On Sun, Aug 30, 2015 at 4:39 PM, Eli Zaretskii wrote: > > Date: Sun, 30 Aug 2015 15:24:26 +0000 > > From: Pip Cet > > Cc: 21380@debbugs.gnu.org > > > > > Further investigation indicates that > > > window-configuration-change-hook was called in the middle of > concat: > > > > Did you understand how this fact is related to the segfault? > > > > > > I _think_ I do. > > > > 1. concat called with args[0] == Vtimer_list > > 2. concat stores result_len (=4) > > 3. concat calls make_list (4) > > 4. make_list interrupted by QUIT > > 5. see stack trace > > 6. window-configuration-change-hook modifies Vtimer_list, which now has > length > > 5 > > 7. control returns to concat > > 8. concat tries to write 5 elements into a 4-element list, which causes > the > > segfault because `tail' is unexpectedly NULL. > > > > Does that make sense to you? > > It does, but there's one additional factor that was supposed to > prevent such problems: the first thing timer_check does is copy > Vtimer_list to a local variable; then it works on that copy. So > whatever happens in the meantime to Vtimer_list should not have > affected concat, because concat is called on a copy. > I'm not sure I understand. This issue is happening while the temporary copy is being created, not afterwards, IIUC.