Package: emacs;
Reported by: Tobias Getzner <tobias.getzner <at> gmx.de>
Date: Sat, 13 Jun 2015 09:19:02 UTC
Severity: normal
Tags: moreinfo
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Message #17 received at 20802 <at> debbugs.gnu.org (full text, mbox):
From: martin rudalics <rudalics <at> gmx.at> To: Eli Zaretskii <eliz <at> gnu.org> Cc: tobias.getzner <at> gmx.de, 20802 <at> debbugs.gnu.org Subject: Re: bug#20802: Segfault when showing non-GTK+ tooltip Date: Sat, 13 Jun 2015 15:24:02 +0200
> Thanks, but I still cannot reproduce this. (On what OS did you
> reproduce it?)
A Gtk build on Debian. Run with all my customizations.
> I also see no backtrace buffers, just a silent message
> in *Messages* about its being unable to load the bogus color I
> specified. Can you help by showing values of variables involved in
> the crash?
>
>> #0 0x00000000006c9b5c in cache_image (f=0x13a7e00, img=0x198ee20) at ../../src/image.c:1775
>
> Is this in v24.5 or in the current master? If the latter, line 1775
> of image.c is this:
>
> else if (EQ (ascent, Qcenter))
> img->ascent = CENTERED_IMAGE_ASCENT; <<<<<<<<<<<<<
>
> So is value of img a NULL pointer? (The argument img in the call
> above indicates it's non-NULL, but maybe your GDB shows only the value
> at entry?)
>
> If it's not NULL, and this is the correct line, then what caused the
> crash?
Sorry, I forgot to tell. Line 1775 of image.c here is
for (i = 0; i < c->used; ++i)
in the context of
struct image_cache *c = FRAME_IMAGE_CACHE (f);
ptrdiff_t i;
/* Find a free slot in c->images. */
for (i = 0; i < c->used; ++i)
if (c->images[i] == NULL)
break;
/* If no free slot found, maybe enlarge c->images. */
in cache_image. i is still 0 and I get
(gdb) p c->used
Cannot access memory at address 0x18
which should explain the direct cause of the segfault.
This is from a not-up-to-date version of trunk with some modifications I
made (none in image.c though). A backtrace with some more data from the
Lisp part is below.
> (I'm also puzzled what does this have to do with tooltips, since we
> show no images in the tooltips, and customizing faces for the tooltip
> frames should not affect showing images in other frames.)
Maybe it's the ‘debug’ call interfering?
martin
#0 0x00000000006c9b5c in cache_image (f=0x13a7e00, img=0x249e010) at ../../src/image.c:1775
#1 0x00000000006c96e3 in lookup_image (f=0x13a7e00, spec=...) at ../../src/image.c:1686
#2 0x000000000044bebc in handle_single_display_spec (it=0x7fffffff46f0, spec=..., object=..., overlay=..., position=0x7fffffff4828, bufpos=203, display_replaced=0, frame_window_p=true) at ../../src/xdisp.c:5137
#3 0x00000000004498cd in handle_display_spec (it=0x7fffffff46f0, spec=..., object=..., overlay=..., position=0x7fffffff4828, bufpos=203, frame_window_p=true) at ../../src/xdisp.c:4654
#4 0x00000000004492c8 in handle_display_prop (it=0x7fffffff46f0) at ../../src/xdisp.c:4576
#5 0x0000000000445e8d in handle_stop (it=0x7fffffff46f0) at ../../src/xdisp.c:3299
#6 0x0000000000454ee3 in next_element_from_buffer (it=0x7fffffff46f0) at ../../src/xdisp.c:8133
#7 0x00000000004511b5 in get_next_display_element (it=0x7fffffff46f0) at ../../src/xdisp.c:6785
#8 0x000000000047e4ea in display_line (it=0x7fffffff46f0) at ../../src/xdisp.c:20132
#9 0x00000000004719a2 in try_window (window=..., pos=..., flags=1) at ../../src/xdisp.c:16892
#10 0x000000000046df50 in redisplay_window (window=..., just_this_one_p=false) at ../../src/xdisp.c:16365
#11 0x00000000004654d0 in redisplay_window_0 (window=...) at ../../src/xdisp.c:14184
