From unknown Sat Jun 21 03:26:00 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#16512: 24.3; Segmentation fault from empty byte-code object literal
Resent-From: Christopher Wellons <wellons@nullprogram.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 21 Jan 2014 02:12:02 +0000
Resent-Message-ID: <handler.16512.B.139027031531459@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 16512
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
To: 16512@debbugs.gnu.org
X-Debbugs-Original-To: bug-gnu-emacs@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.139027031531459
          (code B ref -1); Tue, 21 Jan 2014 02:12:02 +0000
Received: (at submit) by debbugs.gnu.org; 21 Jan 2014 02:11:55 +0000
Received: from localhost ([127.0.0.1]:58826 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1W5Qol-0008BL-7C
	for submit@debbugs.gnu.org; Mon, 20 Jan 2014 21:11:55 -0500
Received: from eggs.gnu.org ([208.118.235.92]:60975)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <wellons@nullprogram.com>) id 1W5Qoi-0008B9-Rm
 for submit@debbugs.gnu.org; Mon, 20 Jan 2014 21:11:53 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <wellons@nullprogram.com>) id 1W5Qoc-0000Qz-R6
 for submit@debbugs.gnu.org; Mon, 20 Jan 2014 21:11:52 -0500
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled
 version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:55362)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <wellons@nullprogram.com>) id 1W5Qoc-0000Qv-Nd
 for submit@debbugs.gnu.org; Mon, 20 Jan 2014 21:11:46 -0500
Received: from eggs.gnu.org ([2001:4830:134:3::10]:34452)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <wellons@nullprogram.com>) id 1W5QoX-0008TZ-K1
 for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 21:11:46 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <wellons@nullprogram.com>) id 1W5QoS-0000QH-JO
 for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 21:11:41 -0500
Received: from mail.nullprogram.com ([192.241.191.137]:59655)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <wellons@nullprogram.com>) id 1W5QoS-0000Q3-F8
 for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 21:11:36 -0500
Received: from localhost ([127.0.0.1] helo=susie.zeus.nullprogram.com)
 by mail.nullprogram.com with esmtp (Exim 4.82)
 (envelope-from <wellons@nullprogram.com>) id 1W5QoK-0000rz-0s
 for bug-gnu-emacs@gnu.org; Mon, 20 Jan 2014 21:11:30 -0500
From: Christopher Wellons <wellons@nullprogram.com>
X-Hashcash: 1:20:140121:bug-gnu-emacs@gnu.org::bi4+FXadye/td2vF:000000000000000000000000000000000000000039Ze
Date: Mon, 20 Jan 2014 21:11:27 -0500
Message-ID: <8761pegk34.fsf@susie.zeus.nullprogram.com>
MIME-Version: 1.0
Content-Type: text/plain
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x [generic]
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
 (bad octet value).
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -5.0 (-----)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.0 (-----)


The following command will cause a segmentation fault in 24.3.1 under
GNU/Linux, both 32-bit and 64-bit. The key is that empty byte-code
object. The rest is there just to make Emacs do enough work to crash.

    emacs -Q --eval '(type-of #[])' \
             --eval '(insert "(defun ())")' \
             -f eval-last-sexp

Pure speculation about why: is it assuming that the byte-code object has
at least four elements, dereferencing garbage somewhere past the end?
The manual states byte-code objects "must have at least four elements,"
which is enforced by `make-byte-code' but *not* enforced for byte-code
literals.


Fatal error 11: Segmentation fault
Backtrace:
emacs[0x4f74cb]
emacs[0x4dcf2e]
emacs[0x4f611e]
emacs[0x4f6283]
/lib/x86_64-linux-gnu/libpthread.so.0(+0xf210)[0x7f9276bad210]
emacs[0x5617bb]
emacs[0x564232]
emacs[0x564c67]
emacs[0x565b77]
emacs[0x4aacff]
emacs[0x4ab4f4]
emacs[0x4ab698]
emacs[0x4acc7d]
emacs[0x43a3bd]
emacs[0x4412fe]
emacs[0x441431]
emacs[0x44acbd]
emacs[0x4e754c]
emacs[0x4e99d8]
emacs[0x4ebd4d]
emacs[0x54e453]
emacs[0x4dd3be]
emacs[0x54e32e]
emacs[0x4e1c07]
emacs[0x4e1f04]
emacs[0x4171c5]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f9276813995]
emacs[0x417ccf]
Segmentation fault


Here's the "bt full" showing the crash is actually occuring in
/lib/x86_64-linux-gnu/libthread_db.so.1.


