From: Eli Zaretskii <eliz@gnu.org>
To: Po Lu <luangruo@yahoo.com>
Cc: 71929@debbugs.gnu.org, spwhitton@spwhitton.name
Subject: bug#71929: 30.0.60; crash in mark_image_cache
Date: Tue, 09 Jul 2024 17:18:20 +0300 [thread overview]
Message-ID: <86le2azm1f.fsf@gnu.org> (raw)
In-Reply-To: <874j8y1x3d.fsf@yahoo.com> (message from Po Lu on Tue, 09 Jul 2024 22:03:34 +0800)
> From: Po Lu <luangruo@yahoo.com>
> Cc: 71929@debbugs.gnu.org, Eli Zaretskii <eliz@gnu.org>
> Date: Tue, 09 Jul 2024 22:03:34 +0800
>
> OK, I believe I understand the source of these crashes. A frame whose
> image cache is shared among several frames is destroyed, but its
> `image_cache' field is never cleared after it is destroyed, as its cache
> continues to be referenced, and, if references to the dead frame remain,
> GC attempts to mark the said image cache although its validity is no
> longer guaranteed. In earlier Emacs versions, this problem would have
> appeared if references to dead frames were preserved beyond the
> destruction of a display structure. This has been corrected on the
> emacs-30 branch, and therefore if the crashes do not resurface in a few
> days, I will close this ticket.
Thanks, but I don't think I understand this part of the change you
installed:
--- a/src/image.c
+++ b/src/image.c
@@ -2304,23 +2304,18 @@ uncache_image (struct frame *f, Lisp_Object spec)
free_image_cache (struct frame *f)
{
struct image_cache *c = FRAME_IMAGE_CACHE (f);
- if (c)
- {
- ptrdiff_t i;
+ ptrdiff_t i;
- /* Cache should not be referenced by any frame when freed. */
- eassert (c->refcount == 0);
+ /* Cache should not be referenced by any frame when freed. */
+ eassert (c->refcount == 0);
- for (i = 0; i < c->used; ++i)
- free_image (f, c->images[i]);
- xfree (c->images);
- xfree (c->buckets);
- xfree (c);
- FRAME_IMAGE_CACHE (f) = NULL;
- }
+ for (i = 0; i < c->used; ++i)
+ free_image (f, c->images[i]);
+ xfree (c->images);
+ xfree (c->buckets);
+ xfree (c);
}
This basically removes the test of 'c' being non-NULL, leaving the
rest of the code unchanged. But if 'c' is NULL, dereferencing it in
the following code will segfault, so why remove the test? In
particular, what about frames that were not yet allocated the image
cache (could this happen with TTY frames, for example)?
What am I missing here?
next prev parent reply other threads:[~2024-07-09 14:18 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-04 2:33 bug#71929: 30.0.60; crash in mark_image_cache Sean Whitton
2024-07-04 2:44 ` Sean Whitton
2024-07-04 5:53 ` Eli Zaretskii
2024-07-04 6:03 ` Eli Zaretskii
2024-07-04 6:17 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-04 6:42 ` Sean Whitton
2024-07-04 6:59 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-04 9:56 ` Sean Whitton
2024-07-04 12:28 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-05 7:52 ` Sean Whitton
2024-07-04 7:40 ` Eli Zaretskii
2024-07-04 9:57 ` Sean Whitton
2024-07-04 12:48 ` Eli Zaretskii
2024-07-05 0:13 ` Sean Whitton
2024-07-05 6:27 ` Eli Zaretskii
2024-07-05 6:41 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-05 7:37 ` Eli Zaretskii
2024-07-05 9:36 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-05 11:10 ` Eli Zaretskii
2024-07-05 11:40 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-05 12:46 ` Sean Whitton
2024-07-06 2:41 ` Sean Whitton
2024-07-06 6:08 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-07 2:40 ` Sean Whitton
2024-07-07 2:43 ` Sean Whitton
2024-07-07 2:46 ` Sean Whitton
2024-07-07 4:04 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-07 4:54 ` Sean Whitton
2024-07-07 7:08 ` Eli Zaretskii
2024-07-07 7:41 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-07 13:16 ` Sean Whitton
2024-07-07 13:47 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-07 14:45 ` Sean Whitton
2024-07-09 5:48 ` Sean Whitton
2024-07-09 11:37 ` Eli Zaretskii
2024-07-10 1:12 ` Sean Whitton
2024-07-09 12:13 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-09 13:44 ` Sean Whitton
2024-07-09 14:03 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-09 14:18 ` Eli Zaretskii [this message]
2024-07-09 15:02 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-09 15:45 ` Eli Zaretskii
2024-07-10 1:12 ` Sean Whitton
2024-07-24 13:31 ` Basil L. Contovounesios
2024-07-24 13:38 ` Eli Zaretskii
2024-07-24 14:10 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-06 6:40 ` Eli Zaretskii
2024-07-07 2:39 ` Sean Whitton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86le2azm1f.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=71929@debbugs.gnu.org \
--cc=luangruo@yahoo.com \
--cc=spwhitton@spwhitton.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.