From: Eli Zaretskii <eliz@gnu.org>
To: Andy Moreton <andrewjmoreton@gmail.com>
Cc: 22526@debbugs.gnu.org
Subject: bug#22526: 25.0.90; Crash starting gnus
Date: Thu, 11 Feb 2016 22:27:23 +0200 [thread overview]
Message-ID: <8360xv9ems.fsf@gnu.org> (raw)
In-Reply-To: <86twlg2e69.fsf@gmail.com> (message from Andy Moreton on Thu, 11 Feb 2016 02:06:54 +0000)
> From: Andy Moreton <andrewjmoreton@gmail.com>
> Date: Thu, 11 Feb 2016 02:06:54 +0000
>
> Hopefully this is of some use.
It is, thanks. The plot thickens... This is one of those cases where
I'd give anything for a way to trace execution in reverse and see what
happened before the problem...
Anyway, is that GDB session still running? If so, could you please
try the following two GDB commands?
(gdb) p Z_ADDR
(gdb) p *(Z_ADDR)
If the last one says something about not being able to access memory
at address such-and-such, then please try a series of commands like
this:
(gdb) p/x *(Z_ADDR - 1)
(gdb) p/x *(Z_ADDR - 2)
(gdb) p/x *(Z_ADDR - 3)
etc., until you find the largest address which GDB succeeds to access
and report its contents. (If the first few commands still report
failure to access, it might be better to use larger offsets, and then
perform binary search once you find an accessible address.) The goal
is, assuming that Z_ADDR somehow points to memory outside of the
process address space, to find the last byte that is still inside the
address space. Then do this:
(gdb) p/x THAT_ADDRESS - BEG_ADDR
where THAT_ADDRESS is the last address that GDB can access.
I'd also like to ask you to add a couple of lines to make_gap_larger,
to help with debugging this, but I want to see the results of the
above first.
For the record, what seems to have happened here is that some Gnus
command caused Emacs to insert a 4K string into a buffer that was
63493 bytes long. In response, Emacs enlarged the buffer text to
accommodate those 4K, then moved the existing buffer text towards
higher address to enlarge the gap by 4K, in preparation for inserting
the string into the gap. Then it crashed when it tried to
null-terminate the enlarged buffer text. The crash is strange because
the code in gap_left, called just before the crash, should have
already accessed all the addresses up to and including the one
immediately preceding Z_ADDR. So this seems to imply that there's
some off-by-one error somewhere in the related code, but I don't see
it yet.
Btw, it sounds like it should be easy to reproduce this almost at
will, since the two backtraces are almost identical -- they both show
the same insertion of a 4096 byte string into a buffer by the default
process filter that reads stuff received from the news server. Could
you perhaps try coming up with such a reproducer, starting from
"emacs -Q"? That would make the debugging much more efficient.
Thanks.
next prev parent reply other threads:[~2016-02-11 20:27 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-01 22:13 bug#22526: 25.0.90; Crash starting gnus Andy Moreton
2016-02-07 5:42 ` Lars Ingebrigtsen
2016-02-07 16:00 ` Eli Zaretskii
2016-02-07 20:58 ` Andy Moreton
2016-02-07 21:05 ` Eli Zaretskii
2016-02-11 2:06 ` Andy Moreton
2016-02-11 20:27 ` Eli Zaretskii [this message]
2016-02-11 21:20 ` Andy Moreton
2016-02-11 21:26 ` Eli Zaretskii
2016-02-12 13:34 ` Andy Moreton
2016-02-12 16:16 ` Eli Zaretskii
2016-02-12 22:26 ` Andy Moreton
2016-02-13 8:28 ` Eli Zaretskii
2016-02-13 10:44 ` Eli Zaretskii
2016-02-13 16:08 ` Fabrice Popineau
2016-02-13 16:42 ` Eli Zaretskii
2016-02-13 21:35 ` Fabrice Popineau
2016-02-13 22:11 ` Eli Zaretskii
2016-02-13 23:44 ` Fabrice Popineau
2016-02-14 5:49 ` Eli Zaretskii
2016-02-14 9:05 ` Fabrice Popineau
2016-02-14 16:57 ` Eli Zaretskii
2016-02-14 5:41 ` Eli Zaretskii
2016-02-14 14:17 ` Andy Moreton
2016-02-14 16:55 ` Eli Zaretskii
2016-02-14 17:51 ` Eli Zaretskii
2016-02-14 21:04 ` Fabrice Popineau
2016-02-14 21:29 ` Eli Zaretskii
2016-02-14 21:31 ` Fabrice Popineau
2016-02-14 21:34 ` Eli Zaretskii
2016-02-14 21:41 ` Fabrice Popineau
2016-02-15 3:32 ` Eli Zaretskii
2016-02-15 8:09 ` Fabrice Popineau
2016-02-15 11:39 ` Eli Zaretskii
2016-02-13 15:16 ` Andy Moreton
2016-02-13 15:52 ` Eli Zaretskii
2016-02-13 21:26 ` Andy Moreton
2016-02-16 1:18 ` Andy Moreton
2016-02-16 3:46 ` Eli Zaretskii
2016-02-20 11:08 ` Eli Zaretskii
2016-02-20 16:17 ` Andy Moreton
2016-02-20 17:01 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8360xv9ems.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=22526@debbugs.gnu.org \
--cc=andrewjmoreton@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.