[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#6266: 24.0.50; emacs core dump on delete-other-window
|
From: |
enami tsugutomo |
|
Subject: |
bug#6266: 24.0.50; emacs core dump on delete-other-window |
|
Date: |
Tue, 25 May 2010 15:38:22 +0900 |
Emacs crashed while executing delete-other-window. The backtrace is
below (bt full output is appended at the end of this mail). It looks
like the emacs uses uninitialized stack variable `prop' if
find_composition() call on the line 1307 of composite.c fails. We need
to check if the find_composition() success before proceeding.
enami@rplaca% gdb ./emacs-24.0.50.3 ../emacs.core
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "x86_64--netbsd"...
Reading symbols from /usr/lib/libossaudio.so.1...done.
Loaded symbols for /usr/lib/libossaudio.so.1
Reading symbols from /usr/lib/libterminfo.so.1...done.
Loaded symbols for /usr/lib/libterminfo.so.1
Reading symbols from /usr/lib/libm.so.0...done.
Loaded symbols for /usr/lib/libm.so.0
Reading symbols from /usr/lib/libc.so.12...done.
Loaded symbols for /usr/lib/libc.so.12
Reading symbols from /usr/libexec/ld.elf_so...done.
Loaded symbols for /usr/libexec/ld.elf_so
Core was generated by `emacs'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12
DISPLAY = :0.0
TERM = kterm
Breakpoint 1 at 0x46fd7c: file emacs.c, line 436.
Breakpoint 2 at 0x48807e: file sysdep.c, line 1036.
(gdb) bt
#0 0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12
#1 <signal handler called>
#2 0x000000000052adcf in get_composition_id (charpos=25758, bytepos=25758,
nchars=4896095, prop=25758, string=10930226) at composite.c:203
#3 0x000000000052c32a in composition_reseat_it (cmp_it=0x7f7fffffd350,
charpos=<value optimized out>, bytepos=25758,
endpos=<value optimized out>, w=0x16e0000, face=0x0, string=10930226)
at composite.c:1308
#4 0x00000000004ab65d in compute_motion (from=0,
fromvpos=<value optimized out>, fromhpos=<value optimized out>,
did_motion=0, to=25758, tovpos=32768, tohpos=32768, width=79, hscroll=0,
tab_offset=<value optimized out>, win=0x16e0000) at indent.c:1527
#5 0x00000000004ac171 in vmotion (from=25758, vtarget=-55, w=0x16e0000)
at indent.c:1914
#6 0x0000000000435e69 in Fdelete_other_windows (window=<value optimized out>)
at window.c:2532
#7 0x00000000004d9558 in Ffuncall (nargs=<value optimized out>,
args=<value optimized out>) at eval.c:3073
#8 0x00000000004d6651 in Fcall_interactively (function=11241170,
record_flag=10930226, keys=10958341) at callint.c:869
#9 0x00000000004d9586 in Ffuncall (nargs=<value optimized out>,
args=<value optimized out>) at eval.c:3079
#10 0x00000000004d97e6 in call3 (fn=<value optimized out>,
arg1=<value optimized out>, arg2=4896095, arg3=25758) at eval.c:2901
#11 0x000000000047f7a8 in command_loop_1 () at keyboard.c:1755
#12 0x00000000004d7eaf in internal_condition_case (
bfun=0x47f43c <command_loop_1>, handlers=11018434,
hfun=0x479e36 <cmd_error>) at eval.c:1510
#13 0x0000000000479b66 in command_loop_2 () at keyboard.c:1356
#14 0x00000000004d7f9f in internal_catch (tag=<value optimized out>,
func=0x479b4c <command_loop_2>, arg=10930226) at eval.c:1246
#15 0x0000000000479ca3 in command_loop () at keyboard.c:1335
#16 0x0000000000479fc3 in recursive_edit_1 () at keyboard.c:950
#17 0x000000000047a0e7 in Frecursive_edit () at keyboard.c:1012
#18 0x0000000000470eb9 in main (argc=<value optimized out>,
argv=0x7f7fffffdc30) at emacs.c:1801
Lisp Backtrace:
"delete-other-windows" (0xffffd578)
"call-interactively" (0xffffd778)
(gdb) up
#1 <signal handler called>
(gdb)
#2 0x000000000052adcf in get_composition_id (charpos=25758, bytepos=25758,
nchars=4896095, prop=25758, string=10930226) at composite.c:203
warning: Source file is more recent than executable.
