From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Valentin Gatien-Baron <vgatien-baron@janestreet.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#29066: 26.0.90; crash in gc involving buffer local symbols
Date: Mon, 30 Oct 2017 18:04:14 -0400
Message-ID: <CAFd54qOEYm2UAG+cFjcEmRR0pHZJzy=1eyfonQTnYsRVE=NCfQ@mail.gmail.com>
References: <CAFd54qNxFhwTVC-ttTWzn1d3hJQ83kEwDa-Kka1T+SAk-y9V7Q@mail.gmail.com>
	<83a808tlqp.fsf@gnu.org>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary="001a113f8fa4ba1ed5055ccad13f"
X-Trace: blaine.gmane.org 1509401543 31864 195.159.176.226 (30 Oct 2017 22:12:23 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Mon, 30 Oct 2017 22:12:23 +0000 (UTC)
Cc: 29066@debbugs.gnu.org, Mark Shinwell <mshinwell@janestreet.com>
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Mon Oct 30 23:12:13 2017
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1e9IHu-0006TD-Ei
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 30 Oct 2017 23:12:06 +0100
Original-Received: from localhost ([::1]:42799 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1e9II0-0004Ax-AW
	for geb-bug-gnu-emacs@m.gmane.org; Mon, 30 Oct 2017 18:12:12 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:52053)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e9IHu-0004Ar-9b
	for bug-gnu-emacs@gnu.org; Mon, 30 Oct 2017 18:12:07 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e9IHq-0002xi-VG
	for bug-gnu-emacs@gnu.org; Mon, 30 Oct 2017 18:12:06 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:34128)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1e9IHq-0002xV-P4
	for bug-gnu-emacs@gnu.org; Mon, 30 Oct 2017 18:12:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1e9IHq-0001bt-Eo
	for bug-gnu-emacs@gnu.org; Mon, 30 Oct 2017 18:12:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Valentin Gatien-Baron <vgatien-baron@janestreet.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Mon, 30 Oct 2017 22:12:02 +0000
Resent-Message-ID: <handler.29066.B29066.15094015196177@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 29066
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 29066-submit@debbugs.gnu.org id=B29066.15094015196177
	(code B ref 29066); Mon, 30 Oct 2017 22:12:02 +0000
Original-Received: (at 29066) by debbugs.gnu.org; 30 Oct 2017 22:11:59 +0000
Original-Received: from localhost ([127.0.0.1]:42809 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1e9IHn-0001bY-8l
	for submit@debbugs.gnu.org; Mon, 30 Oct 2017 18:11:59 -0400
Original-Received: from mxout3.mail.janestreet.com ([38.105.200.229]:42971)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <vgatien-baron@janestreet.com>) id 1e9IAQ-0001Q4-2w
	for 29066@debbugs.gnu.org; Mon, 30 Oct 2017 18:04:22 -0400
Original-Received: from [172.27.56.68] (helo=tot-qpr-mailcore1)
	by mxout3.mail.janestreet.com with esmtps
	(TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89)
	(envelope-from <vgatien-baron@janestreet.com>) id 1e9IAK-0004iY-KY
	for 29066@debbugs.gnu.org; Mon, 30 Oct 2017 18:04:16 -0400
X-JS-Flow: external
X-JS-Scanner-attachment: (ok) No attachments
Original-Received: by tot-qpr-mailcore1 with ocaml/mailcore/mailcore 1.0+136
	(04e1cd915edc) (envelope-from <vgatien-baron@janestreet.com>)
	id BZ96Hg-FdUSQA-S2; 2017-10-30 18:04:16.606799-04:00
Original-Received: from mail-lf0-f69.google.com ([209.85.215.69])
	by mxgoog1.mail.janestreet.com with esmtps
	(TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89)
	(envelope-from <vgatien-baron@janestreet.com>) id 1e9IAK-0000iL-IT
	for 29066@debbugs.gnu.org; Mon, 30 Oct 2017 18:04:16 -0400
Original-Received: by mail-lf0-f69.google.com with SMTP id j98so4370944lfi.0
	for <29066@debbugs.gnu.org>; Mon, 30 Oct 2017 15:04:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=janestreet.com; s=google;
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc; bh=+Mu6udci/3HlI4i0TGj3DBUaYwIef/NvsXehuCVCnyk=;
	b=rCcCVAqg5ydRL6zdB/dsoFPIQiArqEAlHMV9d9TMKIigBMXDv/tTPRFAIpdoiGV/z+
	00/LxK6CuBHH5AmlOiSPrp46wMYRk3bQGkKgGgVmCqC02MCiPbs1wpxNw2XksKHzHxYL
	Koh4Qau4pEj7u2k81ECbnkNwD5S9zUEWe4/Bc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:in-reply-to:references:from:date
	:message-id:subject:to:cc;
	bh=+Mu6udci/3HlI4i0TGj3DBUaYwIef/NvsXehuCVCnyk=;
	b=fswxVTpf0b4tPmF0/s19vp/T0rd7I68KqQBiIiBUx8Vy24zNiGFKwJN3+YYBaYbl5/
	YxlyckTq10LJ5xmgeLREBtIREkXAKRwDAU/3Qq45bzGBqCWlSbr4DCjOsVTId1uuEjdY
	NOvYEQ0oPghFe+jiPu2AELSK1LdalGl6KMnkQ9es4y2OOD5rnSKLGAS2FqPjPs7RD+lR
	vocbcu/f6LjW8WlQ/uWVjR1MRb85BzPsGa20EXtkLPnqsNMG+hNpqQlXP1PcHVqqQDVd
	5Y8dIXhgXg/9/5WHZBdB5WkebWRiHYpaFyzlasY5m3mZRKYQg5jVA7EmSTzAP+6u4Cck
	H40Q==
X-Gm-Message-State: AMCzsaXymlczl4FDBvyevt48XoeRw+xZKgSq2tlPxgej/OqUC14K7DDl
	bVVUs7KXoRgFJPxpLljCnmD85h1sg5x25VnTEsuQfs3a2cOt/ZRmUhOjIfPkYUmBleov20iGvzF
	T3wAKmdr9ECsn15EbB8+UPGpKhfqhUQ==
X-Received: by 10.25.16.28 with SMTP id f28mr3426233lfi.133.1509401055515;
	Mon, 30 Oct 2017 15:04:15 -0700 (PDT)
X-Google-Smtp-Source: ABhQp+QukbvupOya7ZZx/iLSw274Bq1isvw/lcBXLtOcVeOHaei/bRzPHpMqvBuyLXEOtJdWPVbIl+ZY5yfSbvFvkR4=
X-Received: by 10.25.16.28 with SMTP id f28mr3426230lfi.133.1509401055329;
	Mon, 30 Oct 2017 15:04:15 -0700 (PDT)
Original-Received: by 10.25.234.11 with HTTP; Mon, 30 Oct 2017 15:04:14 -0700 (PDT)
In-Reply-To: <83a808tlqp.fsf@gnu.org>
X-JS-Exim-Data-Received: 2017-10-30 18:04:16-0400
X-JS-Processed-by: mailcore
X-Mailman-Approved-At: Mon, 30 Oct 2017 18:11:57 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:139221
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/139221>

