GNU bug report logs -
#27258
26.0.50; Possible undefined behavior in Fmapbacktrace
Previous Next
Reported by: Philipp <p.stephani2 <at> gmail.com>
Date: Mon, 5 Jun 2017 19:56:02 UTC
Severity: normal
Found in version 26.0.50
Done: Philipp Stephani <p.stephani2 <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #13 received at 27258-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Philipp Stephani <p.stephani2 <at> gmail.com> schrieb am Mo., 5. Juni 2017 um
22:13 Uhr:
> Philipp <p.stephani2 <at> gmail.com> schrieb am Mo., 5. Juni 2017 um 21:51 Uhr:
>
>>
>> Insert the following into /tmp/rec.el:
>>
>> ;; -*- lexical-binding: t; -*-
>>
>> (require 'cl-lib)
>>
>> (defun recurse (i g)
>> (if (= i 0)
>> (funcall g (cl-gensym))
>> (recurse (1- i) g)))
>>
>> (recurse 100 (lambda (sym)
>> (message "outer: %s" sym)
>> (mapbacktrace
>> (lambda (_ _ args _)
>> (recurse 100 (lambda (sym)
>> (message "inner: %s %s" sym args)))))))
>>
>> Then run
>>
>> emacs -Q -batch -l /tmp/rec.el
>>
>> The printed messages will either be way too short, or Emacs will
>> segfault. Re-running the command a couple of times consistently
>> generated a segfault for me.
>>
>> My guess is that pdlvec got reallocated, but Fmapbacktrace uses pointers
>> instead of indices to access its element, so they pointers became
>> invalidated and point to garbage.
>
>
> Fixed with commit 3d9d976aa476b1c1098359a1215ad1cabd022d33.
>
Woops, sent to wrong email address.
[Message part 2 (text/html, inline)]
This bug report was last modified 8 years and 73 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.