203 id = XCAR (prop);
(gdb) p prop
$1 = 25758
(gdb) xtype
Lisp_Cons
(gdb) xcons
$2 = (struct Lisp_Cons *) 0x6498
Cannot access memory at address 0x6498
(gdb) up
#3 0x000000000052c32a in composition_reseat_it (cmp_it=0x7f7fffffd350,
charpos=<value optimized out>, bytepos=25758,
endpos=<value optimized out>, w=0x16e0000, face=0x0, string=10930226)
at composite.c:1308
1308 cmp_it->id = get_composition_id (charpos, bytepos, end - start,
(gdb) l
1303 /* We are looking at a static composition. */
1304 EMACS_INT start, end;
1305 Lisp_Object prop;
1306
1307 find_composition (charpos, -1, &start, &end, &prop, string);
1308 cmp_it->id = get_composition_id (charpos, bytepos, end - start,
1309 prop, string);
1310 if (cmp_it->id < 0)
1311 goto no_composition;
1312 cmp_it->nchars = end - start;
(gdb)
In GNU Emacs 24.0.50.3 (x86_64--netbsd)
of 2010-05-25 on rplaca.sm.sony.co.jp
configured using `configure 'x86_64--netbsd' '--with-x=no'
'build_alias=x86_64--netbsd' 'host_alias=x86_64--netbsd'
'target_alias=x86_64--netbsd''
Important settings:
value of $LC_ALL: nil
value of $LC_COLLATE: nil
value of $LC_CTYPE: nil
value of $LC_MESSAGES: nil
value of $LC_MONETARY: nil
value of $LC_NUMERIC: nil
value of $LC_TIME: nil
value of $LANG: nil
value of $XMODIFIERS: nil
locale-coding-system: nil
default enable-multibyte-characters: t
Major mode: Fundamental
Minor modes in effect:
file-name-shadow-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
Recent input:
ESC x r e p o SPC r TAB RET
Recent messages:
("./emacs-24.0.50.3")
For information about GNU Emacs and the GNU system, type C-h C-a.
Making completion list...
Load-path shadows:
None found.
Features:
(shadow sort gnus-util mail-extr message sendmail regexp-opt rfc822 mml
mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045
ietf-drums mm-util mail-prsvr mailabbrev mail-utils gmm-utils mailheader
emacsbug help-mode easymenu view japan-util ediff-hook vc-hooks
lisp-float-type lisp-mode register page menu-bar rfn-eshadow timer
jit-lock font-lock syntax facemenu font-core frame cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev
loaddefs button minibuffer faces cus-face files text-properties overlay
md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process multi-tty emacs)
Backtrace full:
enami@rplaca% gdb ./emacs-24.0.50.3 ../emacs.core
GNU gdb 6.5
Copyright (C) 2006 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "x86_64--netbsd"...
Reading symbols from /usr/lib/libossaudio.so.1...done.
Loaded symbols for /usr/lib/libossaudio.so.1
Reading symbols from /usr/lib/libterminfo.so.1...done.
Loaded symbols for /usr/lib/libterminfo.so.1
Reading symbols from /usr/lib/libm.so.0...done.
Loaded symbols for /usr/lib/libm.so.0
Reading symbols from /usr/lib/libc.so.12...done.
Loaded symbols for /usr/lib/libc.so.12
Reading symbols from /usr/libexec/ld.elf_so...done.
Loaded symbols for /usr/libexec/ld.elf_so
Core was generated by `emacs'.
Program terminated with signal 11, Segmentation fault.
#0 0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12
DISPLAY = :0.0
TERM = kterm
Breakpoint 1 at 0x46fd7c: file emacs.c, line 436.
Breakpoint 2 at 0x48807e: file sysdep.c, line 1036.
(gdb) bt full
#0 0x00007f7ffcc368ca in kill () from /usr/lib/libc.so.12
No symbol table info available.
#1 <signal handler called>
No symbol table info available.
