From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#23704: 25.1.50; Emacs crash in syntax.c
Date: Mon, 06 Jun 2016 17:52:41 +0300
Message-ID: <83inxmtlmu.fsf@gnu.org>
References: <84ziqyga76.fsf@gmail.com> <mvmporuu5ug.fsf@hawking.suse.de>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: plane.gmane.org
X-Trace: ger.gmane.org 1465227345 18931 80.91.229.3 (6 Jun 2016 15:35:45 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Mon, 6 Jun 2016 15:35:45 +0000 (UTC)
Cc: 23704@debbugs.gnu.org, vincent.belaiche@gmail.com
To: Andreas Schwab <schwab@suse.de>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Jun 06 17:35:34 2016
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1b9wYw-0007jx-7x
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 06 Jun 2016 17:35:34 +0200
Original-Received: from localhost ([::1]:43183 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1b9wYv-0008Ch-9A
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 06 Jun 2016 11:35:33 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:39442)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1b9vtr-0004dt-Nu
	for bug-gnu-emacs@gnu.org; Mon, 06 Jun 2016 10:53:08 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1b9vtm-0001ez-43
	for bug-gnu-emacs@gnu.org; Mon, 06 Jun 2016 10:53:07 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:44553)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1b9vtm-0001ev-0d
	for bug-gnu-emacs@gnu.org; Mon, 06 Jun 2016 10:53:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1b9vtl-0008Fa-R3
	for bug-gnu-emacs@gnu.org; Mon, 06 Jun 2016 10:53:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 06 Jun 2016 14:53:01 +0000
Resent-Message-ID: <handler.23704.B23704.146522474131654@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 23704
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 23704-submit@debbugs.gnu.org id=B23704.146522474131654
	(code B ref 23704); Mon, 06 Jun 2016 14:53:01 +0000
Original-Received: (at 23704) by debbugs.gnu.org; 6 Jun 2016 14:52:21 +0000
Original-Received: from localhost ([127.0.0.1]:56890 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1b9vt7-0008EU-5d
	for submit@debbugs.gnu.org; Mon, 06 Jun 2016 10:52:21 -0400
Original-Received: from eggs.gnu.org ([208.118.235.92]:48280)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <eliz@gnu.org>) id 1b9vt4-0008EF-NV
	for 23704@debbugs.gnu.org; Mon, 06 Jun 2016 10:52:19 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1b9vsv-0001V8-Mm
	for 23704@debbugs.gnu.org; Mon, 06 Jun 2016 10:52:13 -0400
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:52910)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
	id 1b9vsv-0001V2-Iu; Mon, 06 Jun 2016 10:52:09 -0400
Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:4034
	helo=home-c4e4a596f7)
	by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.82) (envelope-from <eliz@gnu.org>)
	id 1b9vst-0006jX-N8; Mon, 06 Jun 2016 10:52:08 -0400
In-reply-to: <mvmporuu5ug.fsf@hawking.suse.de> (message from Andreas Schwab on
	Mon, 06 Jun 2016 09:36:07 +0200)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:119150
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/119150>

> From: Andreas Schwab <schwab@suse.de>
> Date: Mon, 06 Jun 2016 09:36:07 +0200
> Cc: 23704@debbugs.gnu.org
> 
> > 2233                  if (! fastmap[SYNTAX (*p)])
> 
> I think I have seen a similar crash with the emacs-25 branch as well,
> but only once, and I couldn't reproduce it so far.

If my reading of the code is correct, we have pointers to buffer text
and the gap lying around, while invoking code that can GC (which
compacts buffers).  For example, the sequence of calls

   SETUP_SYNTAX_TABLE
    -> SETUP_BUFFER_SYNTAX_TABLE
        -> update_syntax_table_forward
           -> parse_sexp_propertize

could call Lisp, and that happens after we already computed the values
of p, endp, and stop.  Likewise the call to UPDATE_SYNTAX_TABLE_FORWARD
we make inside the loop.

If GC decides to compact the gap, it could well make a previously
valid pointer invalid.

Could that be the reason?