From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: don@donarmstrong.com (Emacs bug Tracking System) Newsgroups: gmane.emacs.bugs Subject: bug#1245: marked as done (define-prefix-command with a name, pressing key sequence bound to it results in memory corruption) Date: Sat, 25 Oct 2008 13:30:04 -0700 Message-ID: References: <87y70cqv6d.fsf@cyd.mit.edu> <305821.15426.qm@web28102.mail.ukl.yahoo.com> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="----------=_1224966604-16262-0" X-Trace: ger.gmane.org 1224967835 28067 80.91.229.12 (25 Oct 2008 20:50:35 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sat, 25 Oct 2008 20:50:35 +0000 (UTC) To: Chong Yidong Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Oct 25 22:51:36 2008 connect(): Connection refused Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1Ktq6g-0008Vk-UV for geb-bug-gnu-emacs@m.gmane.org; Sat, 25 Oct 2008 22:51:36 +0200 Original-Received: from localhost ([127.0.0.1]:53160 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Ktq5a-0006Gi-8c for geb-bug-gnu-emacs@m.gmane.org; Sat, 25 Oct 2008 16:50:26 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1Ktq5N-0006DJ-BD for bug-gnu-emacs@gnu.org; Sat, 25 Oct 2008 16:50:13 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1Ktq5J-0006Cu-NV for bug-gnu-emacs@gnu.org; Sat, 25 Oct 2008 16:50:12 -0400 Original-Received: from [199.232.76.173] (port=57552 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1Ktq5J-0006Cr-Hq for bug-gnu-emacs@gnu.org; Sat, 25 Oct 2008 16:50:09 -0400 Original-Received: from rzlab.ucr.edu ([138.23.92.77]:45289) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1Ktq5I-00074b-5U for bug-gnu-emacs@gnu.org; Sat, 25 Oct 2008 16:50:09 -0400 Original-Received: from rzlab.ucr.edu (rzlab.ucr.edu [127.0.0.1]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id m9PKo21w021096; Sat, 25 Oct 2008 13:50:03 -0700 Original-Received: (from debbugs@localhost) by rzlab.ucr.edu (8.13.8/8.13.8/Submit) id m9PKU46A016359; Sat, 25 Oct 2008 13:30:04 -0700 X-Mailer: MIME-tools 5.420 (Entity 5.420) X-Loop: don@donarmstrong.com X-Emacs-PR-Message: closed 1245 X-Emacs-PR-Package: emacs X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) X-BeenThere: bug-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:21915 Archived-At: This is a multi-part message in MIME format... ------------=_1224966604-16262-0 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Your message dated Sat, 25 Oct 2008 16:25:14 -0400 with message-id <87y70cqv6d.fsf@cyd.mit.edu> and subject line Re: define-prefix-command with a name, pressing key sequen= ce bound to it results in memory corruption has caused the Emacs bug report #1245, regarding define-prefix-command with a name, pressing key sequence bound to= it results in memory corruption to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact don@donarmstrong.com