GNU bug report logs - #15475
24.3.50; race condition in x_frame_rehighlight

Previous Next

Package: emacs;

Reported by: Andreas Politz <politza <at> hochschule-trier.de>

Date: Fri, 27 Sep 2013 23:49:02 UTC

Severity: normal

Found in version 24.3.50

Done: Jan Djärv <jan.h.d <at> swipnet.se>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Jan Djärv <jan.h.d <at> swipnet.se>
To: Andreas Politz <politza <at> hochschule-trier.de>
Cc: 15475 <at> debbugs.gnu.org
Subject: bug#15475: 24.3.50; race condition in x_frame_rehighlight
Date: Sun, 29 Sep 2013 12:22:41 +0200

Hello.

I've checked in a fix, please try it.

Thanks,

	Jan D.

28 sep 2013 kl. 01:47 skrev Andreas Politz <politza <at> hochschule-trier.de>:

> 
> There is a race condition in x_frame_rehighlight regarding input
> redirection, triggering a null-pointer access.  This kinds of
> errors are usually difficult to reproduce.  I used the following
> code, while simultaneously changing focus rapidly via the
> window-manager.
> 
> (defun fn (&optional parms)
>  (let* ((frame (make-frame parms)))
>    (sit-for 1e-100)
>    (redirect-frame-focus (selected-frame) frame)
>    frame))
> 
> (while t
>  (let ((f1 (fn
> 	     '((width . 20)
> 	       (height . 30))))
> 	(f2 (fn
> 	     '((width . 20)
> 	       (height . 30)
> 	       (top . 400)))))
>    (sleep-for (/ (float (random 1000)) 5000))
>    (delete-other-frames)))
> 
> Take a look at this part of the attached back-trace.
> 
> #0  0x00000000004f9b0e in frame_highlight (f=0x132b510) at xterm.c:3204
> #4  0x00000000004fa4ae in x_detect_focus_change (dpyinfo=0x15ba800, frame=0x11c7e68, 
>    event=0x7fffffffb300, bufp=0x7fffffffae50) at xterm.c:3522
> #14 0x00000000004ff413 in XTread_socket (...) at xterm.c:7066
> #19 0x00000000005409e7 in unblock_input () at keyboard.c:7116
> #20 0x0000000000503f82 in x_free_frame_resources (f=0x132b510) at xterm.c:9383
> #21 0x0000000000503fbf in x_destroy_window (f=0x132b510) at xterm.c:9397
> #22 0x00000000004274b7 in delete_frame (frame=20100373, force=12634498) at frame.c:1362
> #23 0x000000000042784e in Fdelete_frame (frame=20100373, force=12634498) at frame.c:1495
> 
> Note that the freed frame in #20 is the same as the one about to
> be highlighted in #0.  delete_frame would later execute
> 
>    f->terminal = 0;             /* Now the frame is dead.  */
> 
> but won't, since x_destroy_window has not returned yet.  But
> x_free_frame_resources has executed
> 
>    f->output_data.x = NULL;
> 
> , so FRAME_LIVE_P(f) is still true, but FRAME_X_DISPLAY is no
> good at this moment.  Then in x_frame_rehighlight the deleted
> frame becomes the x_highlight_frame.
> 
> 
> (gdb) p /x dpyinfo->x_focus_frame
> $30 = 0x11c7e68
> (gdb) p /x dpyinfo->x_highlight_frame 
> $27 = 0x132b510
> (gdb) pp dpyinfo->x_focus_frame.focus_frame
> #<frame emacs <at> luca 0x132b510>
> (gdb) p /x dpyinfo->x_highlight_frame.output_data.x
> $36 = 0x0
> (gdb) p /x dpyinfo->x_highlight_frame.terminal
> $37 = 0x110e398
> 
> The second if condition is false (FRAME_LIVE_P) and
> frame_highlight gets called with the halfway deleted frame, calls
> FRAME_X_DISPLAY and that's the end.
> 
> -ap
> 
> <gdb.log>
> 
> 
> In GNU Emacs 24.3.50.4 (x86_64-unknown-linux-gnu, GTK+ Version 2.20.1)
> of 2013-09-27 on luca
> Bzr revision: 114421 eliz <at> gnu.org-20130921114819-zvk3zil4jau4ucdd
> Windowing system distributor `The X.Org Foundation', version 11.0.10707000
> System Description:	Debian GNU/Linux 6.0.7 (squeeze)
> 
> Important settings:
>  value of $LC_COLLATE: C
>  value of $LC_MESSAGES: C
>  value of $LANG: de_DE.UTF-8
>  locale-coding-system: utf-8-unix
>  default enable-multibyte-characters: t
> 
> Major mode: Emacs-Lisp
> 
> Minor modes in effect:
>  workgroups-mode: t
>  desktop-save-mode: t
>  mimo-mode: t
>  ispell-track-input-method: t
>  recentf-mode: t
>  show-paren-mode: t
>  window-numbering-mode: t
>  shell-dirtrack-mode: t
