[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#15475: 24.3.50; race condition in x_frame_rehighlight
From: |
Andreas Politz |
Subject: |
bug#15475: 24.3.50; race condition in x_frame_rehighlight |
Date: |
Sat, 28 Sep 2013 01:47:33 +0200 |
There is a race condition in x_frame_rehighlight regarding input
redirection, triggering a null-pointer access. This kinds of
errors are usually difficult to reproduce. I used the following
code, while simultaneously changing focus rapidly via the
window-manager.
(defun fn (&optional parms)
(let* ((frame (make-frame parms)))
(sit-for 1e-100)
(redirect-frame-focus (selected-frame) frame)
frame))
(while t
(let ((f1 (fn
'((width . 20)
(height . 30))))
(f2 (fn
'((width . 20)
(height . 30)
(top . 400)))))
(sleep-for (/ (float (random 1000)) 5000))
(delete-other-frames)))
Take a look at this part of the attached back-trace.
#0 0x00000000004f9b0e in frame_highlight (f=0x132b510) at xterm.c:3204
#4 0x00000000004fa4ae in x_detect_focus_change (dpyinfo=0x15ba800,
frame=0x11c7e68,
event=0x7fffffffb300, bufp=0x7fffffffae50) at xterm.c:3522
#14 0x00000000004ff413 in XTread_socket (...) at xterm.c:7066
#19 0x00000000005409e7 in unblock_input () at keyboard.c:7116
#20 0x0000000000503f82 in x_free_frame_resources (f=0x132b510) at xterm.c:9383
#21 0x0000000000503fbf in x_destroy_window (f=0x132b510) at xterm.c:9397
#22 0x00000000004274b7 in delete_frame (frame=20100373, force=12634498) at
frame.c:1362
#23 0x000000000042784e in Fdelete_frame (frame=20100373, force=12634498) at
frame.c:1495
Note that the freed frame in #20 is the same as the one about to
be highlighted in #0. delete_frame would later execute
f->terminal = 0; /* Now the frame is dead. */
but won't, since x_destroy_window has not returned yet. But
x_free_frame_resources has executed
f->output_data.x = NULL;
, so FRAME_LIVE_P(f) is still true, but FRAME_X_DISPLAY is no
good at this moment. Then in x_frame_rehighlight the deleted
frame becomes the x_highlight_frame.
(gdb) p /x dpyinfo->x_focus_frame
$30 = 0x11c7e68
(gdb) p /x dpyinfo->x_highlight_frame
$27 = 0x132b510
(gdb) pp dpyinfo->x_focus_frame.focus_frame
#<frame emacs@luca 0x132b510>
(gdb) p /x dpyinfo->x_highlight_frame.output_data.x
$36 = 0x0
(gdb) p /x dpyinfo->x_highlight_frame.terminal
$37 = 0x110e398
The second if condition is false (FRAME_LIVE_P) and
frame_highlight gets called with the halfway deleted frame, calls
FRAME_X_DISPLAY and that's the end.
