gmx.de> <83381wq76d.fsf@gnu.org> <557C0526.5050607@gmx.at> <831thfri91.fsf@gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1434201924 11233 80.91.229.3 (13 Jun 2015 13:25:24 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 13 Jun 2015 13:25:24 +0000 (UTC) Cc: tobias.getzner@gmx.de, 20802@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Jun 13 15:25:13 2015 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Z3lQv-0007IL-AG for geb-bug-gnu-emacs@m.gmane.org; Sat, 13 Jun 2015 15:25:13 +0200 Original-Received: from localhost ([::1]:55978 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Z3lQu-0004Bv-J1 for geb-bug-gnu-emacs@m.gmane.org; Sat, 13 Jun 2015 09:25:12 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:58711) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Z3lQq-0004AJ-5l for bug-gnu-emacs@gnu.org; Sat, 13 Jun 2015 09:25:09 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Z3lQm-0007zh-NF for bug-gnu-emacs@gnu.org; Sat, 13 Jun 2015 09:25:08 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:38007) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Z3lQm-0007zF-KX for bug-gnu-emacs@gnu.org; Sat, 13 Jun 2015 09:25:04 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1Z3lQl-00049v-MC for bug-gnu-emacs@gnu.org; Sat, 13 Jun 2015 09:25:03 -0400 X-Loop: help-debbugs@gnu.org Resent-From: martin rudalics Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 13 Jun 2015 13:25:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 20802 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 20802-submit@debbugs.gnu.org id=B20802.143420186115927 (code B ref 20802); Sat, 13 Jun 2015 13:25:03 +0000 Original-Received: (at 20802) by debbugs.gnu.org; 13 Jun 2015 13:24:21 +0000 Original-Received: from localhost ([127.0.0.1]:52467 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Z3lQ4-00048o-BK for submit@debbugs.gnu.org; Sat, 13 Jun 2015 09:24:21 -0400 Original-Received: from mout.gmx.net ([212.227.15.18]:58096) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Z3lQ2-00048a-6K for 20802@debbugs.gnu.org; Sat, 13 Jun 2015 09:24:19 -0400 Original-Received: from [188.22.238.237] ([188.22.238.237]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0LsCdj-1ZAFGu1lTr-013sNl; Sat, 13 Jun 2015 15:24:11 +0200 In-Reply-To: <831thfri91.fsf@gnu.org> X-Provags-ID: V03:K0:rhXgKLmDzAiSMS9vj/YbsOh6QrvWJrltINE/nLTqyfHUpUOk/f9 u5P3W23XCMjOWhWmLQ8CtEN25jpi22i9ot3+TAsDTUqM5ouGvLd8G7/72LlWMId47lqB0qC lg+3x1/qDwTdxc3GCGg3JV4EUYnXB+z4Pi+isI9LVOJXThqJ0Qki/51+hYPm7DSESkk+H+C 2boQ5RcMLI7xVuKoG9S2A== X-UI-Out-Filterresults: notjunk:1; X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:103892 Archived-At: > Thanks, but I still cannot reproduce this. (On what OS did you > reproduce it?) A Gtk build on Debian. Run with all my customizations. > I also see no backtrace buffers, just a silent message > in *Messages* about its being unable to load the bogus color I > specified. Can you help by showing values of variables involved in > the crash? > >> #0 0x00000000006c9b5c in cache_image (f=3D0x13a7e00, img=3D0x198ee20= ) at ../../src/image.c:1775 > > Is this in v24.5 or in the current master? If the latter, line 1775 > of image.c is this: > > else if (EQ (ascent, Qcenter)) > img->ascent =3D CENTERED_IMAGE_ASCENT; <<<<<<<<<<<<< > > So is value of img a NULL pointer? (The argument img in the call > above indicates it's non-NULL, but