Package: emacs;
Reported by: Andreas Politz <politza <at> hochschule-trier.de>
Date: Fri, 27 Sep 2013 23:49:02 UTC
Severity: normal
Found in version 24.3.50
Done: Jan Djärv <jan.h.d <at> swipnet.se>
Bug is archived. No further changes may be made.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Andreas Politz <politza <at> hochschule-trier.de> To: bug-gnu-emacs <at> gnu.org Subject: 24.3.50; race condition in x_frame_rehighlight Date: Sat, 28 Sep 2013 01:47:33 +0200
[Message part 1 (text/plain, inline)]
There is a race condition in x_frame_rehighlight regarding input
redirection, triggering a null-pointer access. This kinds of
errors are usually difficult to reproduce. I used the following
code, while simultaneously changing focus rapidly via the
window-manager.
(defun fn (&optional parms)
(let* ((frame (make-frame parms)))
(sit-for 1e-100)
(redirect-frame-focus (selected-frame) frame)
frame))
(while t
(let ((f1 (fn
'((width . 20)
(height . 30))))
(f2 (fn
'((width . 20)
(height . 30)
(top . 400)))))
(sleep-for (/ (float (random 1000)) 5000))
(delete-other-frames)))
Take a look at this part of the attached back-trace.
#0 0x00000000004f9b0e in frame_highlight (f=0x132b510) at xterm.c:3204
#4 0x00000000004fa4ae in x_detect_focus_change (dpyinfo=0x15ba800, frame=0x11c7e68,
event=0x7fffffffb300, bufp=0x7fffffffae50) at xterm.c:3522
#14 0x00000000004ff413 in XTread_socket (...) at xterm.c:7066
#19 0x00000000005409e7 in unblock_input () at keyboard.c:7116
#20 0x0000000000503f82 in x_free_frame_resources (f=0x132b510) at xterm.c:9383
#21 0x0000000000503fbf in x_destroy_window (f=0x132b510) at xterm.c:9397
#22 0x00000000004274b7 in delete_frame (frame=20100373, force=12634498) at frame.c:1362
#23 0x000000000042784e in Fdelete_frame (frame=20100373, force=12634498) at frame.c:1495
Note that the freed frame in #20 is the same as the one about to
be highlighted in #0. delete_frame would later execute
f->terminal = 0; /* Now the frame is dead. */
but won't, since x_destroy_window has not returned yet. But
x_free_frame_resources has executed
f->output_data.x = NULL;
, so FRAME_LIVE_P(f) is still true, but FRAME_X_DISPLAY is no
good at this moment. Then in x_frame_rehighlight the deleted
frame becomes the x_highlight_frame.
(gdb) p /x dpyinfo->x_focus_frame
$30 = 0x11c7e68
(gdb) p /x dpyinfo->x_highlight_frame
$27 = 0x132b510
(gdb) pp dpyinfo->x_focus_frame.focus_frame
#<frame emacs <at> luca 0x132b510>
(gdb) p /x dpyinfo->x_highlight_frame.output_data.x
$36 = 0x0
(gdb) p /x dpyinfo->x_highlight_frame.terminal
$37 = 0x110e398
The second if condition is false (FRAME_LIVE_P) and
frame_highlight gets called with the halfway deleted frame, calls
FRAME_X_DISPLAY and that's the end.
