Package: emacs;
Reported by: Russell Sim <russell.sim <at> gmail.com>
Date: Thu, 19 Jul 2012 02:17:01 UTC
Severity: normal
Merged with 12175
Found in version 24.1
Done: Eli Zaretskii <eliz <at> gnu.org>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: Russell Sim <russell.sim <at> gmail.com> To: Chong Yidong <cyd <at> gnu.org> Cc: Eli Zaretskii <eliz <at> gnu.org>, 11984 <at> debbugs.gnu.org Subject: bug#11984: 24.1; segfault while deleting a window Date: Sat, 21 Jul 2012 09:44:17 +1000
Chong Yidong <cyd <at> gnu.org> writes:
> Eli Zaretskii <eliz <at> gnu.org> writes:
>
>> Please see if this isn't a duplicate of #11677.
>
> I think the fix for 11677 doesn't go far enough. I can still produce a
> crash on trunk by calling delete-other-windows-internal for a window on
> a dead frame:
>
> M-: (setq w (selected-window)) RET
> M-: (setq f (selected-frame)) RET
> C-x 5 2
> M-: (delete-frame f) RET
> M-: (delete-other-windows-internal w) RET
> Fatal error (11)Segmentation fault (core dumped)
>
> There's a similar problem with window-absolute-pixel-edges.
>
> I committed a fix to the emacs-24 branch adding CHECK_LIVE_FRAME calls
> to those two functions (patch below). But for long-term safety, I think
> decode_any_windows had better signal an error if the window's frame
> isn't live. But I'm not sure if there's any subtle reliance in existing
> code on allowing window functions to be called for windows on dead
> frames---anyone know?
Thanks for the champion effort, but I can still create the bug on
emacs-24 3770cb4 which includes Chongs patch.
Here is a full backtrace, and another core
http://russellsim.org/emacs-24.3770cb4.core
Cheers,
Russell
#0 0x000000000048c56f in Fdelete_other_windows_internal (window=23377989, root=24273109) at window.c:2651
w = 0x164b840
r = 0x17260d0
s = 0xc59212
f = 0xc390d0
sibling = 812
pwindow = 23377989
swindow = 13333010
delta = 12726818
startpos = 1
top = 4
new_top = 32767
resize_failed = -115344
hlinfo = 0xc23222
#1 0x00000000006029a1 in Ffuncall (nargs=3, args=0x7ffffffe3e30) at eval.c:3005
fun = 9345349
original_fun = 12950978
funcar = 103079215107
numargs = 2
lisp_numargs = 12782626
val = 12726818
backtrace = {next = 0x7ffffffe42e0, function = 0x7ffffffe3e30, args = 0x7ffffffe3e38, nargs = 2, debug_on_exit = 0}
internal_args = 0x7ffffffe3e38
i = 12726818
#2 0x000000000064dd88 in exec_byte_code (bytestr=9699617, vector=9699669, maxdepth=20, args_template=12726818, nargs=0, args=0x0) at bytecode.c:785
count = 25
op = 2
vectorp = 0x940160
stack = {pc = 0xb6f0b9 "\210\323\r!\210\324\r!\210Շ", byte_string = 9699617, byte_string_start = 0xb6f058 "\b\204U", constants = 9699669, next = 0x7ffffffe4540}
top = 0x7ffffffe3e30
result = 140737488241984
#3 0x000000000064d2f3 in Fbyte_code (bytestr=9699617, vector=9699669, maxdepth=20) at bytecode.c:423
No locals.
