GNU bug report logs -
#18473
24.4.50; SEGFAULT when vconcatting more than 2048 vectors
Previous Next
Reported by: Michael Welsh Duggan <md5i <at> md5i.com>
Date: Sun, 14 Sep 2014 02:38:01 UTC
Severity: normal
Found in version 24.4.50
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
On 09/14/2014 09:10 PM, Dmitry Antipov wrote:
> In eval.c:
>
> 2134 else if (XSUBR (fun)->max_args == MANY)
> 2135 {
> 2136 /* Pass a vector of evaluated arguments. */
> 2137 Lisp_Object *vals;
> 2138 ptrdiff_t argnum = 0;
> 2139 USE_SAFE_ALLOCA;
> 2140
> 2141 SAFE_ALLOCA_LISP (vals, XINT (numargs));
> 2142
> 2143 GCPRO3 (args_left, fun, fun);
> 2144 gcpro3.var = vals;
> 2145 gcpro3.nvars = 0;
> 2146
> 2147 while (!NILP (args_left))
> 2148 {
> 2149 vals[argnum++] = eval_sub (Fcar (args_left));
> 2150 args_left = Fcdr (args_left);
> 2151 gcpro3.nvars = argnum;
> 2152 }
> 2153
> 2154 set_backtrace_args (specpdl_ptr - 1, vals);
> 2155 set_backtrace_nargs (specpdl_ptr - 1, XINT (numargs));
> 2156
> 2157 val = (XSUBR (fun)->function.aMANY) (XINT (numargs), vals);
> 2158 UNGCPRO;
> 2159 SAFE_FREE ();
> 2160 }
>
> At 2141, if numargs is > 2047 (and so allocation size exceeds MAX_ALLOCA on
> a 64-bit system), SAFE_ALLOCA_LISP pushes an entry of type SPECPDL_UNWIND to
> specpdl stack. At line 2154, set_backtrace_args modifies this entry assuming
> SPECPDL_BACKTRACE. Oops.
Michael, try this. Stefan, please review.
Dmitry
[bug18473.patch (text/x-diff, attachment)]
This bug report was last modified 10 years and 306 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.