Package: emacs;
Reported by: avar <at> cpan.org (Ævar Arnfjörð Bjarmason)
Date: Thu, 28 Feb 2008 18:05:09 UTC
Severity: normal
Done: Stefan Monnier <monnier <at> iro.umontreal.ca>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 22 in the body.
You can then email your comments to 22 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
bug-submit-list <at> lists.donarmstrong.com, Emacs Bugs <bug-gnu-emacs <at> gnu.org>:bug#22; Package emacs.
Full text and rfc822 format available.avar <at> cpan.org (Ævar Arnfjörð Bjarmason):Emacs Bugs <bug-gnu-emacs <at> gnu.org>.
Full text and rfc822 format available.Message #5 received at submit <at> emacsbugs.donarmstrong.com (full text, mbox):
From: avar <at> cpan.org (Ævar Arnfjörð Bjarmason) To: emacs-pretest-bug <at> gnu.org Cc: avar <at> cpan.org Subject: 23.0.50; Emacs CVS segfaults on M-x delete-frame on Debian sarge under XFree86 Version 4.3.0.1 Date: Wed, 27 Feb 2008 15:35:30 +0000
The following produces a reproducable segfault on an emacs;
First I launch emacs under GDB and create an X frame:
gdb ./src/emacs
run -Q -nw
M-x make-frame-on-display RET :0.0 RET
Then, I try to delete the new X frame:
M-x delete-frame
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1083362720 (LWP 1229)]
0x405ea727 in XFreeGC () from /usr/X11R6/lib/libX11.so.6
(gdb) bt full
#0 0x405ea727 in XFreeGC () from /usr/X11R6/lib/libX11.so.6
No symbol table info available.
#1 0x403458be in _gdk_gc_x11_get_type () from
/usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#2 0x40430749 in g_object_interface_list_properties () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#3 0x4032d638 in gdk_screen_get_type () from
/usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#4 0x40350047 in gdk_screen_set_default_colormap () from
/usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#5 0x40430871 in g_object_run_dispose () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#6 0x4032d6ad in _gdk_screen_close () from /usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#7 0x40337da4 in gdk_x11_display_ungrab () from
/usr/lib/libgdk-x11-2.0.so.0
No symbol table info available.
#8 0x40430871 in g_object_run_dispose () from
/usr/lib/libgobject-2.0.so.0
No symbol table info available.
#9 0x08162629 in xg_display_close (dpy=0x8c423d0) at gtkutil.c:176
gdpy = (GdkDisplay *) 0x8436a88
#10 0x0813e272 in x_delete_terminal (terminal=0x8c7f558) at
xterm.c:11855
dpyinfo = (struct x_display_info *) 0x8c5e878
i = 3
#11 0x0811ec22 in Fdelete_terminal (terminal=147322204, force=138295545)
at terminal.c:324
t = (struct terminal *) 0x8c7f558
#12 0x08094453 in Fdelete_frame (frame=139235804, force=138295497) at
frame.c:1545
tmp = 147322204
terminal = (struct terminal *) 0x8c7f558
f = (struct frame *) 0x84c91d8
sf = (struct frame *) 0x8403868
kb = (struct kboard *) 0x0
minibuffer_selected = 0
#13 0x081f14c4 in Ffuncall (nargs=1, args=0xbfffe750) at eval.c:3028
fun = 136761988
original_fun = 138330705
funcar = 138295545
numargs = 0
lisp_numargs = 135713370
val = -1073748216
backtrace = {next = 0xbfffe920, function = 0xbfffe750, args =
0xbfffe754, nargs = 0, evalargs = 0 '\0',
debug_on_exit = 0 '\0'}
internal_args = (Lisp_Object *) 0xbfffe6a0
i = 2
#14 0x081ecfbf in Fcall_interactively (function=138330705,
