From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Geoff Gole" Newsgroups: gmane.emacs.bugs Subject: bug#716: Bug in buffer-swap-text Date: Sat, 8 Nov 2008 02:41:11 -0800 Message-ID: Reply-To: Geoff Gole , 716@emacsbugs.donarmstrong.com NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_Part_49387_22778304.1226140871895" X-Trace: ger.gmane.org 1226141444 24467 80.91.229.12 (8 Nov 2008 10:50:44 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 8 Nov 2008 10:50:44 +0000 (UTC) To: "Jason Rumney" , 716@emacsbugs.donarmstrong.com Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Nov 08 11:51:47 2008 connect(): Connection refused Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1KylPb-0006s0-Nb for geb-bug-gnu-emacs@m.gmane.org; Sat, 08 Nov 2008 11:51:28 +0100 Original-Received: from localhost ([127.0.0.1]:59676 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KylOU-0008Gq-An for geb-bug-gnu-emacs@m.gmane.org; Sat, 08 Nov 2008 05:50:18 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1KylOO-0008GO-9m for bug-gnu-emacs@gnu.org; Sat, 08 Nov 2008 05:50:12 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1KylOL-0008ED-W4 for bug-gnu-emacs@gnu.org; Sat, 08 Nov 2008 05:50:11 -0500 Original-Received: from [199.232.76.173] (port=35870 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KylOL-0008Ds-Bu for bug-gnu-emacs@gnu.org; Sat, 08 Nov 2008 05:50:09 -0500 Original-Received: from rzlab.ucr.edu ([138.23.92.77]:51629) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1KylOK-0004vg-FK for bug-gnu-emacs@gnu.org; Sat, 08 Nov 2008 05:50:08 -0500 Original-Received: from rzlab.ucr.edu (rzlab.ucr.edu [127.0.0.1]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id mA8Ao6Mo023712; Sat, 8 Nov 2008 02:50:06 -0800 Original-Received: (from debbugs@localhost) by rzlab.ucr.edu (8.13.8/8.13.8/Submit) id mA8Ao3hl023600; Sat, 8 Nov 2008 02:50:03 -0800 X-Loop: don@donarmstrong.com Resent-From: "Geoff Gole" Resent-To: bug-submit-list@donarmstrong.com Resent-CC: Emacs Bugs , don@donarmstrong.com Resent-Date: Sat, 08 Nov 2008 10:50:03 +0000 Resent-Message-ID: Resent-Sender: don@donarmstrong.com X-Emacs-PR-Message: report 716 X-Emacs-PR-Package: emacs,w32 X-Emacs-PR-Keywords: Original-Received: via spool by 716-submit@emacsbugs.donarmstrong.com id=B716.122614087722234 (code B ref 716); Sat, 08 Nov 2008 10:50:03 +0000 Original-Received: (at 716) by emacsbugs.donarmstrong.com; 8 Nov 2008 10:41:17 +0000 Original-Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.152]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id mA8AfCb2022228 for <716@emacsbugs.donarmstrong.com>; Sat, 8 Nov 2008 02:41:13 -0800 Original-Received: by fg-out-1718.google.com with SMTP id l27so1338177fgb.43 for <716@emacsbugs.donarmstrong.com>; Sat, 08 Nov 2008 02:41:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type; bh=4rIjjMaOWHnf1cJA3m7LZCsrzKK7fKg53G+m96/wZEA=; b=LG0xiW3rYZqcM9kW6qJ+UnlfT7N5ALv8dlfTtE+CMb1WyGDjFizjGXrJj1d5hFspgd /FJuZvuJU/EUzRm763GDrk3dV9zRDMFHbgL9nqRNt9z0tPNSgk+LeOk6AigcNC5rXWBj bNhI45FaOfaKC+bG5r9SXRte7LITnKRNx3GEQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=a2KEbtI0QfRwfdeB5i8EwZCfZrW0b6KndjopmxgPi4zO6kQvB/ImwLNanQLWmgBkr1 WnfW4ohAvmTwAMZ754HfrJJrQh9e/OkbzIw07Ysrg/JFqKfmk+yI9vpPo6xdh8bD0B7E