maybe your GDB shows only the value= > at entry?) > > If it's not NULL, and this is the correct line, then what caused the > crash? Sorry, I forgot to tell. Line 1775 of image.c here is for (i =3D 0; i < c->used; ++i) in the context of struct image_cache *c =3D FRAME_IMAGE_CACHE (f); ptrdiff_t i; /* Find a free slot in c->images. */ for (i =3D 0; i < c->used; ++i) if (c->images[i] =3D=3D NULL) break; /* If no free slot found, maybe enlarge c->images. */ in cache_image. i is still 0 and I get (gdb) p c->used Cannot access memory at address 0x18 which should explain the direct cause of the segfault. This is from a not-up-to-date version of trunk with some modifications I made (none in image.c though). A backtrace with some more data from the Lisp part is below. > (I'm also puzzled what does this have to do with tooltips, since we > show no images in the tooltips, and customizing faces for the tooltip > frames should not affect showing images in other frames.) Maybe it's the =E2=80=98debug=E2=80=99 call interfering? martin #0 0x00000000006c9b5c in cache_image (f=3D0x13a7e00, img=3D0x249e010) at= ../../src/image.c:1775 #1 0x00000000006c96e3 in lookup_image (f=3D0x13a7e00, spec=3D...) at ../= =2E./src/image.c:1686 #2 0x000000000044bebc in handle_single_display_spec (it=3D0x7fffffff46f0= , spec=3D..., object=3D..., overlay=3D..., position=3D0x7fffffff4828, buf= pos=3D203, display_replaced=3D0, frame_window_p=3Dtrue) at ../../src/xdis= p.c:5137 #3 0x00000000004498cd in handle_display_spec (it=3D0x7fffffff46f0, spec=3D= =2E.., object=3D..., overlay=3D..., position=3D0x7fffffff4828, bufpos=3D2= 03, frame_window_p=3Dtrue) at ../../src/xdisp.c:4654 #4 0x00000000004492c8 in handle_display_prop (it=3D0x7fffffff46f0) at ..= /../src/xdisp.c:4576 #5 0x0000000000445e8d in handle_stop (it=3D0x7fffffff46f0) at ../../src/= xdisp.c:3299 #6 0x0000000000454ee3 in next_element_from_buffer (it=3D0x7fffffff46f0) = at ../../src/xdisp.c:8133 #7 0x00000000004511b5 in get_next_display_element (it=3D0x7fffffff46f0) = at ../../src/xdisp.c:6785 #8 0x000000000047e4ea in display_line (it=3D0x7fffffff46f0) at ../../src= /xdisp.c:20132 #9 0x00000000004719a2 in try_window (window=3D..., pos=3D..., flags=3D1)= at ../../src/xdisp.c:16892 #10 0x000000000046df50 in redisplay_window (window=3D..., just_this_one_p= =3Dfalse) at ../../src/xdisp.c:16365 #11 0x00000000004654d0 in redisplay_window_0 (window=3D...) at ../../src/= xdisp.c:14184 #12 0x0000000000625c43 in internal_condition_case_1 (bfun=3D0x46548e , arg=3D..., handlers=3D..., hfun=3D0x465456 ) at ../../src/eval.c:1372 #13 0x000000000046542c in redisplay_windows (window=3D...) at ../../src/x= disp.c:14164 #14 0x00000000004653e2 in redisplay_windows (window=3D...) at ../../src/x= disp.c:14158 #15 0x00000000004641e1 in redisplay_internal () at ../../src/xdisp.c:1375= 6 #16 0x0000000000461e04 in redisplay () at ../../src/xdisp.c:13019 #17 0x000000000057d4a3 in read_char (commandflag=3D1, map=3D..., prev_eve= nt=3D..., used_mouse_menu=3D0x7fffffff9d8f, end_time=3D0x0) at ../../src/= keyboard.c:2542 #18 0x000000000058e17f in read_key_sequence (keybuf=3D0x7fffffff9f60, buf= size=3D30, prompt=3D..., dont_downcase_last=3Dfalse, can_return_switch_fr= ame=3Dtrue, fix_current_buffer=3Dtrue, prevent_redisplay=3Dfalse) at ../.