From: Stefan Monnier <monnier@iro.umontreal.ca>
Cc: cyd@stupidchicken.com, emacs-devel@gnu.org
Subject: Re: allocate_string_data memory corruption
Date: Sun, 22 Jan 2006 11:45:24 -0500 [thread overview]
Message-ID: <87u0bw6wwz.fsf-monnier+emacs@gnu.org> (raw)
In-Reply-To: <87zmlq6w62.fsf-monnier+emacs@gnu.org> (Stefan Monnier's message of "Fri, 20 Jan 2006 23:48:30 -0500")
>> Maybe eassert(!handling_signal) should be added to allocate_string
>> (and maybe it will catch the current bug).
>> It seems worth a try.
> There's actually one candidate:
> #1 0x081dd84a in die (msg=0x8319288 "assertion failed: !handling_signal",
> file=0x8318980 "alloc.c", line=2744) at alloc.c:6210
> #2 0x081e0f25 in Fcons (car=141994859, cdr=140190650) at alloc.c:2744
> #3 0x08130686 in x_catch_errors (dpy=0x8808db8) at xterm.c:7462
> #4 0x0813bb08 in x_real_positions (f=0x88c2518, xptr=0x47, yptr=0x47)
> at xfns.c:580
> #5 0x08133d09 in handle_one_xevent (dpyinfo=0x8814cf0, eventp=0xbfffdbfc,
> finish=0xbfffdc88, hold_quit=0xbfffecbc) at xterm.c:5871
> #6 0x081376bb in XTread_socket (sd=0, expected=1, hold_quit=0xbfffecbc)
> at xterm.c:6981
> #7 0x08174b69 in read_avail_input (expected=1) at keyboard.c:6703
> #8 0x08174d2a in handle_async_input () at keyboard.c:6855
> if you look at x_catch_errors, you'll see that it allocates one lisp_cons
> cell, one lisp_string and one lisp_misc. Whether it's the cause of the
> bugs we see, I don't know, but since it's run from the signal handler, it
> can be executed at potentially any time.
The patch below should remove this particular problem.
Stefan
--- xterm.c 20 jan 2006 21:48:47 -0500 1.891
+++ xterm.c 22 jan 2006 11:36:08 -0500
@@ -1,6 +1,6 @@
/* X Communication module for terminals which understand the X protocol.
Copyright (C) 1989, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
- 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+ 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
This file is part of GNU Emacs.
@@ -7458,7 +7458,12 @@
/* If non-nil, this should be a string.
It means catch X errors and store the error message in this string. */
-static Lisp_Object x_error_message_string;
+struct x_error_message_stack {
+ char string[X_ERROR_MESSAGE_SIZE];
+ Display *dpy;
+ struct x_error_message_stack *prev;
+};
+static struct x_error_message_stack *x_error_message;
/* An X error handler which stores the error message in
x_error_message_string. This is called from x_error_handler if
@@ -7470,7 +7475,7 @@
XErrorEvent *error;
{
XGetErrorText (display, error->error_code,
- SDATA (x_error_message_string),
+ x_error_message->string,
X_ERROR_MESSAGE_SIZE);
}
@@ -7495,16 +7500,23 @@
Display *dpy;
{
int count = SPECPDL_INDEX ();
+ struct x_error_message_stack *data = malloc (sizeof (*data));
+ Lisp_Object dummy;
+#ifdef ENABLE_CHECKING
+ dummy = make_number ((EMACS_INT)dpy + (EMACS_INT)x_error_message);
+#else
+ dummy = Qnil
+#endif
/* Make sure any errors from previous requests have been dealt with. */
XSync (dpy, False);
- record_unwind_protect (x_catch_errors_unwind,
- Fcons (make_save_value (dpy, 0),
- x_error_message_string));
+ data->dpy = dpy;
+ data->string[0] = 0;
+ data->prev = x_error_message;
+ x_error_message = data;
- x_error_message_string = make_uninit_string (X_ERROR_MESSAGE_SIZE);
- SSET (x_error_message_string, 0, 0);
+ record_unwind_protect (x_catch_errors_unwind, dummy);
return count;
}
@@ -7512,11 +7524,11 @@
/* Unbind the binding that we made to check for X errors. */
static Lisp_Object
-x_catch_errors_unwind (old_val)
- Lisp_Object old_val;
+x_catch_errors_unwind (dummy)
+ Lisp_Object dummy;
{
- Lisp_Object first = XCAR (old_val);
- Display *dpy = XSAVE_VALUE (first)->pointer;
+ Display *dpy = x_error_message->dpy;
+ struct x_error_message_stack *tmp;
/* The display may have been closed before this function is called.