g/coFqnP5lxwdtkwVrfA8e7U2GhDsGGh8xcv0= Original-Received: by 10.187.224.11 with SMTP id b11mr955892far.81.1226140871891; Sat, 08 Nov 2008 02:41:11 -0800 (PST) Original-Received: by 10.187.193.8 with HTTP; Sat, 8 Nov 2008 02:41:11 -0800 (PST) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Resent-Date: Sat, 08 Nov 2008 05:50:10 -0500 X-BeenThere: bug-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:22218 Archived-At: ------=_Part_49387_22778304.1226140871895 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline I can reliably get a crash without changing coding systems: (progn (buffer-swap-text (generate-new-buffer "test")) (insert (make-string 128 ?a))) (progn (buffer-swap-text (generate-new-buffer "test")) (garbage-collect)) All the crashes I've seen with tar-mode or buffer-swap-text end up hitting the same call to abort in r_re_alloc(). Backtraces for the above lisp fragments (same order): (gdb) bt #0 w32_abort () at w32fns.c:7279 #1 0x01137df8 in r_re_alloc (ptr=0x2a27008, size=2129) at ralloc.c:1028 #2 0x0106ed4e in enlarge_buffer_text (b=0x2a27000, delta=2108) at buffer.c:5065 #3 0x010fe25e in make_gap_larger (nbytes_added=2108) at insdel.c:526 #4 0x010ff949 in insert_from_string_1 (string=47277539, pos=0, pos_byte=0, nchars=128, nbytes=128, inherit=0, before_markers=44199944) at insdel.c:1107 #5 0x01100da6 in insert_from_string (string=47277539, pos=0, pos_byte=0, length=128, length_byte=0, inherit=44199944) at insdel.c:1048 #6 0x0108d79c in general_insert_function (insert_func=0x1100fac , insert_from_string_func=0x1100d3b , inherit=0, nargs=1, args=0x82f3e0) at editfns.c:2184 #7 0x0108d86c in Finsert (nargs=0, args=0x0) at editfns.c:2228 #8 0x0100b364 in Feval (form=19643352) at eval.c:2378 #9 0x0100b632 in Fprogn (args=0) at eval.c:449 #10 0x0100b42b in Feval (form=18325836) at eval.c:2322 #11 0x0100be38 in Ffuncall (nargs=2, args=0x1179ef0) at eval.c:3044 #12 0x01111e63 in Fbyte_code (bytestr=0, vector=8582708, maxdepth=1) at bytecode.c:678 #13 0x0100b722 in funcall_lambda (fun=18972820, nargs=1, arg_vector=0x82f774) at eval.c:3231 #14 0x0100bc17 in Ffuncall (nargs=2, args=0x1218094) at eval.c:3101 #15 0x01111e63 in Fbyte_code (bytestr=0, vector=8583024, maxdepth=1) at bytecode.c:678 #16 0x0100b722 in funcall_lambda (fun=18973068, nargs=1, arg_vector=0x82f8b4) at eval.c:3231 #17 0x0100bc17 in Ffuncall (nargs=2, args=0x121818c) at eval.c:3101 #18 0x01111e63 in Fbyte_code (bytestr=0, vector=8583344, maxdepth=1) at bytecode.c:678 #19 0x0100b722 in funcall_lambda (fun=18971276, nargs=0, arg_vector=0x82fa24) at eval.c:3231 #20 0x0100bc17 in Ffuncall (nargs=1, args=0x1217a8c) at eval.c:3101 #21 0x0100d37f in apply1 (fn=53934297, arg=0) at eval.c:2785 #22 0x0110fdc5 in Fcall_interactively (function=53934297, record_flag=44161025, keys=44194564) at callint.c:389 #23 0x0100be11 in Ffuncall (nargs=4, args=0x12bf728) at eval.c:3050 #24 0x0100bfe9 in call3 (fn=0, arg1=0, arg2=0, arg3=0) at eval.c:2870 #25 0x01056cb9 in Fcommand_execute (cmd=53934297, record_flag=44161025, keys=0, special=44161025) at keyboard.c:10333 #26 0x0105e4e5 in command_loop_1 () at keyboard.c:1880 #27 0x01009f9e in internal_condition_case (bfun=0x105e180 , handlers=44224777, hfun=0x105772c ) at eval.c:1511 #28 0x01051cba in command_loop_2 () at keyboard.c:1338 #29 0x01009ed3 in internal_catch (tag=0, func=0x1051c97 , arg=44161025) at eval.c:1247 #30 0x01051ac7 in command_loop () at keyboard.c:1317 #31 0x01051b60 in recursive_edit_1 () at keyboard.c:942 #32 0x01051c81 in Frecursive_edit () at keyboard.c:1004 #33 0x01002e36 in main (argc=1, argv=0xa427b8) at emacs.c:1777 Lisp Backtrace: "insert" (0x82f3e0) "progn" (0x82f518) "eval" (0x82f638) "eval-last-sexp-1" (0x82f774) "eval-last-sexp" (0x82f8b4) "eval-print-last-sexp" (0x82fa24) "call-interactively" (0x82fc04) (gdb) (gdb) bt #0 w32_abort () at w32fns.c:7279 #1 0x01137df8 in r_re_alloc (ptr=0x2d56008, size=100) at ralloc.c:1028 #2 0x0106ed4e in enlarge_buffer_text (b=0x2d56000, delta=-1979) at buffer.c:5065 #3 0x010fe38a in make_gap_smaller (nbytes_removed=-1979) at insdel.c:600 #4 0x01065cab in Fgarbage_collect () at alloc.c:5022 #5 0x0100b383 in Feval (form=18331376) at eval.c:2372 #6 0x0100b632 in Fprogn (args=0) at eval.c:449 #7 0x0100b42b in Feval (form=18325836) at eval.c:2322 #8 0x0100be38 in Ffuncall (nargs=2, args=0x1179ef0) at eval.c:3044 #9 0x01111e63 in Fbyte_code (bytestr=0, vector=8582708, maxdepth=1) at bytecode.c:678 #10 0x0100b722 in funcall_lambda (fun=18972820, nargs=1, arg_vector=0x82f774) at eval.c:3231 #11 0x0100bc17 in Ffuncall (nargs=2, args=0x1218094) at eval.c:3101 #12 0x01111e63 in Fbyte_code (bytestr=0, vector=8583024, maxdepth=1) at bytecode.c:678 #13 0x0100b722 in funcall_lambda (fun=18973068, nargs=1, arg_vector=0x82f8b4) at eval.c:3231 #14 0x0100bc17 in Ffuncall (nargs=2, args=0x121818c) at eval.c:3101 #15 0x01111e63 in Fbyte_code (bytestr=0, vector=8583344, maxdepth=1) at bytecode.c:678 #16 0x0100b722 in funcall_lambda (fun=18971276, nargs=0, arg_vector=0x82fa24) at eval.c:3231 #17 0x0100bc17 in Ffuncall (nargs=1, args=0x1217a8c) at eval.c:3101 #18 0x0100d37f in apply1 (fn=53934297, arg=0) at eval.c:2785 #19 0x0110fdc5 in Fcall_interactively (function=53934297, record_flag=44161025, keys=44194564) at callint.c:389 #20 0x0100be11 in Ffuncall (nargs=4, args=0x12bf728) at eval.c:3050 #21 0x0100bfe9 in call3 (fn=0, arg1=0, arg2=0, arg3=0) at eval.c:2870 #22 0x01056cb9 in Fcommand_execute (cmd=53934297, record_flag=44161025, keys=0, special=44161025) at keyboard.c:10333 #23 0x0105e4e5 in command_loop_1 () at keyboard.c:1880 #24 0x01009f9e in internal_condition_case (bfun=0x105e180 , handlers=44224777, hfun=0x105772c ) at eval.c:1511 #25 0x01051cba in command_loop_2 () at keyboard.c:1338 #26 0x01009ed3 in internal_catch (tag=0, func=0x1051c97 , arg=44161025) at eval.c:1247 #27 0x01051ac7 in command_loop () at keyboard.c:1317 #28 0x01051b60 in recursive_edit_1 () at keyboard.c:942 #29 0x01051c81 in Frecursive_edit () at keyboard.c:1004 #30 0x01002e36 in main (argc=1, argv=0xa427b8) at emacs.c:1777 Lisp Backtrace: "garbage-collect" (0x82f420) "progn" (0x82f518) "eval" (0x82f638) "eval-last-sexp-1" (0x82f774) "eval-last-sexp" (0x82f8b4) "eval-print-last-sexp" (0x82fa24) "call-interactively" (0x82fc04) (gdb) ------=_Part_49387_22778304.1226140871895 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline I can reliably get a crash without changing coding systems:

