From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Christopher Wellons Newsgroups: gmane.emacs.bugs Subject: bug#16512: 24.3; Segmentation fault from empty byte-code object literal Date: Mon, 20 Jan 2014 21:11:27 -0500 Message-ID: <8761pegk34.fsf@susie.zeus.nullprogram.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1390270331 10712 80.91.229.3 (21 Jan 2014 02:12:11 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 21 Jan 2014 02:12:11 +0000 (UTC) To: 16512@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jan 21 03:12:18 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1W5Qp8-0001on-7c for geb-bug-gnu-emacs@m.gmane.org; Tue, 21 Jan 2014 03:12:18 +0100 Original-Received: from localhost ([::1]:55293 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W5Qp7-0008Uh-Oe for geb-bug-gnu-emacs@m.gmane.org; Mon, 20 Jan 2014 21:12:17 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34488) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W5Qoy-0008UY-Ug for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 21:12:14 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W5Qot-0000Rh-1T for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 21:12:08 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:44807) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W5Qos-0000Rd-U5 for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 21:12:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1W5Qos-0008Bi-NM for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 21:12:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Christopher Wellons Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 21 Jan 2014 02:12:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 16512 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.139027031531459 (code B ref -1); Tue, 21 Jan 2014 02:12:02 +0000 Original-Received: (at submit) by debbugs.gnu.org; 21 Jan 2014 02:11:55 +0000 Original-Received: from localhost ([127.0.0.1]:58826 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W5Qol-0008BL-7C for submit@debbugs.gnu.org; Mon, 20 Jan 2014 21:11:55 -0500 Original-Received: from eggs.gnu.org ([208.118.235.92]:60975) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W5Qoi-0008B9-Rm for submit@debbugs.gnu.org; Mon, 20 Jan 2014 21:11:53 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W5Qoc-0000Qz-R6 for submit@debbugs.gnu.org; Mon, 20 Jan 2014 21:11:52 -0500 Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:55362) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W5Qoc-0000Qv-Nd for submit@debbugs.gnu.org; Mon, 20 Jan 2014 21:11:46 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34452) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W5QoX-0008TZ-K1 for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 21:11:46 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W5QoS-0000QH-JO for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 21:11:41 -0500 Original-Received: from mail.nullprogram.com ([192.241.191.137]:59655) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W5QoS-0000Q3-F8 for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 21:11:36 -0500 Original-Received: from localhost ([127.0.0.1] helo=susie.zeus.nullprogram.com) by mail.nullprogram.com with esmtp (Exim 4.82) (envelope-from ) id 1W5QoK-0000rz-0s for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 21:11:30 -0500 X-Hashcash: 1:20:140121:bug-gnu-emacs@gnu.org::bi4+FXadye/td2vF:000000000000000000000000000000000000000039Ze X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:83829 Archived-At: The following command will cause a segmentation fault in 24.3.1 under GNU/Linux, both 32-bit and 64-bit. The key is that empty byte-code object. The rest is there just to make Emacs do enough work to crash. emacs -Q --eval '(type-of #[])' \ --eval '(insert "(defun ())")' \ -f eval-last-sexp Pure speculation about why: is it assuming that the byte-code object has at least four elements, dereferencing garbage somewhere past the end? The manual states byte-code objects "must have at least four elements," which is enforced by `make-byte-code' but *not* enforced for byte-code literals. Fatal error 11: Segmentation fault Backtrace: emacs[0x4f74cb] emacs[0x4dcf2e] emacs[0x4f611e] emacs[0x4f6283] /lib/x86_64-linux-gnu/libpthread.so.0(+0xf210)[0x7f9276bad210] emacs[0x5617bb] emacs[0x564232] emacs[0x564c67] emacs[0x565b77] emacs[0x4aacff] emacs[0x4ab4f4] emacs[0x4ab698] emacs[0x4acc7d] emacs[0x43a3bd] emacs[0x4412fe] emacs[0x441431] emacs[0x44acbd] emacs[0x4e754c] emacs[0x4e99d8] emacs[0x4ebd4d] emacs[0x54e453] emacs[0x4dd3be] emacs[0x54e32e] emacs[0x4e1c07] emacs[0x4e1f04] emacs[0x4171c5] /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f9276813995] emacs[0x417ccf] Segmentation fault Here's the "bt full" showing the crash is actually occuring in /lib/x86_64-linux-gnu/libthread_db.so.1. (gdb) run --eval '(type-of #[])' Starting program: /usr/bin/emacs --eval '(type-of #[])' warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7ffa000 warning: Could not load shared library symbols for linux-vdso.so.1. Do you need "set solib-search-path" or "set sysroot"? [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". [New Thread 0x7fffe8a23700 (LWP 15364)] [New Thread 0x7fffe3fff700 (LWP 15365)] Program received signal SIGSEGV, Segmentation fault. 0x00000000005617bb in ?? () (gdb) bt full #0 0x00000000005617bb in ?? () No symbol table info available. #1 0x0000000000564232 in ?? () No symbol table info available. #2 0x0000000000564c67 in ?? () No symbol table info available. #3 0x0000000000565b77 in ?? () No symbol table info available. #4 0x00000000004aacff in ?? () No symbol table info available. #5 0x00000000004ab4f4 in ?? () No symbol table info available. #6 0x00000000004ab698 in ?? () No symbol table info available. #7 0x00000000004acc7d in ?? () No symbol table info available. #8 0x000000000043a3bd in ?? () No symbol table info available. #9 0x00000000004412fe in ?? () No symbol table info available. #10 0x0000000000441431 in ?? () No symbol table info available. #11 0x000000000044acbd in ?? () No symbol table info available. #12 0x00000000004e754c in ?? () No symbol table info available. #13 0x00000000004e99d8 in ?? () No symbol table info available. #14 0x00000000004ebd4d in ?? () No symbol table info available. #15 0x000000000054e453 in ?? () No symbol table info available. #16 0x00000000004dd3be in ?? () No symbol table info available. #17 0x000000000054e32e in ?? () No symbol table info available. #18 0x00000000004e1c07 in ?? () No symbol table info available. #19 0x00000000004e1f04 in ?? () No symbol table info available. #20 0x00000000004171c5 in ?? () No symbol table info available. #21 0x00007ffff11df995 in __libc_start_main (main=0x4167b0, argc=3, ubp_av=0x7fffffffe868, init=, fini=, rtld_fini=, stack_end=0x7fffffffe858) at libc-start.c:276 result = unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 8758318328891328105, 4291750, 140737488349280, 0, 0, -8758318329162348951, -8758324633951386007}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x5d14f0, 0x7fffffffe868}, data = {prev = 0x0, cleanup = 0x0, canceltype = 6100208}}} not_first_call = #22 0x0000000000417ccf in ?? () No symbol table info available. In GNU Emacs 24.3.1 (x86_64-pc-linux-gnu, GTK+ Version 3.8.6) of 2013-12-22 on brahms, modified by Debian Windowing system distributor `The X.Org Foundation', version 11.0.11405000 System Description: Debian GNU/Linux unstable (sid) Configured using: `configure '--build' 'x86_64-linux-gnu' '--build' 'x86_64-linux-gnu' '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib' '--localstatedir=/var/lib' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-pop=yes' '--enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.3/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.3/site-lisp:/usr/share/emacs/site-lisp' '--with-crt-dir=/usr/lib/x86_64-linux-gnu' '--with-x=yes' '--with-x-toolkit=gtk3' '--with-toolkit-scroll-bars' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'' Important settings: value of $LANG: en_US.UTF-8 locale-coding-system: utf-8-unix default enable-multibyte-characters: t