bug#10159: 24.0.91; Segfault with auto-complete package [SEC=UNCLASSIFIE

From: Alex Murray
Subject: bug#10159: 24.0.91; Segfault with auto-complete package [SEC=UNCLASSIFIED]
Date: Mon, 23 Jan 2012 09:18:34 +1030
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20111229 Thunderbird/9.0


On Fri 20 Jan 2012 20:31:09 CST, Eli Zaretskii wrote:
>> Date: Fri, 20 Jan 2012 16:09:26 +1030
>> From: Alex Murray <address@hidden>
>> CC: address@hidden, address@hidden
>> One more - this time with full debugging symbols and bt full log
>> attached :)
>> I'll try and keep the gdb session alive for a while if you need anything
>> further
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x00000000006863ea in composition_compute_stop_pos
>> (cmp_it=0x7fffffff9058, charpos=101, bytepos=118, endpos=116,
>> string=32972417) at composite.c:1073
>> 1073 elt = XCAR (val);
>> (gdb) p string
>> $1 = 32972417
>> (gdb) xtype
>> Lisp_String
>> (gdb) xstring
>> $2 = (struct Lisp_String *) 0x1f71e80
>> " Arglist: (X)", ' ' <repeats 20 times>
> Thanks. Please show the output of these GDB commands:
> (gdb) p val
> (gdb) xtype
> (gdb) p c
> The truth is you already posted information that lets me deduce the
> results, but what I see just doesn't make sense: val is shown to have
> the value of 390, which could only be an Emacs integer, and yet the
> test in the for loop:
> for (ridx = 0; CONSP (val); val = XCDR (val), ridx++)
> should have exited the loop when it sees val that is not a cons cell.
> So I don't understand how come it didn't exit, and tried to extract
> the car of something that isn't a cons cell.
> The value of c also looks bogus, and the values of charpos (101) and
> endpos (116) seem to be inconsistent with the length of `string',
> which is shown as " Arglist: (X)" (13 characters) plus 20 blanks, for
> a total of 33 characters.
> If someone who is reading this has ideas how this could happen, I'm
> all ears.
> Btw, Alex: what version of GCC did you use to compile Emacs?
(gdb) p val
$3 = 390
(gdb) xtype
(gdb) p c
$4 = 14159872

gcc -v
Using built-in specs.
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu/Linaro
4.6.1-9ubuntu3' --with-bugurl=file:///usr/share/doc/gcc-4.6/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++,go --prefix=/usr
--program-suffix=-4.6 --enable-shared --enable-linker-build-id
--with-system-zlib --libexecdir=/usr/lib --without-included-gettext
--enable-threads=posix --with-gxx-include-dir=/usr/include/c++/4.6
--libdir=/usr/lib --enable-nls --with-sysroot=/ --enable-clocale=gnu
--enable-libstdcxx-debug --enable-libstdcxx-time=yes --enable-plugin
--enable-objc-gc --disable-werror --with-arch-32=i686
--with-tune=generic --enable-checking=release --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 4.6.1 (Ubuntu/Linaro 4.6.1-9ubuntu3)

