From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Stefan Monnier Newsgroups: gmane.emacs.bugs Subject: bug#37795: 26.1; Fixnum overflow on dpyinfo->last_user_time Date: Thu, 17 Oct 2019 12:25:43 -0400 Message-ID: Mime-Version: 1.0 Content-Type: text/plain Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="99929"; mail-complaints-to="usenet@blaine.gmane.org" To: 37795@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Oct 17 19:07:17 2019 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1iL9F6-000Psa-W0 for geb-bug-gnu-emacs@m.gmane.org; Thu, 17 Oct 2019 19:07:17 +0200 Original-Received: from localhost ([::1]:53752 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iL9F5-0001E7-2B for geb-bug-gnu-emacs@m.gmane.org; Thu, 17 Oct 2019 13:07:15 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:38961) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iL8cE-0002TF-JJ for bug-gnu-emacs@gnu.org; Thu, 17 Oct 2019 12:27:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iL8cD-0000UH-CW for bug-gnu-emacs@gnu.org; Thu, 17 Oct 2019 12:27:06 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:39999) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1iL8cD-0000UC-9p for bug-gnu-emacs@gnu.org; Thu, 17 Oct 2019 12:27:05 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1iL8cA-0001Hh-41 for bug-gnu-emacs@gnu.org; Thu, 17 Oct 2019 12:27:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Stefan Monnier Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 17 Oct 2019 16:27:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 37795 X-GNU-PR-Package: emacs X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.15713295774880 (code B ref -1); Thu, 17 Oct 2019 16:27:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 17 Oct 2019 16:26:17 +0000 Original-Received: from localhost ([127.0.0.1]:48820 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iL8bH-0001GS-6C for submit@debbugs.gnu.org; Thu, 17 Oct 2019 12:26:15 -0400 Original-Received: from lists.gnu.org ([209.51.188.17]:39639) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1iL8bF-0001GK-39 for submit@debbugs.gnu.org; Thu, 17 Oct 2019 12:26:05 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:38704) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1iL8b9-00016a-PJ for bug-gnu-emacs@gnu.org; Thu, 17 Oct 2019 12:26:02 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1iL8b7-0008CK-Sw for bug-gnu-emacs@gnu.org; Thu, 17 Oct 2019 12:25:59 -0400 Original-Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:21439) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1iL8b7-0008AK-JK for bug-gnu-emacs@gnu.org; Thu, 17 Oct 2019 12:25:57 -0400 Original-Received: from pmg2.iro.umontreal.ca (localhost.localdomain [127.0.0.1]) by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id F23C38122F for ; Thu, 17 Oct 2019 12:25:52 -0400 (EDT) Original-Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1]) by pmg2.iro.umontreal.ca (Proxmox) with ESMTP id 677C781155 for ; Thu, 17 Oct 2019 12:25:51 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca; s=mail; t=1571329551; bh=bFI9UZyjaCxMImsasKuISPgLQ3vX8ujTvrT38qPVtb4=; h=From:To:Subject:Date:From; b=X15QmomxMrD7kw6Aht65RWaAYUfy93NcmMIbbdlPYhnnJGrfA0G3pIWUvG73S07Wo uNKjn3fIdYDsTMqB7mbLZ0E/fL59o/+l8quVSVQvrFwsJY18AElHyWQtFOo7DAOWCx ghrxf1cPkzSDyD5IjNEA2Uoycnr70PdIeeKNvM256FvOERiLxuutpShxvSIlxYWGHV 7xBvGzgvoERD72fQJLPFw8FuFAx5coN3Nbq9jwVLo4JNIXbU/NBxx5lJ+Jyy7XPORj 65dL4tPNefK2lw2zt2O4eUaft2LodW3la0P8blsiAXPz1eLI/oKHfr0JZWW0kMxTak O0O6HgoA1tJWw== Original-Received: from lechazo (lechon.iro.umontreal.ca [132.204.27.242]) by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id 491AD1203A2 