immediately.) --=20 1245: http://emacsbugs.donarmstrong.com/cgi-bin/bugreport.cgi?bug=3D1245 Emacs Bug Tracking System Contact don@donarmstrong.com with problems ------------=_1224966604-16262-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on rzlab.ucr.edu X-Spam-Level: X-Spam-Status: No, score=-5.8 required=4.0 tests=BAYES_00,FVGT_m_MULTI_ODD, IMPRONONCABLE_1,IMPRONONCABLE_2,MURPHY_WRONG_WORD2,RCVD_IN_DNSWL_MED autolearn=ham version=3.2.3-bugs.debian.org_2005_01_02 Received: (at submit) by emacsbugs.donarmstrong.com; 24 Oct 2008 23:33:37 +0000 Received: from lists.gnu.org (lists.gnu.org [199.232.76.165]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id m9ONXW6i026860 for ; Fri, 24 Oct 2008 16:33:33 -0700 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1KtW9r-0001uu-Ls for bug-gnu-emacs@gnu.org; Fri, 24 Oct 2008 19:33:31 -0400 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1KtW9q-0001uW-Jc for bug-gnu-emacs@gnu.org; Fri, 24 Oct 2008 19:33:31 -0400 Received: from [199.232.76.173] (port=38197 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1KtW9q-0001uT-E5 for bug-gnu-emacs@gnu.org; Fri, 24 Oct 2008 19:33:30 -0400 Received: from web28102.mail.ukl.yahoo.com ([217.146.182.122]:23751) by monty-python.gnu.org with smtp (Exim 4.60) (envelope-from ) id 1KtW9p-0007en-L1 for bug-gnu-emacs@gnu.org; Fri, 24 Oct 2008 19:33:30 -0400 Received: (qmail 16341 invoked by uid 60001); 24 Oct 2008 23:33:27 -0000 DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.co.uk; h=X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID; b=beiTseliypWguk27Fz1FBkUzSfnJN41gyywqVWcHsmVIo8DtyR33KReY3AHs1MlPBXxAKJNOedASoMGzisj5iLnT4fPOf6V91ABywoUGXEIiq9wizAn54GJO8B1aNOebv8Dpaja09Ofna0SWuJbft2M9iqsiJI33q0vMFl5zs4A=; X-YMail-OSG: KpieTeEVM1kTA4x0GuGCVgJGGy0DZPaGcJLqH0CW4v82nkdveqMkUz5MFTUYjtD7tA-- Received: from [80.6.185.53] by web28102.mail.ukl.yahoo.com via HTTP; Fri, 24 Oct 2008 23:33:27 GMT X-Mailer: YahooMailWebService/0.7.247.3 Date: Fri, 24 Oct 2008 23:33:27 +0000 (GMT) From: Peter Oberauer Reply-To: poberauer@yahoo.co.uk Subject: define-prefix-command with a name, pressing key sequence bound to it results in memory corruption To: bug-gnu-emacs@gnu.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-ID: <305821.15426.qm@web28102.mail.ukl.yahoo.com> X-detected-operating-system: by monty-python.gnu.org: FreeBSD 6.x (1) Hi I have trimmed my .emacs to: (define-prefix-command 'my-nice-map nil "cOnfigure, Compile, Make, make tEs= ts, run Tests, trY build, Install, sVn, ctaGs, cscoPe") (define-key my-nice-map "c" 'compile) (global-set-key [(meta ?m)] 'my-nice-map) Sometimes, when pressing my key sequence (meta-m) for the prefix command, e= macs crashes. Sometimes it crashes on the second key (e.g. the 'c' followin= g the meta-m).