From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Florian Ebeling <florian.ebeling@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#11541: 24.0.97; Crash when visiting file on OS X 10.7.3
Date: Wed, 30 May 2012 16:39:21 +0200
Message-ID: <CAGOk8R8Ov_1TG3DMR8qGkpGB_qwU+9DYV3BXPYJCRewdGJ+Hrg@mail.gmail.com>
References: <4fbb6a82.d491cc0a.42d6.3965@mx.google.com>
	<878vgbozcz.fsf@gnu.org>
	<CAGOk8R-zaXyQ0zLLng-CqD+05p-=Y4jDSsHZx_kZaxyVH7RSAA@mail.gmail.com>
	<877gvu9wun.fsf@gnu.org>
	<CAGOk8R9coXk7pzKAoNkYAuHxKtTvBtUKiZH32yHmPafdp7tUtQ@mail.gmail.com>
	<874nqyyn83.fsf@gnu.org>
	<DB1D1253-D4FD-4E29-A3A6-4FD6FFFD7BFE@gmail.com>
	<87d35lyen5.fsf@gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Trace: dough.gmane.org 1338388853 3960 80.91.229.3 (30 May 2012 14:40:53 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Wed, 30 May 2012 14:40:53 +0000 (UTC)
Cc: 11541@debbugs.gnu.org
To: Chong Yidong <cyd@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed May 30 16:40:52 2012
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1SZk4w-0001nF-O5
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 30 May 2012 16:40:50 +0200
Original-Received: from localhost ([::1]:58108 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1SZk4w-0002CW-I2
	for geb-bug-gnu-emacs@m.gmane.org; Wed, 30 May 2012 10:40:50 -0400
Original-Received: from eggs.gnu.org ([208.118.235.92]:47588)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1SZk4o-0002BQ-Az
	for bug-gnu-emacs@gnu.org; Wed, 30 May 2012 10:40:48 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1SZk4h-0003n3-Us
	for bug-gnu-emacs@gnu.org; Wed, 30 May 2012 10:40:41 -0400
Original-Received: from debbugs.gnu.org ([140.186.70.43]:40831)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1SZk4h-0003mw-NT
	for bug-gnu-emacs@gnu.org; Wed, 30 May 2012 10:40:35 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.72)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1SZk66-0002aI-HQ
	for bug-gnu-emacs@gnu.org; Wed, 30 May 2012 10:42:04 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Florian Ebeling <florian.ebeling@gmail.com>
Original-Sender: debbugs-submit-bounces@debbugs.gnu.org
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Wed, 30 May 2012 14:42:02 +0000
Resent-Message-ID: <handler.11541.B11541.13383888809877@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 11541
X-GNU-PR-Package: emacs,ns
X-GNU-PR-Keywords: 
Original-Received: via spool by 11541-submit@debbugs.gnu.org id=B11541.13383888809877
	(code B ref 11541); Wed, 30 May 2012 14:42:02 +0000
Original-Received: (at 11541) by debbugs.gnu.org; 30 May 2012 14:41:20 +0000
Original-Received: from localhost ([127.0.0.1]:50377 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1SZk5Q-0002ZG-2S
	for submit@debbugs.gnu.org; Wed, 30 May 2012 10:41:20 -0400
Original-Received: from mail-pb0-f44.google.com ([209.85.160.44]:50249)
	by debbugs.gnu.org with esmtp (Exim 4.72)
	(envelope-from <florian.ebeling@gmail.com>) id 1SZk5M-0002Z4-UH
	for 11541@debbugs.gnu.org; Wed, 30 May 2012 10:41:18 -0400
Original-Received: by pbcwy7 with SMTP id wy7so45337pbc.3
	for <11541@debbugs.gnu.org>; Wed, 30 May 2012 07:39:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; 
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc:content-type:content-transfer-encoding;
	bh=bRj9O4aDmfeWJOVBYmYd+wqXt4nOVo/DxYsr98liZ/M=;
	b=CvDC3Y3WAs55rbMml2PXCDNsHN5WlPFZM/j/5l6U83d158hDOCphU7+DDrULBxP57U
	oeBpV+LOZbgqqfOf4tFuGl0MJN8r0EUhGc1kTzTrBJQzOu916cYqErTWpHPXwpqe6GHR
	XmLoE555diYRql9mTq8QhRAPdwD2peRuvF8xAJekocPrbQ/vPeE4WPR6R9/69rPEEJoN
	F73c44sHc9ieB/g+Uz7/+naCCPcKpJvvjvL7a6CVOCogeEpOTj7boNyiRQaVSVB4iv1Q
	6/KRwFGHpyVH8f+vWrQxF/cW410OYTO2vCWYVu1bpYSvQPK7QOIjOCKvN6DkWA1ODPHl
	btbw==
Original-Received: by 10.68.192.5 with SMTP id hc5mr39164492pbc.49.1338388781843; Wed,
	30 May 2012 07:39:41 -0700 (PDT)
Original-Received: by 10.143.99.5 with HTTP; Wed, 30 May 2012 07:39:21 -0700 (PDT)
In-Reply-To: <87d35lyen5.fsf@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.13
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 2)
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:60519
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/60519>