-ap
[gdb.log (application/octet-stream, attachment)]
[Message part 3 (text/plain, inline)]
In GNU Emacs 24.3.50.4 (x86_64-unknown-linux-gnu, GTK+ Version 2.20.1) of 2013-09-27 on luca Bzr revision: 114421 eliz <at> gnu.org-20130921114819-zvk3zil4jau4ucdd Windowing system distributor `The X.Org Foundation', version 11.0.10707000 System Description: Debian GNU/Linux 6.0.7 (squeeze) Important settings: value of $LC_COLLATE: C value of $LC_MESSAGES: C value of $LANG: de_DE.UTF-8 locale-coding-system: utf-8-unix default enable-multibyte-characters: t Major mode: Emacs-Lisp Minor modes in effect: workgroups-mode: t desktop-save-mode: t mimo-mode: t ispell-track-input-method: t recentf-mode: t show-paren-mode: t window-numbering-mode: t shell-dirtrack-mode: t scroll-other-window-mode: t savehist-mode: t ekey-mode: t winner-mode: t eldoc-mode: t tooltip-mode: t mouse-wheel-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t column-number-mode: t line-number-mode: t transient-mark-mode: t Recent input: i f SPC c o n d i M-/ SPC i s SPC f a l s e , SPC d u e SPC t o SPC M-h M-h DEL DEL SPC ( F R A M-/ M-/ M-/ M-/ ) SPC a n d SPC f r a m e M-/ M-/ M-h M-h h i M-/ SPC g e t s SPC c a l l e d SPC w i t h SPC M-q SPC t h e M-h a SPC f r a m e M-b DEL DEL C-p C-p C-p SPC < = = <backspace> <backspace> - - C-b C-b C-b C-k C-p C-p C-p C-n C-n C-n C-n C-n C-n M-f SPC d <backspace> M-SPC M-f C-p C-p C-p C-j C-y C-y C-p C-n C-n C-k M-f C-e C-n SPC M-b t h e SPC d e l e t e d SPC M-f , SPC c a l l s SPC C-x o C-u C-SPC C-SPC C-SPC C-c i f r M-p <return> C-s x _ C-s C-M-d C-M-SPC M-w C-x o C-y SPC a n d SPC M-q SPC t h a t ' s SPC t h e SPC e n d . C-x o C-x o M-q C-x o C-x b C-s C-s <return> M-< C-x C-w / t m p / g <backspace> <return> y y C-x o C-p M-f SPC h a l f w a y M-q C-n C-l C-j C-j - a p C-x C-w b u g <return> C-x h C-g M-x i s p e l l <return> a 0 a a a 1 a a a a a a a a a a C-x C-s C-x h M-w M-x r e p o r t - e m <tab> b u <tab> <return> Recent messages: Mark set [2 times] Quit Spell-checking bug using aspell with en dictionary...done Saving file /tmp/bug... Wrote /tmp/bug Mark set [2 times] Saved text until "RAME_X_DISPLAY and that's the end. -ap " Load-path shadows: /home/politza/.emacs.d/elpa/yasnippet-20130907.1855/yasnippet hides /home/politza/.emacs.d/plugins/yasnippet-0.6.1c/yasnippet /home/politza/.emacs.d/plugins/tblc hides /home/politza/.emacs.d/plugins/tblc/tblc /home/politza/.emacs.d/plugins/haskell/haskell-cabal hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-cabal /home/politza/.emacs.d/plugins/haskell/haskell-doc hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-doc /home/politza/.emacs.d/plugins/haskell/ghc-core hides /home/politza/.emacs.d/plugins/haskell-mode/ghc-core /home/politza/.emacs.d/plugins/haskell/haskell-mode hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-mode /home/politza/.emacs.d/plugins/haskell/haskell-c hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-c /home/politza/.emacs.d/plugins/haskell/haskell-indentation hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-indentation /home/politza/.emacs.d/plugins/haskell/haskell-site-file hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-site-file /home/politza/.emacs.d/plugins/haskell/haskell-ghci hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-ghci /home/politza/.emacs.d/plugins/haskell/inf-haskell hides /home/politza/.emacs.d/plugins/haskell-mode/inf-haskell /home/politza/.emacs.d/plugins/haskell/haskell-hugs hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-hugs /home/politza/.emacs.d/plugins/haskell/haskell-font-lock hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-font-lock /home/politza/.emacs.d/plugins/haskell/haskell-simple-indent hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-simple-indent /home/politza/.emacs.d/plugins/haskell/haskell-decl-scan hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-decl-scan /home/politza/.emacs.d/plugins/haskell/haskell-indent hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-indent /home/politza/.emacs.d/plugins/jedi/scratch hides /home/politza/.emacs.d/plugins/ewm/scratch /home/politza/.emacs.d/elpa/company-20130923.513/.dir-locals hides /home/politza/.emacs.d/plugins/el-get/.dir-locals /home/politza/.emacs.d/elpa/popup-20130708.2245/popup hides /home/politza/.emacs.d/plugins/auto-complete/popup /home/politza/.emacs.d/elpa/auto-complete-20130724.1750/auto-complete-config hides /home/politza/.emacs.d/plugins/auto-complete/auto-complete-config /home/politza/.emacs.d/elpa/auto-complete-20130724.1750/auto-complete hides /home/politza/.emacs.d/plugins/auto-complete/auto-complete /home/politza/.emacs.d/plugins/saveplace hides /home/politza/src/emacs/trunk/lisp/saveplace /home/politza/.emacs.d/plugins/imenu hides /home/politza/src/emacs/trunk/lisp/imenu /home/politza/.emacs.d/plugins/term hides /home/politza/src/emacs/trunk/lisp/term /home/politza/.emacs.d/elpa/company-20130923.513/.dir-locals hides /home/politza/src/emacs/trunk/lisp/gnus/.dir-locals /home/politza/.emacs.d/plugins/matlab/matlab hides /usr/share/emacs-snapshot/site-lisp/emacs-goodies-el/matlab /home/politza/.emacs.d/plugins/boxquote hides /usr/share/emacs-snapshot/site-lisp/emacs-goodies-el/boxquote /home/politza/.emacs.d/plugins/bm hides /usr/share/emacs-snapshot/site-lisp/emacs-goodies-el/bm /home/politza/.emacs.d/plugins/haskell/haskell-decl-scan hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-decl-scan /home/politza/.emacs.d/plugins/haskell/haskell-c hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-c /home/politza/.emacs.d/plugins/haskell/haskell-ghci hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-ghci /home/politza/.emacs.d/plugins/haskell/haskell-doc hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-doc /home/politza/.emacs.d/plugins/haskell/haskell-indent hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-indent /home/politza/.emacs.d/plugins/haskell/haskell-mode hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-mode /home/politza/.emacs.d/plugins/haskell/haskell-hugs hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-hugs /home/politza/.emacs.d/plugins/haskell/haskell-site-file hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-site-file /home/politza/.emacs.d/plugins/haskell/haskell-cabal hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-cabal /home/politza/.emacs.d/plugins/haskell/inf-haskell hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/inf-haskell /home/politza/.emacs.d/plugins/haskell/haskell-font-lock hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-font-lock /home/politza/.emacs.d/plugins/haskell/haskell-simple-indent hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-simple-indent /home/politza/.emacs.d/plugins/haskell/haskell-indentation hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-indentation Features: (shadow sort bbdb-message mail-extr gnus-msg gnus-art mm-uu mml2015 epg-config mm-view mml-smime smime dig mailcap emacsbug sendmail ispell hi-lock ibuf-ext align dired-aux make-mode debug haskell-font-lock haskell-indent haskell-indentation haskell-mode etags reposition misearch multi-isearch doc-view-fixed-scroll pdftk-outline jedi auto-complete popup epc ctable concurrent deferred python vc-git vc-dispatcher vc-svn vc-bzr cc-langs cc-mode cc-fonts cc-guess cc-menus cc-cmds cc-styles cc-align cc-engine cc-vars cc-defs dired-eshell workgroups bookmark pp yasnippet emacs-customizations nogroup-customizations wp-customizations view-customizations tex-customizations reftex-customizations reftex-miscellaneous-configurations-customizations reftex-label-support-customizations reftex-referencing-labels-customizations reftex-defining-label-environments-customizations AUCTeX-customizations preview-customizations preview-latex-customizations preview-appearance-customizations TeX-parse-customizations TeX-file-customizations TeX-command-customizations TeX-view-customizations LaTeX-customizations LaTeX-macro-customizations LaTeX-math-customizations LaTeX-indentation-customizations table-customizations table-hooks-customizations outlines-customizations programming-customizations tools-customizations vc-customizations log-edit-customizations semantic-customizations makefile-customizations etags-customizations ediff-customizations diff-customizations diff-mode-customizations languages-customizations elpy-customizations matlab-customizations sh-customizations python-customizations rx haskell-customizations c-customizations asm-customizations multimedia-customizations image-customizations pcase help-customizations ekey-customizations info-lookup-customizations info-customizations customize-customizations custom-buffer-customizations apropos-customizations help-mode files-customizations uniquify-customizations uniquify sunrise-customizations recentf-customizations find-file-customizations backup-customizations faces-customizations highlight-symbol-customizations font-lock-customizations hi-lock-customizations facemenu-customizations external-customizations server-customizations processes-customizations shell-customizations proced-customizations gud-customizations tooltip-customizations grep-customizations compilation-customizations next-error-customizations comint-customizations SQL-customizations man-customizations environment-customizations xterm-customizations windows-customizations winner-customizations minibuffer-customizations savehist-customizations completion-spelling lib-string menu-customizations keyboard-customizations chistory-customizations initialization-customizations frames-customizations ediff-window-customizations desktop-customizations desktop frameset dired-customizations dired-x-customizations dired-x dired-details-customizations editing-customizations paragraphs-customizations matching-customizations paren-matching-customizations paren-showing-customizations isearch-customizations bookmark-customizations killing-customizations indent-customizations fill-customizations emulations-customizations editing-basics-customizations development-customizations lisp-customizations re-builder-customizations inferior-lisp-customizations