From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#72692: Emacs 31.05 (40eecd594ac) get SIGSEGV on Linux (Linux 6.6.45 Kde Wayland) Date: Sun, 18 Aug 2024 21:38:36 +0300 Message-ID: <86v7zxy8ur.fsf@gnu.org> References: <8b1c8e1f-e0b9-4049-888c-3f723e0008a9@gmail.com> <87h6bigoo5.fsf@protonmail.com> <7be3359e-4389-4bc6-bf98-b46a2a8a711c@gmail.com> <877ccegfxj.fsf@protonmail.com> <86h6biymv4.fsf@gnu.org> <8734n2gd2x.fsf@protonmail.com> <86cym5zzq9.fsf@gnu.org> <87y14tg9ln.fsf@protonmail.com> <865xrxzvrt.fsf@gnu.org> <87ttfhg6ey.fsf@protonmail.com> <87plq5g1fo.fsf@protonmail.com> Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="4328"; mail-complaints-to="usenet@ciao.gmane.io" Cc: execvy@gmail.com, 72692@debbugs.gnu.org To: Pip Cet Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Aug 18 20:39:39 2024 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1sfkoU-0000za-SF for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 18 Aug 2024 20:39:39 +0200 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sfkoG-0000Tb-QF; Sun, 18 Aug 2024 14:39:24 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sfkoF-0000TI-6m for bug-gnu-emacs@gnu.org; Sun, 18 Aug 2024 14:39:23 -0400 Original-Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sfkoE-0003nD-Tf for bug-gnu-emacs@gnu.org; Sun, 18 Aug 2024 14:39:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=References:In-Reply-To:From:Date:To:Subject; bh=mxaHDf6Zx/Uq5WVJ0yGtV1IKOdz7exwCOWOBe6nA1a0=; b=cz6z6cX5jHYes4nfcV9n4z6mX96DubwTCM8df7iiVrLTXjT4F5OfVWXgVsRG+KhKYPwF3a9zylpdUWiOa3xFtIG0UN3i1sdiArxcyTt4CdzcLZx91TZ0U2mLXhNoKFt3K3xsXK05AdjTB8f1vAaM0kJbULM6OVvxEPE/IHqD0Dvt1jPm53s1FfrU7TCmevy5KoaAjYuaEjwk3BOWYOiH2qeIEqOuRdkP1DSkxYQHQ6yxmzIpzKo2HcUgckOfd/oOxNcwwTY0bl6XSxF7Lhb5TMjz7JgSP/4tHlOFzxjddWZ5sFH5dwMq9k5Hq6K5jxvMVynxIg8+SrVov8BMFXvIwA==; Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sfkos-0006yS-9w for bug-gnu-emacs@gnu.org; Sun, 18 Aug 2024 14:40:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 18 Aug 2024 18:40:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72692 X-GNU-PR-Package: emacs Original-Received: via spool by 72692-submit@debbugs.gnu.org id=B72692.172400637026764 (code B ref 72692); Sun, 18 Aug 2024 18:40:02 +0000 Original-Received: (at 72692) by debbugs.gnu.org; 18 Aug 2024 18:39:30 +0000 Original-Received: from localhost ([127.0.0.1]:56803 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfkoL-0006xb-KN for submit@debbugs.gnu.org; Sun, 18 Aug 2024 14:39:30 -0400 Original-Received: from eggs.gnu.org ([209.51.188.92]:35634) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sfkoJ-0006xH-1E for 72692@debbugs.gnu.org; Sun, 18 Aug 2024 14:39:27 -0400 Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sfknX-0003jf-P9; Sun, 18 Aug 2024 14:38:39 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=mxaHDf6Zx/Uq5WVJ0yGtV1IKOdz7exwCOWOBe6nA1a0=; b=pdWomRSVsElm Pz5HoHHlyFsegnGaP6LIe3XHerMzEc8ZdvKpZUsaZv2PD3PleZKPqpnwRxk3WVKQztiO/THBg62DC qy8L/evpxI6eQwozMf/D17FxsgC1/1aF3danKwl8lqBDAWLR3rEV4MhRWEWwYd4CYETxk0hIXjPPp xRNExK0awMvdW84WASdLQfN+qqAL6QWNilsUvQadUFv6Sg/BuaYrPeZYnwMIIGyreLLhNOp7RS5y/ nVOGkPslLRSlo1GMqI1RHWjD4nwfW4nd22MS17a5f6HPYFHB3Eiku1FztYaHKik7SN0JpWSKHd53W ZjrbmFa+WhmapubGVVo/oA==; In-Reply-To: <87plq5g1fo.fsf@protonmail.com> (message from Pip Cet on Sun, 18 Aug 2024 17:56:12 +0000) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.bugs:290348 Archived-At: > Date: Sun, 18 Aug 2024 17:56:12 +0000 > From: Pip Cet > Cc: execvy@gmail.com, 72692@debbugs.gnu.org > > "Pip Cet" writes: > > > "Eli Zaretskii" writes: > > > >>> Date: Sun, 18 Aug 2024 14:59:51 +0000 > >>> From: Pip Cet > >>> Cc: execvy@gmail.com, 72692@debbugs.gnu.org > >>> > >>> I don't understand yet what underlying assumption is violated, and what > >>> precisely happened. > >>> > >>> But I have just reproduced the crash, I think. It does need this patch, > >>> which means we will actually crash when accessing a formerly-valid > >>> fontset, rather than accessing random and inappropriate data, so I think > >>> we need to first establish that this patch doesn't break things and > >>> cause a different crash. > >> > >> I don't understand: is this patch needed to trigger a crash, or are > >> you saying we need it to fix crashes? > > > > It helps trigger the crash, which might take a long time without the > > patch. > > And I understand why it's so rare now: the non-ASCII face contains a > dangling pointer to the (freed!) old ASCII face, and we verify in > 'face_for_font' that the pointer matches the new ASCII face, which it > can do only if the new ASCII face happens to be allocated at the same > address the old one had. > > But, it happens, and we need to fix it somehow. The easiest fix would > be to use a refcount in 'struct face' and do the actual freeing (of > fontset and struct face) only when no other 'struct face' refers to our > face through ->ascii_face. > > Or is there a simpler solution? I don't understand what you are saying, because there isn't enough details. How does the "dangling pointer to the freed old ASCII face" come into existence, by which code and in what situation? What do you mean by "the new ASCII face happens to be allocated at the same address the old one had" -- is that the address of 'struct face', and if so, are you saying that malloc returns to us the same address in most cases? how's that possible? Please, PLEASE describe the issue with enough details and pointers to the code, and preferably back that up with data from a debugging session. That's the only way to conduct this kind of discussion while making sure all of the participants are on the same page, and can help each other with ideas and their respective knowledge of Emacs internals. Here's one data point: this kind of problem has never, NEVER happened to me, although I display non-ASCII text in my Emacs sessions quite a lot. So if what you describe is so trivially easy to trigger, how come it didn't happen to me, in all the years I'm using this code? There has to be more to this than meets the eye, and we can only figure this out if you provide all the missing details.