-ap
gdb.log
Description: Binary data
In GNU Emacs 24.3.50.4 (x86_64-unknown-linux-gnu, GTK+ Version 2.20.1)
of 2013-09-27 on luca
Bzr revision: 114421 eliz@gnu.org-20130921114819-zvk3zil4jau4ucdd
Windowing system distributor `The X.Org Foundation', version 11.0.10707000
System Description: Debian GNU/Linux 6.0.7 (squeeze)
Important settings:
value of $LC_COLLATE: C
value of $LC_MESSAGES: C
value of $LANG: de_DE.UTF-8
locale-coding-system: utf-8-unix
default enable-multibyte-characters: t
Major mode: Emacs-Lisp
Minor modes in effect:
workgroups-mode: t
desktop-save-mode: t
mimo-mode: t
ispell-track-input-method: t
recentf-mode: t
show-paren-mode: t
window-numbering-mode: t
shell-dirtrack-mode: t
scroll-other-window-mode: t
savehist-mode: t
ekey-mode: t
winner-mode: t
eldoc-mode: t
tooltip-mode: t
mouse-wheel-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
column-number-mode: t
line-number-mode: t
transient-mark-mode: t
Recent input:
i f SPC c o n d i M-/ SPC i s SPC f a l s e , SPC d
u e SPC t o SPC M-h M-h DEL DEL SPC ( F R A M-/ M-/
M-/ M-/ ) SPC a n d SPC f r a m e M-/ M-/ M-h M-h h
i M-/ SPC g e t s SPC c a l l e d SPC w i t h SPC M-q
SPC t h e M-h a SPC f r a m e M-b DEL DEL C-p C-p C-p
SPC < = = <backspace> <backspace> - - C-b C-b C-b C-k
C-p C-p C-p C-n C-n C-n C-n C-n C-n M-f SPC d <backspace>
M-SPC M-f C-p C-p C-p C-j C-y C-y C-p C-n C-n C-k M-f
C-e C-n SPC M-b t h e SPC d e l e t e d SPC M-f , SPC
c a l l s SPC C-x o C-u C-SPC C-SPC C-SPC C-c i f r
M-p <return> C-s x _ C-s C-M-d C-M-SPC M-w C-x o C-y
SPC a n d SPC M-q SPC t h a t ' s SPC t h e SPC e n
d . C-x o C-x o M-q C-x o C-x b C-s C-s <return> M-<
C-x C-w / t m p / g <backspace> <return> y y C-x o
C-p M-f SPC h a l f w a y M-q C-n C-l C-j C-j - a p
C-x C-w b u g <return> C-x h C-g M-x i s p e l l <return>
a 0 a a a 1 a a a a a a a a a a C-x C-s C-x h M-w M-x
r e p o r t - e m <tab> b u <tab> <return>
Recent messages:
Mark set [2 times]
Quit
Spell-checking bug using aspell with en dictionary...done
Saving file /tmp/bug...
Wrote /tmp/bug
Mark set [2 times]
Saved text until "RAME_X_DISPLAY and that's the end.
-ap
"
Load-path shadows:
/home/politza/.emacs.d/elpa/yasnippet-20130907.1855/yasnippet hides
/home/politza/.emacs.d/plugins/yasnippet-0.6.1c/yasnippet
/home/politza/.emacs.d/plugins/tblc hides
/home/politza/.emacs.d/plugins/tblc/tblc
/home/politza/.emacs.d/plugins/haskell/haskell-cabal hides
/home/politza/.emacs.d/plugins/haskell-mode/haskell-cabal
/home/politza/.emacs.d/plugins/haskell/haskell-doc hides
/home/politza/.emacs.d/plugins/haskell-mode/haskell-doc
/home/politza/.emacs.d/plugins/haskell/ghc-core hides
/home/politza/.emacs.d/plugins/haskell-mode/ghc-core
/home/politza/.emacs.d/plugins/haskell/haskell-mode hides
/home/politza/.emacs.d/plugins/haskell-mode/haskell-mode
/home/politza/.emacs.d/plugins/haskell/haskell-c hides
/home/politza/.emacs.d/plugins/haskell-mode/haskell-c
/home/politza/.emacs.d/plugins/haskell/haskell-indentation hides
/home/politza/.emacs.d/plugins/haskell-mode/haskell-indentation
/home/politza/.emacs.d/plugins/haskell/haskell-site-file hides
/home/politza/.emacs.d/plugins/haskell-mode/haskell-site-file
/home/politza/.emacs.d/plugins/haskell/haskell-ghci hides
/home/politza/.emacs.d/plugins/haskell-mode/haskell-ghci
/home/politza/.emacs.d/plugins/haskell/inf-haskell hides
/home/politza/.emacs.d/plugins/haskell-mode/inf-haskell
/home/politza/.emacs.d/plugins/haskell/haskell-hugs hides
/home/politza/.emacs.d/plugins/haskell-mode/haskell-hugs
/home/politza/.emacs.d/plugins/haskell/haskell-font-lock hides
/home/politza/.emacs.d/plugins/haskell-mode/haskell-font-lock
/home/politza/.emacs.d/plugins/haskell/haskell-simple-indent hides
/home/politza/.emacs.d/plugins/haskell-mode/haskell-simple-indent
/home/politza/.emacs.d/plugins/haskell/haskell-decl-scan hides
/home/politza/.emacs.d/plugins/haskell-mode/haskell-decl-scan
/home/politza/.emacs.d/plugins/haskell/haskell-indent hides
