From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#16140: 24.3.50; GC tries to free invalid font objects Date: Sat, 14 Dec 2013 11:51:24 +0200 Message-ID: <83vbyrg3qb.fsf@gnu.org> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org X-Trace: ger.gmane.org 1387014742 7524 80.91.229.3 (14 Dec 2013 09:52:22 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 14 Dec 2013 09:52:22 +0000 (UTC) To: 16140@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Dec 14 10:52:27 2013 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1VrltY-0006iQ-HF for geb-bug-gnu-emacs@m.gmane.org; Sat, 14 Dec 2013 10:52:24 +0100 Original-Received: from localhost ([::1]:46629 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VrltY-0001J9-1j for geb-bug-gnu-emacs@m.gmane.org; Sat, 14 Dec 2013 04:52:24 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:37556) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VrltM-0001J2-4M for bug-gnu-emacs@gnu.org; Sat, 14 Dec 2013 04:52:21 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VrltC-0005kn-JY for bug-gnu-emacs@gnu.org; Sat, 14 Dec 2013 04:52:11 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:35212) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VrltC-0005kj-Fn for bug-gnu-emacs@gnu.org; Sat, 14 Dec 2013 04:52:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1VrltC-0005A6-4c for bug-gnu-emacs@gnu.org; Sat, 14 Dec 2013 04:52:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 14 Dec 2013 09:52:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 16140 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.138701471219821 (code B ref -1); Sat, 14 Dec 2013 09:52:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 14 Dec 2013 09:51:52 +0000 Original-Received: from localhost ([127.0.0.1]:49231 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vrlt1-00059b-9S for submit@debbugs.gnu.org; Sat, 14 Dec 2013 04:51:51 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:35775) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1Vrlsy-00059T-Td for submit@debbugs.gnu.org; Sat, 14 Dec 2013 04:51:49 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vrlsp-0005Va-4A for submit@debbugs.gnu.org; Sat, 14 Dec 2013 04:51:48 -0500 Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:45004) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vrlsp-0005VW-0p for submit@debbugs.gnu.org; Sat, 14 Dec 2013 04:51:39 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:37477) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vrlsh-0001Hj-LY for bug-gnu-emacs@gnu.org; Sat, 14 Dec 2013 04:51:38 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Vrlsa-0005Tk-Ai for bug-gnu-emacs@gnu.org; Sat, 14 Dec 2013 04:51:31 -0500 Original-Received: from mtaout23.012.net.il ([80.179.55.175]:32903) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Vrlsa-0005Tc-2D for bug-gnu-emacs@gnu.org; Sat, 14 Dec 2013 04:51:24 -0500 Original-Received: from conversion-daemon.a-mtaout23.012.net.il by a-mtaout23.012.net.il (HyperSendmail v2007.08) id <0MXS00300J8IOO00@a-mtaout23.012.net.il> for bug-gnu-emacs@gnu.org; Sat, 14 Dec 2013 11:51:22 +0200 (IST) Original-Received: from HOME-C4E4A596F7 ([87.69.4.28]) by a-mtaout23.012.net.il (HyperSendmail v2007.08) with ESMTPA id <0MXS0030OJDLKG80@a-mtaout23.012.net.il> for bug-gnu-emacs@gnu.org; Sat, 14 Dec 2013 11:51:22 +0200 (IST) X-012-Sender: halo1@inter.net.il X-detected-operating-system: by eggs.gnu.org: Solaris 10 X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:81933 Archived-At: This program: (defun bloat-font () (interactive) (let ((fonts (x-list-fonts "*"))) (while fonts (condition-case nil (set-frame-font (car fonts)) (error nil)) (setq fonts (cdr fonts)) (redisplay)))) reveals some subtle problem in GC: we sometimes try to free font objects that re not valid (already freed?). Here's one such case: Program received signal SIGSEGV, Segmentation fault. 0x01160e2c in cleanup_vector (vector=0x100ed2a0) at alloc.c:2884 2884 fnt->driver->close (fnt); (gdb) p fnt $1 = (struct font *) 0x100ed2a0 (gdb) p fnt->driver $2 = (struct font_driver *) 0x26 When I originally saw this, fnt->driver was NULL. I added protection against that, but then it crashed with non-NULL but still invalid pointer. Such pointers should never end up in font objects, so how come they do? In GNU Emacs 24.3.50.137 (i686-pc-mingw32) of 2013-12-14 on HOME-C4E4A596F7 Bzr revision: 115517 eliz@gnu.org-20131214091610-1glyl0400451irx0 Windowing system distributor `Microsoft Corp.', version 5.1.2600 Configured using: `configure --prefix=/d/usr --enable-checking=yes,glyphs 'CFLAGS=-O0 -gdwarf-2 -g3'' Important settings: value of $LANG: ENU locale-coding-system: cp1255 default enable-multibyte-characters: t Major mode: Lisp Interaction Minor modes in effect: tooltip-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t Recent input: M-x r e p o r t - e m Recent messages: For information about GNU Emacs and the GNU system, type C-h C-a. Load-path shadows: None found. Features: (shadow sort gnus-util mail-extr emacsbug message format-spec rfc822 mml easymenu mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils time-date tooltip electric uniquify ediff-hook vc-hooks lisp-float-type mwheel dos-w32 ls-lisp w32-common-fns disp-table w32-win w32-vars tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment lisp-mode prog-mode register page menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote make-network-process w32notify w32 multi-tty emacs)