GNU bug report logs - #17688
24.3.90; segmentation fault in deselect_palette

Previous Next

Package: emacs;

Reported by: Zdzislaw Meglicki <gustav <at> iu.edu>

Date: Wed, 4 Jun 2014 15:39:02 UTC

Severity: normal

Tags: moreinfo

Merged with 18659

Found in versions 24.3.90, 24.3.94

Done: Ken Brown <kbrown <at> cornell.edu>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 17688 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Zdzislaw Meglicki <gustav <at> iu.edu>
Cc: 17688 <at> debbugs.gnu.org
Subject: Re: bug#17688: 24.3.90; segmentation fault in deselect_palette
Date: Wed, 04 Jun 2014 18:58:50 +0300

> From: Zdzislaw Meglicki <gustav <at> iu.edu>
> Date: Wed, 04 Jun 2014 10:46:39 -0400
> 
>    On copy and paste between emacs and Firefox windows.
>    Emacs, which I had been running under gdb, crashed
>    on segmentation fault. It is the second time that this
>    has happened, with nearly identical backtraces.

Is this reproducible?  If so, can you post a reproducible recipe
starting with "emacs -Q"?

> (gdb) bt full
> #0  0x0000000100631d84 in deselect_palette (f=0x0, hdc=0x0)
>     at /usr/src/debug/emacs-24.3.90-1/src/w32xfns.c:123
> No locals.
> #1  0x0000000100631e53 in release_frame_dc (f=0x0, hdc=0x0)
>     at /usr/src/debug/emacs-24.3.90-1/src/w32xfns.c:154
>         ret = 0
> #2  0x00000001006351f9 in uniscribe_encode_char (
>     font=0x101071d30 <bss_sbrk_buffer+6928560>, c=76)
>     at /usr/src/debug/emacs-24.3.90-1/src/w32uniscribe.c:585
>         context = 0x0
>         f = 0x0
>         old_font = 0x0
>         code = 15
>         ch = L"LC"
>         len = 1
>         items = 0x436980
>         nitems = 1
>         uniscribe_font = 0x101071d30 <bss_sbrk_buffer+6928560>

This backtrace makes no sense: uniscribe_encode_char calls
release_frame_dc only if the variable 'context' has a non-NULL value
(and then 'f' should also be non-NULL).  But here we see that
release_frame_dc is called by uniscribe_encode_char when both
'context' and 'f' are NULL, which cannot happen.  I was about to say
that this could be due to compiler optimizations that screw up the
backtrace, but then I saw that your Emacs binary was built with -O0.
So now I'm stumped how could this happen at all.
This bug report was last modified 4 years and 252 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.