/home/politza/.emacs.d/plugins/haskell-mode/haskell-indent
/home/politza/.emacs.d/plugins/jedi/scratch hides
/home/politza/.emacs.d/plugins/ewm/scratch
/home/politza/.emacs.d/elpa/company-20130923.513/.dir-locals hides
/home/politza/.emacs.d/plugins/el-get/.dir-locals
/home/politza/.emacs.d/elpa/popup-20130708.2245/popup hides
/home/politza/.emacs.d/plugins/auto-complete/popup
/home/politza/.emacs.d/elpa/auto-complete-20130724.1750/auto-complete-config
hides /home/politza/.emacs.d/plugins/auto-complete/auto-complete-config
/home/politza/.emacs.d/elpa/auto-complete-20130724.1750/auto-complete hides
/home/politza/.emacs.d/plugins/auto-complete/auto-complete
/home/politza/.emacs.d/plugins/saveplace hides
/home/politza/src/emacs/trunk/lisp/saveplace
/home/politza/.emacs.d/plugins/imenu hides
/home/politza/src/emacs/trunk/lisp/imenu
/home/politza/.emacs.d/plugins/term hides
/home/politza/src/emacs/trunk/lisp/term
/home/politza/.emacs.d/elpa/company-20130923.513/.dir-locals hides
/home/politza/src/emacs/trunk/lisp/gnus/.dir-locals
/home/politza/.emacs.d/plugins/matlab/matlab hides
/usr/share/emacs-snapshot/site-lisp/emacs-goodies-el/matlab
/home/politza/.emacs.d/plugins/boxquote hides
/usr/share/emacs-snapshot/site-lisp/emacs-goodies-el/boxquote
/home/politza/.emacs.d/plugins/bm hides
/usr/share/emacs-snapshot/site-lisp/emacs-goodies-el/bm
/home/politza/.emacs.d/plugins/haskell/haskell-decl-scan hides
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-decl-scan
/home/politza/.emacs.d/plugins/haskell/haskell-c hides
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-c
/home/politza/.emacs.d/plugins/haskell/haskell-ghci hides
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-ghci
/home/politza/.emacs.d/plugins/haskell/haskell-doc hides
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-doc
/home/politza/.emacs.d/plugins/haskell/haskell-indent hides
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-indent
/home/politza/.emacs.d/plugins/haskell/haskell-mode hides
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-mode
/home/politza/.emacs.d/plugins/haskell/haskell-hugs hides
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-hugs
/home/politza/.emacs.d/plugins/haskell/haskell-site-file hides
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-site-file
/home/politza/.emacs.d/plugins/haskell/haskell-cabal hides
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-cabal
/home/politza/.emacs.d/plugins/haskell/inf-haskell hides
/usr/share/emacs-snapshot/site-lisp/haskell-mode/inf-haskell
/home/politza/.emacs.d/plugins/haskell/haskell-font-lock hides
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-font-lock
/home/politza/.emacs.d/plugins/haskell/haskell-simple-indent hides
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-simple-indent
/home/politza/.emacs.d/plugins/haskell/haskell-indentation hides
/usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-indentation
Features:
(shadow sort bbdb-message mail-extr gnus-msg gnus-art mm-uu mml2015
epg-config mm-view mml-smime smime dig mailcap emacsbug sendmail ispell
hi-lock ibuf-ext align dired-aux make-mode debug haskell-font-lock
haskell-indent haskell-indentation haskell-mode etags reposition
misearch multi-isearch doc-view-fixed-scroll pdftk-outline jedi
auto-complete popup epc ctable concurrent deferred python vc-git
vc-dispatcher vc-svn vc-bzr cc-langs cc-mode cc-fonts cc-guess cc-menus
cc-cmds cc-styles cc-align cc-engine cc-vars cc-defs dired-eshell
workgroups bookmark pp yasnippet emacs-customizations
nogroup-customizations wp-customizations view-customizations
tex-customizations reftex-customizations
reftex-miscellaneous-configurations-customizations
reftex-label-support-customizations
reftex-referencing-labels-customizations
reftex-defining-label-environments-customizations AUCTeX-customizations
preview-customizations preview-latex-customizations
