Reported by: "Juanma Barranquero" <lekktu <at> gmail.com>
Date: Thu, 16 Oct 2008 15:00:03 UTC
Severity: grave
Merged with 872, 1446, 1447, 1448
Found in version 23.0.60
Done: Jason Rumney <jasonr <at> f2s.com>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: "Juanma Barranquero" <lekktu <at> gmail.com> To: "Eli Zaretskii" <eliz <at> gnu.org> Cc: 1179 <1179 <at> debbugs.gnu.org> Subject: bug#1179: Emacs on Windows hangs displaying unibyte strings Date: Fri, 17 Oct 2008 15:32:47 +0200
On Fri, Oct 17, 2008 at 15:01, Eli Zaretskii <eliz <at> gnu.org> wrote:
> It doesn't crash for me, with today's CVS. But the result is strange
> nonetheless, I think: the single á character in the last line above
> are replaced with _two_ empty boxes about which "C-u C-x =" says:
Could you please try with DejaVu Sans Mono?
I see these four different outputs:
- Non-optimized build, Courier New: same as you.
- Non-optimized build, DejaVu Sans Mono: the á character is replaced
by two spaces (not empty boxes) and Emacs hangs.
- Optimized build, Courier New: á is replaced by two empty boxes, Emacs hangs.
- Optimized build, DejaVu Sans Mono: Emacs crashes at w32term.c:1279.
>> Program received signal SIGSEGV, Segmentation fault.
>> 0x011f804c in x_draw_glyph_string_background (s=0x82eae0, force_p=1)
>> at w32term.c:1279
>> 1279 if (FONT_HEIGHT (s->font) < s->height - 2 * box_line_width
>
> So what's the reason of the crash? Is `s' an invalid pointer?
No. s is valid, and so is s->face, for example. s->font is not, however
(gdb) p s
$1 = (struct glyph_string *) 0x82eae0
(gdb) p *s
$2 = {
x = 384,
y = 150,
...
}
(gdb) p *s->face
$3 = {
id = 906494016,
gc = 0x1803,
...
}
(gdb) p *s->font
Cannot access memory at address 0xdae80101
> Or
> maybe GDB is confused by optimizations, and shows in correct source
> line? In the latter case, perhaps disassemblying around the address
> of the crash (0x011f804c according to the above) would give an idea of
> what went wrong.
(gdb) disassemble 0x011f804c
Dump of assembler code for function x_draw_glyph_string_background:
0x011f801c <x_draw_glyph_string_background+0>: push %ebp
0x011f801d <x_draw_glyph_string_background+1>: mov %esp,%ebp
0x011f801f <x_draw_glyph_string_background+3>: push %edi
0x011f8020 <x_draw_glyph_string_background+4>: push %esi
0x011f8021 <x_draw_glyph_string_background+5>: push %ebx
0x011f8022 <x_draw_glyph_string_background+6>: sub $0x2c,%esp
0x011f8025 <x_draw_glyph_string_background+9>: mov %eax,%ebx
0x011f8027 <x_draw_glyph_string_background+11>: mov %edx,%edi
0x011f8029 <x_draw_glyph_string_background+13>: movzbl 0x5c(%eax),%ecx
0x011f802d <x_draw_glyph_string_background+17>: test $0x2,%cl
0x011f8030 <x_draw_glyph_string_background+20>: jne 0x11f8096
<x_draw_glyph_string_background+122>
0x011f8032 <x_draw_glyph_string_background+22>: mov 0x44(%eax),%eax
0x011f8035 <x_draw_glyph_string_background+25>: mov 0x34(%eax),%edx
0x011f8038 <x_draw_glyph_string_background+28>: mov %edx,%eax
0x011f803a <x_draw_glyph_string_background+30>: not %eax
0x011f803c <x_draw_glyph_string_background+32>: sar $0x1f,%eax
0x011f803f <x_draw_glyph_string_background+35>: and %eax,%edx
0x011f8041 <x_draw_glyph_string_background+37>: lea (%edx,%edx,1),%esi
0x011f8044 <x_draw_glyph_string_background+40>: neg %esi
0x011f8046 <x_draw_glyph_string_background+42>: add 0x14(%ebx),%esi
0x011f8049 <x_draw_glyph_string_background+45>: mov 0x48(%ebx),%eax
0x011f804c <x_draw_glyph_string_background+48>: cmp %esi,0x58(%eax)
0x011f804f <x_draw_glyph_string_background+51>: jl 0x11f8056
<x_draw_glyph_string_background+58>
0x011f8051 <x_draw_glyph_string_background+53>: and $0x9,%cl
0x011f8054 <x_draw_glyph_string_background+56>: je 0x11f809e
<x_draw_glyph_string_background+130>
0x011f8056 <x_draw_glyph_string_background+58>: mov 0x10(%ebx),%ecx
0x011f8059 <x_draw_glyph_string_background+61>: add 0x4(%ebx),%edx
0x011f805c <x_draw_glyph_string_background+64>: mov (%ebx),%eax
0x011f805e <x_draw_glyph_string_background+66>: mov %eax,-0x1c(%ebp)
0x011f8061 <x_draw_glyph_string_background+69>: mov %edx,-0x18(%ebp)
0x011f8064 <x_draw_glyph_string_background+72>: add %ecx,%eax
0x011f8066 <x_draw_glyph_string_background+74>: mov %eax,-0x14(%ebp)
0x011f8069 <x_draw_glyph_string_background+77>: lea (%esi,%edx,1),%edx
0x011f806c <x_draw_glyph_string_background+80>: mov %edx,-0x10(%ebp)
0x011f806f <x_draw_glyph_string_background+83>: lea -0x1c(%ebp),%eax
0x011f8072 <x_draw_glyph_string_background+86>: mov %eax,0xc(%esp)
0x011f8076 <x_draw_glyph_string_background+90>: mov 0x60(%ebx),%eax
0x011f8079 <x_draw_glyph_string_background+93>: mov 0x4(%eax),%eax
0x011f807c <x_draw_glyph_string_background+96>: mov %eax,0x8(%esp)
0x011f8080 <x_draw_glyph_string_background+100>: mov 0x64(%ebx),%eax
0x011f8083 <x_draw_glyph_string_background+103>: mov %eax,0x4(%esp)
0x011f8087 <x_draw_glyph_string_background+107>: mov 0x20(%ebx),%eax
0x011f808a <x_draw_glyph_string_background+110>: mov %eax,(%esp)
0x011f808d <x_draw_glyph_string_background+113>: call
0x11f7642 <w32_fill_rect>
0x011f8092 <x_draw_glyph_string_background+118>: orb $0x2,0x5c(%ebx)
0x011f8096 <x_draw_glyph_string_background+122>: add $0x2c,%esp
0x011f8099 <x_draw_glyph_string_background+125>: pop %ebx
0x011f809a <x_draw_glyph_string_background+126>: pop %esi
0x011f809b <x_draw_glyph_string_background+127>: pop %edi
0x011f809c <x_draw_glyph_string_background+128>: pop %ebp
0x011f809d <x_draw_glyph_string_background+129>: ret
0x011f809e <x_draw_glyph_string_background+130>: test %edi,%edi
0x011f80a0 <x_draw_glyph_string_background+132>: je
0x11f8096 <x_draw_glyph_string_background+122>
0x011f80a2 <x_draw_glyph_string_background+134>: jmp
0x11f8056 <x_draw_glyph_string_background+58>
End of assembler dump.
Juanma
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.