[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through
From: |
Pip Cet |
Subject: |
bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c |
Date: |
Sat, 13 Mar 2021 11:24:28 +0000 |
On Sat, Mar 13, 2021 at 11:10 AM Eli Zaretskii <eliz@gnu.org> wrote:
> > From: Pip Cet <pipcet@gmail.com>
> > Date: Sat, 13 Mar 2021 08:53:04 +0000
> > Cc: Andrea Corallo <akrl@sdf.org>, 47067@debbugs.gnu.org
> >
> > It's c-beginning-of-statement-1 that I think is the immediate caller.
>
> It's nowhere in the C backtrace, only its caller
But it was in one of the previous backtraces?
> c-font-lock-cut-off-declarators is. And I'm not sure we can trust the
> C backtrace anyway, given its abnormalities that I cannot explain yet.
Good point.
> > Can you disassemble the function around 0x09c32285 (or, in another
> > dump, whatever calls Flss), particularly the 256 bytes or so before
> > that EIP?
>
> Below. The updated address for the caller of Flss is 0x09d82285,
> which is not in any function whose name is known to GDB.
That's normal, assuming you didn't compile with comp-debug > 0.
> (gdb) disassemble 0x9d82100,+0x200
> Dump of assembler code from 0x9d82100 to 0x9d82300:
> 0x09d82100: mov %edx,-0xe4(%ebp)
> 0x09d82106: mov 0x9e87564,%edx
> 0x09d8210c: mov %eax,-0xe0(%ebp)
> 0x09d82112: mov -0x100(%ebp),%eax
> 0x09d82118: mov %edx,-0xdc(%ebp)
> 0x09d8211e: mov %eax,0x4(%esp)
> 0x09d82122: call *0xd84(%ebx)
> 0x09d82128: mov %eax,-0xf0(%ebp)
> 0x09d8212e: mov %edx,-0xec(%ebp)
> 0x09d82134: mov %eax,(%esp)
> 0x09d82137: mov %edx,0x4(%esp)
> 0x09d8213b: call *0xad8(%ebx)
> 0x09d82141: mov %eax,-0xf0(%ebp)
> 0x09d82147: mov %edx,-0xec(%ebp)
> 0x09d8214d: call *0xab0(%ebx)
> 0x09d82153: jmp 0x9d80934
> 0x09d82158: lea 0x0(%esi,%eiz,1),%esi
> 0x09d8215f: nop
> 0x09d82160: mov 0x9e87b50,%eax
> 0x09d82165: mov 0x9e87b54,%edx
> 0x09d8216b: mov %eax,-0xf0(%ebp)
> 0x09d82171: mov 0x9e87aa0,%eax
> 0x09d82176: mov %edx,-0xec(%ebp)
> 0x09d8217c: mov 0x9e87aa4,%edx
> 0x09d82182: mov %eax,(%esp)
> 0x09d82185: mov %edx,0x4(%esp)
> 0x09d82189: call *0x1358(%ebx)
> 0x09d8218f: movl $0x4,(%esp)
> 0x09d82196: mov %eax,-0xe8(%ebp)
> 0x09d8219c: mov 0x9e875f0,%eax
> 0x09d821a1: mov %edx,-0xe4(%ebp)
> 0x09d821a7: mov 0x9e875f4,%edx
> 0x09d821ad: mov %eax,-0xe0(%ebp)
> 0x09d821b3: mov %eax,-0xd8(%ebp)
> 0x09d821b9: mov -0x100(%ebp),%eax
> 0x09d821bf: mov %edx,-0xdc(%ebp)
> 0x09d821c5: mov %edx,-0xd4(%ebp)
> 0x09d821cb: mov %eax,0x4(%esp)
> 0x09d821cf: call *0xd84(%ebx)
> 0x09d821d5: mov 0x9e8a750,%ecx
> 0x09d821db: mov %eax,-0xf0(%ebp)
> 0x09d821e1: mov (%ecx),%ecx
> 0x09d821e3: mov %edx,-0xec(%ebp)
> 0x09d821e9: mov 0x54(%ecx),%esi
> 0x09d821ec: mov 0x20(%esi),%esi
> 0x09d821ef: mov %esi,0x54(%ecx)
> 0x09d821f2: jmp 0x9d808b2
> 0x09d821f7: lea 0x0(%esi,%eiz,1),%esi
> 0x09d821fe: xchg %ax,%ax
> 0x09d82200: mov 0x9e87950,%eax
> 0x09d82205: mov 0x9e87954,%edx
> 0x09d8220b: mov %eax,(%esp)
> 0x09d8220e: mov %edx,0x4(%esp)
> 0x09d82212: call *0x1358(%ebx)
> 0x09d82218: mov %edx,-0xec(%ebp)
> 0x09d8221e: or %eax,%edx
> 0x09d82220: mov %eax,-0xf0(%ebp)
> 0x09d82226: je 0x9d82308
> 0x09d8222c: mov 0x9e87690,%eax
> 0x09d82231: mov 0x9e87694,%edx
> 0x09d82237: mov %eax,(%esp)
> 0x09d8223a: mov %edx,0x4(%esp)
> 0x09d8223e: call *0x1358(%ebx)
> 0x09d82244: mov %eax,-0xf0(%ebp)
> 0x09d8224a: mov 0x9e875a8,%eax
> 0x09d8224f: mov %edx,-0xec(%ebp)
> 0x09d82255: mov 0x9e875ac,%edx
> 0x09d8225b: mov %eax,(%esp)
> 0x09d8225e: mov %edx,0x4(%esp)
> 0x09d82262: call *0x1358(%ebx)
> 0x09d82268: mov %edi,0x4(%esp)
> 0x09d8226c: mov %eax,-0xe8(%ebp)
> 0x09d82272: mov %edx,-0xe4(%ebp)
> 0x09d82278: movl $0x2,(%esp)
> 0x09d8227f: call *0x1318(%ebx)
> 0x09d82285: mov %edx,-0xec(%ebp) <<<<<<<<<<<<<<<<<<<<
So EDI is bunk at this point. Can you go back a bit further to where
it's initialized?
> (gdb) info registers
> eax 0x30 48
> ecx 0x6a54fe8 111497192
> edx 0x8 8
> ebx 0x187b8c0 25671872
> esp 0x826650 0x826650
> ebp 0x826778 0x826778
> esi 0x4002d2b0 1073926832
> edi 0x28 40
That value should be between 0x826650 and 0x826778.
Pip
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, (continued)
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Andrea Corallo, 2021/03/21
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Pip Cet, 2021/03/12
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/12
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Pip Cet, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Pip Cet, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c,
Pip Cet <=
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Pip Cet, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Pip Cet, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Pip Cet, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Pip Cet, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Eli Zaretskii, 2021/03/13
- bug#47067: 28.0.50; [feature/native-comp] Crash while scrolling through dispnew.c, Andrea Corallo, 2021/03/13