(progn
  (buffer-swap-text (generate-new-buffer "test"))
  (insert (make-string 128 ?a)))

(progn
  (buffer-swap-text (generate-new-buffer "test"))
  (garbage-collect))

All the crashes I've seen with tar-mode or
buffer-swap-text end up hitting the same call to abort in
r_re_alloc().

Backtraces for the above lisp fragments (same order):

(gdb) bt
#0  w32_abort () at w32fns.c:7279
#1  0x01137df8 in r_re_alloc (ptr=0x2a27008, size=2129) at ralloc.c:1028
#2  0x0106ed4e in enlarge_buffer_text (b=0x2a27000, delta=2108) at buffer.c:5065
#3  0x010fe25e in make_gap_larger (nbytes_added=2108) at insdel.c:526
#4  0x010ff949 in insert_from_string_1 (string=47277539, pos=0, pos_byte=0,
    nchars=128, nbytes=128, inherit=0, before_markers=44199944) at insdel.c:1107
#5  0x01100da6 in insert_from_string (string=47277539, pos=0, pos_byte=0, length=128,
    length_byte=0, inherit=44199944) at insdel.c:1048
#6  0x0108d79c in general_insert_function (insert_func=0x1100fac <insert>,
    insert_from_string_func=0x1100d3b <insert_from_string>, inherit=0, nargs=1,
    args=0x82f3e0) at editfns.c:2184
#7  0x0108d86c in Finsert (nargs=0, args=0x0) at editfns.c:2228
#8  0x0100b364 in Feval (form=19643352) at eval.c:2378
#9  0x0100b632 in Fprogn (args=0) at eval.c:449
#10 0x0100b42b in Feval (form=18325836) at eval.c:2322
#11 0x0100be38 in Ffuncall (nargs=2, args=0x1179ef0) at eval.c:3044
#12 0x01111e63 in Fbyte_code (bytestr=0, vector=8582708, maxdepth=1) at bytecode.c:678
#13 0x0100b722 in funcall_lambda (fun=18972820, nargs=1, arg_vector=0x82f774)
    at eval.c:3231
#14 0x0100bc17 in Ffuncall (nargs=2, args=0x1218094) at eval.c:3101
#15 0x01111e63 in Fbyte_code (bytestr=0, vector=8583024, maxdepth=1) at bytecode.c:678
#16 0x0100b722 in funcall_lambda (fun=18973068, nargs=1, arg_vector=0x82f8b4)
    at eval.c:3231
#17 0x0100bc17 in Ffuncall (nargs=2, args=0x121818c) at eval.c:3101
#18 0x01111e63 in Fbyte_code (bytestr=0, vector=8583344, maxdepth=1) at bytecode.c:678
#19 0x0100b722 in funcall_lambda (fun=18971276, nargs=0, arg_vector=0x82fa24)
    at eval.c:3231
#20 0x0100bc17 in Ffuncall (nargs=1, args=0x1217a8c) at eval.c:3101
#21 0x0100d37f in apply1 (fn=53934297, arg=0) at eval.c:2785
#22 0x0110fdc5 in Fcall_interactively (function=53934297, record_flag=44161025,
    keys=44194564) at callint.c:389
#23 0x0100be11 in Ffuncall (nargs=4, args=0x12bf728) at eval.c:3050
#24 0x0100bfe9 in call3 (fn=0, arg1=0, arg2=0, arg3=0) at eval.c:2870
#25 0x01056cb9 in Fcommand_execute (cmd=53934297, record_flag=44161025, keys=0,
    special=44161025) at keyboard.c:10333
#26 0x0105e4e5 in command_loop_1 () at keyboard.c:1880
#27 0x01009f9e in internal_condition_case (bfun=0x105e180 <command_loop_1>,
    handlers=44224777, hfun=0x105772c <cmd_error>) at eval.c:1511
#28 0x01051cba in command_loop_2 () at keyboard.c:1338
#29 0x01009ed3 in internal_catch (tag=0, func=0x1051c97 <command_loop_2>, arg=44161025)
    at eval.c:1247
#30 0x01051ac7 in command_loop () at keyboard.c:1317
#31 0x01051b60 in recursive_edit_1 () at keyboard.c:942
#32 0x01051c81 in Frecursive_edit () at keyboard.c:1004
#33 0x01002e36 in main (argc=1, argv=0xa427b8) at emacs.c:1777

