GNU bug report logs - #17771
24.3.91; SIGSEGV in cleanup_vector

Previous Next

Package: emacs;

Reported by: Stephen Berman <stephen.berman <at> gmx.net>

Date: Fri, 13 Jun 2014 09:14:02 UTC

Severity: normal

Tags: moreinfo

Merged with 16140, 16414, 17071, 17602

Found in versions 24.3.50, 24.3.91, 24.4.50

Fixed in version 24.3.93

Done: Glenn Morris <rgm <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Stephen Berman <stephen.berman <at> gmx.net>, Dmitry Antipov <dmantipov <at> yandex.ru>
Cc: 17771 <at> debbugs.gnu.org
Subject: bug#17771: 24.3.91; SIGSEGV in cleanup_vector
Date: Fri, 13 Jun 2014 17:52:22 +0300

> From: Stephen Berman <stephen.berman <at> gmx.net>
> Cc: 17771 <at> debbugs.gnu.org
> Date: Fri, 13 Jun 2014 16:13:42 +0200
> 
> > I installed a trivial workaround for that in r117235 on the emacs-24
> > branch.  The diffs are below.  Can you try this and see if the problem
> > is solved?  It's possible that the real problem is somewhere else, in
> > which case you will probably see it when you apply the patch.
> 
> With the patch, Emacs still crashes with the same recipe, but the first
> frame of backtrace is different (looks like not in Emacs):

I think it's just a bogus pointer to the font driver, and somehow
valid_font_driver doesn't catch it in time.

> Program received signal SIGSEGV, Segmentation fault.
> 0x0000000000c260b2 in ?? ()
> (gdb) bt full
> #0  0x0000000000c260b2 in ?? ()
> No symbol table info available.
> #1  0x00000000005aa580 in cleanup_vector (vector=0x3dd52c8)
>     at ../../../../bzr/emacs/emacs-24/src/alloc.c:2935
>         drv = 0x3dd5130
> #2  0x00000000005aa686 in sweep_vectors ()
>     at ../../../../bzr/emacs/emacs-24/src/alloc.c:2974
>         total_bytes = 140737488344592
>         free_this_block = false
>         nbytes = 1048
>         block = 0x3dd4680
>         bprev = 0xbf1060
>         lv = 0x6282a3 <balance_intervals+31>
>         lvprev = 0xbf2070
>         vector = 0x3dd52c8
>         next = 0x3dd52c8
> #3  0x00000000005b0141 in gc_sweep () at ../../../../bzr/emacs/emacs-24/src/alloc.c:6721

So Dmitry, I think Stephen here just found you a perfect recipe to
reproduce bug #16140, something that I failed to do.  Could you please
look into this?

Thanks.
This bug report was last modified 10 years and 287 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.