On Wed, May 30, 2012 at 3:36 PM, Chong Yidong <cyd@gnu.org> wrote:
> Interesting. =C2=A0We need to pin down where the stack clobbering is taki=
ng
> place; I don't see an obvious problem in the code, so let's just do it
> by brute force. =C2=A0Could you apply the following patch (which adds thr=
ee
> abort conditions to the code), trigger the bug again, then see where the
> abort takes place?

It still stops at the same location, which is 531 after the patch.
Here is the debugger session output:

#16 0x00007fff89e8a587 in TDescriptor::CreateMatchingDescriptors ()
#17 0x0000000100a32599 in -[NSCTFontDescriptor
matchingFontDescriptorsWithMandatoryKeys:] ()
#18 0x00000001001a1c70 in ns_findfonts (font_spec=3D140734799760960,
isMatch=3D0 '\0') at nsfont.m:531
(More stack frames follow...)
(gdb) f 18
#18 0x00000001001a1c70 in ns_findfonts (font_spec=3D140734799760960,
isMatch=3D0 '\000') at nsfont.m:531
531	    matchingDescs =3D [fdesc matchingFontDescriptorsWithMandatoryKeys: =
fkeys];
Current language:  auto; currently objective-c
(gdb) li ns_findfonts
492	/* Implementation for list() and match().  List() can return nil, match=
()
493	must return something.  Strategy is to drop family name from attribute
494	matching set for match. */
495	static Lisp_Object
496	ns_findfonts (Lisp_Object font_spec, BOOL isMatch)
497	{
498	    Lisp_Object tem, list =3D Qnil;
499	    NSFontDescriptor *fdesc, *desc;
500	    NSMutableSet *fkeys;
501	    NSArray *matchingDescs;
(gdb)
502	    NSEnumerator *dEnum;
503	    NSString *family;
504	    NSSet *cFamilies;
505	    BOOL foundItal =3D NO;
506=09
507	    if (NSFONT_TRACE)
508	      {
509		fprintf (stderr, "nsfont: %s for fontspec:\n    ",
510			 (isMatch ? "match" : "list"));
511		debug_print (font_spec);
(gdb)
512	      }
513=09
514	    if (!FONT_SPEC_P (font_spec))
515	      abort ();
516=09
517	    cFamilies =3D ns_get_covering_families (ns_get_req_script
(font_spec), 0.90);
518=09
519	    if (!FONT_SPEC_P (font_spec))
520	      abort ();
521=09
(gdb)
522	    fdesc =3D ns_spec_to_descriptor (font_spec);
523=09
524	    if (!FONT_SPEC_P (font_spec))
525	      abort ();
526=09
527	    fkeys =3D [NSMutableSet setWithArray: [[fdesc fontAttributes] allKe=
ys]];
528	    if (isMatch)
529		[fkeys removeObject: NSFontFamilyAttribute];
530=09
531	    matchingDescs =3D [fdesc matchingFontDescriptorsWithMandatoryKeys: =
fkeys];
(gdb) p font_spec
$1 =3D 140734799760960
(gdb) xtype
Lisp_Int0