=20 I have also tried with (control ?.). The crash does not always happen, but what is consistent, is that if I can = successfully press the second key (e.g. meta-m followed by c) without a cra= sh, it keeps working in that instance of Emacs.=20 It seems to be affected by the length of the third optional argument to def= ine-prefix-command, name, which "supplies a menu name string for the map", = in that I haven't managed to reproduce with a shorter name. I've reproduced the crash when pressing my key binding (meta-m) on the *GNU= Emacs* welcome buffer, and find file buffers. One way to reproduce on GNU/Linux is: gdb emacs run press meta-m. If it doesn't crash, press c. if it still doesn't crash, clos= e emacs and repeat a few times.=20 I have reproduced on: GNU/Linux Fedora 8 under VMware and Mac OS X 10.5.5 Intel Core 2 Duo On GNU/Linux, also from cvs today. This is GNU Emacs 23.0.60.1 (i686-pc-linux-gnu) of 2008-10-24 on ... On Mac OS X cvs -z3 -d:pserver:anonymous@cvs.savannah.gnu.org:/sources/emacs co emacs cd emacs ./configure --with-ns ... gcc --version i686-apple-darwin9-gcc-4.0.1 (GCC) 4.0.1 (Apple Inc. build 5465) This is GNU Emacs 23.0.60.1 (i386-apple-darwin9.5.0, NS apple-appkit-949.35= ) of 2008-10-24 on ... I have also reproduced with http://emacs-app.sourceforge.net/ Version 9.0-r= c2 Please let me know if you would like more info.=20 gdb backtraces for GNU/Linux and Mac OS X are below. Thank you very much Peter Peter Oberauer Fedora 8 $ gdb emacs GNU gdb Red Hat Linux (6.6-45.fc8rh) Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you ar= e welcome to change it and/or distribute copies of it under certain condition= s. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"... Using host libthread_db library "/lib/libthread_db.so.1". (gdb) run Starting program: /usr/local/bin/emacs=20 *** glibc detected *** /usr/local/bin/emacs: malloc(): memory corruption: 0= x089667f0 *** =3D=3D=3D=3D=3D=3D=3D Backtrace: =3D=3D=3D=3D=3D=3D=3D=3D=3D /lib/libc.so.6[0x4df253] /lib/libc.so.6[0x4e0472] /lib/libc.so.6(realloc+0x1a7)[0x4e23f7] /usr/local/bin/emacs[0x814784d] /usr/local/bin/emacs[0x810ef21] /usr/local/bin/emacs[0x8118a45] /usr/local/bin/emacs[0x8119db0] /usr/local/bin/emacs[0x8119e53] /usr/local/bin/emacs[0x807232c] /usr/local/bin/emacs[0x80713d7] /usr/local/bin/emacs[0x8071517] /usr/local/bin/emacs[0x8087de3] /usr/local/bin/emacs[0x810138e] /usr/local/bin/emacs[0x80ff810] /usr/local/bin/emacs[0x81019aa] /usr/local/bin/emacs[0x810391f] /usr/local/bin/emacs[0x815b172] /usr/local/bin/emacs[0x80fd303] /usr/local/bin/emacs[0x815b22a] /usr/local/bin/emacs[0x80fdbc7] /usr/local/bin/emacs[0x80fdf2a] /usr/local/bin/emacs[0x80fe061] /usr/local/bin/emacs[0x80f3a5c] /lib/libc.so.6(__libc_start_main+0xe0)[0x48b390] /usr/local/bin/emacs[0x804d7b1] =3D=3D=3D=3D=3D=3D=3D Memory map: =3D=3D=3D=3D=3D=3D=3D=3D 00110000-00111000 r-xp 00110000 00:00 0 [vdso] 00111000-0011b000 r-xp 00000000 fd:00 2228332 /lib/libnss_files-2.7.so 0011b000-0011c000 r-xp 00009000 fd:00 2228332 /lib/libnss_files-2.7.so 0011c000-0011d000 rwxp 0000a000 fd:00 2228332 /lib/libnss_files-2.7.so 00218000-00221000 r-xp 00000000 fd:00 2581955 /usr/lib/libXcursor.so.1.0= .2 00221000-00222000 rwxp 00008000 fd:00 2581955 /usr/lib/libXcursor.so.1.0= .2 00224000-00228000 r-xp 00000000 fd:00 2581954 /usr/lib/libXfixes.so.3.1.