all messages for Emacs-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* bug#8219: 23.3; Crash in indirect buffer
@ 2011-03-10 20:24 Chong Yidong
  2011-03-10 20:56 ` Glenn Morris
                   ` (2 more replies)
  0 siblings, 3 replies; 5+ messages in thread
From: Chong Yidong @ 2011-03-10 20:24 UTC (permalink / raw)
  To: 8219

Just came across this; it is present in (at least) 23.2, and in trunk.
I haven't had time to debug further; any help welcome.  The backtrace is
from trunk.

emacs -Q
M-<
M-x clone-indirect-buffer RET
C-n
C-k
C-x o
C-k   => abort

#0  abort () at emacs.c:372
#1  0x0000000000646ba0 in find_interval (tree=0xc569e0, position=78)
    at intervals.c:635
#2  0x0000000000649c9c in get_property_and_range (pos=78, prop=12679682,
    val=0x7fffffffacd8, start=0x7ffffffface8, end=0x7ffffffface0,
    object=22411973) at intervals.c:2263
#3  0x0000000000651631 in find_composition (pos=78, limit=-1,
    start=0x7ffffffface8, end=0x7ffffffface0, prop=0x7fffffffacd8,
    object=22411973) at composite.c:430
#4  0x0000000000448290 in check_point_in_composition (prev_buf=0x155fac0,
    prev_pt=78, buf=0x155fac0, pt=2) at xdisp.c:11311
#5  0x0000000000448857 in reconsider_clip_changes (w=0x1564480, b=0x155fac0)
    at xdisp.c:11358
#6  0x000000000044f0d7 in redisplay_window (window=22430853, just_this_one_p=0)
    at xdisp.c:13715
#7  0x000000000044addc in redisplay_window_0 (window=22430853) at xdisp.c:12362
#8  0x00000000005dc1dc in internal_condition_case_1 (
    bfun=0x44ad9d <redisplay_window_0>, arg=22430853, handlers=12412566,
    hfun=0x44ad6e <redisplay_window_error>) at eval.c:1453
#9  0x000000000044ad4f in redisplay_windows (window=22430853) at xdisp.c:12342
#10 0x000000000044ad09 in redisplay_windows (window=22430309) at xdisp.c:12336
#11 0x0000000000449e14 in redisplay_internal (preserve_echo_area=0)
    at xdisp.c:11919
#12 0x0000000000447cff in redisplay () at xdisp.c:11139
#13 0x00000000005419ca in read_char (commandflag=1, nmaps=2,
    maps=0x7fffffffdae0, prev_event=12442194, used_mouse_menu=0x7fffffffddb8,
    end_time=0x0) at keyboard.c:2357
#14 0x000000000054f450 in read_key_sequence (keybuf=0x7fffffffde20,
    bufsize=30, prompt=12442194, dont_downcase_last=0,
    can_return_switch_frame=1, fix_current_buffer=1) at keyboard.c:9193
#15 0x000000000053fbae in command_loop_1 () at keyboard.c:1409
#16 0x00000000005dc067 in internal_condition_case (
    bfun=0x53f7f3 <command_loop_1>, handlers=12494210,
    hfun=0x53f0d8 <cmd_error>) at eval.c:1408
#17 0x000000000053f4f4 in command_loop_2 (ignore=12442194) at keyboard.c:1129
#18 0x00000000005dba31 in internal_catch (tag=12490226,
    func=0x53f4ce <command_loop_2>, arg=12442194) at eval.c:1152
#19 0x000000000053f4a7 in command_loop () at keyboard.c:1108
#20 0x000000000053ec0f in recursive_edit_1 () at keyboard.c:731
#21 0x000000000053edc2 in Frecursive_edit () at keyboard.c:793
#22 0x000000000053d0e8 in main (argc=2, argv=0x7fffffffe728) at emacs.c:1684

In GNU Emacs 24.0.50.2 (x86_64-unknown-linux-gnu, GTK+ Version 2.20.1)
 of 2011-03-10 on furball
Windowing system distributor `The X.Org Foundation', version 11.0.10706000
configured using `configure  'CC=gcc' 'CFLAGS=-g''





^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#8219: 23.3; Crash in indirect buffer
  2011-03-10 20:24 bug#8219: 23.3; Crash in indirect buffer Chong Yidong
@ 2011-03-10 20:56 ` Glenn Morris
  2011-03-10 21:56   ` Chong Yidong
  2011-03-11 19:48 ` bug#8219: Effect of deletions on indirect buffers (Bug#8219) Chong Yidong
  2011-03-19 16:44 ` Chong Yidong
  2 siblings, 1 reply; 5+ messages in thread
From: Glenn Morris @ 2011-03-10 20:56 UTC (permalink / raw)
  To: Chong Yidong; +Cc: 8219


Same as

http://debbugs.gnu.org/cgi/bugreport.cgi?bug=1242

?