Check if it is still open before calling XSync. */
@@ -7527,7 +7539,12 @@
UNBLOCK_INPUT;
}
- x_error_message_string = XCDR (old_val);
+ tmp = x_error_message;
+ x_error_message = x_error_message->prev;
+ free (tmp);
+
+ eassert (dummy == make_number ((EMACS_INT)dpy + (EMACS_INT)x_error_message));
+
return Qnil;
}
@@ -7543,8 +7560,8 @@
/* Make sure to catch any errors incurred so far. */
XSync (dpy, False);
- if (SREF (x_error_message_string, 0))
- error (format, SDATA (x_error_message_string));
+ if (x_error_message->string[0])
+ error (format, x_error_message->string);
}
/* Nonzero if we had any X protocol errors
@@ -7557,7 +7574,7 @@
/* Make sure to catch any errors incurred so far. */
XSync (dpy, False);
- return SREF (x_error_message_string, 0) != 0;
+ return x_error_message->string[0] != 0;
}
/* Forget about any errors we have had, since we did x_catch_errors on DPY. */
@@ -7566,7 +7583,7 @@
x_clear_errors (dpy)
Display *dpy;
{
- SSET (x_error_message_string, 0, 0);
+ x_error_message->string[0] = 0;
}
/* Stop catching X protocol errors and let them make Emacs die.
@@ -7748,7 +7765,7 @@
Display *display;
XErrorEvent *error;
{
- if (! NILP (x_error_message_string))
+ if (x_error_message)
x_error_catcher (display, error);
else
x_error_quitter (display, error);
@@ -10818,8 +10835,7 @@
void
syms_of_xterm ()
{
- staticpro (&x_error_message_string);
- x_error_message_string = Qnil;
+ x_error_message = NULL;
staticpro (&x_display_name_list);
x_display_name_list = Qnil;
next prev parent reply other threads:[~2006-01-22 16:45 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-18 16:57 allocate_string_data memory corruption Chong Yidong
2006-01-18 20:48 ` Stefan Monnier
2006-01-20 0:45 ` Chong Yidong
2006-01-20 1:14 ` Richard M. Stallman
2006-01-20 3:48 ` Stefan Monnier
2006-01-23 20:21 ` Stefan Monnier
2006-01-24 17:23 ` Chong Yidong
2006-01-18 21:35 ` Ken Raeburn
2006-01-18 23:56 ` Chong Yidong
2006-01-19 8:53 ` Romain Francoise
2006-01-19 20:57 ` Stefan Monnier
2006-01-19 22:48 ` Kim F. Storm
2006-01-20 3:46 ` Stefan Monnier
2006-01-20 22:58 ` Richard M. Stallman
2006-01-25 3:26 ` Chong Yidong
2006-01-25 15:45 ` Richard M. Stallman
2006-01-20 1:14 ` Richard M. Stallman
2006-01-20 9:28 ` Ken Raeburn
2006-01-20 22:58 ` Richard M. Stallman
2006-01-18 22:06 ` Eli Zaretskii
2006-01-18 23:48 ` David Kastrup
2006-01-18 23:48 ` Chong Yidong
2006-01-19 1:15 ` Stefan Monnier
2006-01-19 3:21 ` Ken Raeburn
2006-01-19 4:36 ` Eli Zaretskii
2006-01-20 1:14 ` Richard M. Stallman
2006-01-20 3:56 ` Stefan Monnier
2006-01-20 14:49 ` Chong Yidong
2006-01-21 19:57 ` Richard M. Stallman
2006-01-22 17:37 ` Stefan Monnier
2006-01-20 22:58 ` Richard M. Stallman
2006-01-21 4:48 ` Stefan Monnier
2006-01-21 17:31 ` Chong Yidong
2006-01-22 3:57 ` Richard M. Stallman
2006-01-22 16:45 ` Stefan Monnier [this message]
2006-01-22 20:06 ` Andreas Schwab
2006-01-23 0:10 ` Richard M. Stallman
2006-01-23 0:35 ` Ken Raeburn
2006-01-23 1:58 ` Stefan Monnier
2006-01-23 2:06 ` Stefan Monnier
2006-01-24 16:46 ` Richard M. Stallman
2006-01-23 0:55 ` Stefan Monnier
2006-01-24 16:46 ` Richard M. Stallman
2006-01-24 17:57 ` Kim F. Storm
2006-01-24 18:33 ` Chong Yidong
2006-01-25 15:45 ` Richard M. Stallman
2006-01-26 1:41 ` Chong Yidong
2006-01-26 17:46 ` Richard M. Stallman
2006-01-26 18:40 ` Stefan Monnier
2006-01-26 19:45 ` Chong Yidong
2006-01-27 22:32 ` Richard M. Stallman
2006-01-27 23:33 ` Stefan Monnier
2006-01-29 14:53 ` Chong Yidong
2006-01-29 4:58 ` Chong Yidong
2006-01-30 0:57 ` Richard M. Stallman
2006-01-30 1:06 ` Chong Yidong
2006-01-27 22:32 ` Richard M. Stallman
2006-01-26 19:10 ` Chong Yidong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87u0bw6wwz.fsf-monnier+emacs@gnu.org \
--to=monnier@iro.umontreal.ca \
--cc=cyd@stupidchicken.com \
--cc=emacs-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.