record_flag=138295545, keys=138333916) at callint.c:842
val = 138295497
args = (Lisp_Object *) 0xbfffe750
visargs = (Lisp_Object *) 0xbfffe740
specs = 136785395
filter_specs = 136785395
teml = 138295497
up_event = 138295497
enable = 138295497
speccount = 5
next_event = 14
prefix_arg = 138295497
string = (unsigned char *) 0xbfffe760 ""
tem = (unsigned char *) 0xbfffe760 ""
varies = (int *) 0xbfffe730
i = 1
j = 0
count = 0
foo = 140868632
prompt1 =
"\200\001\000\000Q�>\bQ�>\b\r��\bU�B\bI\214C\b����\206\a\030\bI\214C\b <at> o\200@\001\000\000\000\000y\200 <at> x���\230\216t@\000y\200 <at> U�B\b���������8>\b\025��\b����\000��\005\230���K;\035\b\f\000\000"
tem1 = 0x0
arg_from_tty = 0
gcpro1 = {next = 0x40746be5, var = 0x1c, nvars = 136125298}
gcpro2 = {next = 0x83ec251, var = 0x0, nvars = 0}
gcpro3 = {next = 0x83e38c9, var = 0x83e38c9, nvars = 1}
gcpro4 = {next = 0x81d1b72, var = 0xbfffe7ec, nvars = 1}
gcpro5 = {next = 0x83e1d6d, var = 0x0, nvars = 0}
key_count = 14
record_then_fail = 0
save_this_command = 138330705
save_last_command = 138328441
save_this_original_command = 138487713
save_real_this_command = 138330705
#15 0x081f14f3 in Ffuncall (nargs=4, args=0xbfffe9b0) at eval.c:3031
fun = 137986028
original_fun = 138458361
funcar = 141286316
numargs = 3
lisp_numargs = 135812751
val = -1073747448
backtrace = {next = 0xbfffeb30, function = 0xbfffe9b0, args =
0xbfffe9b4, nargs = 3, evalargs = 0 '\0',
debug_on_exit = 0 '\0'}
internal_args = (Lisp_Object *) 0xbfffe9b4
i = 1
#16 0x081f1117 in call3 (fn=138458361, arg1=138330705, arg2=138295545,
arg3=138295497) at eval.c:2855
ret_ungc_val = 138295497
gcpro1 = {next = 0x83e0755, var = 0x83e38c9, nvars = 4}
#17 0x0817c839 in Fcommand_execute (cmd=138330705,
record_flag=138295545, keys=138295497, special=138295497)
at keyboard.c:10443
final = 136761988
tem = 138295497
prefixarg = 138295497
#18 0x0817cb79 in Fexecute_extended_command (prefixarg=138295497) at
keyboard.c:10556
function = 138330705
buf = "M-x
\000\000\000\000\b\000\000\000\020F�\b\000\000\000\000\204^�\b�����4\035\b\000\234\215\b\001\000\000"
saved_last_point_position = 1
saved_keys = 140335180
saved_last_point_position_buffer = 138321348
bindings = 141286316
value = 138295497
gcpro1 = {next = 0x1, var = 0x84c91d8, nvars = 138426888}
gcpro2 = {next = 0x83eaba9, var = 0x0, nvars = 1}
gcpro3 = {next = 0x83e1d5d, var = 0x83eaba9, nvars =
-1073747256}
hstarted = 1
#19 0x081f149f in Ffuncall (nargs=2, args=0xbfffebc0) at eval.c:3025
fun = 136779020
original_fun = 138334793
funcar = 138295497
numargs = 1
lisp_numargs = 135713370
val = -1073747080
backtrace = {next = 0xbfffed90, function = 0xbfffebc0, args =
0xbfffebc4, nargs = 1, evalargs = 0 '\0',
debug_on_exit = 0 '\0'}
internal_args = (Lisp_Object *) 0xbfffebc4
i = 138295497
#20 0x081ecfbf in Fcall_interactively (function=138334793,
record_flag=138295497, keys=138333916) at callint.c:842
val = 0
args = (Lisp_Object *) 0xbfffebc0
visargs = (Lisp_Object *) 0xbfffebb0
specs = 143498243
filter_specs = 143498243
teml = 0
up_event = 138295497
enable = 138295497
speccount = 3
next_event = 1
prefix_arg = 138295497
string = (unsigned char *) 0xbfffebd0 "P"
tem = (unsigned char *) 0x82670ac ""
varies = (int *) 0xbfffeba0
i = 2
j = 1
count = 1
foo = 0
prompt1 = '\0' <repeats 99 times>