preview-appearance-customizations TeX-parse-customizations
TeX-file-customizations TeX-command-customizations
TeX-view-customizations LaTeX-customizations LaTeX-macro-customizations
LaTeX-math-customizations LaTeX-indentation-customizations
table-customizations table-hooks-customizations outlines-customizations
programming-customizations tools-customizations vc-customizations
log-edit-customizations semantic-customizations makefile-customizations
etags-customizations ediff-customizations diff-customizations
diff-mode-customizations languages-customizations elpy-customizations
matlab-customizations sh-customizations python-customizations rx
haskell-customizations c-customizations asm-customizations
multimedia-customizations image-customizations pcase help-customizations
ekey-customizations info-lookup-customizations info-customizations
customize-customizations custom-buffer-customizations
apropos-customizations help-mode files-customizations
uniquify-customizations uniquify sunrise-customizations
recentf-customizations find-file-customizations backup-customizations
faces-customizations highlight-symbol-customizations
font-lock-customizations hi-lock-customizations facemenu-customizations
external-customizations server-customizations processes-customizations
shell-customizations proced-customizations gud-customizations
tooltip-customizations grep-customizations compilation-customizations
next-error-customizations comint-customizations SQL-customizations
man-customizations environment-customizations xterm-customizations
windows-customizations winner-customizations minibuffer-customizations
savehist-customizations completion-spelling lib-string
menu-customizations keyboard-customizations chistory-customizations
initialization-customizations frames-customizations
ediff-window-customizations desktop-customizations desktop frameset
dired-customizations dired-x-customizations dired-x
dired-details-customizations editing-customizations
paragraphs-customizations matching-customizations
paren-matching-customizations paren-showing-customizations
isearch-customizations bookmark-customizations killing-customizations
indent-customizations fill-customizations emulations-customizations
editing-basics-customizations development-customizations
lisp-customizations re-builder-customizations
inferior-lisp-customizations ielm-customizations ert-customizations
edebug-customizations bytecomp-customizations advice-customizations
internal-customizations alloc-customizations extensions-customizations
eldoc-customizations cust-print-customizations data-customizations
save-place-customizations convenience-customizations mimo-customizations
mimo diminish-customizations diminish iedit-customizations
imenu-tree-customizations tags-tree-customizations
company-customizations workgroups-customizations
window-numbering-customizations pabbrev-customizations
kmacro-customizations imenu-customizations ibuffer-customizations
ibuf-macs hl-line-customizations hippie-expand-customizations
file-cache-customizations ffap-customizations completion-customizations
jedi-customizations iswitchb-customizations auto-complete-customizations
browse-kill-ring-customizations auto-revert-customizations
auto-insert-customizations Buffer-menu-customizations
comm-customizations tramp-customizations browse-url-customizations
applications-customizations mediawiki-customizations w3m-customizations
package-customizations mail-customizations bbdb-customizations
bbdb-sendmail-customizations bbdb-mua-customizations bbdb-mua bbdb-com
crm bbdb smtpmail-customizations shr-customizations
sendmail-customizations gnus-customizations nnmail-customizations
nnmail-split-customizations gnus-summary-customizations
gnus-thread-customizations gnus-summary-various-customizations
gnus-summary-sort-customizations gnus-summary-marks-customizations
gnus-summary-maneuvering-customizations
gnus-summary-format-customizations parse-time-rfc2822