--001a113f8fa4ba1ed5055ccad13f
Content-Type: text/plain; charset="UTF-8"

Yes, it fixes the problem.

I also checked the following works, and seems better to me (stop having
dangling pointers, instead of being careful with them):

diff --git a/src/alloc.c b/src/alloc.c
index da0c3ad4b3..44dfa95cf5 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -7030,8 +7030,10 @@ sweep_symbols (void)
         {
           if (!sym->s.gcmarkbit)
             {
-              if (sym->s.redirect == SYMBOL_LOCALIZED)
+              if (sym->s.redirect == SYMBOL_LOCALIZED) {
                 xfree (SYMBOL_BLV (&sym->s));
+                sym->s.val.blv = NULL;
+              }
               sym->s.next = symbol_free_list;
               symbol_free_list = &sym->s;
               symbol_free_list->function = Vdead;


On Mon, Oct 30, 2017 at 4:38 PM, Eli Zaretskii <eliz@gnu.org> wrote:

> > From: Valentin Gatien-Baron <vgatien-baron@janestreet.com>
> > Date: Mon, 30 Oct 2017 10:36:41 -0400
> > Cc: Mark Shinwell <mshinwell@janestreet.com>
> >
> > $ installed/bin/emacs -Q -L . -batch --eval '(progn (message "before")
> (make-local-variable (make-symbol "\
> > s")) (kill-buffer) (garbage-collect) (garbage-collect) (message
> "after"))'
> > before
> > *** Error in `installed/bin/emacs': double free or corruption (!prev):
> 0x00000000014bff10 ***
>
> Thanks.
>
> Does the below fix the problem?
>
> diff --git a/src/alloc.c b/src/alloc.c
> index d9d7485..11afdfd 100644
> --- a/src/alloc.c
> +++ b/src/alloc.c
> @@ -7024,7 +7024,9 @@ sweep_symbols (void)
>          {
>            if (!sym->s.gcmarkbit)
>              {
> -              if (sym->s.redirect == SYMBOL_LOCALIZED)
> +              if (sym->s.redirect == SYMBOL_LOCALIZED
> +                 /* Already freed?  */
> +                 && !EQ (sym->s.function, Vdead))
>                  xfree (SYMBOL_BLV (&sym->s));
>                sym->s.next = symbol_free_list;
>                symbol_free_list = &sym->s;
>

