Package: emacs;
Reported by: Matthew Woodcraft <matthew <at> woodcraft.me.uk>
Date: Wed, 11 Jul 2012 21:47:01 UTC
Severity: normal
Found in version 24.1.50
Done: Andreas Schwab <schwab <at> linux-m68k.org>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: Matthew Woodcraft <matthew <at> woodcraft.me.uk> To: 11917 <at> debbugs.gnu.org Subject: bug#11917: 24.1.50; Segfault in with make-local-variable and indirect buffers Date: Wed, 11 Jul 2012 22:25:57 +0100
I've been getting frequent crashes when using indirect buffers. I've
narrowed them down to the following recipe, which consistently gets a
segmentation fault for me with Emacs 24:
cat > /tmp/crashme.el <<EOF
(define-derived-mode crashme-mode fundamental-mode
(make-local-variable 'crashme)
)
EOF
cat > /tmp/crashme.txt <<EOF
-*- crashme -*-
EOF
emacs -Q -l /tmp/crashme.el /tmp/crashme.txt
M-x clone-indirect-buffer
C-x k
This is with bzr trunk as of 2012-07-05.
I've seen what I believe is the same bug with the released emacs 24.1
(but I don't have access to that at the moment to test).
Notes:
The culprit seems to be this bit in buffer.c swap_out_buffer_local_variables:
if (EQ (SYMBOL_BLV (XSYMBOL (sym))->where, buffer))
{
/* Symbol is set up for this buffer's old local value:
swap it out! */
swap_in_global_binding (XSYMBOL (sym));
}
(see full backtrace below).
I've also seen it crash in clone-indirect-buffer (though more usually
it's only when you kill the buffer). In that case it seems to be this
bit in buffer.c set_buffer_internal_1:
if (sym->redirect == SYMBOL_LOCALIZED /* Just to be sure. */
&& SYMBOL_BLV (sym)->fwd)
/* Just reference the variable
to cause it to become set for this buffer. */
Fsymbol_value (var);
-----
In GNU Emacs 24.1.50.1 (i486-pc-linux-gnu, GTK+ Version 3.4.2)
of 2012-07-10 on golux, modified by Debian
(emacs-snapshot package, version 2:20120705-1mjw1)
Windowing system distributor `The X.Org Foundation', version 11.0.11201902
Configured using:
`configure '--build' 'i486-linux-gnu' '--host' 'i486-linux-gnu'
'--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib'
'--localstatedir=/var' '--infodir=/usr/share/info'
'--mandir=/usr/share/man' '--with-pop=yes'
'--enable-locallisppath=/etc/emacs-snapshot:/etc/emacs:/usr/local/share/emacs/24.1.50/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.1.50/site-lisp:/usr/share/emacs/site-lisp'
'--without-compress-info' '--with-crt-dir=/usr/lib/i386-linux-gnu/'
'--with-x=yes' '--with-x-toolkit=gtk3' '--with-imagemagick=yes'
'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu'
'CFLAGS=-DDEBIAN -DSITELOAD_PURESIZE_EXTRA=5000 -g -O2' 'LDFLAGS=-g
-Wl,--as-needed -znocombreloc' 'CPPFLAGS=-D_FORTIFY_SOURCE=2''
Important settings:
value of $LC_CTYPE: en_GB.UTF-8
locale-coding-system: utf-8-unix
default enable-multibyte-characters: t
-----
#0 0x08156a8c in swap_out_buffer_local_variables (b=b <at> entry=0x8b7db28)
at buffer.c:2505
sym = 142721624
oalist = <optimized out>
alist = 142203662
buffer = 146266925
#1 0x0815a379 in Fkill_buffer (buffer_or_name=138991257) at buffer.c:1656
buffer = 146266925
b = 0x8b7db28
tem = 138831130
m = <optimized out>
#2 0x081ac0f3 in Ffuncall (nargs=nargs <at> entry=2, args=args <at> entry=0xffffcdf0)
at eval.c:2819
fun = 136786053
original_fun = <optimized out>
funcar = <optimized out>
numargs = 1
lisp_numargs = <optimized out>
val = <optimized out>
backtrace = {
next = 0xffffcedc,
function = 0xffffcdf0,
args = 0xffffcdf4,
nargs = 1,
debug_on_exit = 0
}
internal_args = 0xffffcdf4
i = <optimized out>
#3 0x081a89ed in Fcall_interactively (function=138908474,
record_flag=138831130, keys=138840221) at callint.c:853
val = <optimized out>
args = 0xffffcdf0
visargs = 0xffffcdd0
specs = <optimized out>
filter_specs = <optimized out>
teml = <optimized out>
up_event = 138831130
enable = 1