tem1 = 0x0
arg_from_tty = 0
gcpro1 = {next = 0x0, var = 0x0, nvars = 0}
gcpro2 = {next = 0x0, var = 0x0, nvars = 0}
gcpro3 = {next = 0x0, var = 0x0, nvars = 2}
gcpro4 = {next = 0x0, var = 0x0, nvars = 2}
gcpro5 = {next = 0x0, var = 0x0, nvars = 0}
key_count = 1
record_then_fail = 0
save_this_command = 138334793
save_last_command = 138497537
save_this_original_command = 138334793
save_real_this_command = 138334793
#21 0x081f14f3 in Ffuncall (nargs=4, args=0xbfffee20) at eval.c:3031
fun = 137986028
original_fun = 138458361
funcar = 138295497
numargs = 3
lisp_numargs = 2
val = -1073747032
backtrace = {next = 0x0, function = 0xbfffee20, args =
0xbfffee24, nargs = 3, evalargs = 0 '\0',
debug_on_exit = 0 '\0'}
internal_args = (Lisp_Object *) 0xbfffee24
i = 0
#22 0x081f1117 in call3 (fn=138458361, arg1=138334793, arg2=138295497,
arg3=138295497) at eval.c:2855
ret_ungc_val = 138295497
gcpro1 = {next = 0x83e38c9, var = 0x83e38c9, nvars = 4}
#23 0x0817c839 in Fcommand_execute (cmd=138334793,
record_flag=138295497, keys=138295497, special=138295497)
at keyboard.c:10443
final = 136779020
tem = 138295497
prefixarg = 138295497
#24 0x0816eeea in command_loop_1 () at keyboard.c:1908
scount = 2
cmd = 138334793
lose = -1073746008
nonundocount = 0
keybuf = {1073742784, 960, -1073746120, 1081301168, 147286128,
1085183913, 0, 1085200928, -1073746068, 1,
-1073746100, 1085181697, -1073746040, 11459104, 1080932728,
-1073746016, 0, -1073746044, -1073746356, 0, 0, 0, 0, 0, 0,
0, 0, 0, 138295497, 143469681}
i = 1
prev_modiff = 1
prev_buffer = (struct buffer *) 0x83e9dc0
already_adjusted = 0
#25 0x081ef0f3 in internal_condition_case (bfun=0x816d8b2
<command_loop_1>, handlers=138339729, hfun=0x816d2af <cmd_error>)
at eval.c:1494
val = 138605317
c = {tag = 138295497, val = 138295497, next = 0xbffff120, gcpro
= 0x0, jmp = {{__jmpbuf = {-1073744960,
-1073744960, -1073745164, -1073745688, -1073746000, 136245384},
__mask_was_saved = 0, __saved_mask = {__val = {
136131703, 0, 0, 0, 1082158912, 147286128, 147286128,
3221221116, 1081359036, 147286128, 3221221144, 1082158912,
147286128, 3221221144, 1081372021, 147286128, 1081301168,
1082158912, 0, 147286128, 3221221176, 1081301168,
147286128, 1085183913, 0, 1085200928, 3221221228, 1,
3221221856, 138217632, 3221221844, 3221221704}}}},
backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0, byte_stack = 0x0}
h = {handler = 138339729, var = 138295497, chosen_clause = 0,
tag = 0xbfffeff0, next = 0x0}
#26 0x0816d61a in command_loop_2 () at keyboard.c:1370
val = 0
#27 0x081eeb8f in internal_catch (tag=138334577, func=0x816d5f6
<command_loop_2>, arg=138295497) at eval.c:1230
c = {tag = 138334577, val = 138295497, next = 0x0, gcpro = 0x0,
jmp = {{__jmpbuf = {-1073744960, -1073744960,
-1073745164, -1073745400, -1073745648, 136244096},
__mask_was_saved = 0, __saved_mask = {__val = {135784103,
3221221856, 0, 0, 0, 0, 1, 3221221912, 135116808, 138427232,
0, 0, 0, 0, 0, 0, 0, 0, 1081374788, 0, 2, 147404648,
0, 0, 0, 0, 1081374788, 3221221880, 136159901, 138525137,
138521730, 138295497}}}}, backlist = 0x0,
handlerlist = 0x0, lisp_eval_depth = 0, pdlcount = 2,
poll_suppress_count = 1, interrupt_input_blocked = 0,
byte_stack = 0x0}
#28 0x0816d5cf in command_loop () at keyboard.c:1349
No locals.