Lisp Backtrace:
"insert" (0x82f3e0)
"progn" (0x82f518)
"eval" (0x82f638)
"eval-last-sexp-1" (0x82f774)
"eval-last-sexp" (0x82f8b4)
"eval-print-last-sexp" (0x82fa24)
"call-interactively" (0x82fc04)
(gdb)


(gdb) bt
#0  w32_abort () at w32fns.c:7279
#1  0x01137df8 in r_re_alloc (ptr=0x2d56008, size=100) at ralloc.c:1028
#2  0x0106ed4e in enlarge_buffer_text (b=0x2d56000, delta=-1979) at buffer.c:5065
#3  0x010fe38a in make_gap_smaller (nbytes_removed=-1979) at insdel.c:600
#4  0x01065cab in Fgarbage_collect () at alloc.c:5022
#5  0x0100b383 in Feval (form=18331376) at eval.c:2372
#6  0x0100b632 in Fprogn (args=0) at eval.c:449
#7  0x0100b42b in Feval (form=18325836) at eval.c:2322
#8  0x0100be38 in Ffuncall (nargs=2, args=0x1179ef0) at eval.c:3044
#9  0x01111e63 in Fbyte_code (bytestr=0, vector=8582708, maxdepth=1) at bytecode.c:678
#10 0x0100b722 in funcall_lambda (fun=18972820, nargs=1, arg_vector=0x82f774)
    at eval.c:3231
#11 0x0100bc17 in Ffuncall (nargs=2, args=0x1218094) at eval.c:3101
#12 0x01111e63 in Fbyte_code (bytestr=0, vector=8583024, maxdepth=1) at bytecode.c:678
#13 0x0100b722 in funcall_lambda (fun=18973068, nargs=1, arg_vector=0x82f8b4)
    at eval.c:3231
#14 0x0100bc17 in Ffuncall (nargs=2, args=0x121818c) at eval.c:3101
#15 0x01111e63 in Fbyte_code (bytestr=0, vector=8583344, maxdepth=1) at bytecode.c:678
#16 0x0100b722 in funcall_lambda (fun=18971276, nargs=0, arg_vector=0x82fa24)
    at eval.c:3231
#17 0x0100bc17 in Ffuncall (nargs=1, args=0x1217a8c) at eval.c:3101
#18 0x0100d37f in apply1 (fn=53934297, arg=0) at eval.c:2785
#19 0x0110fdc5 in Fcall_interactively (function=53934297, record_flag=44161025,
    keys=44194564) at callint.c:389
#20 0x0100be11 in Ffuncall (nargs=4, args=0x12bf728) at eval.c:3050
#21 0x0100bfe9 in call3 (fn=0, arg1=0, arg2=0, arg3=0) at eval.c:2870
#22 0x01056cb9 in Fcommand_execute (cmd=53934297, record_flag=44161025, keys=0,
    special=44161025) at keyboard.c:10333
#23 0x0105e4e5 in command_loop_1 () at keyboard.c:1880
#24 0x01009f9e in internal_condition_case (bfun=0x105e180 <command_loop_1>,
    handlers=44224777, hfun=0x105772c <cmd_error>) at eval.c:1511
#25 0x01051cba in command_loop_2 () at keyboard.c:1338
#26 0x01009ed3 in internal_catch (tag=0, func=0x1051c97 <command_loop_2>, arg=44161025)
    at eval.c:1247
#27 0x01051ac7 in command_loop () at keyboard.c:1317
#28 0x01051b60 in recursive_edit_1 () at keyboard.c:942
#29 0x01051c81 in Frecursive_edit () at keyboard.c:1004
#30 0x01002e36 in main (argc=1, argv=0xa427b8) at emacs.c:1777

Lisp Backtrace:
"garbage-collect" (0x82f420)
"progn" (0x82f518)
"eval" (0x82f638)
"eval-last-sexp-1" (0x82f774)
"eval-last-sexp" (0x82f8b4)
"eval-print-last-sexp" (0x82fa24)
"call-interactively" (0x82fc04)
(gdb)

------=_Part_49387_22778304.1226140871895--