From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Gerd =?UTF-8?Q?M=C3=B6llmann?= Newsgroups: gmane.emacs.bugs Subject: bug#56553: 29.0.50; ASAN error with fringe bitmaps on NS Date: Thu, 14 Jul 2022 16:18:55 +0200 Message-ID: References: <83cze7u7b7.fsf@gnu.org> Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.100.31\)) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="23005"; mail-complaints-to="usenet@ciao.gmane.io" Cc: 56553@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Thu Jul 14 16:22:24 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1oBzjT-0005n0-ST for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 14 Jul 2022 16:22:23 +0200 Original-Received: from localhost ([::1]:33540 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1oBzjS-00043s-Lu for geb-bug-gnu-emacs@m.gmane-mx.org; Thu, 14 Jul 2022 10:22:22 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:60734) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1oBzhC-0001fS-Lx for bug-gnu-emacs@gnu.org; Thu, 14 Jul 2022 10:20:02 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:40786) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1oBzhC-0006FM-Bi for bug-gnu-emacs@gnu.org; Thu, 14 Jul 2022 10:20:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1oBzhC-0003JX-54 for bug-gnu-emacs@gnu.org; Thu, 14 Jul 2022 10:20:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Gerd =?UTF-8?Q?M=C3=B6llmann?= Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 14 Jul 2022 14:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 56553 X-GNU-PR-Package: emacs Original-Received: via spool by 56553-submit@debbugs.gnu.org id=B56553.165780834512647 (code B ref 56553); Thu, 14 Jul 2022 14:20:02 +0000 Original-Received: (at 56553) by debbugs.gnu.org; 14 Jul 2022 14:19:05 +0000 Original-Received: from localhost ([127.0.0.1]:38542 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oBzgH-0003Hv-D4 for submit@debbugs.gnu.org; Thu, 14 Jul 2022 10:19:05 -0400 Original-Received: from mail-ej1-f41.google.com ([209.85.218.41]:39612) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1oBzgE-0003HO-RS for 56553@debbugs.gnu.org; Thu, 14 Jul 2022 10:19:03 -0400 Original-Received: by mail-ej1-f41.google.com with SMTP id bp15so3694887ejb.6 for <56553@debbugs.gnu.org>; Thu, 14 Jul 2022 07:19:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=M0xdajsdNndp/svpeGsFYRc79sNMtY5206z15bcjKcw=; b=bkTOiRuR6RyPxLUMYPi4N9Juf1utEyo8xD8qCuhny4JoWr5A3VfijrNZz5QE8FpXHl 326GVAGx+BcTqsN/k2Gxgce4as9S/PUy0TLz81G11e5d3uhBoMo+I7xSM0JwnvJqmKG/ ua+Zc2CtBTbk6BfxcJpIB64/mFhuiAPu75PSmDhAUqhmEMkGflxGmm5UHpAWZk8GXvdZ IpW1+OIN0etcznmHickW+CIrI0EmAj0OC085ffSqlycSMTGrecVksLWJ8TkJKCo5mb7v h8vsz/pWpgnxHriPg4BJ3L0i0uFXY6uTHz7SLRs1qDkOwDJMome9B7YExV3OZY4mBTk1 HmVA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=M0xdajsdNndp/svpeGsFYRc79sNMtY5206z15bcjKcw=; b=j1gh/usBS+/TZwwvVIjwjfrqM1RNzVbIH4weR7tiOa5I5Hx/eXJ4XpGfpm2bj30Whu qfkFS4LquAqcpjETigd+6Ef3M0wjrHHife0E+Zmfknwu5WLc8JO+Bqb10pCFzeFBG8s3 7AA3ejiqkyfKzSyp9VKGxHatbWGjF82dla95qGYUIqvt1PUvNDH65rEGvFXZwG4jdyje jPOgAXvrrV9S77+TMsLIz8Jb95Qcixa3lF2sTbZltJ+z0TMhGqq+Cv1KwzhynfbgyhnH xfdeYA5FNf/2DxH23Z65wuX6Ns2vKdMZML0f3gdVUThWl4JFnYMjAyKAqziyaS7/B0z0 yE5Q== X-Gm-Message-State: AJIora+JyeGkWkx0DC2qzqFn7Ye3gIbXdGcX6LD966RPHf7f30SYk1Mm wQJgU4M+lCFBtGc6pJN5cun6NfEChuZGSw== X-Google-Smtp-Source: AGRyM1v+Q5lo01sUuSS8z11D6K0wYYN4PDjp7TXr5cdpCBfDBqDxRFL+VnRtpFZgwj+YuOhOQ3+DyQ== X-Received: by 2002:a17:907:6d8f:b0:72b:6b87:81f1 with SMTP id sb15-20020a1709076d8f00b0072b6b8781f1mr9043147ejc.674.1657808336785; Thu, 14 Jul 2022 07:18:56 -0700 (PDT) Original-Received: from smtpclient.apple (pd9e365de.dip0.t-ipconnect.de. [217.227.101.222]) by smtp.gmail.com with ESMTPSA id d3-20020a170906304300b0072737733f9asm739568ejd.106.2022.07.14.07.18.55 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 14 Jul 2022 07:18:56 -0700 (PDT) In-Reply-To: <83cze7u7b7.fsf@gnu.org> X-Mailer: Apple Mail (2.3696.100.31) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:236998 Archived-At: > On 2022-07-14,, at 15:56 , Eli Zaretskii wrote: >=20 >> From: Gerd M=C3=B6llmann >> Date: Thu, 14 Jul 2022 15:03:36 +0200 >>=20 >> This is a Spacemacs profile, with a lot of fringe bitmaps. The error >> happens right after hitting 'q' on the startup screen, when the first >> fringe bitmap is displayed. >>=20 >> thread #1: tid =3D 0x3d47c, 0x0000000103dc4870 = libclang_rt.asan_osx_dynamic.dylib`__asan::AsanDie(), queue =3D = 'com.apple.main-thread', stop reason =3D Heap buffer overflow >>=20 >> { >> "access_size": 2, >> "access_type": 0, >> "address": 4402845816, >> "description": "heap-buffer-overflow", >> "instrumentation_class": "AddressSanitizer", >> "pc": 4313240244, >> "stop_type": "fatal_error" >> } >>=20 >> frame #5: 0x000000010116d2b4 emacs`ns_define_fringe_bitmap(which=3D27, = bits=3D0x00000001066e1860, h=3D12, w=3D16) at nsterm.m:2906:20 >> 2903 /* XBM rows are always round numbers of bytes, = with any unused >> 2904 bits ignored. */ >> 2905 int byte =3D y * (w/8 + (w%8 ? 1 : 0)) + x/8; >> -> 2906 bool bit =3D bits[byte] & (0x80 >> x%8); >> 2907 if (bit) >> 2908 [p appendBezierPathWithRect:NSMakeRect (x, y, = 1, 1)]; >> 2909 } >> (lldb) p byte >> (int) $22 =3D 12 >>=20 >> frame #6: 0x0000000101079128 emacs`init_fringe_bitmap(which=3D27, = fb=3D0x00000001066e1850, once_p=3D0) at fringe.c:1520:2 >> 1517 destroy_fringe_bitmap (which); >> 1518=09 >> 1519 if (rif && rif->define_fringe_bitmap) >> -> 1520 rif->define_fringe_bitmap (which, fb->bits, = fb->height, fb->width); >> 1521=09 >> 1522 fringe_bitmaps[which] =3D fb; >> 1523 if (which >=3D max_used_fringe_bitmap) >> (lldb) p *fb >> (fringe_bitmap) $21 =3D { >> bits =3D 0x00000001066e1860 >> height =3D 12 >> width =3D 16 >> period =3D 0 >> align =3D 0 >> dynamic =3D true >> } >=20 > I don't understand this. What is the dimension of the bits[] array? > It is supposed to be 12 * 2, so how come the index 12 causes access > violation? I don't understand this either, but it's not an access violation, it's = an out-of-bounds access of an allocated memory object, AFAIU. How do you come to the 12 * 2? Is that in bytes? I'm asking because, = confusingly for me, the bits in frame #5 is unsigned short *. (height * = width) / sizeof(char) would be 12*2... >=20 > Who is the caller of init_fringe_bitmap in this case? frame #7: 0x0000000101078558 emacs`Fdefine_fringe_bitmap(bitmap=3D-> = (struct Lisp_Symbol *) $33 =3D 0x00000001232c81a0, bits=3D-> (struct = Lisp_Vector *) $37 =3D 0x000000014efefc70, height=3D-> (struct = Lisp_Symbol *) $40 =3D 0x0000000101b04020, width=3D-> (EMACS_INT) $42 =3D = 16, align=3D-> (struct Lisp_Symbol *) $45 =3D 0x0000000101b04020) at = fringe.c:1660:3 1657=09 1658 *xfb =3D fb; 1659=09 -> 1660 init_fringe_bitmap (n, xfb, 0); 1661=09 1662 return bitmap; 1663 } (lldb) frame variable (Lisp_Object) bitmap =3D -> (struct Lisp_Symbol *) $18 =3D = 0x00000001232c81a0 { i =3D 0x00000000217c4180 } (Lisp_Object) bits =3D -> (struct Lisp_Vector *) $22 =3D = 0x000000014efefc70 { i =3D 0x000000014efefc75 } (Lisp_Object) height =3D -> (struct Lisp_Symbol *) $25 =3D = 0x0000000101b04020 { i =3D NULL } (Lisp_Object) width =3D -> (EMACS_INT) $27 =3D 16 { i =3D 0x0000000000000042 } (Lisp_Object) align =3D -> (struct Lisp_Symbol *) $30 =3D = 0x0000000101b04020 { i =3D NULL } (int) n =3D 27 (int) h =3D 12 (int) i =3D 0 (int) j =3D 12 (unsigned short *) b =3D 0x00000001066e6320 (fringe_bitmap) fb =3D { bits =3D 0x00000001066e6320 height =3D 12 width =3D 16 period =3D 0 align =3D 0 dynamic =3D true } (fringe_bitmap *) xfb =3D 0x00000001066e6310 (int) fill1 =3D 0 (int) fill2 =3D 0 (lldb) p $18->u.s.name=20 (Lisp_Object) $58 =3D -> (struct Lisp_String *) $60 =3D = 0x000000012279d880 { i =3D 0x000000012279d884 } (lldb) p $60->u.s (Lisp_String::(unnamed struct)) $61 =3D { size =3D 42 size_byte =3D 42 intervals =3D NULL data =3D 0x0000000150832190 = "flycheck-fringe-bitmap-double-arrow-hi-res" }