bug#10159: 24.0.91; Segfault with auto-complete package [SEC=UNCLASSIFIE

From: Eli Zaretskii
Subject: bug#10159: 24.0.91; Segfault with auto-complete package [SEC=UNCLASSIFIED]
Date: Fri, 20 Jan 2012 12:01:09 +0200

> Date: Fri, 20 Jan 2012 16:09:26 +1030
> From: Alex Murray <address@hidden>
> CC: address@hidden, address@hidden
> One more - this time with full debugging symbols and bt full log attached :)
> I'll try and keep the gdb session alive for a while if you need anything
> further
> Program received signal SIGSEGV, Segmentation fault.
> 0x00000000006863ea in composition_compute_stop_pos
> (cmp_it=0x7fffffff9058, charpos=101, bytepos=118, endpos=116,
> string=32972417) at composite.c:1073
> 1073              elt = XCAR (val);
> (gdb) p string
> $1 = 32972417
> (gdb) xtype
> Lisp_String
> (gdb) xstring
> $2 = (struct Lisp_String *) 0x1f71e80
> " Arglist: (X)", ' ' <repeats 20 times>

Thanks.  Please show the output of these GDB commands:

 (gdb) p val
 (gdb) xtype
 (gdb) p c
The truth is you already posted information that lets me deduce the
results, but what I see just doesn't make sense: val is shown to have
the value of 390, which could only be an Emacs integer, and yet the
test in the for loop:

    for (ridx = 0; CONSP (val); val = XCDR (val), ridx++)

should have exited the loop when it sees val that is not a cons cell.
So I don't understand how come it didn't exit, and tried to extract
the car of something that isn't a cons cell.

The value of c also looks bogus, and the values of charpos (101) and
endpos (116) seem to be inconsistent with the length of `string',
which is shown as " Arglist: (X)" (13 characters) plus 20 blanks, for
a total of 33 characters.

If someone who is reading this has ideas how this could happen, I'm
all ears.

Btw, Alex: what version of GCC did you use to compile Emacs?