>  scroll-other-window-mode: t
>  savehist-mode: t
>  ekey-mode: t
>  winner-mode: t
>  eldoc-mode: t
>  tooltip-mode: t
>  mouse-wheel-mode: t
>  file-name-shadow-mode: t
>  global-font-lock-mode: t
>  font-lock-mode: t
>  auto-composition-mode: t
>  auto-encryption-mode: t
>  auto-compression-mode: t
>  column-number-mode: t
>  line-number-mode: t
>  transient-mark-mode: t
> 
> Recent input:
> i f SPC c o n d i M-/ SPC i s SPC f a l s e , SPC d 
> u e SPC t o SPC M-h M-h DEL DEL SPC ( F R A M-/ M-/ 
> M-/ M-/ ) SPC a n d SPC f r a m e M-/ M-/ M-h M-h h 
> i M-/ SPC g e t s SPC c a l l e d SPC w i t h SPC M-q 
> SPC t h e M-h a SPC f r a m e M-b DEL DEL C-p C-p C-p 
> SPC < = = <backspace> <backspace> - - C-b C-b C-b C-k 
> C-p C-p C-p C-n C-n C-n C-n C-n C-n M-f SPC d <backspace> 
> M-SPC M-f C-p C-p C-p C-j C-y C-y C-p C-n C-n C-k M-f 
> C-e C-n SPC M-b t h e SPC d e l e t e d SPC M-f , SPC 
> c a l l s SPC C-x o C-u C-SPC C-SPC C-SPC C-c i f r 
> M-p <return> C-s x _ C-s C-M-d C-M-SPC M-w C-x o C-y 
> SPC a n d SPC M-q SPC t h a t ' s SPC t h e SPC e n 
> d . C-x o C-x o M-q C-x o C-x b C-s C-s <return> M-< 
> C-x C-w / t m p / g <backspace> <return> y y C-x o 
> C-p M-f SPC h a l f w a y M-q C-n C-l C-j C-j - a p 
> C-x C-w b u g <return> C-x h C-g M-x i s p e l l <return> 
> a 0 a a a 1 a a a a a a a a a a C-x C-s C-x h M-w M-x 
> r e p o r t - e m <tab> b u <tab> <return>
> 
> Recent messages:
> Mark set [2 times]
> Quit
> Spell-checking bug using aspell with en dictionary...done
> Saving file /tmp/bug...
> Wrote /tmp/bug
> Mark set [2 times]
> Saved text until "RAME_X_DISPLAY and that's the end.
> 
> -ap
> "
> 
> Load-path shadows:
> /home/politza/.emacs.d/elpa/yasnippet-20130907.1855/yasnippet hides /home/politza/.emacs.d/plugins/yasnippet-0.6.1c/yasnippet
> /home/politza/.emacs.d/plugins/tblc hides /home/politza/.emacs.d/plugins/tblc/tblc
> /home/politza/.emacs.d/plugins/haskell/haskell-cabal hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-cabal
> /home/politza/.emacs.d/plugins/haskell/haskell-doc hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-doc
> /home/politza/.emacs.d/plugins/haskell/ghc-core hides /home/politza/.emacs.d/plugins/haskell-mode/ghc-core
> /home/politza/.emacs.d/plugins/haskell/haskell-mode hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-mode
> /home/politza/.emacs.d/plugins/haskell/haskell-c hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-c
> /home/politza/.emacs.d/plugins/haskell/haskell-indentation hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-indentation
> /home/politza/.emacs.d/plugins/haskell/haskell-site-file hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-site-file
> /home/politza/.emacs.d/plugins/haskell/haskell-ghci hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-ghci
> /home/politza/.emacs.d/plugins/haskell/inf-haskell hides /home/politza/.emacs.d/plugins/haskell-mode/inf-haskell
> /home/politza/.emacs.d/plugins/haskell/haskell-hugs hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-hugs
> /home/politza/.emacs.d/plugins/haskell/haskell-font-lock hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-font-lock
> /home/politza/.emacs.d/plugins/haskell/haskell-simple-indent hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-simple-indent
> /home/politza/.emacs.d/plugins/haskell/haskell-decl-scan hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-decl-scan
> /home/politza/.emacs.d/plugins/haskell/haskell-indent hides /home/politza/.emacs.d/plugins/haskell-mode/haskell-indent
> /home/politza/.emacs.d/plugins/jedi/scratch hides /home/politza/.emacs.d/plugins/ewm/scratch
> /home/politza/.emacs.d/elpa/company-20130923.513/.dir-locals hides /home/politza/.emacs.d/plugins/el-get/.dir-locals
> /home/politza/.emacs.d/elpa/popup-20130708.2245/popup hides /home/politza/.emacs.d/plugins/auto-complete/popup
