From: Po Lu via "Bug reports for GNU Emacs, the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
To: Eli Zaretskii <eliz@gnu.org>
Cc: 71929@debbugs.gnu.org, spwhitton@spwhitton.name
Subject: bug#71929: 30.0.60; crash in mark_image_cache
Date: Tue, 09 Jul 2024 23:02:22 +0800 [thread overview]
Message-ID: <s54v81e622p.fsf@yahoo.com> (raw)
In-Reply-To: <86le2azm1f.fsf@gnu.org> (Eli Zaretskii's message of "Tue, 09 Jul 2024 17:18:20 +0300")
Eli Zaretskii <eliz@gnu.org> writes:
>> From: Po Lu <luangruo@yahoo.com>
>> Cc: 71929@debbugs.gnu.org, Eli Zaretskii <eliz@gnu.org>
>> Date: Tue, 09 Jul 2024 22:03:34 +0800
>>
>> OK, I believe I understand the source of these crashes. A frame
>> whose
>> image cache is shared among several frames is destroyed, but its
>> `image_cache' field is never cleared after it is destroyed, as its
>> cache
>> continues to be referenced, and, if references to the dead frame
>> remain,
>> GC attempts to mark the said image cache although its validity is no
>> longer guaranteed. In earlier Emacs versions, this problem would
>> have
>> appeared if references to dead frames were preserved beyond the
>> destruction of a display structure. This has been corrected on the
>> emacs-30 branch, and therefore if the crashes do not resurface in a
>> few
>> days, I will close this ticket.
>
> Thanks, but I don't think I understand this part of the change you
> installed:
>
> --- a/src/image.c
> +++ b/src/image.c
> @@ -2304,23 +2304,18 @@ uncache_image (struct frame *f, Lisp_Object spec)
> free_image_cache (struct frame *f)
> {
> struct image_cache *c = FRAME_IMAGE_CACHE (f);
> - if (c)
> - {
> - ptrdiff_t i;
> + ptrdiff_t i;
>
> - /* Cache should not be referenced by any frame when freed. */
> - eassert (c->refcount == 0);
> + /* Cache should not be referenced by any frame when freed. */
> + eassert (c->refcount == 0);
>
> - for (i = 0; i < c->used; ++i)
> - free_image (f, c->images[i]);
> - xfree (c->images);
> - xfree (c->buckets);
> - xfree (c);
> - FRAME_IMAGE_CACHE (f) = NULL;
> - }
> + for (i = 0; i < c->used; ++i)
> + free_image (f, c->images[i]);
> + xfree (c->images);
> + xfree (c->buckets);
> + xfree (c);
> }
>
> This basically removes the test of 'c' being non-NULL, leaving the
> rest of the code unchanged. But if 'c' is NULL, dereferencing it in
> the following code will segfault, so why remove the test? In
> particular, what about frames that were not yet allocated the image
> cache (could this happen with TTY frames, for example)?
>
> What am I missing here?
That free_frame_faces has been the sole caller of this function for
quite some time, and it already performs the same test around its call
to free_image_cache.
next prev parent reply other threads:[~2024-07-09 15:02 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-04 2:33 bug#71929: 30.0.60; crash in mark_image_cache Sean Whitton
2024-07-04 2:44 ` Sean Whitton
2024-07-04 5:53 ` Eli Zaretskii
2024-07-04 6:03 ` Eli Zaretskii
2024-07-04 6:17 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-04 6:42 ` Sean Whitton
2024-07-04 6:59 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-04 9:56 ` Sean Whitton
2024-07-04 12:28 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-05 7:52 ` Sean Whitton
2024-07-04 7:40 ` Eli Zaretskii
2024-07-04 9:57 ` Sean Whitton
2024-07-04 12:48 ` Eli Zaretskii
2024-07-05 0:13 ` Sean Whitton
2024-07-05 6:27 ` Eli Zaretskii
2024-07-05 6:41 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-05 7:37 ` Eli Zaretskii
2024-07-05 9:36 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-05 11:10 ` Eli Zaretskii
2024-07-05 11:40 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-05 12:46 ` Sean Whitton
2024-07-06 2:41 ` Sean Whitton
2024-07-06 6:08 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-07 2:40 ` Sean Whitton
2024-07-07 2:43 ` Sean Whitton
2024-07-07 2:46 ` Sean Whitton
2024-07-07 4:04 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-07 4:54 ` Sean Whitton
2024-07-07 7:08 ` Eli Zaretskii
2024-07-07 7:41 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-07 13:16 ` Sean Whitton
2024-07-07 13:47 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-07 14:45 ` Sean Whitton
2024-07-09 5:48 ` Sean Whitton
2024-07-09 11:37 ` Eli Zaretskii
2024-07-10 1:12 ` Sean Whitton
2024-07-09 12:13 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-09 13:44 ` Sean Whitton
2024-07-09 14:03 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-09 14:18 ` Eli Zaretskii
2024-07-09 15:02 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors [this message]
2024-07-09 15:45 ` Eli Zaretskii
2024-07-10 1:12 ` Sean Whitton
2024-07-24 13:31 ` Basil L. Contovounesios
2024-07-24 13:38 ` Eli Zaretskii
2024-07-24 14:10 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-06 6:40 ` Eli Zaretskii
2024-07-07 2:39 ` Sean Whitton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=s54v81e622p.fsf@yahoo.com \
--to=bug-gnu-emacs@gnu.org \
--cc=71929@debbugs.gnu.org \
--cc=eliz@gnu.org \
--cc=luangruo@yahoo.com \
--cc=spwhitton@spwhitton.name \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.