GNU bug report logs - #22526
25.0.90; Crash starting gnus

Previous Next

Package: emacs;

Reported by: Andy Moreton <andrewjmoreton <at> gmail.com>

Date: Mon, 1 Feb 2016 22:16:02 UTC

Severity: normal

Found in version 25.0.90

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Andy Moreton <andrewjmoreton <at> gmail.com>, Fabrice Popineau <fabrice.popineau <at> gmail.com>
Cc: 22526 <at> debbugs.gnu.org
Subject: bug#22526: 25.0.90; Crash starting gnus
Date: Fri, 12 Feb 2016 18:16:32 +0200

> From: Andy Moreton <andrewjmoreton <at> gmail.com>
> Date: Fri, 12 Feb 2016 13:34:37 +0000
> 
> I have managed to reproduce the crash again, and kept the gdb
> session running.

Thanks.  Now that you've succeeded, I'm going to ask you to terminate
the debug session and try applying a patch ;-)

> 411	  *(Z_ADDR) = 0;
> (gdb) p Z_ADDR
> $1 = (unsigned char *) 0x200804 <error: Cannot access memory at address 0x200804>
> (gdb) p *(Z_ADDR)
> Cannot access memory at address 0x200804
> 
> (gdb) p/x *(Z_ADDR - 0x804)
> Cannot access memory at address 0x200000
> (gdb) p/x *(Z_ADDR - 0x805)
> $16 = 0x0
> 
> (gdb) p/x (Z_ADDR - 0x805) - BEG_ADDR
> $18 = 0xffff

This means that, when enlarging buffer text, we failed to commit
memory beyond the initial 64KB, whereas the buffer was enlarged by
almost 4K beyond that.  This is unexpected (does your system exhibit
symptoms of memory pressure?), but the code which handles such a
possible failure to commit reserved pages is not safe in that case.
Please try the patch below, and see if these crashes go away.

Fabrice, can you read this thread and suggest other ideas for how
could this happen?  Do you think the patch below is TRT and should be
committed to the repository in any case?

diff --git a/src/w32heap.c b/src/w32heap.c
index 00da86a..f56d01b 100644
--- a/src/w32heap.c
+++ b/src/w32heap.c
@@ -700,6 +700,8 @@ mmap_realloc (void **var, size_t nbytes)
   /* We need to enlarge the block.  */
   if (memInfo.RegionSize < nbytes)
     {
+      void *old_ptr;
+
       if (VirtualQuery (*var + memInfo.RegionSize, &m2, sizeof(m2)) == 0)
         DebPrint (("mmap_realloc: VirtualQuery error = %ld\n",
 		   GetLastError ()));
@@ -717,7 +719,7 @@ mmap_realloc (void **var, size_t nbytes)
 	    {
 	      DebPrint (("realloc enlarge: VirtualAlloc error %ld\n",
 			 GetLastError ()));
-	      errno = ENOMEM;
+	      goto enlarge_block;
 	    }
 	  return *var;
 	}
@@ -726,7 +728,8 @@ mmap_realloc (void **var, size_t nbytes)
 	  /* Else we must actually enlarge the block by allocating a
 	     new one and copying previous contents from the old to the
 	     new one.  */
-	  void *old_ptr = *var;
+	enlarge_block:
+	  old_ptr = *var;
 
 	  if (mmap_alloc (var, nbytes))
 	    {
This bug report was last modified 9 years and 152 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.