bug#75322: SAFE_ALLOCA assumed to root Lisp_Objects/SSDATA(string)

[Eli Zaretskii <eliz@gnu.org>]

> From: Gerd Möllmann <gerd.moellmann@gmail.com>
> Cc: pipcet@protonmail.com,  75322@debbugs.gnu.org
> Date: Sat, 04 Jan 2025 11:20:41 +0100
> 
> In callproc.c I found two: call_process and create_temp_file both use
> SAFE_NALLOCA to store Lisp_Objects. I think these should be replaces
> with SAVE_ALLOCA_LISP.

What are the conditions under which placing Lisp objects into
SAFE_NALLOCA is not safe?

I understand that the first condition is that SAFE_NALLOCA uses
xmalloc instead of alloca.

But what are the other conditions?  Is one of them that GC could
happen while these Lisp objects are in the memory allocated by
SAFE_NALLOCA off the heap?  IOW, if no GC happen, is that still
unsafe?  And if GC _can_ happen, but we don't use the allocated block
again, is that a problem?  For example, in this fragment:

	    SAFE_NALLOCA (args2, 1, nargs + 1);
	    args2[0] = Qcall_process;
	    for (i = 0; i < nargs; i++) args2[i + 1] = args[i];
	    coding_systems = Ffind_operation_coding_system (nargs + 1, args2);
	    val = CONSP (coding_systems) ? XCDR (coding_systems) : Qnil;

Let's say Ffind_operation_coding_system could trigger GC.  But we
never again use the args2[] array after Ffind_operation_coding_system
returns.  Is the above still unsafe?  If so, could you tell what
could MPS do during GC to make this unsafe?

Also, in some other message you said SAFE_NALLOCA is unsafe if
_pointers_ to Lisp objects are placed in the memory SAFE_NALLOCA
allocates off the heap.  In call_process I see that we only ever put
Lisp objects into the memory allocated by SAFE_NALLOCA.  If that is
unsafe, could you tell what MPS does during GC which makes this
unsafe?

TIA