> /home/politza/.emacs.d/elpa/auto-complete-20130724.1750/auto-complete-config hides /home/politza/.emacs.d/plugins/auto-complete/auto-complete-config
> /home/politza/.emacs.d/elpa/auto-complete-20130724.1750/auto-complete hides /home/politza/.emacs.d/plugins/auto-complete/auto-complete
> /home/politza/.emacs.d/plugins/saveplace hides /home/politza/src/emacs/trunk/lisp/saveplace
> /home/politza/.emacs.d/plugins/imenu hides /home/politza/src/emacs/trunk/lisp/imenu
> /home/politza/.emacs.d/plugins/term hides /home/politza/src/emacs/trunk/lisp/term
> /home/politza/.emacs.d/elpa/company-20130923.513/.dir-locals hides /home/politza/src/emacs/trunk/lisp/gnus/.dir-locals
> /home/politza/.emacs.d/plugins/matlab/matlab hides /usr/share/emacs-snapshot/site-lisp/emacs-goodies-el/matlab
> /home/politza/.emacs.d/plugins/boxquote hides /usr/share/emacs-snapshot/site-lisp/emacs-goodies-el/boxquote
> /home/politza/.emacs.d/plugins/bm hides /usr/share/emacs-snapshot/site-lisp/emacs-goodies-el/bm
> /home/politza/.emacs.d/plugins/haskell/haskell-decl-scan hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-decl-scan
> /home/politza/.emacs.d/plugins/haskell/haskell-c hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-c
> /home/politza/.emacs.d/plugins/haskell/haskell-ghci hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-ghci
> /home/politza/.emacs.d/plugins/haskell/haskell-doc hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-doc
> /home/politza/.emacs.d/plugins/haskell/haskell-indent hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-indent
> /home/politza/.emacs.d/plugins/haskell/haskell-mode hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-mode
> /home/politza/.emacs.d/plugins/haskell/haskell-hugs hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-hugs
> /home/politza/.emacs.d/plugins/haskell/haskell-site-file hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-site-file
> /home/politza/.emacs.d/plugins/haskell/haskell-cabal hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-cabal
> /home/politza/.emacs.d/plugins/haskell/inf-haskell hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/inf-haskell
> /home/politza/.emacs.d/plugins/haskell/haskell-font-lock hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-font-lock
> /home/politza/.emacs.d/plugins/haskell/haskell-simple-indent hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-simple-indent
> /home/politza/.emacs.d/plugins/haskell/haskell-indentation hides /usr/share/emacs-snapshot/site-lisp/haskell-mode/haskell-indentation
> 
> Features:
> (shadow sort bbdb-message mail-extr gnus-msg gnus-art mm-uu mml2015
> epg-config mm-view mml-smime smime dig mailcap emacsbug sendmail ispell
> hi-lock ibuf-ext align dired-aux make-mode debug haskell-font-lock
> haskell-indent haskell-indentation haskell-mode etags reposition
> misearch multi-isearch doc-view-fixed-scroll pdftk-outline jedi
> auto-complete popup epc ctable concurrent deferred python vc-git
> vc-dispatcher vc-svn vc-bzr cc-langs cc-mode cc-fonts cc-guess cc-menus
> cc-cmds cc-styles cc-align cc-engine cc-vars cc-defs dired-eshell
> workgroups bookmark pp yasnippet emacs-customizations
> nogroup-customizations wp-customizations view-customizations
> tex-customizations reftex-customizations
> reftex-miscellaneous-configurations-customizations
> reftex-label-support-customizations
> reftex-referencing-labels-customizations
> reftex-defining-label-environments-customizations AUCTeX-customizations
> preview-customizations preview-latex-customizations
> preview-appearance-customizations TeX-parse-customizations
> TeX-file-customizations TeX-command-customizations
> TeX-view-customizations LaTeX-customizations LaTeX-macro-customizations
> LaTeX-math-customizations LaTeX-indentation-customizations
> table-customizations table-hooks-customizations outlines-customizations
> programming-customizations tools-customizations vc-customizations