for ; Thu, 17 Oct 2019 12:25:51 -0400 (EDT) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:169602 Archived-At: I just got an assertion failure: lisp.h:1151: Emacs fatal error: assertion failed: !FIXNUM_OVERFLOW_P (n) where the backtrace looks like: #0 0x0817867e in terminate_due_to_signal (sig=6, backtrace_limit=2147483647) at emacs.c:371 #1 0x081edce8 in die (msg=0x82e20f1 "!FIXNUM_OVERFLOW_P (n)", file=0x82e2008 "lisp.h", line=1151) at alloc.c:7374 #2 0x0813a4ee in make_fixnum (n=) at lisp.h:1152 #3 0x0813bb41 in list2i (x=x@entry=1, y=) at lisp.h:3938 #4 0x08148f7c in x_ewmh_activate_frame (f=f@entry=0x8d67980) at xterm.c:11614 #5 0x0814906f in x_focus_frame (f=0x8d67980, noactivate=false) at xterm.c:11664 The relevant data being: (gdb) p dpyinfo->last_user_time $1 = 537117447 (gdb) which was passed to list2i via: x_send_client_event (frame, make_fixnum (0), frame, dpyinfo->Xatom_net_active_window, make_fixnum (32), list2i (1, dpyinfo->last_user_time)); Obviously, on 64bit systems this is not a problem, but on 32bit systems such overflows can happen as I just found out. I changed `list2i` to use `make_int` instead of `make_fixnum` and it seems to have fixed the immediate problem, but the same problem showed up further down in make_lispy_position because the event's timestamp was similarly large. So I'm now using the patch below, which seems "good enough" but I also see other places where we do: selection_data = list4 (selection_name, selection_value, INT_TO_INTEGER (timestamp), frame); so maybe we should be using `INT_TO_INTEGER` rather than `make_int`? Now, AFAICT the exact value of those timestamps doesn't really matter, so rather than make_int we could use a wrap-around version of make_fixnum which truncates the higher bits instead of signaling an error on overflow. Stefan diff --git a/src/keyboard.c b/src/keyboard.c index d07376e8bea..fef2c094f26 100644 --- a/src/keyboard.c +++ b/src/keyboard.c @@ -5301,7 +5301,7 @@ make_lispy_position (struct frame *f, Lisp_Object x, Lisp_Object y, Fcons (posn, Fcons (Fcons (make_fixnum (xret), make_fixnum (yret)), - Fcons (make_fixnum (t), + Fcons (make_int (t), extra_info)))); } @@ -5326,7 +5326,7 @@ static Lisp_Object make_scroll_bar_position (struct input_event *ev, Lisp_Object type) { return list5 (ev->frame_or_window, type, Fcons (ev->x, ev->y), - make_fixnum (ev->timestamp), + make_int (ev->timestamp), builtin_lisp_symbol (scroll_bar_parts[ev->part])); } @@ -5639,7 +5639,7 @@ make_lispy_event (struct input_event *event) position = list4 (event->frame_or_window, Qmenu_bar, Fcons (event->x, event->y), - make_fixnum (event->timestamp)); + make_int (event->timestamp)); return list2 (item, position); } diff --git a/src/lisp.h b/src/lisp.h index 66e631392e4..fd41b1b97b1 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -3929,26 +3929,26 @@ extern void visit_static_gc_roots (struct gc_root_visitor visitor); INLINE Lisp_Object list1i (EMACS_INT x) { - return list1 (make_fixnum (x)); + return list1 (make_int (x)); } INLINE Lisp_Object list2i (EMACS_INT x, EMACS_INT y) { - return list2 (make_fixnum (x), make_fixnum (y)); + return list2 (make_int (x), make_int (y)); } INLINE Lisp_Object list3i (EMACS_INT x, EMACS_INT y, EMACS_INT w) { - return list3 (make_fixnum (x), make_fixnum (y), make_fixnum (w)); + return list3 (make_int (x), make_int (y), make_int (w)); } INLINE Lisp_Object list4i (EMACS_INT x, EMACS_INT y, EMACS_INT w, EMACS_INT h) { - return list4 (make_fixnum (x), make_fixnum (y), - make_fixnum (w), make_fixnum (h)); + return list4 (make_int (x), make_int (y), + make_int (w), make_int (h)); } extern Lisp_Object make_uninit_bool_vector (EMACS_INT);