From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Eli Zaretskii <eliz@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#24764: 25.1.50; Another crash in automatic gc
Date: Sun, 23 Oct 2016 20:01:53 +0300
Message-ID: <83wpgzm22m.fsf@gnu.org>
References: <87vawkk9l1.fsf@web.de> <83d1isr94u.fsf@gnu.org>
	<87vawkboh0.fsf@linux-m68k.org> <83a8dwr3sa.fsf@gnu.org>
	<838ttgr2u6.fsf@gnu.org> <87insk4gye.fsf@web.de>
	<8360okqxtm.fsf@gnu.org> <87a8dw4f6t.fsf@web.de>
	<83zilwpgkv.fsf@gnu.org> <87zilw2qc2.fsf@web.de>
	<83oa2cp6yi.fsf@gnu.org> <87insjjuxv.fsf@web.de>
	<83r377nz0v.fsf@gnu.org> <87pomrl48f.fsf@web.de>
	<83eg37np5r.fsf@gnu.org> <87h983kqnt.fsf@web.de>
	<87y41f9g30.fsf@web.de>
Reply-To: Eli Zaretskii <eliz@gnu.org>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Trace: blaine.gmane.org 1477242202 3561 195.159.176.226 (23 Oct 2016 17:03:22 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Sun, 23 Oct 2016 17:03:22 +0000 (UTC)
Cc: 24764@debbugs.gnu.org
To: Michael Heerdegen <michael_heerdegen@web.de>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Oct 23 19:03:18 2016
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1byMAw-0007ur-2e
	for geb-bug-gnu-emacs@m.gmane.org; Sun, 23 Oct 2016 19:03:10 +0200
Original-Received: from localhost ([::1]:41786 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1byMAy-0001ij-H5
	for geb-bug-gnu-emacs@m.gmane.org; Sun, 23 Oct 2016 13:03:12 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41375)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1byMAr-0001iS-Tw
	for bug-gnu-emacs@gnu.org; Sun, 23 Oct 2016 13:03:06 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1byMAn-0003p3-Vm
	for bug-gnu-emacs@gnu.org; Sun, 23 Oct 2016 13:03:05 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:33981)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1byMAn-0003oz-Rv
	for bug-gnu-emacs@gnu.org; Sun, 23 Oct 2016 13:03:01 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1byMAn-0002uw-LO
	for bug-gnu-emacs@gnu.org; Sun, 23 Oct 2016 13:03:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Eli Zaretskii <eliz@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sun, 23 Oct 2016 17:03:01 +0000
Resent-Message-ID: <handler.24764.B24764.147724212911149@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 24764
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 24764-submit@debbugs.gnu.org id=B24764.147724212911149
	(code B ref 24764); Sun, 23 Oct 2016 17:03:01 +0000
Original-Received: (at 24764) by debbugs.gnu.org; 23 Oct 2016 17:02:09 +0000
Original-Received: from localhost ([127.0.0.1]:49380 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1byM9w-0002tk-S7
	for submit@debbugs.gnu.org; Sun, 23 Oct 2016 13:02:09 -0400
Original-Received: from eggs.gnu.org ([208.118.235.92]:50299)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <eliz@gnu.org>) id 1byM9v-0002tY-Gh
	for 24764@debbugs.gnu.org; Sun, 23 Oct 2016 13:02:07 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eliz@gnu.org>) id 1byM9m-0003e1-6S
	for 24764@debbugs.gnu.org; Sun, 23 Oct 2016 13:02:02 -0400
Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:36466)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@gnu.org>)
	id 1byM9m-0003dv-37; Sun, 23 Oct 2016 13:01:58 -0400
Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3218
	helo=home-c4e4a596f7)
	by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.82) (envelope-from <eliz@gnu.org>)
	id 1byM9l-0000Lc-7T; Sun, 23 Oct 2016 13:01:57 -0400
In-reply-to: <87y41f9g30.fsf@web.de> (message from Michael Heerdegen on Sun,
	23 Oct 2016 18:37:39 +0200)
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:124916
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/124916>

> From: Michael Heerdegen <michael_heerdegen@web.de>
> Cc: 24764@debbugs.gnu.org
> Date: Sun, 23 Oct 2016 18:37:39 +0200
> 
> Done.  I tried dict.cc with "löschen" and got a crash immediately.
> 
> Here are the backtraces:
> [...]
> Thread 1 "emacs" hit Breakpoint 1, terminate_due_to_signal (sig=6, backtrace_limit=2147483647) at emacs.c:354
> 354	  signal (sig, SIG_DFL);
> (gdb) backtrace
> #0  terminate_due_to_signal (sig=6, backtrace_limit=2147483647) at emacs.c:354
> #1  0x00000000006063d4 in die (msg=0x749e60 "buftext == BYTE_POS_ADDR (istart_byte)", file=0x749e57 "xml.c", line=220) at alloc.c:7228
> #2  0x00000000006a6ce6 in parse_region (start=1018, end=317370, base_url=0, discard_comments=0, htmlp=true) at xml.c:220
> #3  0x00000000006a6e60 in Flibxml_parse_html_region (start=1018, end=317370, base_url=0, discard_comments=0) at xml.c:270

Why am I not surprised?

Please update from the Git repo and rebuild.  I've added a workaround
for this problem.  It should prevent the assertion violation in xml.c,
but the really interesting question is whether your other crashes in
GC will also go away?  If not, there are more places like this one
that need to be fixed.

Note that the workaround I committed could potentially cause (very
rare) crashes in ralloc.c itself; if that happens, it's more or less
expected, and is not related to the reasons for the GC crashes.

> Should I keep that session open

No need, thanks.  The reason for the assertion violation here is
perfectly clear: libxml2 calls malloc while doing its job, and that
relocates buffer text whose pointer we pass to libxml2.  Once the
bufefr text is relocated, libxml2 continues reading from invalid
memory, which could cause all kinds of trouble.

> or still try to downgrade libc

I'd like you to try the current emacs-25 branch first, to see if it is
more reliable in your routine work than the previous version (before
the assertion I added).

Thanks.