> log-edit-customizations semantic-customizations makefile-customizations
> etags-customizations ediff-customizations diff-customizations
> diff-mode-customizations languages-customizations elpy-customizations
> matlab-customizations sh-customizations python-customizations rx
> haskell-customizations c-customizations asm-customizations
> multimedia-customizations image-customizations pcase help-customizations
> ekey-customizations info-lookup-customizations info-customizations
> customize-customizations custom-buffer-customizations
> apropos-customizations help-mode files-customizations
> uniquify-customizations uniquify sunrise-customizations
> recentf-customizations find-file-customizations backup-customizations
> faces-customizations highlight-symbol-customizations
> font-lock-customizations hi-lock-customizations facemenu-customizations
> external-customizations server-customizations processes-customizations
> shell-customizations proced-customizations gud-customizations
> tooltip-customizations grep-customizations compilation-customizations
> next-error-customizations comint-customizations SQL-customizations
> man-customizations environment-customizations xterm-customizations
> windows-customizations winner-customizations minibuffer-customizations
> savehist-customizations completion-spelling lib-string
> menu-customizations keyboard-customizations chistory-customizations
> initialization-customizations frames-customizations
> ediff-window-customizations desktop-customizations desktop frameset
> dired-customizations dired-x-customizations dired-x
> dired-details-customizations editing-customizations
> paragraphs-customizations matching-customizations
> paren-matching-customizations paren-showing-customizations
> isearch-customizations bookmark-customizations killing-customizations
> indent-customizations fill-customizations emulations-customizations
> editing-basics-customizations development-customizations
> lisp-customizations re-builder-customizations
> inferior-lisp-customizations ielm-customizations ert-customizations
> edebug-customizations bytecomp-customizations advice-customizations
> internal-customizations alloc-customizations extensions-customizations
> eldoc-customizations cust-print-customizations data-customizations
> save-place-customizations convenience-customizations mimo-customizations
> mimo diminish-customizations diminish iedit-customizations
> imenu-tree-customizations tags-tree-customizations
> company-customizations workgroups-customizations
> window-numbering-customizations pabbrev-customizations
> kmacro-customizations imenu-customizations ibuffer-customizations
> ibuf-macs hl-line-customizations hippie-expand-customizations
> file-cache-customizations ffap-customizations completion-customizations
> jedi-customizations iswitchb-customizations auto-complete-customizations
> browse-kill-ring-customizations auto-revert-customizations
> auto-insert-customizations Buffer-menu-customizations
> comm-customizations tramp-customizations browse-url-customizations
> applications-customizations mediawiki-customizations w3m-customizations
> package-customizations mail-customizations bbdb-customizations
> bbdb-sendmail-customizations bbdb-mua-customizations bbdb-mua bbdb-com
> crm bbdb smtpmail-customizations shr-customizations
> sendmail-customizations gnus-customizations nnmail-customizations
> nnmail-split-customizations gnus-summary-customizations
> gnus-thread-customizations gnus-summary-various-customizations
> gnus-summary-sort-customizations gnus-summary-marks-customizations
> gnus-summary-maneuvering-customizations
> gnus-summary-format-customizations parse-time-rfc2822
> gnus-summary-exit-customizations gnus-sum gnus-group gnus-undo
> gnus-start gnus-spec gnus-win gnus-start-customizations
> gnus-server-customizations gnus-message-customizations
> message-customizations message-various-customizations