(gdb) run --eval '(type-of #[])'
Starting program: /usr/bin/emacs --eval '(type-of #[])'
warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7ffff7ffa000
warning: Could not load shared library symbols for linux-vdso.so.1.
Do you need "set solib-search-path" or "set sysroot"?
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fffe8a23700 (LWP 15364)]
[New Thread 0x7fffe3fff700 (LWP 15365)]

Program received signal SIGSEGV, Segmentation fault.
0x00000000005617bb in ?? ()
(gdb) bt full
#0  0x00000000005617bb in ?? ()
No symbol table info available.
#1  0x0000000000564232 in ?? ()
No symbol table info available.
#2  0x0000000000564c67 in ?? ()
No symbol table info available.
#3  0x0000000000565b77 in ?? ()
No symbol table info available.
#4  0x00000000004aacff in ?? ()
No symbol table info available.
#5  0x00000000004ab4f4 in ?? ()
No symbol table info available.
#6  0x00000000004ab698 in ?? ()
No symbol table info available.
#7  0x00000000004acc7d in ?? ()
No symbol table info available.
#8  0x000000000043a3bd in ?? ()
No symbol table info available.
#9  0x00000000004412fe in ?? ()
No symbol table info available.
#10 0x0000000000441431 in ?? ()
No symbol table info available.
#11 0x000000000044acbd in ?? ()
No symbol table info available.
#12 0x00000000004e754c in ?? ()
No symbol table info available.
#13 0x00000000004e99d8 in ?? ()
No symbol table info available.
#14 0x00000000004ebd4d in ?? ()
No symbol table info available.
#15 0x000000000054e453 in ?? ()
No symbol table info available.
#16 0x00000000004dd3be in ?? ()
No symbol table info available.
#17 0x000000000054e32e in ?? ()
No symbol table info available.
#18 0x00000000004e1c07 in ?? ()
No symbol table info available.
#19 0x00000000004e1f04 in ?? ()
No symbol table info available.
#20 0x00000000004171c5 in ?? ()
No symbol table info available.
#21 0x00007ffff11df995 in __libc_start_main (main=0x4167b0, argc=3,
    ubp_av=0x7fffffffe868, init=<optimized out>, fini=<optimized out>,
    rtld_fini=<optimized out>, stack_end=0x7fffffffe858) at libc-start.c:276
        result = <optimized out>
        unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, 8758318328891328105,
                4291750, 140737488349280, 0, 0, -8758318329162348951,
                -8758324633951386007}, mask_was_saved = 0}}, priv = {pad = {0x0,
              0x0, 0x5d14f0, 0x7fffffffe868}, data = {prev = 0x0, cleanup = 0x0,
              canceltype = 6100208}}}
        not_first_call = <optimized out>
#22 0x0000000000417ccf in ?? ()
No symbol table info available.



In GNU Emacs 24.3.1 (x86_64-pc-linux-gnu, GTK+ Version 3.8.6)
 of 2013-12-22 on brahms, modified by Debian
Windowing system distributor `The X.Org Foundation', version 11.0.11405000
System Description:	Debian GNU/Linux unstable (sid)

Configured using:
 `configure '--build' 'x86_64-linux-gnu' '--build' 'x86_64-linux-gnu'
 '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib'
 '--localstatedir=/var/lib' '--infodir=/usr/share/info'
 '--mandir=/usr/share/man' '--with-pop=yes'
 '--enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.3/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.3/site-lisp:/usr/share/emacs/site-lisp'
 '--with-crt-dir=/usr/lib/x86_64-linux-gnu' '--with-x=yes'
 '--with-x-toolkit=gtk3' '--with-toolkit-scroll-bars'
 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fstack-protector
 --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall'
 'LDFLAGS=-Wl,-z,relro' 'CPPFLAGS=-D_FORTIFY_SOURCE=2''