speccount = 3
next_event = 2
prefix_arg = 138831130
string = 0xffffce10 "bKill buffer: "
tem = <optimized out>
varies = 0xffffcdb0 ""
i = <optimized out>
nargs = <optimized out>
foo = <optimized out>
arg_from_tty = <optimized out>
key_count = 2
record_then_fail = 0
save_this_command = 138908474
save_last_command = 141330122
save_this_original_command = 138908474
save_real_this_command = 138908474
#4 0x081ac0d2 in Ffuncall (nargs=nargs <at> entry=4, args=args <at> entry=0xffffcf20)
at eval.c:2826
fun = 138425997
original_fun = <optimized out>
funcar = <optimized out>
numargs = 3
lisp_numargs = <optimized out>
val = <optimized out>
backtrace = {
next = 0x0,
function = 0xffffcf20,
args = 0xffffcf24,
nargs = 3,
debug_on_exit = 0
}
internal_args = 0xffffcf24
i = <optimized out>
#5 0x081ac3a7 in call3 (fn=138909330, arg1=138908474, arg2=138831130,
arg3=138831130) at eval.c:2619
ret_ungc_val = 142721622
args = {138909330, 138908474, 138831130, 138831130}
#6 0x0813c365 in Fcommand_execute (cmd=138909330, record_flag=138908474,
keys=138831130, special=138831130) at keyboard.c:10338
final = <optimized out>
tem = <optimized out>
prefixarg = <optimized out>
#7 0x081486c1 in command_loop_1 () at keyboard.c:1569
scount = 2
cmd = <optimized out>
keybuf = {96, 428, 142397630, 138831130, -10888, 135521619, 142397630,
138831154, -12297, 138831130, -12297, 138831130, 138831130,
135521917, 142397630, -12297, -157819388, 2, 140496742, 138831130,
-10888, 138831130, 140496742, 4613402, 400, 1, 0, 138831130, -10888,
135514425}
i = <optimized out>
prev_modiff = 2
prev_buffer = 0x8b7db28
#8 0x081aa6e0 in internal_condition_case (
bfun=bfun <at> entry=0x81483a0 <command_loop_1>, handlers=138864682,
hfun=hfun <at> entry=0x813e5a0 <cmd_error>) at eval.c:1332
val = <optimized out>
c = {
tag = 138831130,
val = 138831130,
next = 0xffffd168,
gcpro = 0x0,
jmp = {{
__jmpbuf = {1, 0, 138831130, -10888, -602430504, 385542199},
__mask_was_saved = 0,
__saved_mask = {
__val = {4294955296, 4294955224, 4294955236, 4294955216,
4160739592, 0, 136456303, 2, 134555894, 4294955216, 0, 0, 0,
0, 135610259, 2, 4294955364, 4294955216, 0, 0, 0,
4137164516, 4139719464, 134555158, 4294967295, 4160737268,
134555894, 1, 4294955312, 4160674838, 4160740032, 4132181552}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
h = {
handler = 138864682,
var = 138831130,
chosen_clause = 138831154,
tag = 0xffffd058,
next = 0x0
}
#9 0x0813ceb5 in command_loop_2 (ignore=ignore <at> entry=138831130)
at keyboard.c:1152
val = 142721622
#10 0x081aa60b in internal_catch (tag=138862658,
func=func <at> entry=0x813ce90 <command_loop_2>, arg=138831130) at eval.c:1089
c = {
tag = 138862658,
val = 138831130,
next = 0x0,
gcpro = 0x0,
jmp = {{
__jmpbuf = {1, 0, 138831130, -10888, -602577960, 385646135},
__mask_was_saved = 0,
__saved_mask = {
__val = {0, 0, 0, 0, 4138247633, 140593801, 136244952,
142614060, 136549538, 14, 0, 142614060, 14, 136549538,
4294955592, 22, 0, 22, 4294955592, 400, 4294957049,
136549538, 138953370, 138831130, 138953368, 4294956408,
135976291, 138953370, 138831130, 138831130, 1, 4138550208}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
#11 0x0813e0da in command_loop () at keyboard.c:1131
No locals.
#12 recursive_edit_1 () at keyboard.c:752
count = <optimized out>
val = 0
#13 0x0813e3ca in Frecursive_edit () at keyboard.c:816
count = 0
buffer = 138831130
#14 0x0805aa90 in main (argc=<optimized out>, argv=0xffffd634) at emacs.c:1693
dummy = 0
stack_bottom_variable = 0 '\000'
do_initial_setlocale = <optimized out>
skip_args = 0
rlim = {
rlim_cur = 8388608,
rlim_max = 18446744073709551615
}
no_loadup = 0
junk = 0x0
dname_arg = 0x0
ch_to_dir = 0xf6bf1b28 ""
Lisp Backtrace:
"kill-buffer" (0xffffcdf4)
"call-interactively" (0xffffcf24)
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.