= 0 00228000-00229000 rwxp 00003000 fd:00 2581954 /usr/lib/libXfixes.so.3.1.= 0 0042e000-00439000 r-xp 00000000 fd:00 2228588 /lib/libgcc_s-4.1.2-200709= 25.so.1 00439000-0043a000 rwxp 0000a000 fd:00 2228588 /lib/libgcc_s-4.1.2-200709= 25.so.1 00456000-00471000 r-xp 00000000 fd:00 2228358 /lib/ld-2.7.so 00471000-00472000 r-xp 0001a000 fd:00 2228358 /lib/ld-2.7.so 00472000-00473000 rwxp 0001b000 fd:00 2228358 /lib/ld-2.7.so 00475000-005c8000 r-xp 00000000 fd:00 2228360 /lib/libc-2.7.so 005c8000-005ca000 r-xp 00153000 fd:00 2228360 /lib/libc-2.7.so 005ca000-005cb000 rwxp 00155000 fd:00 2228360 /lib/libc-2.7.so 005cb000-005ce000 rwxp 005cb000 00:00 0=20 005d0000-005f7000 r-xp 00000000 fd:00 2228362 /lib/libm-2.7.so 005f7000-005f8000 r-xp 00026000 fd:00 2228362 /lib/libm-2.7.so 005f8000-005f9000 rwxp 00027000 fd:00 2228362 /lib/libm-2.7.so 005fb000-005fe000 r-xp 00000000 fd:00 2228421 /lib/libdl-2.7.so 005fe000-005ff000 r-xp 00002000 fd:00 2228421 /lib/libdl-2.7.so 005ff000-00600000 rwxp 00003000 fd:00 2228421 /lib/libdl-2.7.so 00727000-00728000 r-xp 00000000 fd:00 2581944 /usr/lib/libxcb-xlib.so.0.= 0.0 00728000-00729000 rwxp 00000000 fd:00 2581944 /usr/lib/libxcb-xlib.so.0.= 0.0 0072b000-00730000 r-xp 00000000 fd:00 2581942 /usr/lib/libXdmcp.so.6.0.0 00730000-00731000 rwxp 00004000 fd:00 2581942 /usr/lib/libXdmcp.so.6.0.0 00733000-0082b000 r-xp 00000000 fd:00 2581945 /usr/lib/libX11.so.6.2.0 0082b000-0082f000 rwxp 000f7000 fd:00 2581945 /usr/lib/libX11.so.6.2.0 00831000-0084c000 r-xp 00000000 fd:00 2581943 /usr/lib/libxcb.so.1.0.0 0084c000-0084d000 rwxp 0001a000 fd:00 2581943 /usr/lib/libxcb.so.1.0.0 0084f000-00851000 r-xp 00000000 fd:00 2581941 /usr/lib/libXau.so.6.0.0 00851000-00852000 rwxp 00001000 fd:00 2581941 /usr/lib/libXau.so.6.0.0 00be9000-00bf1000 r-xp 00000000 fd:00 2581982 /usr/lib/libSM.so.6.0.0 00bf1000-00bf2000 rwxp 00007000 fd:00 2581982 /usr/lib/libSM.so.6.0.0 00c13000-00c1b000 r-xp 00000000 fd:00 2581946 /usr/lib/libXrender.so.1.3= .0 00c1b000-00c1c000 rwxp 00007000 fd:00 2581946 /usr/lib/libXrender.so.1.3= .0 00c1e000-00c35000 r-xp 00000000 fd:00 2581981 /usr/lib/libICE.so.6.3.0 00c35000-00c36000 rwxp 00016000 fd:00 2581981 /usr/lib/libICE.so.6.3.0 00c36000-00c38000 rwxp 00c36000 00:00 0=20 08048000-081ca000 r-xp 00000000 fd:00 2582257 /usr/local/bin/emacs 081ca000-08d8b000 rw-p 00181000 fd:00 2582257 /usr/local/bin/emacs b7b00000-b7b21000 rw-p b7b00000 00:00 0=20 b7b21000-b7c00000 ---p b7b21000 00:00 0=20 b7cfa000-b7efa000 r--p 00000000 fd:00 2559084 /usr/lib/locale/locale-arc= hive b7efa000-b7efe000 rw-p=20 Program received signal SIGABRT, Aborted. 