#4 0x000000000060135f in eval_sub (form=9699590) at eval.c:2356
numargs = 12
args_left = 12726818
i = 3
maxargs = 3
argvals = {9699617, 9699669, 20, 140737488241376, 140737488241384, 1, 140737488241296, 5816636}
fun = 12107941
val = 12816597
original_fun = 12866754
original_args = 9699606
funcar = 5815311
backtrace = {next = 0x7ffffffe4a80, function = 0x7ffffffe4310, args = 0x7ffffffe4240, nargs = 3, debug_on_exit = 0}
gcpro1 = {next = 0x7ffffffe4310, var = 0x60212c, nvars = 12864482}
gcpro2 = {next = 0xc23222, var = 0xc23222, nvars = 12726818}
gcpro3 = {next = 0x1, var = 0x7ffffffe4240, nvars = 3}
#5 0x00000000005fef9b in internal_catch (tag=13220914, func=0x600cc5 <eval_sub>, arg=9699590) at eval.c:1272
c = {tag = 13220914, val = 12726818, next = 0x7ffffffe6a50, gcpro = 0x0, jmp = {{__jmpbuf = {140737488242928, -6975756009278694919, 140737488242928, 140737488243584, 0, 0, -6975756009104631303,
6975756540123650553}, __mask_was_saved = 0, __saved_mask = {__val = {6302601, 140737488241872, 16, 12726818, 94489280514, 140737488241872, 2, 140737488243328, 140737488241872, 140737488241880,
1, 24501732, 12769218, 12726818, 13453714, 1}}}}, backlist = 0x7ffffffe4a80, handlerlist = 0x7ffffffe6a20, lisp_eval_depth = 10, pdlcount = 25, poll_suppress_count = 1,
interrupt_input_blocked = 0, byte_stack = 0x7ffffffe4540}
#6 0x000000000064e9e7 in exec_byte_code (bytestr=9699425, vector=9699461, maxdepth=16, args_template=12726818, nargs=0, args=0x0) at bytecode.c:966
v1 = 9699590
count = 20
op = 141
vectorp = 0x940090
stack = {pc = 0xb6f0e2 "-\207", byte_string = 9699425, byte_string_start = 0xb6f0c5 "\306\b!\020\307\b!\031\310\b\311\"\032\310\b\303\"\033ʉ\034\035\313\t!\210\314͍-\207", constants = 9699461,
next = 0x7ffffffe59a0}
top = 0x7ffffffe44d0
result = 9465332
#7 0x00000000006033a1 in funcall_lambda (fun=9699365, nargs=0, arg_vector=0x7ffffffe48f0) at eval.c:3233
val = 24501733
syms_left = 12726818
next = 12782626
lexenv = 12726818
count = 19
i = 0
optional = 1
rest = 0
#8 0x0000000000602ea8 in apply_lambda (fun=9699365, args=12726818) at eval.c:3110
args_left = 12726818
i = 0
numargs = 0
arg_vector = 0x7ffffffe48f0
gcpro1 = {next = 0x7ffffffe49b0, var = 0x5fd422, nvars = 0}
gcpro2 = {next = 0xc40d72, var = 0xc23222, nvars = 12726818}
gcpro3 = {next = 0x7ffffffe49b0, var = 0xc23222, nvars = 9469820}
tem = 24501733
sa_count = 19
sa_must_free = 0
#9 0x0000000000601524 in eval_sub (form=22141830) at eval.c:2395
fun = 9699365
val = 24501733
original_fun = 13582674
original_args = 12726818
funcar = 4307814658
backtrace = {next = 0x7ffffffe4d50, function = 0x7ffffffe4ab0, args = 0x7ffffffe48f0, nargs = 0, debug_on_exit = 0}
gcpro1 = {next = 0xc23222, var = 0x7ffffffe4b80, nvars = 140737488243344}
gcpro2 = {next = 0x16e1ee0, var = 0xbfbf10, nvars = 83}
gcpro3 = {next = 0xbfbf10, var = 0xc23252, nvars = 2}
#10 0x00000000005fd4f3 in Fprogn (args=24304358) at eval.c:364
val = 24501733
gcpro1 = {next = 0x14ca9d2, var = 0xc23222, nvars = 0}
