From: "Gerd Möllmann" <gerd.moellmann@gmail.com>
To: Po Lu <luangruo@yahoo.com>
Cc: 58334@debbugs.gnu.org
Subject: bug#58334: 29.0.50; ASAN heap use after free in gui_produce_glyphs
Date: Fri, 07 Oct 2022 07:23:07 +0200 [thread overview]
Message-ID: <m2ilkw9phg.fsf@Mini.fritz.box> (raw)
In-Reply-To: <87mta8qx48.fsf@yahoo.com> (Po Lu's message of "Fri, 07 Oct 2022 08:46:15 +0800")
Po Lu <luangruo@yahoo.com> writes:
> Gerd Möllmann <gerd.moellmann@gmail.com> writes:
>
>> #0 0x1033f2ca8 in wrap_malloc+0x94 (libclang_rt.asan_osx_dynamic.dylib:arm64e+0x3eca8)
>> #1 0x1005af4f4 in lmalloc alloc.c:1361
>> #2 0x1005af40c in xmalloc alloc.c:751
>> #3 0x1003f92b4 in make_realized_face xfaces.c:4471
>> #4 0x1003f5c00 in realize_gui_face xfaces.c:6023
>> #5 0x1003e4000 in realize_face xfaces.c:5954
>
> [...]
>
>> #14 0x1005592d8 in Fvertical_motion indent.c:2241
>
> I'm pretty sure the right fix is to block input around realize_face and
> Fvertical_motion, since that code is clearly not reentrant.
If we can find one, I would prefer a broader solution, even if it is a
bit heavy-handed. I'm a bit afraid of finding these problems piecemeal,
and it's getting a bit tiresome, but that's just me - why do I run with
ASAN...
>
>> The problem here, it seems to me, is that the redisplay done in
>> -[EmacsView layoutSublayersOfLayer:] nsterm.m:8675, frees realized faces
>> at a moment that the code doesn't cannot expect.
>
> Also, how come layoutSublayersOfLayer is called so often? AFAIU it's
> only there to coax the system into actually resizing Emacs while the
> system blocks the input loop from returning control to Emacs, which
> should only happen during drag-to-resize.
I don't know. Does it help if I describe what I did?
The backtrace I showed was from starting Emacs with my init file. It
was busy with restoring desktop, I think, and at the point where frame
size and poisitino was restored (just a guess), it crashed.
Today, I got basically the same crash modulo Lisp frames in the
backtrace when finding a file in another frame.
next prev parent reply other threads:[~2022-10-07 5:23 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-06 15:03 bug#58334: 29.0.50; ASAN heap use after free in gui_produce_glyphs Gerd Möllmann
2022-10-06 16:00 ` Eli Zaretskii
2022-10-06 18:01 ` Gerd Möllmann
2022-10-06 18:30 ` Eli Zaretskii
2022-10-06 18:36 ` Gerd Möllmann
2022-10-07 12:01 ` Eli Zaretskii
2022-10-07 12:03 ` Gerd Möllmann
2022-10-07 12:06 ` Eli Zaretskii
2022-10-07 12:08 ` Gerd Möllmann
2022-10-07 12:12 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 12:16 ` Eli Zaretskii
2022-10-07 12:23 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 12:14 ` Eli Zaretskii
2022-10-07 12:34 ` Gerd Möllmann
2022-10-07 0:37 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 5:06 ` Gerd Möllmann
2022-10-07 7:12 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 7:20 ` Gerd Möllmann
2022-10-07 0:46 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 5:23 ` Gerd Möllmann [this message]
2022-10-07 7:03 ` Eli Zaretskii
2022-10-07 7:20 ` Gerd Möllmann
2022-10-07 8:07 ` Gerd Möllmann
2022-10-07 8:36 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 8:54 ` Gerd Möllmann
2022-10-07 10:28 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 11:11 ` Gerd Möllmann
2022-10-07 11:19 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 11:34 ` Eli Zaretskii
2022-10-07 11:38 ` Gerd Möllmann
2022-10-07 11:29 ` Eli Zaretskii
2022-10-07 12:16 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 12:27 ` Eli Zaretskii
2022-10-07 11:19 ` Eli Zaretskii
2022-10-07 11:34 ` Gerd Möllmann
2022-10-07 11:13 ` Eli Zaretskii
2022-10-07 11:08 ` Eli Zaretskii
2022-10-07 11:29 ` Gerd Möllmann
2022-10-07 11:44 ` Eli Zaretskii
2022-10-07 12:01 ` Gerd Möllmann
2022-10-07 12:05 ` Eli Zaretskii
2022-10-07 12:14 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 12:17 ` Gerd Möllmann
2022-10-07 12:22 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2022-10-07 12:36 ` Gerd Möllmann
2022-10-08 6:58 ` Gerd Möllmann
2022-10-08 7:59 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m2ilkw9phg.fsf@Mini.fritz.box \
--to=gerd.moellmann@gmail.com \
--cc=58334@debbugs.gnu.org \
--cc=luangruo@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.