GNU bug report logs - #17288
SegFault with emacs in CPP header file (long constructor)

Previous Next

Package: emacs;

Reported by: Dan Faudemer <dan.faudemer <at> gmail.com>

Date: Thu, 17 Apr 2014 21:26:03 UTC

Severity: normal

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#17288: closed (SegFault with emacs in CPP header file (long
 constructor))
Date: Fri, 18 Apr 2014 08:42:02 +0000

[Message part 1 (text/plain, inline)]

Your message dated Fri, 18 Apr 2014 11:41:58 +0300
with message-id <83sipbghbd.fsf <at> gnu.org>
and subject line Re: bug#17288: SegFault with emacs in CPP header file (long constructor)
has caused the debbugs.gnu.org bug report #17288,
regarding SegFault with emacs in CPP header file (long constructor)
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
17288: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=17288
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Dan Faudemer <dan.faudemer <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: SegFault with emacs in CPP header file (long constructor)
Date: Thu, 17 Apr 2014 14:04:44 +0200

[Message part 3 (text/plain, inline)]

From: dan.faudemer <at> neuf.fr
To: bug-gnu-emacs <at> gnu.org
Subject: 24.3; Segfault in CPP Header File with linum
Date: Thu, 17 Apr 2014 07:00:58 -0500
Message-ID: <>
--text follows this line--

Hello,

I have some issue with emacs in a long intialisation constructor, emacs
exit with a segault.

My .emacs contains :
(global-linum-mode 1)
(set-default 'truncate-lines t)

And the header file bug.h :

aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),
aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),
aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),
aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),
                aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),
aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),taaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),saaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),gaaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),caaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),laaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),saaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),laaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),_aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),
aaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),faaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa")

To reproduce the segfault you have to put the cursor on the second line
and press the button to go to the end of the line.

Emacs return to me this error :
/usr/bin/emacs[0x4ef391]
/usr/bin/emacs[0x4d4dbd]
/usr/bin/emacs[0x4ef2ee]
/usr/bin/emacs[0x4ef6a3]
/lib64/libpthread.so.0[0x2b8f483b6be0]
/usr/bin/emacs[0x498926]
/usr/bin/emacs[0x49c180]
/usr/bin/emacs[0x43aab9]
/usr/bin/emacs[0x43abf5]
/usr/bin/emacs[0x44b2dc]
/usr/bin/emacs[0x44f0ff]
/usr/bin/emacs[0x454f8b]
/usr/bin/emacs[0x457349]
/usr/bin/emacs[0x545aa3]
/usr/bin/emacs[0x458675]
/usr/bin/emacs[0x4e2939]
/usr/bin/emacs[0x4e4da7]
/usr/bin/emacs[0x4e6c7b]
/usr/bin/emacs[0x545bf6]
/usr/bin/emacs[0x4dd6ea]
/usr/bin/emacs[0x545cea]
/usr/bin/emacs[0x4dde40]
/usr/bin/emacs[0x4ddf8a]
/usr/bin/emacs[0x4d5ba6]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x3affa1d994]
/usr/bin/emacs[0x413f19]

And with emacs -Q
Fatal error 11: Segmentation fault
Backtrace:
/usr/bin/emacs[0x4ef391]
/usr/bin/emacs[0x4d4dbd]
/usr/bin/emacs[0x4ef2ee]
/usr/bin/emacs[0x4ef6a3]
/lib64/libpthread.so.0[0x2b05af4dbbe0]
/usr/bin/emacs[0x498926]
/usr/bin/emacs[0x49c180]
/usr/bin/emacs[0x43aab9]
/usr/bin/emacs[0x43abf5]
/usr/bin/emacs[0x44b2dc]
/usr/bin/emacs[0x44f0ff]
/usr/bin/emacs[0x454f8b]
/usr/bin/emacs[0x457349]
/usr/bin/emacs[0x545aa3]
/usr/bin/emacs[0x458675]
/usr/bin/emacs[0x4e2939]
/usr/bin/emacs[0x4e4da7]
/usr/bin/emacs[0x4e6c7b]
/usr/bin/emacs[0x545bf6]
/usr/bin/emacs[0x4dd6ea]
/usr/bin/emacs[0x545cea]
/usr/bin/emacs[0x4dde40]
/usr/bin/emacs[0x4ddf8a]
/usr/bin/emacs[0x4d5ba6]
/lib64/libc.so.6(__libc_start_main+0xf4)[0x3affa1d994]
/usr/bin/emacs[0x413f19]

Regards,

Dan.