#12 0x0000000000625c43 in internal_condition_case_1 (bfun=0x46548e <redisplay_window_0>, arg=..., handlers=..., hfun=0x465456 <redisplay_window_error>) at ../../src/eval.c:1372
#13 0x000000000046542c in redisplay_windows (window=...) at ../../src/xdisp.c:14164
#14 0x00000000004653e2 in redisplay_windows (window=...) at ../../src/xdisp.c:14158
#15 0x00000000004641e1 in redisplay_internal () at ../../src/xdisp.c:13756
#16 0x0000000000461e04 in redisplay () at ../../src/xdisp.c:13019
#17 0x000000000057d4a3 in read_char (commandflag=1, map=..., prev_event=..., used_mouse_menu=0x7fffffff9d8f, end_time=0x0) at ../../src/keyboard.c:2542
#18 0x000000000058e17f in read_key_sequence (keybuf=0x7fffffff9f60, bufsize=30, prompt=..., dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false) at ../../src/keyboard.c:9156
#19 0x000000000057a0e7 in command_loop_1 () at ../../src/keyboard.c:1407
#20 0x0000000000625ac9 in internal_condition_case (bfun=0x579c90 <command_loop_1>, handlers=..., hfun=0x579300 <cmd_error>) at ../../src/eval.c:1348
#21 0x00000000005798be in command_loop_2 (ignore=...) at ../../src/keyboard.c:1139
#22 0x0000000000624ec4 in internal_catch (tag=..., func=0x579895 <command_loop_2>, arg=...) at ../../src/eval.c:1108
#23 0x00000000005797f6 in command_loop () at ../../src/keyboard.c:1110
#24 0x0000000000578df7 in recursive_edit_1 () at ../../src/keyboard.c:728
#25 0x0000000000578ff3 in Frecursive_edit () at ../../src/keyboard.c:799
#26 0x000000000062978c in Ffuncall (nargs=1, args=0x7fffffffa408) at ../../src/eval.c:2715
#27 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=2, args=0x7fffffffac98) at ../../src/bytecode.c:919
#28 0x000000000062a11f in funcall_lambda (fun=..., nargs=2, arg_vector=0x7fffffffac98) at ../../src/eval.c:2885
#29 0x0000000000629a1a in Ffuncall (nargs=3, args=0x7fffffffac90) at ../../src/eval.c:2767
#30 0x0000000000628a06 in Fapply (nargs=2, args=0x7fffffffada0) at ../../src/eval.c:2337
#31 0x00000000006290fc in apply1 (fn=..., arg=...) at ../../src/eval.c:2558
#32 0x0000000000622711 in call_debugger (arg=...) at ../../src/eval.c:309
#33 0x0000000000626ab3 in maybe_call_debugger (conditions=..., sig=..., data=...) at ../../src/eval.c:1726
#34 0x00000000006262c8 in Fsignal (error_symbol=..., data=...) at ../../src/eval.c:1544
#35 0x00000000006263fe in xsignal (error_symbol=..., data=...) at ../../src/eval.c:1581
#36 0x000000000062663c in signal_error (s=0x6fd2de "Undefined color", arg=...) at ../../src/eval.c:1636
#37 0x000000000054c091 in x_decode_color (f=0x24d2c30, color_name=..., mono_color=16777215) at ../../src/xfns.c:495
#38 0x000000000054c566 in x_set_background_color (f=0x24d2c30, arg=..., oldval=...) at ../../src/xfns.c:638
#39 0x000000000042d45d in x_set_frame_parameters (f=0x24d2c30, alist=...) at ../../src/frame.c:3152
#40 0x0000000000431ce6 in x_default_parameter (f=0x24d2c30, alist=..., prop=..., deflt=..., xprop=0x6fd49d "background", xclass=0x6fd908 "Background", type=RES_TYPE_STRING) at ../../src/frame.c:4374
#41 0x000000000055549d in x_create_tip_frame (dpyinfo=0x1621ee0, parms=..., text=...) at ../../src/xfns.c:5173
#42 0x0000000000556884 in Fx_show_tip (string=..., frame=..., parms=..., timeout=..., dx=..., dy=...) at ../../src/xfns.c:5543
#43 0x0000000000628116 in eval_sub (form=...) at ../../src/eval.c:2200
#44 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445
#45 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131
#46 0x00000000006229d4 in Fif (args=...) at ../../src/eval.c:396
#47 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131
#48 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445