ielm-customizations ert-customizations edebug-customizations bytecomp-customizations advice-customizations internal-customizations alloc-customizations extensions-customizations eldoc-customizations cust-print-customizations data-customizations save-place-customizations convenience-customizations mimo-customizations mimo diminish-customizations diminish iedit-customizations imenu-tree-customizations tags-tree-customizations company-customizations workgroups-customizations window-numbering-customizations pabbrev-customizations kmacro-customizations imenu-customizations ibuffer-customizations ibuf-macs hl-line-customizations hippie-expand-customizations file-cache-customizations ffap-customizations completion-customizations jedi-customizations iswitchb-customizations auto-complete-customizations browse-kill-ring-customizations auto-revert-customizations auto-insert-customizations Buffer-menu-customizations comm-customizations tramp-customizations browse-url-customizations applications-customizations mediawiki-customizations w3m-customizations package-customizations mail-customizations bbdb-customizations bbdb-sendmail-customizations bbdb-mua-customizations bbdb-mua bbdb-com crm bbdb smtpmail-customizations shr-customizations sendmail-customizations gnus-customizations nnmail-customizations nnmail-split-customizations gnus-summary-customizations gnus-thread-customizations gnus-summary-various-customizations gnus-summary-sort-customizations gnus-summary-marks-customizations gnus-summary-maneuvering-customizations gnus-summary-format-customizations parse-time-rfc2822 gnus-summary-exit-customizations gnus-sum gnus-group gnus-undo gnus-start gnus-spec gnus-win gnus-start-customizations gnus-server-customizations gnus-message-customizations message-customizations message-various-customizations message-sending-customizations message-buffers-customizations gnus-group-customizations gnus-group-visual-customizations gnus-nnimap-format nnimap nnmail gnus-int mail-source message rfc822 mml mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045 ietf-drums mailabbrev gmm-utils mailheader parse-time tls utf7 netrc nnoo gnus gnus-ems nnheader mail-utils gnus-group-various-customizations gnus-group-select-customizations gnus-files-customizations gnus-newsrc-customizations gnus-exit-customizations gnus-article-customizations gnus-article-hiding-customizations ispell-customizations eshell-customizations eshell-module-customizations eshell-smart-customizations eshell-hist-customizations eshell-mode-customizations edebug doc-view-customizations pdf-tools-customizations pdf-annot-customizations pdf-links-customizations pdf-isearch-customizations pdf-annot tablist tablist-filter semantic/wisent/comp semantic/wisent semantic/wisent/wisent semantic/util-modes semantic/util semantic semantic/tag semantic/lex semantic/fw mode-local cedet pdf-occur pdf-history pdf-outline pdf-links pdf-isearch pdf-misc imenu pdf-info tq pdf-render pdf-tools pdf-util gnus-range warnings doc-view jka-compr image-mode calendar-customizations org-customizations org-structure-customizations org-plain-lists-customizations org-edit-structure-customizations org-startup-customizations org-link-customizations org-latex-customizations org-appearance-customizations holidays-customizations calculator-customizations calc-customizations server recentf tree-widget .autoload paren window-numbering w3m browse-url timezone w3m-hist w3m-e23 w3m-ccl ccl w3m-fsf w3m-favicon w3m-image w3m-proc w3m-util view tramp tramp-compat tramp-loaddefs trampver shell track-last-window scroll-other-window saveplace savehist reftex reftex-vars pabbrev org ob-tangle ob-ref ob-lob ob-table org-footnote org-src ob-comint ob-keys org-pcomplete org-list org-faces org-entities noutline outline org-version ob-emacs-lisp ob org-compat org-macs ob-eval org-loaddefs format-spec find-func cal-menu calendar cal-loaddefs lib-edit lib-window lib-isearch lib-buffer reveal iswitchb lib-basic lib-lispext latex easy-mmode tex-style tex dbus xml tex-site auto-loads info-look info ibuffer hippie-exp grep compile filecache edit-minibuffer eldoc-eval pcomplete esh-var esh-io esh-cmd esh-opt esh-ext esh-proc esh-arg esh-groups eshell esh-module esh-mode esh-util ekey assoc dired-details+ dired dired-details cool-prefix-bindings winner lib-kbd comint-history comint ansi-color ring browse-kill-ring advice anticus edmacro kmacro derived cl-macs gv ffap thingatpt url-parse auth-source eieio byte-opt bytecomp byte-compile cconv eieio-core gnus-util mm-util mail-prsvr password-cache url-vars eldoc help-fns cus-edit easymenu cus-start cus-load wid-edit cl cl-loaddefs cl-lib bbdb-loaddefs cl-format-autoloads package time-date tooltip ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment lisp-mode prog-mode register page menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote make-network-process dbusbind gfilenotify dynamic-setting system-font-setting font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs)
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.