In GNU Emacs 24.3.1 (x86_64-unknown-linux-gnu, GTK+ Version 2.14.7)
 of 2013-05-22 on bkahne-ec1
System Description:    Red Hat Enterprise Linux Client release 5.8 (Tikanga)

Configured using:
 `configure '--prefix=/usr/'
 '--with-x-toolkit=gtk'
 'LDFLAGS=-Wl,-R/pkg/gtk+-/2.14.7/x86_64-linux/lib''

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: C/l

Minor modes in effect:
  global-linum-mode: t
  linum-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t
  abbrev-mode: t

Recent input:
ESC [ > 0 ; 1 1 5 ; 0 c ESC x r e p o TAB r TAB RE
T

Recent messages:
("/usr/bin/emacs" "-bg" "black" "-fg" "#FFFFFF" "bug.h")
For information about GNU Emacs and the GNU system, type C-h C-a.
Loading cc-langs...done
Making completion list...

Load-path shadows:
None found.

Features:
(shadow sort gnus-util mail-extr emacsbug message cl-macs gv format-spec
rfc822 mml mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231
mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums
mm-util mail-prsvr mail-utils help-mode cc-langs cl cl-lib cc-mode
cc-fonts easymenu cc-guess cc-menus cc-cmds cc-styles cc-align cc-engine
cc-vars cc-defs time-date linum tooltip ediff-hook vc-hooks
lisp-float-type mwheel x-win x-dnd tool-bar dnd fontset image regexp-opt
fringe tabulated-list newcomment lisp-mode register page menu-bar
rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax
facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese
tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak
czech european ethiopic indian cyrillic chinese case-table epa-hook
jka-cmpr-hook help simple abbrev minibuffer loaddefs button faces
cus-face macroexp files text-properties overlay sha1 md5 base64 format
env code-pages mule custom widget hashtable-print-readable backquote
make-network-process dbusbind dynamic-setting system-font-setting
font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs)

[Message part 4 (text/html, inline)]

[Message part 5 (message/rfc822, inline)]

From: Eli Zaretskii <eliz <at> gnu.org>
To: Dan Faudemer <dan.faudemer <at> gmail.com>
Cc: 17288-done <at> debbugs.gnu.org
Subject: Re: bug#17288: SegFault with emacs in CPP header file (long
 constructor)
Date: Fri, 18 Apr 2014 11:41:58 +0300

> Date: Thu, 17 Apr 2014 14:04:44 +0200
> From: Dan Faudemer <dan.faudemer <at> gmail.com>
> 
> I have some issue with emacs in a long intialisation constructor, emacs
> exit with a segault.
> 
> My .emacs contains :
> (global-linum-mode 1)
> (set-default 'truncate-lines t)
> 
> And the header file bug.h :
> 
> aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa"),aaaaaaaaaaa("aaaaaaaaaaa
> aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),
> aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),
> aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),
>                 aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),
> aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),taaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),saaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),gaaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),caaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),laaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),saaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),laaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),_aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),aaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),
> aaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa"),faaaaaaaaaaaaaaaaa("aaaaaaaaaaaaaaaaa")
> 
> To reproduce the segfault you have to put the cursor on the second line
> and press the button to go to the end of the line.

(For me, it happened on line 6, which is second-from-last.)

Thanks, I fixed this for the upcoming Emacs 24.4 release.  If you
build your own Emacs, you can fix your build by applying the one-line
patch at the end of this message.

I'm closing the bug; feel free to reopen if there are any left-overs.