#11 0x00000000005febe8 in Flet (args=24304310) at eval.c:1120
temps = 0x7ffffffe4b80
tem = 12726818
lexenv = 12726818
elt = 19830738
varlist = 12726818
count = 11
argnum = 8
gcpro1 = {next = 0xc23222, var = 0x172daa6, nvars = 140737488243824}
gcpro2 = {next = 0xc23222, var = 0x100000000, nvars = 8}
sa_count = 11
sa_must_free = 0
#12 0x000000000060101e in eval_sub (form=24304294) at eval.c:2298
numargs = 48
args_left = 24304310
i = 23618246
maxargs = 12726818
argvals = {24304294, 22139094, 23038731, 140737488243936, 140737488244112, 6298491, 22139094, 23618230}
fun = 12098237
val = 2
original_fun = 12849106
original_args = 24304310
funcar = 12726818
backtrace = {next = 0x7ffffffe4ec0, function = 0x7ffffffe4d80, args = 0x7ffffffe4d78, nargs = -1, debug_on_exit = 0}
gcpro1 = {next = 0x12c, var = 0x602d3a, nvars = 4}
gcpro2 = {next = 0x7ffffffe4df0, var = 0x10, nvars = 140737488244144}
gcpro3 = {next = 0xc860c2, var = 0x14caa02, nvars = 140737488244112}
#13 0x00000000006015f8 in eval_sub (form=23618198) at eval.c:2411
fun = 22139110
val = 21801474
original_fun = 21801378
original_args = 23618246
funcar = 12847362
backtrace = {next = 0x7ffffffe5160, function = 0x7ffffffe4ef0, args = 0x7ffffffe4ee8, nargs = -1, debug_on_exit = 0}
gcpro1 = {next = 0x7ffffffe4ed0, var = 0x123b6a6, nvars = 19886944}
gcpro2 = {next = 0x7ffffffe4ff0, var = 0x60101e, nvars = 0}
gcpro3 = {next = 0x10, var = 0x168cae1, nvars = 140737488253344}
#14 0x00000000005fd4f3 in Fprogn (args=23618294) at eval.c:364
val = 12726818
gcpro1 = {next = 0x7ffffffe4e40, var = 0xc23222, nvars = 23596737}
#15 0x00000000005febe8 in Flet (args=23618182) at eval.c:1120
temps = 0x7ffffffe4fc0
tem = 23644897
lexenv = 12726818
elt = 23618134
varlist = 12726818
count = 10
argnum = 1
gcpro1 = {next = 0xc23222, var = 0xc1e0d6, nvars = 23487648}
gcpro2 = {next = 0x7ffffffe5040, var = 0x5fd4f3, nvars = 1}
sa_count = 10
sa_must_free = 0
#16 0x000000000060101e in eval_sub (form=23618118) at eval.c:2298
numargs = 8
args_left = 23618182
i = 12726818
maxargs = 12778914
argvals = {1040, 4294967298, 140737263341256, 4294967297, 140737488241632, 20, 3, 3}
fun = 12098237
val = 12726818
original_fun = 12849106
original_args = 23618182
funcar = 6097238
backtrace = {next = 0x7ffffffe5300, function = 0x7ffffffe5190, args = 0x7ffffffe5188, nargs = -1, debug_on_exit = 0}
gcpro1 = {next = 0x7ffffffe5190, var = 0x5d, nvars = 45}
gcpro2 = {next = 0x7ffffffe71a0, var = 0x0, nvars = 0}
gcpro3 = {next = 0x17b3b00, var = 0x7ffffffe57d0, nvars = 140737263341152}
#17 0x00000000005fd4f3 in Fprogn (args=23618310) at eval.c:364
val = 12726818
gcpro1 = {next = 0xbfbe50, var = 0x1, nvars = 14170053}
#18 0x000000000060333c in funcall_lambda (fun=23618326, nargs=1, arg_vector=0x7ffffffe53d8) at eval.c:3226
val = 6187332
syms_left = 12726818
next = 22878050
lexenv = 12726818
count = 8
i = 1
optional = 1
rest = 0
#19 0x0000000000602c3d in Ffuncall (nargs=2, args=0x7ffffffe53d0) at eval.c:3063
fun = 23618326
original_fun = 22815506
funcar = 12778914
numargs = 1