gnus-summary-exit-customizations gnus-sum gnus-group gnus-undo
gnus-start gnus-spec gnus-win gnus-start-customizations
gnus-server-customizations gnus-message-customizations
message-customizations message-various-customizations
message-sending-customizations message-buffers-customizations
gnus-group-customizations gnus-group-visual-customizations
gnus-nnimap-format nnimap nnmail gnus-int mail-source message rfc822 mml
mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045
ietf-drums mailabbrev gmm-utils mailheader parse-time tls utf7 netrc
nnoo gnus gnus-ems nnheader mail-utils gnus-group-various-customizations
gnus-group-select-customizations gnus-files-customizations
gnus-newsrc-customizations gnus-exit-customizations
gnus-article-customizations gnus-article-hiding-customizations
ispell-customizations eshell-customizations eshell-module-customizations
eshell-smart-customizations eshell-hist-customizations
eshell-mode-customizations edebug doc-view-customizations
pdf-tools-customizations pdf-annot-customizations
pdf-links-customizations pdf-isearch-customizations pdf-annot tablist
tablist-filter semantic/wisent/comp semantic/wisent
semantic/wisent/wisent semantic/util-modes semantic/util semantic
semantic/tag semantic/lex semantic/fw mode-local cedet pdf-occur
pdf-history pdf-outline pdf-links pdf-isearch pdf-misc imenu pdf-info tq
pdf-render pdf-tools pdf-util gnus-range warnings doc-view jka-compr
image-mode calendar-customizations org-customizations
org-structure-customizations org-plain-lists-customizations
org-edit-structure-customizations org-startup-customizations
org-link-customizations org-latex-customizations
org-appearance-customizations holidays-customizations
calculator-customizations calc-customizations server recentf tree-widget
.autoload paren window-numbering w3m browse-url timezone w3m-hist
w3m-e23 w3m-ccl ccl w3m-fsf w3m-favicon w3m-image w3m-proc w3m-util view
tramp tramp-compat tramp-loaddefs trampver shell track-last-window
scroll-other-window saveplace savehist reftex reftex-vars pabbrev org
ob-tangle ob-ref ob-lob ob-table org-footnote org-src ob-comint ob-keys
org-pcomplete org-list org-faces org-entities noutline outline
org-version ob-emacs-lisp ob org-compat org-macs ob-eval org-loaddefs
format-spec find-func cal-menu calendar cal-loaddefs lib-edit lib-window
lib-isearch lib-buffer reveal iswitchb lib-basic lib-lispext latex
easy-mmode tex-style tex dbus xml tex-site auto-loads info-look info
ibuffer hippie-exp grep compile filecache edit-minibuffer eldoc-eval
pcomplete esh-var esh-io esh-cmd esh-opt esh-ext esh-proc esh-arg
esh-groups eshell esh-module esh-mode esh-util ekey assoc dired-details+
dired dired-details cool-prefix-bindings winner lib-kbd comint-history
comint ansi-color ring browse-kill-ring advice anticus edmacro kmacro
derived cl-macs gv ffap thingatpt url-parse auth-source eieio byte-opt
bytecomp byte-compile cconv eieio-core gnus-util mm-util mail-prsvr
password-cache url-vars eldoc help-fns cus-edit easymenu cus-start
cus-load wid-edit cl cl-loaddefs cl-lib bbdb-loaddefs
cl-format-autoloads package time-date tooltip ediff-hook vc-hooks
lisp-float-type mwheel x-win x-dnd tool-bar dnd fontset image regexp-opt
fringe tabulated-list newcomment lisp-mode prog-mode register page
menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock
syntax facemenu font-core frame cham georgian utf-8-lang misc-lang
vietnamese tibetan thai tai-viet lao korean japanese hebrew greek
romanian slovak czech european ethiopic indian cyrillic chinese
case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer nadvice
loaddefs button faces cus-face macroexp files text-properties overlay
sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process dbusbind
gfilenotify dynamic-setting system-font-setting font-render-setting
move-toolbar gtk x-toolkit x multi-tty emacs)
- bug#15475: 24.3.50; race condition in x_frame_rehighlight,
Andreas Politz <=