Package: emacs;
Reported by: Matthew Woodcraft <matthew <at> woodcraft.me.uk>
Date: Wed, 11 Jul 2012 21:47:01 UTC
Severity: normal
Found in version 24.1.50
Done: Andreas Schwab <schwab <at> linux-m68k.org>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: help-debbugs <at> gnu.org (GNU bug Tracking System) To: Andreas Schwab <schwab <at> linux-m68k.org> Cc: tracker <at> debbugs.gnu.org Subject: bug#11917: closed (24.1.50; Segfault in with make-local-variable and indirect buffers) Date: Thu, 12 Jul 2012 07:21:02 +0000
[Message part 1 (text/plain, inline)]
Your message dated Thu, 12 Jul 2012 09:15:19 +0200 with message-id <m2txxdmovs.fsf <at> igel.home> and subject line Re: bug#11917: 24.1.50; Segfault in with make-local-variable and indirect buffers has caused the debbugs.gnu.org bug report #11917, regarding 24.1.50; Segfault in with make-local-variable and indirect buffers to be marked as done. (If you believe you have received this mail in error, please contact help-debbugs <at> gnu.org.) -- 11917: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=11917 GNU Bug Tracking System Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
From: Matthew Woodcraft <matthew <at> woodcraft.me.uk> To: bug-gnu-emacs <at> gnu.org Subject: 24.1.50; Segfault in with make-local-variable and indirect buffers Date: Wed, 11 Jul 2012 22:25:57 +0100I've been getting frequent crashes when using indirect buffers. I've narrowed them down to the following recipe, which consistently gets a segmentation fault for me with Emacs 24: cat > /tmp/crashme.el <<EOF (define-derived-mode crashme-mode fundamental-mode (make-local-variable 'crashme) ) EOF cat > /tmp/crashme.txt <<EOF -*- crashme -*- EOF emacs -Q -l /tmp/crashme.el /tmp/crashme.txt M-x clone-indirect-buffer C-x k This is with bzr trunk as of 2012-07-05. I've seen what I believe is the same bug with the released emacs 24.1 (but I don't have access to that at the moment to test). Notes: The culprit seems to be this bit in buffer.c swap_out_buffer_local_variables: if (EQ (SYMBOL_BLV (XSYMBOL (sym))->where, buffer)) { /* Symbol is set up for this buffer's old local value: swap it out! */ swap_in_global_binding (XSYMBOL (sym)); } (see full backtrace below). I've also seen it crash in clone-indirect-buffer (though more usually it's only when you kill the buffer). In that case it seems to be this bit in buffer.c set_buffer_internal_1: if (sym->redirect == SYMBOL_LOCALIZED /* Just to be sure. */ && SYMBOL_BLV (sym)->fwd) /* Just reference the variable to cause it to become set for this buffer. */ Fsymbol_value (var); ----- In GNU Emacs 24.1.50.1 (i486-pc-linux-gnu, GTK+ Version 3.4.2) of 2012-07-10 on golux, modified by Debian (emacs-snapshot package, version 2:20120705-1mjw1) Windowing system distributor `The X.Org Foundation', version 11.0.11201902 Configured using: `configure '--build' 'i486-linux-gnu' '--host' 'i486-linux-gnu' '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib' '--localstatedir=/var' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-pop=yes' '--enable-locallisppath=/etc/emacs-snapshot:/etc/emacs:/usr/local/share/emacs/24.1.50/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.1.50/site-lisp:/usr/share/emacs/site-lisp' '--without-compress-info' '--with-crt-dir=/usr/lib/i386-linux-gnu/' '--with-x=yes' '--with-x-toolkit=gtk3' '--with-imagemagick=yes' 'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu' 'CFLAGS=-DDEBIAN -DSITELOAD_PURESIZE_EXTRA=5000 -g -O2' 'LDFLAGS=-g -Wl,--as-needed -znocombreloc' 'CPPFLAGS=-D_FORTIFY_SOURCE=2'' Important settings: value of $LC_CTYPE: en_GB.UTF-8 locale-coding-system: utf-8-unix default enable-multibyte-characters: t ----- #0 0x08156a8c in swap_out_buffer_local_variables (b=b <at> entry=0x8b7db28) at buffer.c:2505 sym = 142721624 oalist = <optimized out> alist = 142203662 buffer = 146266925 #1 0x0815a379 in Fkill_buffer (buffer_or_name=138991257) at buffer.c:1656 buffer = 146266925 b = 0x8b7db28 tem = 138831130 m = <optimized out> #2 0x081ac0f3 in Ffuncall (nargs=nargs <at> entry=2, args=args <at> entry=0xffffcdf0) at eval.c:2819 fun = 136786053 original_fun = <optimized out> funcar = <optimized out> numargs = 1 lisp_numargs = <optimized out> val = <optimized out> backtrace = { next = 0xffffcedc, function = 0xffffcdf0, args = 0xffffcdf4, nargs = 1, debug_on_exit = 0 } internal_args = 0xffffcdf4 i = <optimized out> #3 0x081a89ed in Fcall_interactively (function=138908474, record_flag=138831130, keys=138840221) at callint.c:853 val = <optimized out> args = 0xffffcdf0 visargs = 0xffffcdd0 specs = <optimized