= =2E/src/keyboard.c:9156 #19 0x000000000057a0e7 in command_loop_1 () at ../../src/keyboard.c:1407 #20 0x0000000000625ac9 in internal_condition_case (bfun=3D0x579c90 , handlers=3D..., hfun=3D0x579300 ) at ../../src/eva= l.c:1348 #21 0x00000000005798be in command_loop_2 (ignore=3D...) at ../../src/keyb= oard.c:1139 #22 0x0000000000624ec4 in internal_catch (tag=3D..., func=3D0x579895 , arg=3D...) at ../../src/eval.c:1108 #23 0x00000000005797f6 in command_loop () at ../../src/keyboard.c:1110 #24 0x0000000000578df7 in recursive_edit_1 () at ../../src/keyboard.c:728= #25 0x0000000000578ff3 in Frecursive_edit () at ../../src/keyboard.c:799 #26 0x000000000062978c in Ffuncall (nargs=3D1, args=3D0x7fffffffa408) at = =2E./../src/eval.c:2715 #27 0x0000000000675d20 in exec_byte_code (bytestr=3D..., vector=3D..., ma= xdepth=3D..., args_template=3D..., nargs=3D2, args=3D0x7fffffffac98) at .= =2E/../src/bytecode.c:919 #28 0x000000000062a11f in funcall_lambda (fun=3D..., nargs=3D2, arg_vecto= r=3D0x7fffffffac98) at ../../src/eval.c:2885 #29 0x0000000000629a1a in Ffuncall (nargs=3D3, args=3D0x7fffffffac90) at = =2E./../src/eval.c:2767 #30 0x0000000000628a06 in Fapply (nargs=3D2, args=3D0x7fffffffada0) at ..= /../src/eval.c:2337 #31 0x00000000006290fc in apply1 (fn=3D..., arg=3D...) at ../../src/eval.= c:2558 #32 0x0000000000622711 in call_debugger (arg=3D...) at ../../src/eval.c:3= 09 #33 0x0000000000626ab3 in maybe_call_debugger (conditions=3D..., sig=3D..= =2E, data=3D...) at ../../src/eval.c:1726 #34 0x00000000006262c8 in Fsignal (error_symbol=3D..., data=3D...) at ../= =2E./src/eval.c:1544 #35 0x00000000006263fe in xsignal (error_symbol=3D..., data=3D...) at ../= =2E./src/eval.c:1581 #36 0x000000000062663c in signal_error (s=3D0x6fd2de "Undefined color", a= rg=3D...) at ../../src/eval.c:1636 #37 0x000000000054c091 in x_decode_color (f=3D0x24d2c30, color_name=3D...= , mono_color=3D16777215) at ../../src/xfns.c:495 #38 0x000000000054c566 in x_set_background_color (f=3D0x24d2c30, arg=3D..= =2E, oldval=3D...) at ../../src/xfns.c:638 #39 0x000000000042d45d in x_set_frame_parameters (f=3D0x24d2c30, alist=3D= =2E..) at ../../src/frame.c:3152 #40 0x0000000000431ce6 in x_default_parameter (f=3D0x24d2c30, alist=3D...= , prop=3D..., deflt=3D..., xprop=3D0x6fd49d "background", xclass=3D0x6fd9= 08 "Background", type=3DRES_TYPE_STRING) at ../../src/frame.c:4374 #41 0x000000000055549d in x_create_tip_frame (dpyinfo=3D0x1621ee0, parms=3D= =2E.., text=3D...) at ../../src/xfns.c:5173 #42 0x0000000000556884 in Fx_show_tip (string=3D..., frame=3D..., parms=3D= =2E.., timeout=3D..., dx=3D..., dy=3D...) at ../../src/xfns.c:5543 #43 0x0000000000628116 in eval_sub (form=3D...) at ../../src/eval.c:2200 #44 0x0000000000622c5f in Fprogn (body=3D...) at ../../src/eval.c:445 #45 0x0000000000627c9a in eval_sub (form=3D...) at ../../src/eval.c:2131 #46 0x00000000006229d4 in Fif (args=3D...) at ../../src/eval.c:396 #47 0x0000000000627c9a in eval_sub (form=3D...) at ../../src/eval.c:2131 #48 0x0000000000622c5f in Fprogn (body=3D...) at ../../src/eval.c:445 #49 0x000000000062437c in FletX (args=3D...) at ../../src/eval.c:896 #50 0x0000000000627c9a in eval_sub (form=3D...) at ../../src/eval.c:2131 #51 0x0000000000622c5f in Fprogn (body=3D...) at ../../src/eval.c:445 #52 0x0000000000627c9a in eval_sub (form=3D...) at ../../src/eval.c:2131 #53 0x00000000006229d4 in Fif (args=3D...) at ../../src/eval.c:396 #54 0x0000000000627c9a in eval_sub (form=3D...) at ../../src/eval.c:2131 #55 0x0000000000622c5f in Fprogn (body=3D...) at ../../src/eval.c:445 #56 0x000000000062437c in FletX (args=3D...) at ../../src/eval.c:896 #57 0x0000000000627c9a in eval_sub (form=3D...) at ../../src/eval.c:2131 #58 0x0000000000622c5f in Fprogn (body=3D...) at ../../src/eval.c:445 #59 0x000000000062a511 in funcall_lambda (fun=3D..., nargs=3D0, arg_vecto= r=3D0x0) at ../../src/eval.c:2944 #60 0x0000000000629b19 in Ffuncall (nargs=3D1, args=3D0x7fffffffcbb0) at = =2E./../src/eval.c:2779 #61 0x000000000062853a in Fapply (nargs=3D2, args=3D0x7fffffffcbb0) at ..= /../src/eval.c:2289 #62 0x0000000000629676 in Ffuncall (nargs=3D3, args=3D0x7fffffffcba8) at = =2E./../src/eval.c:2698 #63 0x0000000000675d20 in exec_byte_code (bytestr=3D..., vector=3D..., ma= xdepth=3D..., args_template=3D..., nargs=3D0, args=3D0x0) at ../../src/by= tecode.c:919 #64 0x000000000062a5b1 in funcall_lambda (fun=3D..., nargs=3D1, arg_vecto= r=3D0xadb72d) at ../../src/eval.c:2951 #65 0x0000000000629a1a in Ffuncall (nargs=3D2, args=3D0x7fffffffd430) at = =2E./../src/eval.c:2767 #66 0x0000000000629153 in call1 (fn=3D..., arg1=3D...) at ../../src/eval.= c:2573 #67 0x0000000000582a83 in timer_check_2 (timers=3D..., idle_timers=3D...)= at ../../src/keyboard.c:4533 #68 0x0000000000582bf2 in timer_check () at ../../src/keyboard.c:4600 #69 0x000000000058008d in readable_events (flags=3D1) at ../../src/keyboa= rd.c:3434 #70 0x000000000058841c in get_input_pending (flags=3D1) at ../../src/keyb= oard.c:6818 #71 0x000000000058ff13 in detect_input_pending_run_timers (do_display=3Dt= rue) at ../../src/keyboard.c:9973 #72 0x0000000000684c13 in wait_reading_process_output (time_limit=3D2025,= nsecs=3D0, read_kbd=3D-1, do_display=3Dtrue, wait_for_cell=3D..., wait_p= roc=3D0x0, just_wait_proc=3D0) at ../../src/process.c:5014 #73 0x0000000000422610 in sit_for (timeout=3D..., reading=3Dtrue, display= _option=3D1) at ../../src/dispnew.c:5748 #74 0x000000000057de53 in read_char (commandflag=3D1, map=3D..., prev_eve= nt=3D..., used_mouse_menu=3D0x7fffffffe23f, end_time=3D0x0) at ../../src/= keyboard.c:2781 #75 0x000000000058e17f in read_key_sequence (keybuf=3D0x7fffffffe410, buf= size=3D30, prompt=3D..., dont_downcase_last=3Dfalse, can_return_switch_fr= ame=3Dtrue, fix_current_buffer=3Dtrue, prevent_redisplay=3Dfalse) at ../.= =2E/src/keyboard.c:9156 #76 0x000000000057a0e7 in command_loop_1 () at ../../src/keyboard.c:1407 #77 0x0000000000625ac9 in internal_condition_case (bfun=3D0x579c90 , handlers=3D..., hfun=3D0x579300 ) at ../../src/eva= l.c:1348 #78 0x00000000005798be in command_loop_2 (ignore=3D...) at ../../src/keyb= oard.c:1139 #79 0x0000000000624ec4 in internal_catch (tag=3D..., func=3D0x579895 , arg=3D...) at ../../src/eval.c:1108 #80 0x0000000000579860 in command_loop () at ../../src/keyboard.c:1118 #81 0x0000000000578df7 in recursive_edit_1 () at ../../src/keyboard.c:728= #82 0x0000000000578ff3 in Frecursive_edit () at ../../src/keyboard.c:799 #83 0x0000000000576cd3 in main (argc=3D1, argv=3D0x7fffffffe8e8) at ../..= /src/emacs.c:1626 Lisp Backtrace: "redisplay_internal (C function)" (0x0) "recursive-edit" (0xffffa410) "debug" (0xffffac98) "x-show-tip" (0xffffb810) "progn" (0xffffbb20) "if" (0xffffbd40) "let*" (0xffffc040) "progn" (0xffffc250) "if" (0xffffc470) "let*" (0xffffc770) "eldoc-tooltip--make" (0xffffcbb8) "apply" (0xffffcbb0) "timer-event-handler" (0xffffd438)