#49 0x000000000062437c in FletX (args=...) at ../../src/eval.c:896
#50 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131
#51 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445
#52 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131
#53 0x00000000006229d4 in Fif (args=...) at ../../src/eval.c:396
#54 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131
#55 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445
#56 0x000000000062437c in FletX (args=...) at ../../src/eval.c:896
#57 0x0000000000627c9a in eval_sub (form=...) at ../../src/eval.c:2131
#58 0x0000000000622c5f in Fprogn (body=...) at ../../src/eval.c:445
#59 0x000000000062a511 in funcall_lambda (fun=..., nargs=0, arg_vector=0x0) at ../../src/eval.c:2944
#60 0x0000000000629b19 in Ffuncall (nargs=1, args=0x7fffffffcbb0) at ../../src/eval.c:2779
#61 0x000000000062853a in Fapply (nargs=2, args=0x7fffffffcbb0) at ../../src/eval.c:2289
#62 0x0000000000629676 in Ffuncall (nargs=3, args=0x7fffffffcba8) at ../../src/eval.c:2698
#63 0x0000000000675d20 in exec_byte_code (bytestr=..., vector=..., maxdepth=..., args_template=..., nargs=0, args=0x0) at ../../src/bytecode.c:919
#64 0x000000000062a5b1 in funcall_lambda (fun=..., nargs=1, arg_vector=0xadb72d) at ../../src/eval.c:2951
#65 0x0000000000629a1a in Ffuncall (nargs=2, args=0x7fffffffd430) at ../../src/eval.c:2767
#66 0x0000000000629153 in call1 (fn=..., arg1=...) at ../../src/eval.c:2573
#67 0x0000000000582a83 in timer_check_2 (timers=..., idle_timers=...) at ../../src/keyboard.c:4533
#68 0x0000000000582bf2 in timer_check () at ../../src/keyboard.c:4600
#69 0x000000000058008d in readable_events (flags=1) at ../../src/keyboard.c:3434
#70 0x000000000058841c in get_input_pending (flags=1) at ../../src/keyboard.c:6818
#71 0x000000000058ff13 in detect_input_pending_run_timers (do_display=true) at ../../src/keyboard.c:9973
#72 0x0000000000684c13 in wait_reading_process_output (time_limit=2025, nsecs=0, read_kbd=-1, do_display=true, wait_for_cell=..., wait_proc=0x0, just_wait_proc=0) at ../../src/process.c:5014
#73 0x0000000000422610 in sit_for (timeout=..., reading=true, display_option=1) at ../../src/dispnew.c:5748
#74 0x000000000057de53 in read_char (commandflag=1, map=..., prev_event=..., used_mouse_menu=0x7fffffffe23f, end_time=0x0) at ../../src/keyboard.c:2781
#75 0x000000000058e17f in read_key_sequence (keybuf=0x7fffffffe410, bufsize=30, prompt=..., dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false) at ../../src/keyboard.c:9156
#76 0x000000000057a0e7 in command_loop_1 () at ../../src/keyboard.c:1407
#77 0x0000000000625ac9 in internal_condition_case (bfun=0x579c90 <command_loop_1>, handlers=..., hfun=0x579300 <cmd_error>) at ../../src/eval.c:1348
#78 0x00000000005798be in command_loop_2 (ignore=...) at ../../src/keyboard.c:1139
#79 0x0000000000624ec4 in internal_catch (tag=..., func=0x579895 <command_loop_2>, arg=...) at ../../src/eval.c:1108
#80 0x0000000000579860 in command_loop () at ../../src/keyboard.c:1118
#81 0x0000000000578df7 in recursive_edit_1 () at ../../src/keyboard.c:728
#82 0x0000000000578ff3 in Frecursive_edit () at ../../src/keyboard.c:799
#83 0x0000000000576cd3 in main (argc=1, argv=0x7fffffffe8e8) at ../../src/emacs.c:1626
Lisp Backtrace:
"redisplay_internal (C function)" (0x0)
"recursive-edit" (0xffffa410)
"debug" (0xffffac98)
"x-show-tip" (0xffffb810)
"progn" (0xffffbb20)
"if" (0xffffbd40)
"let*" (0xffffc040)
"progn" (0xffffc250)
"if" (0xffffc470)
"let*" (0xffffc770)
"eldoc-tooltip--make" (0xffffcbb8)
"apply" (0xffffcbb0)
"timer-event-handler" (0xffffd438)
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.