Re: Emacs crashes accidentally

["Herbert Euler" <herberteuler@hotmail.com>]

>From: Richard Stallman <rms@gnu.org>
>Reply-To: rms@gnu.org
>To: "Herbert Euler" <herberteuler@hotmail.com>
>CC: emacs-devel@gnu.org
>Subject: Re: Emacs crashes accidentally
>Date: Fri, 08 Sep 2006 07:55:59 -0400
>
>     "SDATA (string)" shall be 0x243d8ac, but value of the first argument
>     (PTR) of STROUT is 0x2469648.  This is the reason why Emacs
>     crashed.
>
>     But, why this happened?  Memory leak?
>
>I don't see how a memory leak could possibly have such an effect.
>
>Please examine the value of printcharfun and figure out what Lisp
>object it is.  That way we can tell what path the code took through
>strout.  And what is the value of `i' in strout's frame?
>
>strout increments PTR as it runs.  Maybe it has incremented PTR too
>far.
>
>Or maybe message_dolog somehow clobbered the stack and altered PTR.
>
>Basically I am as puzzled as you are.
>We need more facts.

(print.c, version 1.190.2.21, function STROUT)

static void
strout (ptr, size, size_byte, printcharfun, multibyte)
     char *ptr;
     int size, size_byte;
     Lisp_Object printcharfun;
     int multibyte;
{

[ The value of SIZE is 27, so SIZE_BYTE is not reset. ]

  if (size < 0)
    size_byte = size = strlen (ptr);

[ PRINTCHARFUN is 'T, and NONINTERACTIVE is 0, so
  the third branch gets executed. ]

  if (NILP (printcharfun))
    {
      if (print_buffer_pos_byte + size_byte > print_buffer_size)
        {
          print_buffer_size = print_buffer_size * 2 + size_byte;
          print_buffer = (char *) xrealloc (print_buffer,
                                            print_buffer_size);
        }
      bcopy (ptr, print_buffer + print_buffer_pos_byte, size_byte);
      print_buffer_pos += size;
      print_buffer_pos_byte += size_byte;

#ifdef MAX_PRINT_CHARS
      if (max_print)
        print_chars += size;
#endif /* MAX_PRINT_CHARS */
    }
  else if (noninteractive && EQ (printcharfun, Qt))
    {
      fwrite (ptr, 1, size_byte, stdout);
      noninteractive_need_newline = 1;
    }

[ This branch gets executed. ]

  else if (EQ (printcharfun, Qt))
    {
      /* Output to echo area.  We're trying to avoid a little overhead
         here, that's the reason we don't call printchar to do the
         job.  */
      int i;

[ CURRENT_BUFFER->ENABLE_MULTIBYTE_CHARACTERS is 'T.
  I don't think I can remember whether the buffer I typed z's
  contains multibyte characters. ]

      int multibyte_p
        = !NILP (current_buffer->enable_multibyte_characters);

[ I assume SETUP_ECHO_AREA_FOR_PRINTING behaves well
  so I didn't trace into it. ]

      setup_echo_area_for_printing (multibyte_p);

[ I see MESSAGE_DOLOG is in xdisp.c, but I compiled Emacs
  without X.  What's the behavior here?  Since MESSAGE_DOLOG
  is very long, I didn't post the tracing.  Btw, Vmemory_full is
  'NIL and Vmessage_log_max is 400. ]

      message_dolog (ptr, size_byte, 0, multibyte_p);

[ Both SIZE and SIZE_BYTE are 27. ]

      if (size == size_byte)
        {

[ gdb shows that crashing happened on INSERT_CHAR.
  While the value of I is 26, so iteration was not finished.
  The value of PTR is 0x2469649, but PRINT_STRINT
  calls STROUT with (I think) 0x243d8ac, so even the
  starting address is not valid. ]

          for (i = 0; i < size; ++i)
            insert_char ((unsigned char )*ptr++);
        }
      else
        {

This is what I can know now from the .core file.  Andreas
Schwab told to find out whether GC was called, but I
don't know how.

Regards,
Guanpeng Xu

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/