From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Pip Cet via "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
Newsgroups: gmane.emacs.bugs
Subject: bug#72692: Emacs 31.05 (40eecd594ac) get SIGSEGV on Linux (Linux
 6.6.45 Kde Wayland)
Date: Sun, 18 Aug 2024 17:56:12 +0000
Message-ID: <87plq5g1fo.fsf@protonmail.com>
References: <8b1c8e1f-e0b9-4049-888c-3f723e0008a9@gmail.com>
 <87h6bigoo5.fsf@protonmail.com>
 <7be3359e-4389-4bc6-bf98-b46a2a8a711c@gmail.com>
 <877ccegfxj.fsf@protonmail.com> <86h6biymv4.fsf@gnu.org>
 <8734n2gd2x.fsf@protonmail.com> <86cym5zzq9.fsf@gnu.org>
 <87y14tg9ln.fsf@protonmail.com> <865xrxzvrt.fsf@gnu.org>
 <87ttfhg6ey.fsf@protonmail.com>
Reply-To: Pip Cet <pipcet@protonmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="12048"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: execvy@gmail.com, 72692@debbugs.gnu.org
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Aug 18 19:57:36 2024
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1sfk9o-0002zc-6v
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 18 Aug 2024 19:57:36 +0200
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces@gnu.org>)
	id 1sfk9c-0006om-IP; Sun, 18 Aug 2024 13:57:24 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1sfk9a-0006oX-TF
 for bug-gnu-emacs@gnu.org; Sun, 18 Aug 2024 13:57:23 -0400
Original-Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1sfk9Z-0007S0-JV
 for bug-gnu-emacs@gnu.org; Sun, 18 Aug 2024 13:57:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org; 
 h=MIME-Version:References:In-Reply-To:From:Date:To:Subject;
 bh=JkRpBPmbzqHCaL74dLyo1ffe8knO3UdIg/Mxut1Yv3g=; 
 b=WrozfJPMVXbukCF+IUVpQqdIT97A0AelL4KoixZrOkxSMLlo+oV1Y2w22w4QeiHms0LliEfv1QjousKj/ZoaAji0ZMv6OA7bNMABRpocf2ccLABF+1Z6GONvlIFITJ4whyziQBk1Gy3l7vkoQUdsDw5pMVqJBqv/6SfbOX2v7GQUZBni3tystlC6yF9S6jf/OyKHcq2a/O5Shu1pQ9a1Kb2n7dMRzLFqj2bU9FRNDKOUqBwxeooc8IIUNCrB7mY/sjpBoXN71jVRZapXJQbpgLX3xTfYNi2OW80vNFFHBEdhyzkroES3WUdXLaBFtoGn6+2xaEAh65h0lut4A4TiCg==;
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1sfkAD-0005rk-Tr
 for bug-gnu-emacs@gnu.org; Sun, 18 Aug 2024 13:58:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Pip Cet <pipcet@protonmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sun, 18 Aug 2024 17:58:01 +0000
Resent-Message-ID: <handler.72692.B72692.172400382722469@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 72692
X-GNU-PR-Package: emacs
Original-Received: via spool by 72692-submit@debbugs.gnu.org id=B72692.172400382722469
 (code B ref 72692); Sun, 18 Aug 2024 17:58:01 +0000
Original-Received: (at 72692) by debbugs.gnu.org; 18 Aug 2024 17:57:07 +0000
Original-Received: from localhost ([127.0.0.1]:56763 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1sfk9L-0005qK-7H
 for submit@debbugs.gnu.org; Sun, 18 Aug 2024 13:57:07 -0400
Original-Received: from mail-4316.protonmail.ch ([185.70.43.16]:40897)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <pipcet@protonmail.com>) id 1sfk9J-0005pg-1J
 for 72692@debbugs.gnu.org; Sun, 18 Aug 2024 13:57:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
 s=protonmail3; t=1724003777; x=1724262977;
 bh=JkRpBPmbzqHCaL74dLyo1ffe8knO3UdIg/Mxut1Yv3g=;
 h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References:
 Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID:
 Message-ID:BIMI-Selector;
 b=T08o9vHcBZaChTXxiFSPjYIReH9CRJBD0pD+gC0vYeztdH7+cWpZIAe6PaM4+LfUR
 5Zcwy3TQCUzW0G+fsDywnw3xkFFKZJ7MtANtEDNRO7iKgsmHBh87mUTqKcel+WbuW5
 aj+pPAQH1Y4fjhpde1NdAa7RZsjPr6vXvmVz4tEfU9yv4GzHIceIEd8nB51XpXG7hn
 grc+ggakxf6CjbBT2ml0lPVEcEEO+4dX3JRYnEuabohCtbPSFMxqTtISnVqW/+yXwa
 VUTyps2MYKyTG3ks+o3QCpS8KuYj28KhQxgTfweWNfsBahicSxKnkq3Lj1O9KmpmiE
 +Lk2UkQPxx1Fw==
In-Reply-To: <87ttfhg6ey.fsf@protonmail.com>
Feedback-ID: 112775352:user:proton
X-Pm-Message-ID: d13873eecb54b59d573a6d07a96c97a586b15f42
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.bugs:290341
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/290341>

"Pip Cet" <pipcet@protonmail.com> writes:

> "Eli Zaretskii" <eliz@gnu.org> writes:
>
>>> Date: Sun, 18 Aug 2024 14:59:51 +0000
>>> From: Pip Cet <pipcet@protonmail.com>
>>> Cc: execvy@gmail.com, 72692@debbugs.gnu.org
>>>
>>> I don't understand yet what underlying assumption is violated, and what
>>> precisely happened.
>>>
>>> But I have just reproduced the crash, I think. It does need this patch,
>>> which means we will actually crash when accessing a formerly-valid
>>> fontset, rather than accessing random and inappropriate data, so I thin=
k
>>> we need to first establish that this patch doesn't break things and
>>> cause a different crash.
>>
>> I don't understand: is this patch needed to trigger a crash, or are
>> you saying we need it to fix crashes?
>
> It helps trigger the crash, which might take a long time without the
> patch.

And I understand why it's so rare now: the non-ASCII face contains a
dangling pointer to the (freed!) old ASCII face, and we verify in
'face_for_font' that the pointer matches the new ASCII face, which it
can do only if the new ASCII face happens to be allocated at the same
address the old one had.

But, it happens, and we need to fix it somehow.  The easiest fix would
be to use a refcount in 'struct face' and do the actual freeing (of
fontset and struct face) only when no other 'struct face' refers to our
face through ->ascii_face.

Or is there a simpler solution?

Pip