0x00110402 in __kernel_vsyscall () Missing separate debuginfos, use: debuginfo-install gcc.i386 glibc.i686 lib= ICE.i386 libSM.i386 libX11.i386 libXau.i386 libXcursor.i386 libXdmcp.i386 l= ibXfixes.i386 libXrender.i386 libxcb.i386 (gdb) backtrace #0 0x00110402 in __kernel_vsyscall () #1 0x0049e690 in raise () from /lib/libc.so.6 #2 0x0049ff91 in abort () from /lib/libc.so.6 #3 0x004d69eb in __libc_message () from /lib/libc.so.6 #4 0x004df253 in _int_malloc () from /lib/libc.so.6 #5 0x004e0472 in _int_realloc () from /lib/libc.so.6 #6 0x004e23f7 in realloc () from /lib/libc.so.6 #7 0x0814784d in xrealloc (block=3D0x0, size=3D2090) at alloc.c:786 #8 0x0810ef21 in enlarge_buffer_text (b=3D0x8c2df98, delta=3D2069) at buffer.c:5067 #9 0x08118a45 in make_gap_larger (nbytes_added=3D69) at insdel.c:526 #10 0x08119db0 in insert_1_both ( string=3D0x8966798 "cOnfigure, Compile, Make, make tEsts, run Tests, tr= Y build, Install, sVn, ctaGs, cscoPe: ", nchars=3D89, nbytes=3D89, inherit= =3D1, prepare=3D0,=20 before_markers=3D0) at insdel.c:978 #11 0x08119e53 in insert_1 ( string=3D0x8966798 "cOnfigure, Compile, Make, make tEsts, run Tests, tr= Y build, Install, sVn, ctaGs, cscoPe: ", nbytes=3D89, inherit=3D1, prepare= =3D0,=20 before_markers=3D0) at insdel.c:832 #12 0x0807232c in set_message_1 (a1=3D144074648, a2=3D137685193, nbytes=3D8= 9,=20 multibyte_p=3D1) at xdisp.c:9042 #13 0x080713d7 in with_echo_area_buffer (w=3D0x0, which=3D,=20 fn=3D0x8072250 , a1=3D144074648, a2=3D137685193, a3=3D89= , a4=3D1) ---Type to continue, or q to quit--- at xdisp.c:8369 #14 0x08071517 in set_message ( s=3D0x8966798 "cOnfigure, Compile, Make, make tEsts, run Tests, trY bui= ld, Install, sVn, ctaGs, cscoPe: ", string=3D137685193, nbytes=3D89, multib= yte_p=3D1) at xdisp.c:8959 #15 0x08087de3 in message2_nolog ( m=3D0x8966798 "cOnfigure, Compile, Make, make tEsts, run Tests, trY bui= ld, Install, sVn, ctaGs, cscoPe: ", nbytes=3D89, multibyte=3D1) at xdisp.c:= 7927 #16 0x0810138e in read_char_minibuf_menu_prompt (commandflag=3D1, nmaps=3D3= ,=20 maps=3D0xbfa9d730) at keyboard.c:8756 #17 0x080ff810 in read_char (commandflag=3D1, nmaps=3D3, maps=3D0xbfa9d730,= =20 prev_event=3D1073742696, used_mouse_menu=3D0xbfa9d7d4, end_time=3D0x0) at keyboard.c:2718 #18 0x081019aa in read_key_sequence (keybuf=3D0xbfa9d874, bufsize=3D30,=20 prompt=3D137685193, dont_downcase_last=3D0, can_return_switch_frame=3D1= ,=20 fix_current_buffer=3D1) at keyboard.c:9343 #19 0x0810391f in command_loop_1 () at keyboard.c:1621 #20 0x0815b172 in internal_condition_case (bfun=3D0x8103770 ,=20 handlers=3D137728409, hfun=3D0x80fdd60 ) at eval.c:1511 #21 0x080fd303 in command_loop_2 () at keyboard.c:1338 #22 0x0815b22a in internal_catch (tag=3D137724385,=20 func=3D0x80fd2e0 , arg=3D137685193) at eval.c:1247 #23 