#29 0x0816cec9 in recursive_edit_1 () at keyboard.c:958
count = 1
val = -1073744960
#30 0x0816d02d in Frecursive_edit () at keyboard.c:1020
count = 0
buffer = 138295497
#31 0x0816b94e in main (argc=3, argv=0xbffff624) at emacs.c:1787
dummy = 136655259
stack_bottom_variable = -65 '�'
do_initial_setlocale = 1
skip_args = 1
rlim = {rlim_cur = 8388608, rlim_max = 18446744073709551615}
no_loadup = 0
junk = 0x0
(gdb) frame 9
#9 0x08162629 in xg_display_close (dpy=0x8c423d0) at gtkutil.c:176
176 g_object_run_dispose (G_OBJECT (gdpy));
(gdb) p gdpy
$1 = (GdkDisplay *) 0x8436a88
(gdb) p *gdpy
$2 = {parent_instance = {g_type_instance = {g_class = 0x8704f10}, ref_count = 2, qdata = 0x0}, queued_events = 0x8552844, queued_tail = 0x8552844, button_click_time = {0, 0}, button_window = {0x0, 0x0}, button_number = {-1, -1}, double_click_time = 250, core_pointer = 0x8992ec8, pointer_hooks = 0x403800ac, closed = 0, double_click_distance = 5, button_x = {0, 0}, button_y = {0, 0}}
This is manually pasted from the M-x report-emacs-bug form on the emacs
that crashed:
In GNU Emacs 23.0.60.1 (i686-pc-linux-gnu, GTK+ Version 2.6.4)
of 2008-02-27 on tharsis
configured using `configure 'CFLAGS=-ggdb3 -fno-crossjumping''
Important settings:
value of $LC_ALL: en_US.UTF-8
value of $LC_COLLATE: nil
value of $LC_CTYPE: nil
value of $LC_MESSAGES: nil
value of $LC_MONETARY: nil
value of $LC_NUMERIC: nil
value of $LC_TIME: nil
value of $LANG: en_US.UTF-8
value of $XMODIFIERS: nil
locale-coding-system: utf-8-unix
default-enable-multibyte-characters: t
Major mode: Lisp Interaction
Minor modes in effect:
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
global-auto-composition-mode: t
auto-composition-mode: t
auto-compression-mode: t
line-number-mode: t
transient-mark-mode: t
Recent input:
ESC x r e p TAB o TAB r TAB RET
Recent messages:
("/var/src/emacs/src/emacs" "-Q")
For information about GNU Emacs and the GNU system, type C-h C-a.
Making completion list... [2 times]
Stefan Monnier <monnier <at> iro.umontreal.ca>:avar <at> cpan.org (Ævar Arnfjörð Bjarmason):Message #10 received at 22-done <at> emacsbugs.donarmstrong.com (full text, mbox):
From: Stefan Monnier <monnier <at> iro.umontreal.ca> To: 22-done <at> debbugs.gnu.org Subject: Re: 23.0.50; Emacs CVS segfaults on M-x delete-frame on Debian sarge under XFree86 Version 4.3.0.1 Date: Sun, 02 Mar 2008 16:49:39 -0500
It looks like this was addressed before I put it into the bugtracking
system: the problem is the old bug in Gtk.
Stefan
Debbugs Internal Request <don <at> donarmstrong.com>
to internal_control <at> emacsbugs.donarmstrong.com.
(Mon, 31 Mar 2008 14:24:03 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.