From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#22526: 25.0.90; Crash starting gnus
Date: Fri, 12 Feb 2016 18:16:32 +0200
Message-ID: <83fuwx7vkv.fsf@gnu.org>
References: <56AFD88B.5040904@gmail.com> <87pow9cc0c.fsf@gnus.org>
	<83h9hkse78.fsf@gnu.org> <864mdk44q6.fsf@gmail.com>
	<83mvrcqli1.fsf@gnu.org> <86twlg2e69.fsf@gmail.com>
	<8360xv9ems.fsf@gnu.org> <8637sz7xmh.fsf@gmail.com>
	<83io1v7xcd.fsf@gnu.org> <vz17fiayrv6.fsf@gmail.com>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: plane.gmane.org
X-Trace: ger.gmane.org 1455293847 13704 80.91.229.3 (12 Feb 2016 16:17:27 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Fri, 12 Feb 2016 16:17:27 +0000 (UTC)
Cc: 22526@debbugs.gnu.org
To: Andy Moreton <andrewjmoreton@gmail.com>,
	Fabrice Popineau <fabrice.popineau@gmail.com>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Feb 12 17:17:16 2016
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aUGPD-0000X4-6g
	for geb-bug-gnu-emacs@m.gmane.org; Fri, 12 Feb 2016 17:17:15 +0100
Original-Received: from localhost ([::1]:34010 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aUGP8-0001Hv-MS
	for geb-bug-gnu-emacs@m.gmane.org; Fri, 12 Feb 2016 11:17:10 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:45957)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aUGP5-0001Hp-Cd
	for bug-gnu-emacs@gnu.org; Fri, 12 Feb 2016 11:17:08 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aUGP0-0004Vs-3f
	for bug-gnu-emacs@gnu.org; Fri, 12 Feb 2016 11:17:07 -0500
Original-Received: from debbugs.gnu.org ([208.118.235.43]:57224)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aUGOz-0004Vo-Vr
	for bug-gnu-emacs@gnu.org; Fri, 12 Feb 2016 11:17:02 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aUGOz-0003v4-SR
	for bug-gnu-emacs@gnu.org; Fri, 12 Feb 2016 11:17:01 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Fri, 12 Feb 2016 16:17:01 +0000
Resent-Message-ID: <handler.22526.B22526.145529380715044@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 22526
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: moreinfo
Original-Received: via spool by 22526-submit@debbugs.gnu.org id=B22526.145529380715044
	(code B ref 22526); Fri, 12 Feb 2016 16:17:01 +0000
Original-Received: (at 22526) by debbugs.gnu.org; 12 Feb 2016 16:16:47 +0000
Original-Received: from localhost ([127.0.0.1]:38132 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aUGOl-0003uZ-6N
	for submit@debbugs.gnu.org; Fri, 12 Feb 2016 11:16:47 -0500
Original-Received: from eggs.gnu.org ([208.118.235.92]:54860)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <eliz@gnu.org>) id 1aUGOj-0003uM-8t
	for 22526@debbugs.gnu.org; Fri, 12 Feb 2016 11:16:45 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1aUGOZ-0004Oy-0K
	for 22526@debbugs.gnu.org; Fri, 12 Feb 2016 11:16:39 -0500
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:33760)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
	id 1aUGOY-0004Or-Tv; Fri, 12 Feb 2016 11:16:34 -0500
Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:2352
	helo=home-c4e4a596f7)
	by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.82) (envelope-from <eliz@gnu.org>)
	id 1aUGOY-0006mA-6w; Fri, 12 Feb 2016 11:16:34 -0500
In-reply-to: <vz17fiayrv6.fsf@gmail.com> (message from Andy Moreton on Fri, 12
	Feb 2016 13:34:37 +0000)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:112936
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/112936>

> From: Andy Moreton <andrewjmoreton@gmail.com>
> Date: Fri, 12 Feb 2016 13:34:37 +0000
> 
> I have managed to reproduce the crash again, and kept the gdb
> session running.

Thanks.  Now that you've succeeded, I'm going to ask you to terminate
the debug session and try applying a patch ;-)

> 411	  *(Z_ADDR) = 0;
> (gdb) p Z_ADDR
> $1 = (unsigned char *) 0x200804 <error: Cannot access memory at address 0x200804>
> (gdb) p *(Z_ADDR)
> Cannot access memory at address 0x200804
> 
> (gdb) p/x *(Z_ADDR - 0x804)
> Cannot access memory at address 0x200000
> (gdb) p/x *(Z_ADDR - 0x805)
> $16 = 0x0
> 
> (gdb) p/x (Z_ADDR - 0x805) - BEG_ADDR
> $18 = 0xffff

This means that, when enlarging buffer text, we failed to commit
memory beyond the initial 64KB, whereas the buffer was enlarged by
almost 4K beyond that.  This is unexpected (does your system exhibit
symptoms of memory pressure?), but the code which handles such a
possible failure to commit reserved pages is not safe in that case.
Please try the patch below, and see if these crashes go away.

Fabrice, can you read this thread and suggest other ideas for how
could this happen?  Do you think the patch below is TRT and should be
committed to the repository in any case?

diff --git a/src/w32heap.c b/src/w32heap.c
index 00da86a..f56d01b 100644
--- a/src/w32heap.c
+++ b/src/w32heap.c
@@ -700,6 +700,8 @@ mmap_realloc (void **var, size_t nbytes)
   /* We need to enlarge the block.  */
   if (memInfo.RegionSize < nbytes)
     {
+      void *old_ptr;
+
       if (VirtualQuery (*var + memInfo.RegionSize, &m2, sizeof(m2)) == 0)
         DebPrint (("mmap_realloc: VirtualQuery error = %ld\n",
 		   GetLastError ()));
@@ -717,7 +719,7 @@ mmap_realloc (void **var, size_t nbytes)
 	    {
 	      DebPrint (("realloc enlarge: VirtualAlloc error %ld\n",
 			 GetLastError ()));
-	      errno = ENOMEM;
+	      goto enlarge_block;
 	    }
 	  return *var;
 	}
@@ -726,7 +728,8 @@ mmap_realloc (void **var, size_t nbytes)
 	  /* Else we must actually enlarge the block by allocating a
 	     new one and copying previous contents from the old to the
 	     new one.  */
-	  void *old_ptr = *var;
+	enlarge_block:
+	  old_ptr = *var;
 
 	  if (mmap_alloc (var, nbytes))
 	    {