--001a113f8fa4ba1ed5055ccad13f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style=3D"font-family:arial,he=
lvetica,sans-serif">Yes, it fixes the problem.</div><div class=3D"gmail_def=
ault" style=3D"font-family:arial,helvetica,sans-serif"><br></div><div class=
=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif">I also =
checked the following works, and seems better to me (stop having dangling p=
ointers, instead of being careful with them):</div><div class=3D"gmail_defa=
ult" style=3D"font-family:arial,helvetica,sans-serif"><br></div><div class=
=3D"gmail_default" style=3D"font-family:arial,helvetica,sans-serif"><div cl=
ass=3D"gmail_default"><div class=3D"gmail_default">diff --git a/src/alloc.c=
 b/src/alloc.c</div><div class=3D"gmail_default">index da0c3ad4b3..44dfa95c=
f5 100644</div><div class=3D"gmail_default">--- a/src/alloc.c</div><div cla=
ss=3D"gmail_default">+++ b/src/alloc.c</div><div class=3D"gmail_default">@@=
 -7030,8 +7030,10 @@ sweep_symbols (void)</div><div class=3D"gmail_default"=
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{</div><div class=3D"gmail_default">=C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if (!sym-&gt;s.gcmarkbit)</div><div c=
lass=3D"gmail_default">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{</d=
iv><div class=3D"gmail_default">-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 if (sym-&gt;s.redirect =3D=3D SYMBOL_LOCALIZED)</div><div class=3D"g=
mail_default">+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if (sym-&gt=
;s.redirect =3D=3D SYMBOL_LOCALIZED) {</div><div class=3D"gmail_default">=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0xfree (SYMBOL=
_BLV (&amp;sym-&gt;s));</div><div class=3D"gmail_default">+=C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 sym-&gt;s.val.blv =3D NULL;</div>=
<div class=3D"gmail_default">+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 }</div><div class=3D"gmail_default">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0sym-&gt;s.next =3D symbol_free_list;</div><div class=3D=
"gmail_default">=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0symb=
ol_free_list =3D &amp;sym-&gt;s;</div><div class=3D"gmail_default">=C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0symbol_free_list-&gt;functi=
on =3D Vdead;</div><div><br></div></div></div><div class=3D"gmail_extra"><b=
r><div class=3D"gmail_quote">On Mon, Oct 30, 2017 at 4:38 PM, Eli Zaretskii=
 <span dir=3D"ltr">&lt;<a href=3D"mailto:eliz@gnu.org" target=3D"_blank">el=
iz@gnu.org</a>&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=
=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding=
-left:1ex">&gt; From: Valentin Gatien-Baron &lt;<a href=3D"mailto:vgatien-b=
aron@janestreet.com">vgatien-baron@janestreet.com</a>&gt;<br>
&gt; Date: Mon, 30 Oct 2017 10:36:41 -0400<br>
&gt; Cc: Mark Shinwell &lt;<a href=3D"mailto:mshinwell@janestreet.com">mshi=
nwell@janestreet.com</a>&gt;<br>
&gt;<br>
&gt; $ installed/bin/emacs -Q -L . -batch --eval &#39;(progn (message &quot=
;before&quot;) (make-local-variable (make-symbol &quot;\<br>
&gt; s&quot;)) (kill-buffer) (garbage-collect) (garbage-collect) (message &=
quot;after&quot;))&#39;<br>
&gt; before<br>
&gt; *** Error in `installed/bin/emacs&#39;: double free or corruption (!pr=
ev): 0x00000000014bff10 ***<br>
<br>
Thanks.<br>
<br>
Does the below fix the problem?<br>
<br>
diff --git a/src/alloc.c b/src/alloc.c<br>
index d9d7485..11afdfd 100644<br>
--- a/src/alloc.c<br>
+++ b/src/alloc.c<br>
@@ -7024,7 +7024,9 @@ sweep_symbols (void)<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0if (!sym-&gt;s.gcmarkbit)<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0{<br>
-=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if (sym-&gt;s.redirect =
=3D=3D SYMBOL_LOCALIZED)<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if (sym-&gt;s.redirect =
=3D=3D SYMBOL_LOCALIZED<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0/* Already f=
reed?=C2=A0 */<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&amp;&amp; !=
EQ (sym-&gt;s.function, Vdead))<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0xfree (SYMBOL=
_BLV (&amp;sym-&gt;s));<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0sym-&gt;s.next =3D s=
ymbol_free_list;<br>
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0symbol_free_list =3D=
 &amp;sym-&gt;s;<br>
</blockquote></div><br></div></div>

--001a113f8fa4ba1ed5055ccad13f--