GNU bug report logs -
#16140
24.3.50; GC tries to free invalid font objects
Previous Next
Reported by: Eli Zaretskii <eliz <at> gnu.org>
Date: Sat, 14 Dec 2013 09:52:01 UTC
Severity: normal
Tags: moreinfo
Merged with 16414,
17071,
17602,
17771
Found in versions 24.3.50, 24.3.91, 24.4.50
Fixed in version 24.3.93
Done: Glenn Morris <rgm <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
This program:
(defun bloat-font ()
(interactive)
(let ((fonts (x-list-fonts "*")))
(while fonts
(condition-case nil (set-frame-font (car fonts)) (error nil))
(setq fonts (cdr fonts))
(redisplay))))
reveals some subtle problem in GC: we sometimes try to free font
objects that re not valid (already freed?). Here's one such case:
Program received signal SIGSEGV, Segmentation fault.
0x01160e2c in cleanup_vector (vector=0x100ed2a0) at alloc.c:2884
2884 fnt->driver->close (fnt);
(gdb) p fnt
$1 = (struct font *) 0x100ed2a0
(gdb) p fnt->driver
$2 = (struct font_driver *) 0x26
When I originally saw this, fnt->driver was NULL. I added protection
against that, but then it crashed with non-NULL but still invalid
pointer. Such pointers should never end up in font objects, so how
come they do?
In GNU Emacs 24.3.50.137 (i686-pc-mingw32)
of 2013-12-14 on HOME-C4E4A596F7
Bzr revision: 115517 eliz <at> gnu.org-20131214091610-1glyl0400451irx0
Windowing system distributor `Microsoft Corp.', version 5.1.2600
Configured using:
`configure --prefix=/d/usr --enable-checking=yes,glyphs 'CFLAGS=-O0
-gdwarf-2 -g3''
Important settings:
value of $LANG: ENU
locale-coding-system: cp1255
default enable-multibyte-characters: t
Major mode: Lisp Interaction
Minor modes in effect:
tooltip-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
line-number-mode: t
transient-mark-mode: t
Recent input:
M-x r e p o r t - e m <tab> <return>
Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.
Load-path shadows:
None found.
Features:
(shadow sort gnus-util mail-extr emacsbug message format-spec rfc822 mml
easymenu mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231
mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums
mm-util mail-prsvr mail-utils time-date tooltip electric uniquify
ediff-hook vc-hooks lisp-float-type mwheel dos-w32 ls-lisp
w32-common-fns disp-table w32-win w32-vars tool-bar dnd fontset image
regexp-opt fringe tabulated-list newcomment lisp-mode prog-mode register
page menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock
font-lock syntax facemenu font-core frame cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew
greek romanian slovak czech european ethiopic indian cyrillic chinese
case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer nadvice
loaddefs button faces cus-face macroexp files text-properties overlay
sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process w32notify w32
multi-tty emacs)
This bug report was last modified 10 years and 285 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.