#2 0x000000000052adcf in get_composition_id (charpos=25758, bytepos=25758,
nchars=4896095, prop=25758, string=10930226) at composite.c:203
id = <value optimized out>
length = <value optimized out>
components = <value optimized out>
key = <value optimized out>
key_contents = <value optimized out>
glyph_len = <value optimized out>
hash_table = <value optimized out>
hash_index = <value optimized out>
hash_code = <value optimized out>
cmp = <value optimized out>
i = <value optimized out>
ch = <value optimized out>
#3 0x000000000052c32a in composition_reseat_it (cmp_it=0x7f7fffffd350,
charpos=<value optimized out>, bytepos=25758,
endpos=<value optimized out>, w=0x16e0000, face=0x0, string=10930226)
at composite.c:1308
start = 140187732530064
end = 4884719
prop = 25758
#4 0x00000000004ab65d in compute_motion (from=0,
fromvpos=<value optimized out>, fromhpos=<value optimized out>,
did_motion=0, to=25758, tovpos=32768, tohpos=32768, width=79, hscroll=0,
tab_offset=<value optimized out>, win=0x16e0000) at indent.c:1527
c = <value optimized out>
ptr = <value optimized out>
bytes = 32639
width = <value optimized out>
hpos = 0
vpos = 1
pos = <value optimized out>
pos_byte = <value optimized out>
c = <value optimized out>
tab_width = 8
dp = (struct Lisp_Char_Table *) 0x0
selective = 0
selective_rlen = 0
next_boundary = 152696
width_run_start = 25733
width_run_end = 25733
width_run_width = 0
width_table = (Lisp_Object *) 0x0
next_width_run = 25733
window = 23986181
multibyte = 1
wide_column_end_hpos = 0
prev_pos = 25757
prev_pos_byte = 25757
prev_hpos = 45
prev_vpos = 0
contin_hpos = 0
prev_tab_offset = 0
cmp_it = {
stop_pos = 25758,
id = -1,
ch = -2,
lookback = 0,
nglyphs = 0,
nchars = 0,
nbytes = 0,
from = 0,
to = 0,
width = 0,
reversed_p = 0
}
#5 0x00000000004ac171 in vmotion (from=25758, vtarget=-55, w=0x16e0000)
at indent.c:1914
propval = <value optimized out>
hscroll = 0
vpos = -25
prevline = 25733
first = <value optimized out>
lmargin = 0
selective = 0
did_motion = <value optimized out>
text_prop_object = 23986181
#6 0x0000000000435e69 in Fdelete_other_windows (window=<value optimized out>)
at window.c:2532
obuf = (struct buffer *) 0x13d2400
startpos = <value optimized out>
top = -55
#7 0x00000000004d9558 in Ffuncall (nargs=<value optimized out>,
args=<value optimized out>) at eval.c:3073
fun = <value optimized out>
original_fun = <value optimized out>
funcar = <value optimized out>
numargs = 0
val = <value optimized out>
backtrace = {
next = 0x7f7fffffd710,
function = 0x7f7fffffd570,
args = 0x7f7fffffd578,
nargs = 0,
evalargs = 0 '\0',
debug_on_exit = 0 '\0'
}
internal_args = (Lisp_Object *) 0x7f7fffffd4a0
i = 25758
#8 0x00000000004d6651 in Fcall_interactively (function=11241170,
record_flag=10930226, keys=10958341) at callint.c:869
val = <value optimized out>
args = (Lisp_Object *) 0x7f7fffffd570
visargs = (Lisp_Object *) 0x7f7fffffd550
specs = <value optimized out>
filter_specs = 7748801
teml = <value optimized out>
---Type <return> to continue, or q <return> to quit---
up_event = 10930226
enable = 10930226
speccount = 2
next_event = 2
prefix_arg = 10930226
string = <value optimized out>
tem = <value optimized out>
varies = (int *) 0x7f7fffffd530
i = 1
j = 0
foo = <value optimized out>
prompt1 =