^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#8219: 23.3; Crash in indirect buffer
  2011-03-10 20:56 ` Glenn Morris
@ 2011-03-10 21:56   ` Chong Yidong
  0 siblings, 0 replies; 5+ messages in thread
From: Chong Yidong @ 2011-03-10 21:56 UTC (permalink / raw)
  To: Glenn Morris; +Cc: 8219

Glenn Morris <rgm@gnu.org> writes:

> http://debbugs.gnu.org/cgi/bugreport.cgi?bug=1242

I guess we can assume this is the same bug.  So, now we have a
reproducible recipe.





^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#8219: Effect of deletions on indirect buffers (Bug#8219)
  2011-03-10 20:24 bug#8219: 23.3; Crash in indirect buffer Chong Yidong
  2011-03-10 20:56 ` Glenn Morris
@ 2011-03-11 19:48 ` Chong Yidong
  2011-03-19 16:44 ` Chong Yidong
  2 siblings, 0 replies; 5+ messages in thread
From: Chong Yidong @ 2011-03-11 19:48 UTC (permalink / raw)
  To: emacs-devel; +Cc: 8219

Indirect bufffers are allowed to have their own values of point,
BUF_BEGV, and BUF_ZV (indeed, that's one of their roles).  Their other
attributes inherit from the base buffer, e.g.

#define BUF_Z(buf) ((buf)->text->z)

where `text' points to the base buffer's text object.

Now consider what happens when a deletion is performed in buffer A,
which is the base buffer for an indirect buffer B.  It appears that the
responsible functions, such as del_range_2, only update the attributes
of buffer A, making no effort to update buffer B.

Hence, in the aftermath of a deletion, buffer B's values of PT (and
BUF_BEGV and BUF_ZV) can be larger than BUF_ZV.  This is the proximate
cause of the crash in Bug#8219: there, we have

 if (prev_pt > BUF_BEGV (buf) && prev_pt < BUF_ZV (buf)
     && find_composition (prev_pt, -1, &start, &end, &prop, buffer)

and find_composition aborts because prev_pt is larger than the size of
the buffer.


I'm not sure what the best solution is.  The narrowest fix is to change
find_composition, and the functions it calls, so that it does not abort
when supplied with a position that's beyond BUF_Z.  This might be the
best approach for the emacs-23 branch.

However, I suspect that we have other places in the code that assumes
that if a point is smaller than BUF_ZV, it's necessarily smaller than
BUF_Z---which we now see if not that case.  So, a more comprehensive fix
is needed for the trunk.

Any thoughts?





^ permalink raw reply	[flat|nested] 5+ messages in thread

* bug#8219: Effect of deletions on indirect buffers (Bug#8219)
  2011-03-10 20:24 bug#8219: 23.3; Crash in indirect buffer Chong Yidong
  2011-03-10 20:56 ` Glenn Morris
  2011-03-11 19:48 ` bug#8219: Effect of deletions on indirect buffers (Bug#8219) Chong Yidong
@ 2011-03-19 16:44 ` Chong Yidong
  2 siblings, 0 replies; 5+ messages in thread
From: Chong Yidong @ 2011-03-19 16:44 UTC (permalink / raw)
  To: 8219-done

I have backported the trunk fix to the emacs-23 brach (there seems to be
no safer complete solutions).  Closing Bug#8219 and Bug#1242.





^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2011-03-19 16:44 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-03-10 20:24 bug#8219: 23.3; Crash in indirect buffer Chong Yidong
2011-03-10 20:56 ` Glenn Morris
2011-03-10 21:56   ` Chong Yidong
2011-03-11 19:48 ` bug#8219: Effect of deletions on indirect buffers (Bug#8219) Chong Yidong
2011-03-19 16:44 ` Chong Yidong

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/emacs.git
	https://git.savannah.gnu.org/cgit/emacs/org-mode.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.