On 02/27/2014 04:27 PM, nil wrote:

> I ran into the first crash reported on bug #16069, on trunk r116550. It appears to trigger when an xftfont is garbage collected - but only after its Display has been freed and then reused. The guard in xftfont_close is satisfied, then XftFontClose causes xft's reference counting to go out of sync. SIGSEGV occurs when the display is closed (_XftCloseDisplay, XftFontManageMemory, XftFontFindNthUnref returns an unexpected NULL)
>
> To reproduce:
>
> gdb --args emacs -Q -nw
>
> set $dpy = 0
> break xterm.c:9810
>    condition $bpnum $dpy == dpy
> break xterm.c:9814
>    commands
>      silent
>      set $dpy = dpy
>      cont
>    end
> run
>
> M-x server-start
>
> Then repeatedly:
>
> emacsclient -c -n .
> C-x C-c
>
> until the breakpoint fires on Display address reuse. after continuing, closing the terminal should SIGSEGV in xft/src/xftfreetype.c. (This is on an x86_64 linux with recent glibc/xorg/etc, if it makes any difference.)
>
> I'm not nearly familiar enough with the insides of emacs to suggest a fix, I'm afraid. Happy to provide any other information you need, though!

Thanks. Next time please do CC: to appropriate bug (i.e. [bug-number]@debbugs.gnu.org).

Could you please try this patch?

Dmitry