all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
From: Stefan Monnier <monnier@iro.umontreal.ca>
Cc: cyd@stupidchicken.com, emacs-devel@gnu.org
Subject: Re: allocate_string_data memory corruption
Date: Sun, 22 Jan 2006 11:45:24 -0500	[thread overview]
Message-ID: <87u0bw6wwz.fsf-monnier+emacs@gnu.org> (raw)
In-Reply-To: <87zmlq6w62.fsf-monnier+emacs@gnu.org> (Stefan Monnier's message of "Fri, 20 Jan 2006 23:48:30 -0500")

>> Maybe eassert(!handling_signal) should be added to allocate_string
>> (and maybe it will catch the current bug).

>> It seems worth a try.

> There's actually one candidate:

> #1  0x081dd84a in die (msg=0x8319288 "assertion failed: !handling_signal", 
>     file=0x8318980 "alloc.c", line=2744) at alloc.c:6210
> #2  0x081e0f25 in Fcons (car=141994859, cdr=140190650) at alloc.c:2744
> #3  0x08130686 in x_catch_errors (dpy=0x8808db8) at xterm.c:7462
> #4  0x0813bb08 in x_real_positions (f=0x88c2518, xptr=0x47, yptr=0x47)
>     at xfns.c:580
> #5  0x08133d09 in handle_one_xevent (dpyinfo=0x8814cf0, eventp=0xbfffdbfc, 
>     finish=0xbfffdc88, hold_quit=0xbfffecbc) at xterm.c:5871
> #6  0x081376bb in XTread_socket (sd=0, expected=1, hold_quit=0xbfffecbc)
>     at xterm.c:6981
> #7  0x08174b69 in read_avail_input (expected=1) at keyboard.c:6703
> #8  0x08174d2a in handle_async_input () at keyboard.c:6855

> if you look at x_catch_errors, you'll see that it allocates one lisp_cons
> cell, one lisp_string and one lisp_misc.  Whether it's the cause of the
> bugs we see, I don't know, but since it's run from the signal handler, it
> can be executed at potentially any time.

The patch below should remove this particular problem.


        Stefan


--- xterm.c	20 jan 2006 21:48:47 -0500	1.891
+++ xterm.c	22 jan 2006 11:36:08 -0500	
@@ -1,6 +1,6 @@
 /* X Communication module for terminals which understand the X protocol.
    Copyright (C) 1989, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
-                 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
+                 2002, 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
 
 This file is part of GNU Emacs.
 
@@ -7458,7 +7458,12 @@
 /* If non-nil, this should be a string.
    It means catch X errors  and store the error message in this string.  */
 
-static Lisp_Object x_error_message_string;
+struct x_error_message_stack {
+  char string[X_ERROR_MESSAGE_SIZE];
+  Display *dpy;
+  struct x_error_message_stack *prev;
+};
+static struct x_error_message_stack *x_error_message;
 
 /* An X error handler which stores the error message in
    x_error_message_string.  This is called from x_error_handler if
@@ -7470,7 +7475,7 @@
      XErrorEvent *error;
 {
   XGetErrorText (display, error->error_code,
-		 SDATA (x_error_message_string),
+		 x_error_message->string,
 		 X_ERROR_MESSAGE_SIZE);
 }
 
@@ -7495,16 +7500,23 @@
      Display *dpy;
 {
   int count = SPECPDL_INDEX ();
+  struct x_error_message_stack *data = malloc (sizeof (*data));
+  Lisp_Object dummy;
+#ifdef ENABLE_CHECKING
+  dummy = make_number ((EMACS_INT)dpy + (EMACS_INT)x_error_message);
+#else
+  dummy = Qnil
+#endif
 
   /* Make sure any errors from previous requests have been dealt with.  */
   XSync (dpy, False);
 
-  record_unwind_protect (x_catch_errors_unwind,
-			 Fcons (make_save_value (dpy, 0),
-				x_error_message_string));
+  data->dpy = dpy;
+  data->string[0] = 0;
+  data->prev = x_error_message;
+  x_error_message = data;
 
-  x_error_message_string = make_uninit_string (X_ERROR_MESSAGE_SIZE);
-  SSET (x_error_message_string, 0, 0);
+  record_unwind_protect (x_catch_errors_unwind, dummy);
 
   return count;
 }
@@ -7512,11 +7524,11 @@
 /* Unbind the binding that we made to check for X errors.  */
 
 static Lisp_Object
-x_catch_errors_unwind (old_val)
-     Lisp_Object old_val;
+x_catch_errors_unwind (dummy)
+     Lisp_Object dummy;
 {
-  Lisp_Object first = XCAR (old_val);
-  Display *dpy = XSAVE_VALUE (first)->pointer;
+  Display *dpy = x_error_message->dpy;
+  struct x_error_message_stack *tmp;
 
   /* The display may have been closed before this function is called.
      Check if it is still open before calling XSync.  */
@@ -7527,7 +7539,12 @@
       UNBLOCK_INPUT;
     }
 
-  x_error_message_string = XCDR (old_val);
+  tmp = x_error_message;
+  x_error_message = x_error_message->prev;
+  free (tmp);
+
+  eassert (dummy == make_number ((EMACS_INT)dpy + (EMACS_INT)x_error_message));
+
   return Qnil;
 }
 