lisp_numargs = 12726818
val = 0
backtrace = {next = 0x7ffffffe5650, function = 0x7ffffffe53d0, args = 0x7ffffffe53d8, nargs = 1, debug_on_exit = 0}
internal_args = 0x7ffffffe53d8
i = 5650438
#20 0x00000000005fcc16 in Fcall_interactively (function=22815506, record_flag=12726818, keys=12773141) at callint.c:852
val = 140737488246352
args = 0x7ffffffe53d0
visargs = 0x7ffffffe53b0
specs = 23644801
filter_specs = 23644801
teml = 3
up_event = 12726818
enable = 12726818
speccount = 6
next_event = 0
prefix_arg = 12726818
string = 0x7ffffffe53f0 "p"
tem = 0x6b49cc ""
varies = 0x7ffffffe5390 ""
i = 2
nargs = 2
foo = 0
arg_from_tty = 0
gcpro1 = {next = 0x18, var = 0x16693d0, nvars = 140737488246000}
gcpro2 = {next = 0x1669588, var = 0xc2fda2, nvars = 0}
gcpro3 = {next = 0x7ffffffe5d80, var = 0x9, nvars = 2}
gcpro4 = {next = 0x7ffffffe54e0, var = 0x5e2ae8, nvars = 2}
gcpro5 = {next = 0x7ffffffe54e0, var = 0x602c3d, nvars = 256}
key_count = 0
record_then_fail = 0
save_this_command = 12726818
save_last_command = 12726818
save_this_original_command = 12726818
save_real_this_command = 12726818
#21 0x00000000006029d0 in Ffuncall (nargs=4, args=0x7ffffffe56f0) at eval.c:3009
fun = 12097229
original_fun = 12867138
funcar = 15073441
numargs = 3
lisp_numargs = 140737488246704
val = 0
backtrace = {next = 0x7ffffffe5820, function = 0x7ffffffe56f0, args = 0x7ffffffe56f8, nargs = 3, debug_on_exit = 0}
internal_args = 0x7ffffffe56f8
i = 140737488253344
#22 0x00000000006021d6 in call3 (fn=12867138, arg1=22815506, arg2=12726818, arg3=12726818) at eval.c:2802
ret_ungc_val = 140737488246736
gcpro1 = {next = 0x7ffffffe5730, var = 0x1686316, nvars = 4}
args = {12867138, 22815506, 12726818, 12726818}
#23 0x0000000000576933 in Fcommand_execute (cmd=22815506, record_flag=12726818, keys=12726818, special=12726818) at keyboard.c:10330
final = 23618326
tem = 12778914
prefixarg = 12726818
#24 0x0000000000602a03 in Ffuncall (nargs=2, args=0x7ffffffe5910) at eval.c:3013
fun = 9363453
original_fun = 12774274
funcar = 9955025
numargs = 1
lisp_numargs = 140737488246928
val = 12726866
backtrace = {next = 0x7ffffffe5d80, function = 0x7ffffffe5910, args = 0x7ffffffe5918, nargs = 1, debug_on_exit = 0}
internal_args = 0x7ffffffe57d0
i = 4
#25 0x000000000064dd88 in exec_byte_code (bytestr=9953465, vector=9953501, maxdepth=88, args_template=1028, nargs=1, args=0x7ffffffe5e10) at bytecode.c:785
count = 4
op = 1
vectorp = 0x97e0e8
stack = {
pc = 0xb5ae54 "\210\202\201\003\006\b \210\202\201\003\016A❃V\001\331\026B\343\344\003\206P\001\n\211A\022@!!\210\202\201\003\016A坃\220\001\346\347\003\206h\001\n\211A\022@!!\262\t\006\a\203\203\001\006\a\006\t\006\tAB\241\210\006\aA\262\b\202\201\003\006\b\016CB\211\026C\262\b\202\201\003\016A蝃\270\001\347\002\206\241\001\n\211A\022@!\346\001!\351\001!\203\256\001\211\262\002\352\002\314\331#\266\003\202\201\003\016A띃\330\001\347\002\206\311\001\n\211A\022@!\346\001!\352\001\314ى$\266\003\202\201\003\016A욃\001\002\331\026B\001\206\353\001\n\211A\022@\262\t\006\b;\204\367\001\332\355!\210", <incomplete sequence \356>..., byte_string = 9953465, byte_string_start = 0xb5ad24 "\306 \210\b\203\021", constants = 9953501, next = 0x7ffffffe5ee0}