out> filter_specs = <optimized out> teml = <optimized out> up_event = 138831130 enable = 1 speccount = 3 next_event = 2 prefix_arg = 138831130 string = 0xffffce10 "bKill buffer: " tem = <optimized out> varies = 0xffffcdb0 "" i = <optimized out> nargs = <optimized out> foo = <optimized out> arg_from_tty = <optimized out> key_count = 2 record_then_fail = 0 save_this_command = 138908474 save_last_command = 141330122 save_this_original_command = 138908474 save_real_this_command = 138908474 #4 0x081ac0d2 in Ffuncall (nargs=nargs <at> entry=4, args=args <at> entry=0xffffcf20) at eval.c:2826 fun = 138425997 original_fun = <optimized out> funcar = <optimized out> numargs = 3 lisp_numargs = <optimized out> val = <optimized out> backtrace = { next = 0x0, function = 0xffffcf20, args = 0xffffcf24, nargs = 3, debug_on_exit = 0 } internal_args = 0xffffcf24 i = <optimized out> #5 0x081ac3a7 in call3 (fn=138909330, arg1=138908474, arg2=138831130, arg3=138831130) at eval.c:2619 ret_ungc_val = 142721622 args = {138909330, 138908474, 138831130, 138831130} #6 0x0813c365 in Fcommand_execute (cmd=138909330, record_flag=138908474, keys=138831130, special=138831130) at keyboard.c:10338 final = <optimized out> tem = <optimized out> prefixarg = <optimized out> #7 0x081486c1 in command_loop_1 () at keyboard.c:1569 scount = 2 cmd = <optimized out> keybuf = {96, 428, 142397630, 138831130, -10888, 135521619, 142397630, 138831154, -12297, 138831130, -12297, 138831130, 138831130, 135521917, 142397630, -12297, -157819388, 2, 140496742, 138831130, -10888, 138831130, 140496742, 4613402, 400, 1, 0, 138831130, -10888, 135514425} i = <optimized out> prev_modiff = 2 prev_buffer = 0x8b7db28 #8 0x081aa6e0 in internal_condition_case ( bfun=bfun <at> entry=0x81483a0 <command_loop_1>, handlers=138864682, hfun=hfun <at> entry=0x813e5a0 <cmd_error>) at eval.c:1332 val = <optimized out> c = { tag = 138831130, val = 138831130, next = 0xffffd168, gcpro = 0x0, jmp = {{ __jmpbuf = {1, 0, 138831130, -10888, -602430504, 385542199}, __mask_was_saved = 0, __saved_mask = { __val = {4294955296, 4294955224, 4294955236, 4294955216, 4160739592, 0, 136456303, 2, 134555894, 4294955216, 0, 0, 0, 0, 135610259, 2, 4294955364, 4294955216, 0, 0, 0, 4137164516, 4139719464, 134555158, 4294967295, 4160737268, 134555894, 1, 4294955312, 4160674838, 4160740032, 4132181552} } }}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2, poll_suppress_count = 1, interrupt_input_blocked = 0, byte_stack = 0x0 } h = { handler = 138864682, var = 138831130, chosen_clause = 138831154, tag = 0xffffd058, next = 0x0 } #9 0x0813ceb5 in command_loop_2 (ignore=ignore <at> entry=138831130) at keyboard.c:1152 val = 142721622 #10 0x081aa60b in internal_catch (tag=138862658, func=func <at> entry=0x813ce90 <command_loop_2>, arg=138831130) at eval.c:1089 c = { tag = 138862658, val = 138831130, next = 0x0, gcpro = 0x0, jmp = {{ __jmpbuf = {1, 0, 138831130, -10888, -602577960, 385646135}, __mask_was_saved = 0, __saved_mask = { __val = {0, 0, 0, 0, 4138247633, 140593801, 136244952, 142614060, 136549538, 14, 0, 142614060, 14, 136549538, 4294955592, 22, 0, 22, 4294955592, 400, 4294957049, 136549538, 138953370, 138831130, 138953368, 4294956408, 135976291, 138953370, 138831130, 138831130, 1, 4138550208} } }}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2, poll_suppress_count = 1, interrupt_input_blocked = 0, byte_stack = 0x0 } #11 0x0813e0da in command_loop () at keyboard.c:1131 No locals. #12 recursive_edit_1 () at keyboard.c:752 count = <optimized out> val = 0 #13 0x0813e3ca in Frecursive_edit () at keyboard.c:816 count = 0 buffer = 138831130 #14 0x0805aa90 in main (argc=<optimized out>, argv=0xffffd634) at emacs.c:1693 dummy = 0 stack_bottom_variable = 0 '\000' do_initial_setlocale = <optimized out> skip_args = 0 rlim = { rlim_cur = 8388608, rlim_max = 18446744073709551615 } no_loadup = 0 junk = 0x0 dname_arg = 0x0 ch_to_dir = 0xf6bf1b28 "" Lisp Backtrace: "kill-buffer" (0xffffcdf4) "call-interactively" (0xffffcf24)
[Message part 3 (message/rfc822, inline)]
From: Andreas Schwab <schwab <at> linux-m68k.org> To: Matthew Woodcraft <matthew <at> woodcraft.me.uk> Cc: 11917-done <at> debbugs.gnu.org Subject: Re: bug#11917: 24.1.50; Segfault in with make-local-variable and indirect buffers Date: Thu, 12 Jul 2012 09:15:19 +0200Reduced test case: emacs --batch --eval "(with-current-buffer (get-buffer-create \"foo\") (make-local-variable 'foo) (make-indirect-buffer (current-buffer) \"bar\" t))" Fixed on emacs-24. Andreas. -- Andreas Schwab, schwab <at> linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.