GNU bug report logs -
#18473
24.4.50; SEGFAULT when vconcatting more than 2048 vectors
Previous Next
Reported by: Michael Welsh Duggan <md5i <at> md5i.com>
Date: Sun, 14 Sep 2014 02:38:01 UTC
Severity: normal
Found in version 24.4.50
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
Full log
Message #8 received at 18473 <at> debbugs.gnu.org (full text, mbox):
On 09/14/2014 06:37 AM, Michael Welsh Duggan wrote:
> With attached foo.el:
>
> emacs -Q -l foo.el
> (testbug 2049)
> C-j
>
> SEGFAULT
Also reproduced in emacs-24 branch (here and below, emacs-24 branch is assumed).
This looks a fundamental bug in eval_sub, probably introduced in r112828.
When compiling with --enable-checking, it gives:
../../emacs-24/src/eval.c:184: Emacs fatal error: assertion failed: pdl->kind == SPECPDL_BACKTRACE
(gdb) bt 10
#0 0x000000000056a602 in terminate_due_to_signal (sig=6, backtrace_limit=2147483647) at ../../emacs-24/src/emacs.c:351
#1 0x00000000005f1d8e in die (msg=0x714b20 "pdl->kind == SPECPDL_BACKTRACE", file=0x714ab8 "../../emacs-24/src/eval.c", line=184)
at ../../emacs-24/src/alloc.c:6833
#2 0x000000000060c5e6 in set_backtrace_args (pdl=0x1327bc0, args=0x7fffec33e010) at ../../emacs-24/src/eval.c:184
#3 0x0000000000611b76 in eval_sub (form=...) at ../../emacs-24/src/eval.c:2154
#4 0x0000000000611c3d in eval_sub (form=...) at ../../emacs-24/src/eval.c:2170
#5 0x000000000061141b in Feval (form=..., lexical=...) at ../../emacs-24/src/eval.c:2003
#6 0x000000000061347d in Ffuncall (nargs=3, args=0x7fffffffbfa8) at ../../emacs-24/src/eval.c:2818
#7 0x000000000065ce9a in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=1, args=0x7fffffffc7e0)
at ../../emacs-24/src/bytecode.c:916
#8 0x0000000000613c9b in funcall_lambda (fun=..., nargs=1, arg_vector=0x7fffffffc7d8) at ../../emacs-24/src/eval.c:2983
#9 0x0000000000613633 in Ffuncall (nargs=2, args=0x7fffffffc7d0) at ../../emacs-24/src/eval.c:2864
#10 0x000000000065ce9a in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=1, args=0x7fffffffd050)
at ../../emacs-24/src/bytecode.c:916
In eval.c:
2134 else if (XSUBR (fun)->max_args == MANY)
2135 {
2136 /* Pass a vector of evaluated arguments. */
2137 Lisp_Object *vals;
2138 ptrdiff_t argnum = 0;
2139 USE_SAFE_ALLOCA;
2140
2141 SAFE_ALLOCA_LISP (vals, XINT (numargs));
2142
2143 GCPRO3 (args_left, fun, fun);
2144 gcpro3.var = vals;
2145 gcpro3.nvars = 0;
2146
2147 while (!NILP (args_left))
2148 {
2149 vals[argnum++] = eval_sub (Fcar (args_left));
2150 args_left = Fcdr (args_left);
2151 gcpro3.nvars = argnum;
2152 }
2153
2154 set_backtrace_args (specpdl_ptr - 1, vals);
2155 set_backtrace_nargs (specpdl_ptr - 1, XINT (numargs));
2156
2157 val = (XSUBR (fun)->function.aMANY) (XINT (numargs), vals);
2158 UNGCPRO;
2159 SAFE_FREE ();
2160 }
At 2141, if numargs is > 2047 (and so allocation size exceeds MAX_ALLOCA on
a 64-bit system), SAFE_ALLOCA_LISP pushes an entry of type SPECPDL_UNWIND to
specpdl stack. At line 2154, set_backtrace_args modifies this entry assuming
SPECPDL_BACKTRACE. Oops.
Dmitry
This bug report was last modified 10 years and 306 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.