0x080fdbc7 in command_loop () at keyboard.c:1317 ---Type to continue, or q to quit--- #24 0x080fdf2a in recursive_edit_1 () at keyboard.c:942 #25 0x080fe061 in Frecursive_edit () at keyboard.c:1004 #26 0x080f3a5c in main (argc=3D1, argv=3D0xbfa9df74) at emacs.c:1723 meta-m on the *GNU Emacs* buffer: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x80e99590 0x902c9558 in tiny_malloc_from_free_list () (gdb) backtrace #0 0x902c9558 in tiny_malloc_from_free_list () #1 0x902c23ed in szone_malloc () #2 0x902c22f8 in malloc_zone_malloc () #3 0x90973451 in _CFRuntimeCreateInstance () #4 0x9098b251 in __CFStringCreateImmutableFunnel3 () #5 0x9098c36e in CFStringCreateWithBytes () #6 0x91c12c11 in CSStringCopyCFString () #7 0x91c2db7e in _LSCopyBindingInfoForTypeInfo () #8 0x91c15581 in AddImageByTypeInfo () #9 0x91c2d653 in GetIconRefFromTypeInfo () #10 0x94efe1d8 in -[NSWorkspace iconForFileType:] () #11 0x00193340 in ns_implicitly_set_icon_type (f=3D0x8ad300) at nsfns.m:839 #12 0x00034a37 in prepare_menu_bars () at xdisp.c:9471 #13 0x00035c2d in redisplay_internal (preserve_echo_area=3D) at xdisp.c:11426 #14 0x000367c3 in echo_area_display (update_frame_p=3D) at xdisp.c:9178 #15 0x00037284 in message2_nolog (m=3D0x36f7dc "\t", nbytes=3D88, multibyte= =3D1) at xdisp.c:7935 #16 0x000bf5af in read_char (commandflag=3D1, nmaps=3D3, maps=3D0xbffff530,= prev_event=3D1073742696, used_mouse_menu=3D0xbffff628, end_time=3D0x0) at = keyboard.c:8756 #17 0x000bfc24 in read_key_sequence (keybuf=3D0xbffff6e8, bufsize=3D30, pro= mpt=3D25165833, dont_downcase_last=3D0, can_return_switch_frame=3D1, fix_cu= rrent_buffer=3D1) at keyboard.c:9343 #18 0x000c214a in command_loop_1 () at keyboard.c:1621 #19 0x00123ebd in internal_condition_case (bfun=3D0xc1f10 ,= handlers=3D25205521, hfun=3D0xb9090 ) at eval.c:1511 #20 0x000b18a8 in command_loop_2 () at keyboard.c:1338 #21 0x00123d9c in internal_catch (tag=3D1869439807, func=3D0xb1860 , arg=3D25165833) at eval.c:1247 #22 0x000b15fe in command_loop () at keyboard.c:1317 #23 0x000b16c2 in recursive_edit_1 () at keyboard.c:942 #24 0x000b1841 in Frecursive_edit () at keyboard.c:1004 #25 0x000b048b in main (argc=3D2, argv=3D0xbffffaf0) at emacs.c:1723 meta-m on the *GNU Emacs* buffer: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x0000010c 0x91c964e6 in _cache_fill () (gdb) backtrace #0 0x91c964e6 in _cache_fill () #1 0x91c948e0 in log_and_fill_cache () #2 0x91c952b6 in _class_lookupMethodAndLoadCache () #3 0x91ca56d6 in objc_msgSend () #4 0x00186b20 in -[EmacsApp sendEvent:] (self=3D0x818f80, _cmd=3D0x91cab4b= 8, theEvent=3D0xf1306d0) at nsterm.m:3988 #5 0x94c85d0f in -[NSApplication run] () #6 0x00184dca in ns_read_socket (terminal=3D0x83ddb0, expected=3D0, hold_q= uit=3D0xbffff0a4) at nsterm.m:3092 #7 0x000bcb21 in read_avail_input (expected=3D0) at keyboard.c:7007 #8 0x000bccc5 in gobble_input (expected=3D0) at