GNU bug report logs - #19379
25.0.50; segfault in backward-prefix-chars

Previous Next

Package: emacs;

Reported by: martin rudalics <rudalics <at> gmx.at>

Date: Sun, 14 Dec 2014 09:19:02 UTC

Severity: important

Tags: confirmed, patch

Merged with 3552, 17132

Found in versions 24.3.50, 24.5, 25.0.50, 25.0.94

Fixed in version 25.1

Done: Noam Postavsky <npostavs <at> users.sourceforge.net>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 19379 in the body.
You can then email your comments to 19379 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#19379; Package emacs. (Sun, 14 Dec 2014 09:19:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to martin rudalics <rudalics <at> gmx.at>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Sun, 14 Dec 2014 09:19:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: martin rudalics <rudalics <at> gmx.at>
To: Bug-Gnu-Emacs <bug-gnu-emacs <at> gnu.org>
Subject: 25.0.50; segfault in backward-prefix-chars
Date: Sun, 14 Dec 2014 10:17:24 +0100

With emacs -Q inserting at the beginning of *scratch* the text

`((1
   2
   3)

then trying to insert a final closing ")" gets me

Program received signal SIGSEGV, Segmentation fault.
0x011d30f8 in Fbackward_prefix_chars () at syntax.c:3049
3049		DEC_BOTH (pos, pos_byte);
(gdb) bt
#0  0x011d30f8 in Fbackward_prefix_chars () at syntax.c:3049
#1  0x01195753 in Ffuncall (nargs=1, args=0x82e5a8) at eval.c:2720
#2  0x011d822a in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=1, args=0x82e900) at bytecode.c:920
#3  0x01195f62 in funcall_lambda (fun=..., nargs=1, arg_vector=0x82e8fc) at eval.c:2890
#4  0x0119598e in Ffuncall (nargs=2, args=0x82e8f8) at eval.c:2772
#5  0x011d822a in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=0, args=0x82ec58) at bytecode.c:920
#6  0x01195f62 in funcall_lambda (fun=..., nargs=0, arg_vector=0x82ec58) at eval.c:2890
#7  0x0119598e in Ffuncall (nargs=1, args=0x82ec54) at eval.c:2772
#8  0x011d822a in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=0, args=0x82f02c) at bytecode.c:920
#9  0x01195f62 in funcall_lambda (fun=..., nargs=0, arg_vector=0x82f02c) at eval.c:2890
#10 0x0119598e in Ffuncall (nargs=1, args=0x82f028) at eval.c:2772
#11 0x01194d75 in funcall_nil (nargs=1, args=0x82f028) at eval.c:2354
#12 0x01195186 in run_hook_with_args (nargs=1, args=0x82f028, funcall=0x1194d5d <funcall_nil>) at eval.c:2539
#13 0x01194db5 in Frun_hooks (nargs=1, args=0x15501c0) at eval.c:2381
#14 0x0114f64b in internal_self_insert (c=41, n=1) at cmds.c:510
#15 0x0114ebd9 in Fself_insert_command (n=...) at cmds.c:310
#16 0x01195770 in Ffuncall (nargs=2, args=0x82f2d4) at eval.c:2723
#17 0x0118d170 in Ffuncall_interactively (nargs=2, args=0x82f2d4) at callint.c:270
#18 0x01195664 in Ffuncall (nargs=3, args=0x82f2d0) at eval.c:2703
#19 0x0118eed3 in Fcall_interactively (function=..., record_flag=..., keys=...) at callint.c:876
#20 0x011957c5 in Ffuncall (nargs=4, args=0x82f53c) at eval.c:2730
#21 0x011d822a in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=1, args=0x82f8a0) at bytecode.c:920
#22 0x01195f62 in funcall_lambda (fun=..., nargs=1, arg_vector=0x82f89c) at eval.c:2890
#23 0x0119598e in Ffuncall (nargs=2, args=0x82f898) at eval.c:2772
#24 0x011952a4 in call1 (fn=..., arg1=...) at eval.c:2576
#25 0x01103e95 in command_loop_1 () at keyboard.c:1576
#26 0x011926bb in internal_condition_case (bfun=0x11037b5 <command_loop_1>, handlers=..., hfun=0x1103017 <cmd_error>) at eval.c:1344
#27 0x0110346b in command_loop_2 (ignore=...) at keyboard.c:1197
#28 0x01191c5a in internal_catch (tag=..., func=0x1103447 <command_loop_2>, arg=...) at eval.c:1105
#29 0x01103425 in command_loop () at keyboard.c:1176
#30 0x01102bb3 in recursive_edit_1 () at keyboard.c:786
#31 0x01102d70 in Frecursive_edit () at keyboard.c:857
#32 0x01100d82 in main (argc=2, argv=0xa32880) at emacs.c:1623

Lisp Backtrace:
"backward-prefix-chars" (0x82e5ac)
"forward-sexp" (0x82e8fc)
"blink-matching-open" (0x82ec58)
"blink-paren-post-self-insert-function" (0x82f02c)
"self-insert-command" (0x82f2d8)
"funcall-interactively" (0x82f2d4)
"call-interactively" (0x82f540)
"command-execute" (0x82f89c)
(gdb)

I have no idea what happened because of

(gdb) p pos
$1 = 0
(gdb) p beg
$2 = 1
(gdb) p pos_byte
$3 = 0

so

      if (pos + 1 > beg)
	DEC_BOTH (pos, pos_byte);

should not have been taken, in principle at least ...

This is with a not entirely up-to-date build of my GNU Emacs 25.0.50.1
(i686-pc-mingw32).

martin
Forcibly Merged 3552 17132 19379. Request was from Noam Postavsky <npostavs <at> users.sourceforge.net> to control <at> debbugs.gnu.org. (Sun, 05 Jun 2016 13:37:01 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Fri, 15 Jul 2016 11:24:03 GMT) Full text and rfc822 format available.
This bug report was last modified 8 years and 344 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.