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t




From unknown Sat Jun 21 03:26:00 2025
X-Loop: help-debbugs@gnu.org
Subject: bug#16512: 24.3; Segmentation fault from empty byte-code object literal
References: <8761pegk34.fsf@susie.zeus.nullprogram.com>
In-Reply-To: <8761pegk34.fsf@susie.zeus.nullprogram.com>
Resent-From: Barry OReilly <gundaetiapo@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 21 Jan 2014 02:52:02 +0000
Resent-Message-ID: <handler.16512.B16512.13902726733190@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 16512
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
To: wellons@nullprogram.com, 16512@debbugs.gnu.org
Received: via spool by 16512-submit@debbugs.gnu.org id=B16512.13902726733190
          (code B ref 16512); Tue, 21 Jan 2014 02:52:02 +0000
Received: (at 16512) by debbugs.gnu.org; 21 Jan 2014 02:51:13 +0000
Received: from localhost ([127.0.0.1]:58837 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1W5RQn-0000pN-1k
	for submit@debbugs.gnu.org; Mon, 20 Jan 2014 21:51:13 -0500
Received: from mail-oa0-f43.google.com ([209.85.219.43]:43929)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <gundaetiapo@gmail.com>) id 1W5RQk-0000pD-VR
 for 16512@debbugs.gnu.org; Mon, 20 Jan 2014 21:51:11 -0500
Received: by mail-oa0-f43.google.com with SMTP id h16so8008268oag.16
 for <16512@debbugs.gnu.org>; Mon, 20 Jan 2014 18:51:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:date:message-id:subject:from:to:content-type;
 bh=VtBcz74slrbMx9XbbpZ87ubpOoz/+G2n7nuyMSxTpQg=;
 b=SRDgAjYRMshFt9WW46vda6eviYt/PcVjwqCniMFmYkQxJPPfd9DHfQLu0bbbNIMF47
 enJypwtPl38tXjPbgIOcz4/RNgb0qlLv5J3P3opc4fwsDd1w2Pw11g84XdYcoWTOdDq5
 EHagNTW/SpfWNc4RwDqeUxHRZldAPxnscYymqtLyjrYaxMQdAyXje1oZLOQxmr25F2aF
 bBehnDaOlR1ieKOhwj9cciYrs/HQBfzZRfFaDopsByjlhDKnizFgK6R5Dd9N5ZAWmXyO
 FSNdKK31XR6OU0moCDiKOx62vBmXc1Et/YNVFZp9125G4c9hxjG6ekdrwUC3GTMoYr+2
 bBBg==
MIME-Version: 1.0
X-Received: by 10.182.22.135 with SMTP id d7mr18244816obf.1.1390272670176;
 Mon, 20 Jan 2014 18:51:10 -0800 (PST)
Received: by 10.76.21.84 with HTTP; Mon, 20 Jan 2014 18:51:10 -0800 (PST)
Date: Mon, 20 Jan 2014 21:51:10 -0500
Message-ID: <CAFM41H0iaW=4G-WYuPEWrtc8giTLLpUmDoO_Sy2-zqLK7cyzEQ@mail.gmail.com>
From: Barry OReilly <gundaetiapo@gmail.com>
Content-Type: multipart/alternative; boundary=001a11c2e190a59c6804f07214bc
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

--001a11c2e190a59c6804f07214bc
Content-Type: text/plain; charset=ISO-8859-1

This was fixed on trunk under bug 15405.

http://debbugs.gnu.org/cgi/bugreport.cgi?bug=15405

--001a11c2e190a59c6804f07214bc
Content-Type: text/html; charset=ISO-8859-1

<div dir="ltr">This was fixed on trunk under bug 15405.<br><br><a href="http://debbugs.gnu.org/cgi/bugreport.cgi?bug=15405">http://debbugs.gnu.org/cgi/bugreport.cgi?bug=15405</a><br><br></div>

--001a11c2e190a59c6804f07214bc--




From debbugs-submit-bounces@debbugs.gnu.org Mon Jan 20 22:37:13 2014
Received: (at control) by debbugs.gnu.org; 21 Jan 2014 03:37:13 +0000
Received: from localhost ([127.0.0.1]:58850 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1W5S9J-00029o-2T
	for submit@debbugs.gnu.org; Mon, 20 Jan 2014 22:37:13 -0500
Received: from fencepost.gnu.org ([208.118.235.10]:47085)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <rgm@gnu.org>) id 1W5S9H-00029e-ML
 for control@debbugs.gnu.org; Mon, 20 Jan 2014 22:37:12 -0500
Received: from rgm by fencepost.gnu.org with local (Exim 4.71)
 (envelope-from <rgm@gnu.org>) id 1W5S9E-0000HP-9c
 for control@debbugs.gnu.org; Mon, 20 Jan 2014 22:37:08 -0500
Date: Mon, 20 Jan 2014 22:37:08 -0500
Message-Id: <E1W5S9E-0000HP-9c@fencepost.gnu.org>
Subject: control message for bug 16512
To: <control@debbugs.gnu.org>
X-Mailer: mail (GNU Mailutils 2.1)
From: Glenn Morris <rgm@gnu.org>
X-Spam-Score: -5.6 (-----)
X-Debbugs-Envelope-To: control
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <http://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <http://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <http://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -5.6 (-----)

unarchive 15405
fixed 16512 24.4
forcemerge 15405 16512