keyboard.c:6918 #9 0x0000c949 in sit_for (timeout=3D240, reading=3D1, do_display=3D0) at d= ispnew.c:6634 #10 0x000be2bc in read_char (commandflag=3D1, nmaps=3D0, maps=3D0x0, prev_e= vent=3D25165881, used_mouse_menu=3D0x0, end_time=3D0x0) at keyboard.c:2892 #11 0x000bf602 in read_char (commandflag=3D1, nmaps=3D3, maps=3D0xbffff530,= prev_event=3D536871280, used_mouse_menu=3D0xbffff628, end_time=3D0x0) at k= eyboard.c:8766 #12 0x000bfc24 in read_key_sequence (keybuf=3D0xbffff6e8, bufsize=3D30, pro= mpt=3D25165833, dont_downcase_last=3D0, can_return_switch_frame=3D1, fix_cu= rrent_buffer=3D1) at keyboard.c:9343 #13 0x000c214a in command_loop_1 () at keyboard.c:1621 #14 0x00123ebd in internal_condition_case (bfun=3D0xc1f10 ,= handlers=3D25205521, hfun=3D0xb9090 ) at eval.c:1511 #15 0x000b18a8 in command_loop_2 () at keyboard.c:1338 #16 0x00123d9c in internal_catch (tag=3D260, func=3D0xb1860 , arg=3D25165833) at eval.c:1247 #17 0x000b15fe in command_loop () at keyboard.c:1317 #18 0x000b16c2 in recursive_edit_1 () at keyboard.c:942 #19 0x000b1841 in Frecursive_edit () at keyboard.c:1004 #20 0x000b048b in main (argc=3D2, argv=3D0xbffffaf0) at emacs.c:1723 Another time, after pressing q and visiting a few files and then meta-m Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x80e99590 0x902c9605 in tiny_malloc_from_free_list () (gdb) backtrace #0 0x902c9605 in tiny_malloc_from_free_list () #1 0x902c23ed in szone_malloc () #2 0x902c22f8 in malloc_zone_malloc () #3 0x902c228c in malloc () #4 0x0015f6b7 in unexec_malloc (size=3D0) at unexmacosx.c:1256 #5 0x0010b165 in lisp_malloc (nbytes=3D32, type=3DMEM_TYPE_VECTORLIKE) at = alloc.c:861 #6 0x0010b42a in allocate_vectorlike (len=3D6) at alloc.c:2937 #7 0x0010b601 in allocate_vector (nslots=3D0) at alloc.c:2963 #8 0x0010b63e in Fmake_vector (length=3D48, init=3D6) at alloc.c:3047 #9 0x0014aa04 in read_vector (readcharfun=3D25246473, bytecodeflag=3D1) at= lread.c:3241 #10 0x00149c10 in read1 (readcharfun=3D25246473, pch=3D0xbfffeddc, first_in= _list=3D0) at lread.c:2420 #11 0x0014a5f5 in read_list (flag=3D0, readcharfun=3D25246473) at lread.c:3= 339 #12 0x0014916a in read1 (readcharfun=3D25246473, pch=3D0xbfffeefc, first_in= _list=3D0) at lread.c:2330 #13 0x0014a1f7 in read0 (readcharfun=3D) at lread.c:2013 #14 0x0014a29f in read_internal_start (stream=3D25246473, start=3D25165833,= end=3D) at lread.c:19= 81 #15 0x0014b46c in readevalloop (readcharfun=3D25246473, stream=3D0xa0083e38= , sourcename=3D33348139, evalfun=3D0x124f10 , printflag=3D0, unibyte= =3D25165833, readfun=3D25165833, start=3D25165833, end=3D25165833) at lread= .c:1774 #16 0x0014bc9c in Fload (file=3D, noerror=3D25165833, nomessage=3D25165881, nosuffix=3D25165833, = must_suffix=3D) at lre= ad.c:1254 #17 0x00131177 in Frequire (feature=3D53245433, filename=3D33461163, noerro= r=3D25165833) at fns.c:2985 #18 0x00125f21 