top = 0x7ffffffe5910
result = 140737488253344
#26 0x00000000006030cb in funcall_lambda (fun=9953413, nargs=1, arg_vector=0x7ffffffe5e08) at eval.c:3167
val = 16336112
syms_left = 1028
next = 5
lexenv = 12565392
count = 4
i = 12754864
optional = 0
rest = 15091217
#27 0x0000000000602b89 in Ffuncall (nargs=2, args=0x7ffffffe5e00) at eval.c:3051
fun = 9953413
original_fun = 13735682
funcar = 12889074
numargs = 1
lisp_numargs = 140737488253344
val = 18937910
backtrace = {next = 0x7ffffffe62c0, function = 0x7ffffffe5e00, args = 0x7ffffffe5e08, nargs = 1, debug_on_exit = 0}
internal_args = 0xa0
i = 6185953
#28 0x000000000064dd88 in exec_byte_code (bytestr=9929121, vector=9929157, maxdepth=72, args_template=0, nargs=0, args=0x7ffffffe6350) at bytecode.c:785
count = 4
op = 1
vectorp = 0x9781d0
stack = {pc = 0xb5d7f8 "\210\016H\203\224\006\201", <incomplete sequence \330>, byte_string = 9929121, byte_string_start = 0xb5d170 "\306 \020\307\021\n\023\307\024\310\311!\211\307=\204\060",
constants = 9929157, next = 0x7ffffffe63d0}
top = 0x7ffffffe5e00
result = 64
#29 0x00000000006030cb in funcall_lambda (fun=9929069, nargs=0, arg_vector=0x7ffffffe6350) at eval.c:3167
val = 5
syms_left = 0
next = 140737488250752
lexenv = 5
count = 4
i = 140737488249688
optional = 0
rest = 6156621
#30 0x0000000000602b89 in Ffuncall (nargs=1, args=0x7ffffffe6348) at eval.c:3051
fun = 9929069
original_fun = 13184834
funcar = 12760706
numargs = 0
lisp_numargs = 140737488250752
val = 12726818
backtrace = {next = 0x7ffffffe6910, function = 0x7ffffffe6348, args = 0x7ffffffe6350, nargs = 0, debug_on_exit = 0}
internal_args = 0x80
i = 6185953
#31 0x000000000064dd88 in exec_byte_code (bytestr=9923665, vector=9923701, maxdepth=32, args_template=0, nargs=0, args=0x7ffffffe6780) at bytecode.c:785
count = 3
op = 0
vectorp = 0x976c80
stack = {pc = 0xb5e13d "\210)\210\346\347\350\"\210\351\317\352\"\211;\203\240", byte_string = 9923665, byte_string_start = 0xb5e0b6 "\b\203\b", constants = 9923701, next = 0x0}
top = 0x7ffffffe6348
result = 140737488250848
#32 0x00000000006030cb in funcall_lambda (fun=9923613, nargs=0, arg_vector=0x7ffffffe6780) at eval.c:3167
val = 140737353853576
syms_left = 0
next = 8227920807149371393
lexenv = 16
count = 3
i = 140737259718280
optional = 32767
rest = 2
#33 0x0000000000602ea8 in apply_lambda (fun=9923613, args=12726818) at eval.c:3110
args_left = 12726818
i = 0
numargs = 0
arg_vector = 0x7ffffffe6780
gcpro1 = {next = 0x8, var = 0x7ffff26f1cc0, nvars = 0}
gcpro2 = {next = 0xffffffffffffff00, var = 0x7, nvars = 140737488251280}
gcpro3 = {next = 0x8, var = 0x7fffee437000, nvars = 888944}
tem = 0
sa_count = 3
sa_must_free = 0
#34 0x0000000000601524 in eval_sub (form=13140662) at eval.c:2395
fun = 9923613
val = 140737488251672
original_fun = 13834530
args_left = 12726818
i = 0
numargs = 0