@@ -7543,8 +7560,8 @@
   /* Make sure to catch any errors incurred so far.  */
   XSync (dpy, False);
 
-  if (SREF (x_error_message_string, 0))
-    error (format, SDATA (x_error_message_string));
+  if (x_error_message->string[0])
+    error (format, x_error_message->string);
 }
 
 /* Nonzero if we had any X protocol errors
@@ -7557,7 +7574,7 @@
   /* Make sure to catch any errors incurred so far.  */
   XSync (dpy, False);
 
-  return SREF (x_error_message_string, 0) != 0;
+  return x_error_message->string[0] != 0;
 }
 
 /* Forget about any errors we have had, since we did x_catch_errors on DPY.  */
@@ -7566,7 +7583,7 @@
 x_clear_errors (dpy)
      Display *dpy;
 {
-  SSET (x_error_message_string, 0, 0);
+  x_error_message->string[0] = 0;
 }
 
 /* Stop catching X protocol errors and let them make Emacs die.
@@ -7748,7 +7765,7 @@
      Display *display;
      XErrorEvent *error;
 {
-  if (! NILP (x_error_message_string))
+  if (x_error_message)
     x_error_catcher (display, error);
   else
     x_error_quitter (display, error);
@@ -10818,8 +10835,7 @@
 void
 syms_of_xterm ()
 {
-  staticpro (&x_error_message_string);
-  x_error_message_string = Qnil;
+  x_error_message = NULL;
 
   staticpro (&x_display_name_list);
   x_display_name_list = Qnil;

  parent reply	other threads:[~2006-01-22 16:45 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-01-18 16:57 allocate_string_data memory corruption Chong Yidong
2006-01-18 20:48 ` Stefan Monnier
2006-01-20  0:45   ` Chong Yidong
2006-01-20  1:14   ` Richard M. Stallman
2006-01-20  3:48     ` Stefan Monnier
2006-01-23 20:21   ` Stefan Monnier
2006-01-24 17:23   ` Chong Yidong
2006-01-18 21:35 ` Ken Raeburn
2006-01-18 23:56   ` Chong Yidong
2006-01-19  8:53     ` Romain Francoise
2006-01-19 20:57       ` Stefan Monnier
2006-01-19 22:48         ` Kim F. Storm
2006-01-20  3:46           ` Stefan Monnier
2006-01-20 22:58             ` Richard M. Stallman
2006-01-25  3:26             ` Chong Yidong
2006-01-25 15:45               ` Richard M. Stallman
2006-01-20  1:14   ` Richard M. Stallman
2006-01-20  9:28     ` Ken Raeburn
2006-01-20 22:58       ` Richard M. Stallman
2006-01-18 22:06 ` Eli Zaretskii
2006-01-18 23:48   ` David Kastrup
2006-01-18 23:48   ` Chong Yidong
2006-01-19  1:15     ` Stefan Monnier
2006-01-19  3:21       ` Ken Raeburn
2006-01-19  4:36     ` Eli Zaretskii
2006-01-20  1:14 ` Richard M. Stallman
2006-01-20  3:56   ` Stefan Monnier
2006-01-20 14:49     ` Chong Yidong
2006-01-21 19:57       ` Richard M. Stallman
2006-01-22 17:37         ` Stefan Monnier
2006-01-20 22:58     ` Richard M. Stallman
2006-01-21  4:48       ` Stefan Monnier
2006-01-21 17:31         ` Chong Yidong
2006-01-22  3:57           ` Richard M. Stallman
2006-01-22 16:45         ` Stefan Monnier [this message]
2006-01-22 20:06           ` Andreas Schwab
2006-01-23  0:10           ` Richard M. Stallman
2006-01-23  0:35           ` Ken Raeburn
2006-01-23  1:58             ` Stefan Monnier
2006-01-23  2:06               ` Stefan Monnier
2006-01-24 16:46             ` Richard M. Stallman
2006-01-23  0:55         ` Stefan Monnier
2006-01-24 16:46           ` Richard M. Stallman
2006-01-24 17:57             ` Kim F. Storm
2006-01-24 18:33               ` Chong Yidong
2006-01-25 15:45               ` Richard M. Stallman
2006-01-26  1:41             ` Chong Yidong
2006-01-26 17:46               ` Richard M. Stallman
2006-01-26 18:40                 ` Stefan Monnier
2006-01-26 19:45                   ` Chong Yidong
2006-01-27 22:32                     ` Richard M. Stallman
2006-01-27 23:33                       ` Stefan Monnier
2006-01-29 14:53                         ` Chong Yidong
2006-01-29  4:58                       ` Chong Yidong
2006-01-30  0:57                         ` Richard M. Stallman
2006-01-30  1:06                           ` Chong Yidong
2006-01-27 22:32                   ` Richard M. Stallman
2006-01-26 19:10                 ` Chong Yidong

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87u0bw6wwz.fsf-monnier+emacs@gnu.org \
    --to=monnier@iro.umontreal.ca \
    --cc=cyd@stupidchicken.com \
    --cc=emacs-devel@gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.