in Ffuncall (nargs=3D2, args=3D0xbffff270) at eval.c:3050 #19 0x0016087b in Fbyte_code (bytestr=3D33440443, vector=3D253129156, maxde= pth=3D10) at bytecode.c:678 #20 0x00125336 in Feval (form=3D7692317) at eval.c:2385 #21 0x0014af04 in readevalloop (readcharfun=3D25246473, stream=3D0xa0083de0= , sourcename=3D33378187, evalfun=3D0x124f10 , printflag=3D0, unibyte= =3D25165833, readfun=3D25165833, start=3D25165833, end=3D25165833) at lread= .c:1784 #22 0x0014bc9c in Fload (file=3D, noerror=3D25165833, nomessage=3D25165881, nosuffix=3D25165833, = must_suffix=3D) at lre= ad.c:1254 #23 0x00126a9d in do_autoload (fundef=3D5159125, funname=3D33665345) at eva= l.c:2227 #24 0x000b823e in Fcommand_execute (cmd=3D33665345, record_flag=3D25165833,= keys=3D25165833, special=3D25165833) at keyboard.c:10297 #25 0x000c2391 in command_loop_1 () at keyboard.c:1880 #26 0x00123ebd in internal_condition_case (bfun=3D0xc1f10 ,= handlers=3D25205521, hfun=3D0xb9090 ) at eval.c:1511 #27 0x000b18a8 in command_loop_2 () at keyboard.c:1338 #28 0x00123d9c in internal_catch (tag=3D-1073741821, func=3D0xb1860 , arg=3D25165833) at eval.c:1247 #29 0x000b15fe in command_loop () at keyboard.c:1317 #30 0x000b16c2 in recursive_edit_1 () at keyboard.c:942 #31 0x000b1841 in Frecursive_edit () at keyboard.c:1004 #32 0x000b048b in main (argc=3D2, argv=3D0xbffffaf0) at emacs.c:1723 =0A=0A=0A ------------=_1224966604-16262-0 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 3.2.3-bugs.debian.org_2005_01_02 (2007-08-08) on rzlab.ucr.edu X-Spam-Level: X-Spam-Status: No, score=-3.9 required=4.0 tests=AWL,BAYES_00 autolearn=ham version=3.2.3-bugs.debian.org_2005_01_02 Received: (at 1245-done) by emacsbugs.donarmstrong.com; 25 Oct 2008 20:25:14 +0000 Received: from cyd.mit.edu (CYD.MIT.EDU [18.115.2.24]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id m9PKPBhL015819 for <1245-done@emacsbugs.donarmstrong.com>; Sat, 25 Oct 2008 13:25:12 -0700 Received: by cyd.mit.edu (Postfix, from userid 1000) id D5F5E57E1BA; Sat, 25 Oct 2008 16:25:14 -0400 (EDT) From: Chong Yidong To: emacs-devel@gnu.org Cc: 1245-done@emacsbugs.donarmstrong.com Subject: Re: define-prefix-command with a name, pressing key sequence bound to it results in memory corruption References: <87ljwcsdkt.fsf@cyd.mit.edu> Date: Sat, 25 Oct 2008 16:25:14 -0400 In-Reply-To: <87ljwcsdkt.fsf@cyd.mit.edu> (Chong Yidong's message of "Sat, 25 Oct 2008 15:02:26 -0400") Message-ID: <87y70cqv6d.fsf@cyd.mit.edu> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Chong Yidong writes: > I can reproduce this. > > It's strange that realloc fails. If you replacing the xrealloc in > enlarge_buffer_text with xmalloc/bcopy/xfree, Emacs crashes at the call > to malloc. > > Anyone have an idea what causes this? Found the bug: a bad strcpy in read_char_minibuf_menu_prompt. I've checked in a fix. ------------=_1224966604-16262-0--