> message-sending-customizations message-buffers-customizations
> gnus-group-customizations gnus-group-visual-customizations
> gnus-nnimap-format nnimap nnmail gnus-int mail-source message rfc822 mml
> mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045
> ietf-drums mailabbrev gmm-utils mailheader parse-time tls utf7 netrc
> nnoo gnus gnus-ems nnheader mail-utils gnus-group-various-customizations
> gnus-group-select-customizations gnus-files-customizations
> gnus-newsrc-customizations gnus-exit-customizations
> gnus-article-customizations gnus-article-hiding-customizations
> ispell-customizations eshell-customizations eshell-module-customizations
> eshell-smart-customizations eshell-hist-customizations
> eshell-mode-customizations edebug doc-view-customizations
> pdf-tools-customizations pdf-annot-customizations
> pdf-links-customizations pdf-isearch-customizations pdf-annot tablist
> tablist-filter semantic/wisent/comp semantic/wisent
> semantic/wisent/wisent semantic/util-modes semantic/util semantic
> semantic/tag semantic/lex semantic/fw mode-local cedet pdf-occur
> pdf-history pdf-outline pdf-links pdf-isearch pdf-misc imenu pdf-info tq
> pdf-render pdf-tools pdf-util gnus-range warnings doc-view jka-compr
> image-mode calendar-customizations org-customizations
> org-structure-customizations org-plain-lists-customizations
> org-edit-structure-customizations org-startup-customizations
> org-link-customizations org-latex-customizations
> org-appearance-customizations holidays-customizations
> calculator-customizations calc-customizations server recentf tree-widget
> .autoload paren window-numbering w3m browse-url timezone w3m-hist
> w3m-e23 w3m-ccl ccl w3m-fsf w3m-favicon w3m-image w3m-proc w3m-util view
> tramp tramp-compat tramp-loaddefs trampver shell track-last-window
> scroll-other-window saveplace savehist reftex reftex-vars pabbrev org
> ob-tangle ob-ref ob-lob ob-table org-footnote org-src ob-comint ob-keys
> org-pcomplete org-list org-faces org-entities noutline outline
> org-version ob-emacs-lisp ob org-compat org-macs ob-eval org-loaddefs
> format-spec find-func cal-menu calendar cal-loaddefs lib-edit lib-window
> lib-isearch lib-buffer reveal iswitchb lib-basic lib-lispext latex
> easy-mmode tex-style tex dbus xml tex-site auto-loads info-look info
> ibuffer hippie-exp grep compile filecache edit-minibuffer eldoc-eval
> pcomplete esh-var esh-io esh-cmd esh-opt esh-ext esh-proc esh-arg
> esh-groups eshell esh-module esh-mode esh-util ekey assoc dired-details+
> dired dired-details cool-prefix-bindings winner lib-kbd comint-history
> comint ansi-color ring browse-kill-ring advice anticus edmacro kmacro
> derived cl-macs gv ffap thingatpt url-parse auth-source eieio byte-opt
> bytecomp byte-compile cconv eieio-core gnus-util mm-util mail-prsvr
> password-cache url-vars eldoc help-fns cus-edit easymenu cus-start
> cus-load wid-edit cl cl-loaddefs cl-lib bbdb-loaddefs
> cl-format-autoloads package time-date tooltip ediff-hook vc-hooks
> lisp-float-type mwheel x-win x-dnd tool-bar dnd fontset image regexp-opt
> fringe tabulated-list newcomment lisp-mode prog-mode register page
> menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock
> syntax facemenu font-core frame cham georgian utf-8-lang misc-lang
> vietnamese tibetan thai tai-viet lao korean japanese hebrew greek
> romanian slovak czech european ethiopic indian cyrillic chinese
> case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer nadvice
> loaddefs button faces cus-face macroexp files text-properties overlay
> sha1 md5 base64 format env code-pages mule custom widget
> hashtable-print-readable backquote make-network-process dbusbind
> gfilenotify dynamic-setting system-font-setting font-render-setting
> move-toolbar gtk x-toolkit x multi-tty emacs)
This bug report was last modified 11 years and 233 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.