From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#21380: 25.0.50; GTK-induced segfault when scheduling timer from window-configuration-change-hook Date: Sun, 30 Aug 2015 19:39:05 +0300 Message-ID: <83k2sc20k6.fsf@gnu.org> References: <83mvx8252m.fsf@gnu.org> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org X-Trace: ger.gmane.org 1440952823 12522 80.91.229.3 (30 Aug 2015 16:40:23 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 30 Aug 2015 16:40:23 +0000 (UTC) Cc: 21380@debbugs.gnu.org To: Pip Cet Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Aug 30 18:40:12 2015 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1ZW5eO-00030k-06 for geb-bug-gnu-emacs@m.gmane.org; Sun, 30 Aug 2015 18:40:12 +0200 Original-Received: from localhost ([::1]:59436 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZW5eO-0001cR-8A for geb-bug-gnu-emacs@m.gmane.org; Sun, 30 Aug 2015 12:40:12 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33306) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZW5eJ-0001Z1-E6 for bug-gnu-emacs@gnu.org; Sun, 30 Aug 2015 12:40:08 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZW5eG-0003Ql-0J for bug-gnu-emacs@gnu.org; Sun, 30 Aug 2015 12:40:07 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:50680) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZW5eF-0003QH-QI for bug-gnu-emacs@gnu.org; Sun, 30 Aug 2015 12:40:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1ZW5eF-0008Gh-3C for bug-gnu-emacs@gnu.org; Sun, 30 Aug 2015 12:40:03 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 30 Aug 2015 16:40:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 21380 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 21380-submit@debbugs.gnu.org id=B21380.144095276831737 (code B ref 21380); Sun, 30 Aug 2015 16:40:03 +0000 Original-Received: (at 21380) by debbugs.gnu.org; 30 Aug 2015 16:39:28 +0000 Original-Received: from localhost ([127.0.0.1]:42890 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZW5dg-0008Fo-2G for submit@debbugs.gnu.org; Sun, 30 Aug 2015 12:39:28 -0400 Original-Received: from mtaout26.012.net.il ([80.179.55.182]:40118) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1ZW5dd-0008Fe-EH for 21380@debbugs.gnu.org; Sun, 30 Aug 2015 12:39:26 -0400 Original-Received: from conversion-daemon.mtaout26.012.net.il by mtaout26.012.net.il (HyperSendmail v2007.08) id <0NTW00800LZETN00@mtaout26.012.net.il> for 21380@debbugs.gnu.org; Sun, 30 Aug 2015 19:41:04 +0300 (IDT) Original-Received: from HOME-C4E4A596F7 ([84.94.185.246]) by mtaout26.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0NTW000GSMCGF780@mtaout26.012.net.il>; Sun, 30 Aug 2015 19:41:04 +0300 (IDT) In-reply-to: X-012-Sender: halo1@inter.net.il X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:105984 Archived-At: > Date: Sun, 30 Aug 2015 15:24:26 +0000 > From: Pip Cet > Cc: 21380@debbugs.gnu.org > > > Further investigation indicates that > > window-configuration-change-hook was called in the middle of concat: > > Did you understand how this fact is related to the segfault? > > > I _think_ I do. > > 1. concat called with args[0] == Vtimer_list > 2. concat stores result_len (=4) > 3. concat calls make_list (4) > 4. make_list interrupted by QUIT > 5. see stack trace > 6. window-configuration-change-hook modifies Vtimer_list, which now has length > 5 > 7. control returns to concat > 8. concat tries to write 5 elements into a 4-element list, which causes the > segfault because `tail' is unexpectedly NULL. > > Does that make sense to you? It does, but there's one additional factor that was supposed to prevent such problems: the first thing timer_check does is copy Vtimer_list to a local variable; then it works on that copy. So whatever happens in the meantime to Vtimer_list should not have affected concat, because concat is called on a copy. Which part of this doesn't work, and why?