From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.devel Subject: Re: Emacs 23.1.93 pretest Date: Sun, 28 Feb 2010 00:22:30 +0200 Message-ID: <83eik6co9l.fsf@gnu.org> References: <87pr3rny7e.fsf@stupidchicken.com> <83fx4n122q.fsf@gnu.org> <833a0ndlo0.fsf@gnu.org> <83vddidh73.fsf@gnu.org> <83hbp2cxgx.fsf@gnu.org> <87aauugy1g.fsf@stupidchicken.com> Reply-To: Eli Zaretskii NNTP-Posting-Host: lo.gmane.org X-Trace: dough.gmane.org 1267309361 4608 80.91.229.12 (27 Feb 2010 22:22:41 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Sat, 27 Feb 2010 22:22:41 +0000 (UTC) Cc: emacs-devel@gnu.org To: Chong Yidong Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Sat Feb 27 23:22:36 2010 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1NlV3U-0006As-6P for ged-emacs-devel@m.gmane.org; Sat, 27 Feb 2010 23:22:36 +0100 Original-Received: from localhost ([127.0.0.1]:45076 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NlV3T-0002LG-GN for ged-emacs-devel@m.gmane.org; Sat, 27 Feb 2010 17:22:35 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1NlV3N-0002Kl-KI for emacs-devel@gnu.org; Sat, 27 Feb 2010 17:22:29 -0500 Original-Received: from [140.186.70.92] (port=56940 helo=eggs.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1NlV3M-0002Kc-8p for emacs-devel@gnu.org; Sat, 27 Feb 2010 17:22:28 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69) (envelope-from ) id 1NlV3K-0001cU-5k for emacs-devel@gnu.org; Sat, 27 Feb 2010 17:22:28 -0500 Original-Received: from mtaout22.012.net.il ([80.179.55.172]:61204) by eggs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1NlV3I-0001c4-SP for emacs-devel@gnu.org; Sat, 27 Feb 2010 17:22:25 -0500 Original-Received: from conversion-daemon.a-mtaout22.012.net.il by a-mtaout22.012.net.il (HyperSendmail v2007.08) id <0KYI00700TXMXP00@a-mtaout22.012.net.il> for emacs-devel@gnu.org; Sun, 28 Feb 2010 00:22:23 +0200 (IST) Original-Received: from HOME-C4E4A596F7 ([77.126.163.172]) by a-mtaout22.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0KYI006L3U5APL30@a-mtaout22.012.net.il>; Sun, 28 Feb 2010 00:22:23 +0200 (IST) In-reply-to: <87aauugy1g.fsf@stupidchicken.com> X-012-Sender: halo1@inter.net.il X-detected-operating-system: by eggs.gnu.org: Solaris 10 (beta) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:121457 Archived-At: > From: Chong Yidong > Cc: emacs-devel@gnu.org > Date: Sat, 27 Feb 2010 16:37:47 -0500 > > Eli Zaretskii writes: > > > "bzr bisect" points to this change as the reason for this bug: > > > > 2010-02-05 Chong Yidong > > > > * charset.c (load_charset_map_from_file): Allocate large > > charset_map_entries structure on the heap rather than the stack. > > (Bug#5526). > > > > The revisions before this change works correctly; all revisions after > > it fail as described above. > > Hmm, this is strange. This change (actually the succeeding 2010-02-06 > change to the same place) switches from using alloca to SAFE_ALLOCA > (i.e. malloc, since the desired structure is large). But the only way I > can see for this code to crash is if load_charset_map somehow makes a > pointer into the allocated structure. But in that case, the old alloca > case should have crashed too. Yes, it _is_ weird. But the effect (see below) does look like we are freeing memory being used, or maybe overwriting some allocated buffer, or in some other way thrashing the arena. > If you remove the SAFE_FREE () calls, does that prevent the crash? There's only one SAFE_FREE call that I see; if I remove it, temacs crashes at loadup time, when it loads mule-conf. So I cannot even get as far as building Emacs. Btw, the problem I was trying to reproduce with "bzr bisect" was not a crash, but rather the fact that visiting an emacs-mule encoded desktop file with that Latin-2 character in it caused some 15K characters following the Latin-2 one be overwritten with nulls. The original crash somehow happens only when I click on an icon that invokes runemacs.exe, and I cannot reproduce it with the -Q switch. But since both issues seem to be related to decoding emacs-mule, and they both happen when visiting or loading the .emacs.desktop file, I'm assuming that these are different manifestations of the same problem.