"\360\204\246\000\000\000\000\000\002\310\246\000\000\000\000\000\302\313\247\000\000\000\000\000\001\000\000\000\000\000\000\000\360\362)\000\000\000\000\000[2H\000\000\000\000\000\200\364\304\000\000\000\000\000\360\362)\000\000\000\000\000\002\000\000\000\000\000\000\000\226\236\246\000\000\000\000\0002\310\246\000\000\000\000\000\302\313\247\000\000\000\000\000\302\313\247"
arg_from_tty = 0
key_count = 2
record_then_fail = 0
save_this_command = 11241170
save_last_command = 11765762
save_this_original_command = 11241170
save_real_this_command = 11241170
#9 0x00000000004d9586 in Ffuncall (nargs=<value optimized out>,
args=<value optimized out>) at eval.c:3079
fun = <value optimized out>
original_fun = <value optimized out>
funcar = <value optimized out>
numargs = 3
val = <value optimized out>
backtrace = {
next = 0x0,
function = 0x7f7fffffd770,
args = 0x7f7fffffd778,
nargs = 3,
evalargs = 0 '\0',
debug_on_exit = 0 '\0'
}
internal_args = (Lisp_Object *) 0x7f7fffffd778
i = <value optimized out>
#10 0x00000000004d97e6 in call3 (fn=<value optimized out>,
arg1=<value optimized out>, arg2=4896095, arg3=25758) at eval.c:2901
ret_ungc_val = 6
args = {11136386, 11241170, 10930226, 10930226}
#11 0x000000000047f7a8 in command_loop_1 () at keyboard.c:1755
cmd = 11241170
keybuf = {96, 196, 7762193, 16723968, 10930274, 20784128, -1,
4294967295, 0, 10930226, 2, 10930226, 10930274, 11018482, 140187732531312,
5193072, 7762193, 140187732531360, 10930226, 140187732532272, 1,
140187732532168, 22768166, 4693490, 10930226, 22768166, 10930226, 4693730,
0, 140187732531400}
i = 2
prev_modiff = 2
prev_buffer = (struct buffer *) 0x13d2400
#12 0x00000000004d7eaf in internal_condition_case (
bfun=0x47f43c <command_loop_1>, handlers=11018434,
hfun=0x479e36 <cmd_error>) at eval.c:1510
val = <value optimized out>
c = {
tag = 10930226,
val = 10930226,
next = 0x7f7fffffda30,
gcpro = 0x0,
jmp = {11837440, 11837472, 11837440, 140187732532272, 1, 140187732532168,
140187732531464, 5078578, 8175336, 8175352, 0},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 0,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
h = {
handler = 11018434,
var = 10930226,
chosen_clause = 10930274,
tag = 0x7f7fffffd930,
next = 0x0
}
#13 0x0000000000479b66 in command_loop_2 () at keyboard.c:1356
val = 6
#14 0x00000000004d7f9f in internal_catch (tag=<value optimized out>,
func=0x479b4c <command_loop_2>, arg=10930226) at eval.c:1246
c = {
tag = 11014722,
val = 10930226,
next = 0x0,
gcpro = 0x0,
jmp = {11837440, 11837472, 11837440, 140187732532272, 1, 140187732532168,
140187732531736, 5078931, 8175256, 0, 11837440},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 0,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
#15 0x0000000000479ca3 in command_loop () at keyboard.c:1335
No locals.
#16 0x0000000000479fc3 in recursive_edit_1 () at keyboard.c:950
val = <value optimized out>
#17 0x000000000047a0e7 in Frecursive_edit () at keyboard.c:1012
buffer = 10930226
#18 0x0000000000470eb9 in main (argc=<value optimized out>,
argv=0x7f7fffffdc30) at emacs.c:1801
tz = 0x0
dummy = 140187681291328
stack_bottom_variable = 0 '\0'
do_initial_setlocale = <value optimized out>
---Type <return> to continue, or q <return> to quit---
skip_args = 0
rlim = {
rlim_cur = 33554432,
rlim_max = 33554432
}
no_loadup = 0
junk = 0x0
dname_arg = 0x0
ch_to_dir = 0x0
Lisp Backtrace:
"delete-other-windows" (0xffffd578)
"call-interactively" (0xffffd778)
(gdb) xbacktrace
"delete-other-windows" (0xffffd578)
"call-interactively" (0xffffd778)
(gdb)
- bug#6266: 24.0.50; emacs core dump on delete-other-window,
enami tsugutomo <=