> Fatal error 11: Segmentation fault
> Backtrace:
> /usr/bin/emacs[0x4ef391]
> /usr/bin/emacs[0x4d4dbd]
> /usr/bin/emacs[0x4ef2ee]
> /usr/bin/emacs[0x4ef6a3]
> /lib64/libpthread.so.0[0x2b05af4dbbe0]
> /usr/bin/emacs[0x498926]
> /usr/bin/emacs[0x49c180]
> /usr/bin/emacs[0x43aab9]
> /usr/bin/emacs[0x43abf5]
> /usr/bin/emacs[0x44b2dc]
> /usr/bin/emacs[0x44f0ff]
> /usr/bin/emacs[0x454f8b]
> /usr/bin/emacs[0x457349]
> /usr/bin/emacs[0x545aa3]
> /usr/bin/emacs[0x458675]
> /usr/bin/emacs[0x4e2939]
> /usr/bin/emacs[0x4e4da7]
> /usr/bin/emacs[0x4e6c7b]
> /usr/bin/emacs[0x545bf6]
> /usr/bin/emacs[0x4dd6ea]
> /usr/bin/emacs[0x545cea]
> /usr/bin/emacs[0x4dde40]
> /usr/bin/emacs[0x4ddf8a]
> /usr/bin/emacs[0x4d5ba6]
> /lib64/libc.so.6(__libc_start_main+0xf4)[0x3affa1d994]
> /usr/bin/emacs[0x413f19]

For the record, here's the backtrace and some relevant variables
printed by GDB:

  Program received signal SIGSEGV, Segmentation fault.
  append_glyph (it=0x7fffffff37b0) at term.c:1491
  1491          glyph->face_id = it->face_id;
  (gdb) p glyph
  $1 = (struct glyph *) 0x0
  (gdb) bt 10
  #0  append_glyph (it=0x7fffffff37b0) at term.c:1491
  #1  0x00000000004a2f53 in produce_glyphs (it=0x7fffffff37b0) at term.c:1627
  #2  0x0000000000449ba8 in produce_special_glyphs (it=0x7fffffff44f0,
      what=<optimized out>) at xdisp.c:24411
  #3  0x0000000000449d02 in insert_left_trunc_glyphs (it=<optimized out>)
      at xdisp.c:18377
  #4  0x0000000000450cef in display_line (it=0x7fffffff6d70) at xdisp.c:19956
  #5  0x00000000004532d8 in try_window (window=<optimized out>, pos=..., flags=1)
      at xdisp.c:16353
  #6  0x0000000000457c12 in redisplay_window (window=12071533,
      just_this_one_p=<optimized out>) at xdisp.c:15879
  #7  0x0000000000459ac9 in redisplay_window_1 (window=140737488304048)
      at xdisp.c:13942
  #8  0x000000000054dd0b in internal_condition_case_1 (bfun=<optimized out>,
      arg=<optimized out>, handlers=<optimized out>, hfun=<optimized out>)
      at eval.c:1327
  #9  0x000000000045ae90 in redisplay_internal () at xdisp.c:13570
  (More stack frames follow...)

  Lisp Backtrace:
  "redisplay_internal (C function)" (0xb63d30)
  (gdb) p i
  $2 = 0
  (gdb) p it->glyph_row->used[it->area]
  $3 = 0
  (gdb) pgrowx it->glyph_row
  (gdb) p it->area
  $4 = LEFT_MARGIN_AREA
  (gdb) p it->glyph_row->glyphs[1]
  $5 = (struct glyph *) 0xadd5a0 <scratch_glyphs>
  (gdb) p it->glyph_row->glyphs[0]
  $6 = (struct glyph *) 0x0

And here's the change that fixes this, which I installed in the
emacs-24 branch:

--- src/xdisp.c	2014-04-17 08:58:59 +0000
+++ src/xdisp.c	2014-04-18 08:35:09 +0000
@@ -18688,6 +18688,7 @@ insert_left_trunc_glyphs (struct it *it)
   truncate_it.current_x = 0;
   truncate_it.face_id = DEFAULT_FACE_ID;
   truncate_it.glyph_row = &scratch_glyph_row;
+  truncate_it.area = TEXT_AREA;
   truncate_it.glyph_row->used[TEXT_AREA] = 0;
   CHARPOS (truncate_it.position) = BYTEPOS (truncate_it.position) = -1;
   truncate_it.object = make_number (0);

This bug report was last modified 11 years and 92 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #17288 SegFault with emacs in CPP header file (long constructor)

GNU bug report logs - #17288
SegFault with emacs in CPP header file (long constructor)