GNU bug report logs - #23741
25.0.94; dbus crashes on 32-bit Cygwin

Previous Next

Package: emacs;

Reported by: Ken Brown <kbrown <at> cornell.edu>

Date: Fri, 10 Jun 2016 16:13:01 UTC

Severity: important

Found in version 25.0.94

Done: Ken Brown <kbrown <at> cornell.edu>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ken Brown <kbrown <at> cornell.edu>
Subject: bug#23741: closed (Re: bug#23741: 25.0.94; dbus crashes on 32-bit
 Cygwin)
Date: Sat, 11 Jun 2016 12:36:02 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#23741: 25.0.94; dbus crashes on 32-bit Cygwin

which was filed against the emacs package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 23741 <at> debbugs.gnu.org.

-- 
23741: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=23741
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Ken Brown <kbrown <at> cornell.edu>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 23741-done <at> debbugs.gnu.org
Subject: Re: bug#23741: 25.0.94; dbus crashes on 32-bit Cygwin
Date: Sat, 11 Jun 2016 08:34:53 -0400

On 6/11/2016 3:34 AM, Eli Zaretskii wrote:
> Thanks, please push to the release branch.

Done, as commit 6921f4a.  Closing.



[Message part 3 (message/rfc822, inline)]
From: Ken Brown <kbrown <at> cornell.edu>
To: bug-gnu-emacs <at> gnu.org
Subject: 25.0.94; dbus crashes on 32-bit Cygwin
Date: Fri, 10 Jun 2016 12:12:17 -0400

The following elisp file, extracted from dbus-tests.el, causes a crash on 32-bit Cygwin unless emacs is built --with-wide-int.

$ cat dbus-crash.el
(require 'dbus)
(setq output
      (shell-command-to-string "dbus-launch --sh-syntax"))
(when (string-match "DBUS_SESSION_BUS_ADDRESS='\\(.+\\)';" output)
  (setq bus (match-string 1 output)))
(dbus-init-bus bus)

$ emacs -Q -l dbus-crash.el
Fatal error 11: Segmentation faultSegmentation fault (core dumped)

If there is already a session bus running before starting emacs, simply loading the dbus library is enough to elicit the crash.

The problem is this line in Fdbus__init_bus in dbusbind.c:

      XSETFASTINT (val, (intptr_t) connection);

Here 'connection' is a 32-bit pointer, which may be too big to be treated as an integer in Emacs.  In principle this could happen on any 32-bit platform, but it is more likely to happen on Cygwin because the heap can be in high memory.  The following gdb session illustrates this.

(Note: For simplicity, I started a session bus before starting emacs, so that I only had to load dbus to get a crash.)

$ gdb emacs
GNU gdb (GDB) (Cygwin 7.10.1-1) 7.10.1
[...]
Breakpoint 1 at 0x511474: file ../../emacs-25/src/emacs.c, line 354.
Temporary breakpoint 2 at 0x530bc1: file ../../emacs-25/src/sysdep.c, line 915.
(gdb) b Fdbus__init_bus
Breakpoint 3 at 0x50b41d: file ../../emacs-25/src/dbusbind.c, line 1124.
(gdb) r -Q
Starting program: /home/kbrown/src/emacs/32build-emacs-25/src/emacs -Q

[At this point I did M-x load-library RET dbus RET .]

Breakpoint 3, Fdbus__init_bus (bus=816, private=0)
    at ../../emacs-25/src/dbusbind.c:1124
1124      XD_DBUS_VALIDATE_BUS_ADDRESS (bus);
(gdb) p bus
$1 = 816
(gdb) pr
:system
(gdb) c
Continuing.

Breakpoint 3, Fdbus__init_bus (bus=792, private=0)
    at ../../emacs-25/src/dbusbind.c:1124
1124      XD_DBUS_VALIDATE_BUS_ADDRESS (bus);
(gdb) p bus
$2 = 792
(gdb) pr
:session
(gdb) n
[...]
1151              connection = dbus_bus_get (EQ (bus, QCdbus_system_bus)
(gdb) 
1159          if (dbus_error_is_set (&derror))
(gdb) p connection
$3 = (DBusConnection *) 0x2007a960
(gdb) n
[...]
1190          XSETFASTINT (val, (intptr_t) connection);
(gdb) 
1191          xd_registered_buses = Fcons (Fcons (bus, val), xd_registered_buses);
(gdb) p/x val
$5 = 0x801ea582
(gdb) pr
-536368800

[At this point xd_registered_buses contains a bogus connection address for the session bus.]

(gdb) c
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x67e2910d in dbus_connection_get_is_connected (connection=0xe007a960)
    at /usr/src/debug/dbus-1.10.8-2/dbus/dbus-connection.c:2979

The bogus value 0xe007a960 (instead of 0x2007a960) was retrieved from xd_registered_buses and caused the crash.

I suspect that there is a simple solution, which involves storing the connection address in a Lisp Object of type other than integer, but I'll leave that to the experts.

In GNU Emacs 25.0.94.1 (i686-pc-cygwin, GTK+ Version 3.18.9)
 of 2016-06-10 built on desktop-new
Repository revision: 66d556b5187d768bbd233513b54dcb4beaa90c6d
Windowing system distributor 'The Cygwin/X Project', version 11.0.11802000
Configured using:
 'configure 'CFLAGS=-g -O0''

Configured features:
XPM JPEG TIFF GIF PNG RSVG IMAGEMAGICK SOUND DBUS GCONF GSETTINGS NOTIFY
ACL GNUTLS LIBXML2 FREETYPE M17N_FLT LIBOTF XFT ZLIB TOOLKIT_SCROLL_BARS
GTK3 X11

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix
This bug report was last modified 8 years and 342 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.