arg_vector = 0x7ffffffe6780
gcpro1 = {next = 0x8, var = 0x7ffff26f1cc0, nvars = 0}
gcpro2 = {next = 0xffffffffffffff00, var = 0x7, nvars = 140737488251280}
gcpro3 = {next = 0x8, var = 0x7fffee437000, nvars = 888944}
tem = 0
sa_count = 3
sa_must_free = 0
#34 0x0000000000601524 in eval_sub (form=13140662) at eval.c:2395
fun = 9923613
val = 140737488251672
original_fun = 13834530
original_args = 12726818
funcar = 0
backtrace = {next = 0x0, function = 0x7ffffffe6940, args = 0x7ffffffe6780, nargs = 0, debug_on_exit = 0}
gcpro1 = {next = 0x7fff00000017, var = 0x102a10a06, nvars = 140737259669880}
gcpro2 = {next = 0xa8428197, var = 0xc23222, nvars = 140737488251232}
gcpro3 = {next = 0x10822fdb, var = 0x7ffffffe6930, nvars = 140737353853264}
#35 0x0000000000600cb3 in Feval (form=13140662, lexical=12726818) at eval.c:2204
count = 2
#36 0x0000000000563cad in top_level_2 () at keyboard.c:1169
No locals.
#37 0x00000000005ff611 in internal_condition_case (bfun=0x563c90 <top_level_2>, handlers=12779106, hfun=0x56386c <cmd_error>) at eval.c:1515
val = 5651631
c = {tag = 12726818, val = 12726818, next = 0x7ffffffe6bc0, gcpro = 0x0, jmp = {{__jmpbuf = {0, -6975756009930909191, 4278368, 140737488253344, 0, 0, -6975756009891063303, 6975756539251497465},
__mask_was_saved = 0, __saved_mask = {__val = {4294967295, 13595766, 1, 9336904, 0, 0, 0, 0, 140737351952882, 1, 0, 0, 140737259697808, 0, 0, 140737488252112}}}}, backlist = 0x0,
handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2, poll_suppress_count = 1, interrupt_input_blocked = 0, byte_stack = 0x0}
h = {handler = 12779106, var = 12726818, chosen_clause = 48, tag = 0x7ffffffe6a50, next = 0x0}
#38 0x0000000000563ce7 in top_level_1 (ignore=12726818) at keyboard.c:1177
No locals.
#39 0x00000000005fef9b in internal_catch (tag=12774850, func=0x563caf <top_level_1>, arg=12726818) at eval.c:1272
c = {tag = 12774850, val = 12726818, next = 0x0, gcpro = 0x0, jmp = {{__jmpbuf = {0, -6975756010086098439, 4278368, 140737488253344, 0, 0, -6975756009903646215, 6975756540123650553},
__mask_was_saved = 0, __saved_mask = {__val = {6187332, 100, 4294967296, 352, 30064771072, 12121664, 12754864, 344, 0, 140737488252064, 12952912, 14, 0, 4278368, 140737488253344,
140737488252144}}}}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2, poll_suppress_count = 1, interrupt_input_blocked = 0, byte_stack = 0x0}
#40 0x0000000000563c0b in command_loop () at keyboard.c:1132
No locals.
#41 0x00000000005633b0 in recursive_edit_1 () at keyboard.c:759
count = 1
val = 12726818
#42 0x0000000000563553 in Frecursive_edit () at keyboard.c:823
count = 0
buffer = 12726818
#43 0x00000000005615f0 in main (argc=1739, argv=0x7ffffffe71a8) at emacs.c:1715
dummy = 4239669
stack_bottom_variable = 0 '\000'
do_initial_setlocale = 1
skip_args = 1
rlim = {rlim_cur = 8720000, rlim_max = 18446744073709551615}
no_loadup = 0
junk = 0x0
dname_arg = 0x0
ch_to_dir = 0x7ffff7fc8d38 "\200\344\377\367\377\177"
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.