From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Steve Kemp Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 05 Jul 2017 06:29:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 27585@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.149923613814769 (code B ref -1); Wed, 05 Jul 2017 06:29:02 +0000 Received: (at submit) by debbugs.gnu.org; 5 Jul 2017 06:28:58 +0000 Received: from localhost ([127.0.0.1]:52836 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSdo2-0003q8-6t for submit@debbugs.gnu.org; Wed, 05 Jul 2017 02:28:58 -0400 Received: from eggs.gnu.org ([208.118.235.92]:43018) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSdo0-0003pu-AF for submit@debbugs.gnu.org; Wed, 05 Jul 2017 02:28:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dSdnu-0006J3-45 for submit@debbugs.gnu.org; Wed, 05 Jul 2017 02:28:51 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:33981) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dSdnu-0006Iz-0P for submit@debbugs.gnu.org; Wed, 05 Jul 2017 02:28:50 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33983) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dSdns-0006fT-8k for bug-gnu-emacs@gnu.org; Wed, 05 Jul 2017 02:28:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dSdno-0006ID-9M for bug-gnu-emacs@gnu.org; Wed, 05 Jul 2017 02:28:48 -0400 Received: from mail.steve.org.uk ([80.68.84.102]:33492 helo=ssh.steve.org.uk) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dSdno-0006Hu-0w for bug-gnu-emacs@gnu.org; Wed, 05 Jul 2017 02:28:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=steve.org.uk; s=20150726; h=Date:Message-ID:Subject:From:To; bh=25AdITRiXVwkv7wLNY7pWJMaD9p0EH+ylloDyjYUF2E=; b=g1Ot9mXQNB3+sL5h+0mAUmdrBeTyPHQLLN9ufPnp6z6t15ERwL+3OERnYWvXErvXbA27iKqYFFChWV/BbQ1rxss97G8JJVg31eo1fKVqN7AE3rCrtmrlJloKE1erPU+o8rFQI9IX0NN9Cz0SQcSigSRMwi1EKY04JdBiqVHbm+0=; Received: from steve by ssh.steve.org.uk with local (Exim 4.84_2) (envelope-from ) id 1dSdni-0007gL-BS for bug-gnu-emacs@gnu.org; Wed, 05 Jul 2017 06:28:38 +0000 From: Steve Kemp Message-ID: <1499235670.28433.1@ssh.steve.org.uk> Date: Wed, 05 Jul 2017 06:21:10 +0000 X-added-header: steve.org.uk X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) I've recently started fuzzing GNU Emacs, using the current git sources. During the course of that work I stumbled upon this easily reproduced bug: deagol ~ $ perl -e 'print "`" x ( 1024 * 1024 * 12);' > t.el deagol ~ $ /usr/bin/emacs --batch --script ./t.el .. Segmentation fault (core dumped) (So I'm trying to call "emacs --batch --script $file" where the file contains thousands of repeated backtick-characters.) Because I've built from source I can see this backtrace: #5 handle_sigsegv (sig=11, siginfo=, arg=) at sysdep.c:1811 #6 #7 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc661e010, first_in_list=first_in_list@entry=false) at lread.c:2923 #8 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #9 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc66220c0, first_in_list=first_in_list@entry=false) at lread.c:3149 #10 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #11 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc6626170, first_in_list=first_in_list@entry=false) at lread.c:3149 #12 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #13 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc662a220, first_in_list=first_in_list@entry=false) at lread.c:3149 #14 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #15 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc662e2d0, first_in_list=first_in_list@entry=false) at lread.c:3149 #16 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #17 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc6632380, first_in_list=first_in_list@entry=false) at lread.c:3149 #18 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #19 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc6636430, first_in_list=first_in_list@entry=false) at lread.c:3149 #20 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #21 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc663a4e0, first_in_list=first_in_list@entry=false) at lread.c:3149 .... I've replicated this upon the package of GNU Emacs as available to the old-stable/jessie release of Debian GNU/Linux, which identifies itself as: In GNU Emacs 24.5.1 (x86_64-pc-linux-gnu, GTK+ Version 3.14.5) of 2016-03-19 on trouble, modified by Debian Windowing system distributor `The X.Org Foundation', version 11.0.11604000 System Description: Debian GNU/Linux 8.8 (jessie) Configured using: `configure --build x86_64-linux-gnu --prefix=/usr --sharedstatedir=/var/lib --libexecdir=/usr/lib --localstatedir=/var/lib --infodir=/usr/share/info --mandir=/usr/share/man --with-pop=yes --enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-lisp:/usr/share/emacs/site-lisp --build x86_64-linux-gnu --prefix=/usr --sharedstatedir=/var/lib --libexecdir=/usr/lib --localstatedir=/var/lib --infodir=/usr/share/info --mandir=/usr/share/man --with-pop=yes --enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-lisp:/usr/share/emacs/site-lisp --with-x=yes --with-x-toolkit=gtk3 --with-toolkit-scroll-bars 'CFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall' CPPFLAGS=-D_FORTIFY_SOURCE=2 LDFLAGS=-Wl,-z,relro' My current-git build reports as: In GNU Emacs 26.0.50 (build 1, x86_64-pc-linux-gnu) of 2017-07-05 built on kernel.default.skx.uk0.bigv.io Repository revision: 5d62247323f53f3ae9c7d9f51e951635887b2fb6 Recent messages: For information about GNU Emacs and the GNU system, type C-h C-a. Making completion list... Configured using: 'configure --prefix=/tmp/emacs/ --without-makeinfo --with-gnutls=no' Configured features: SOUND NOTIFY ZLIB Important settings: value of $LC_ALL: en_US.UTF8 value of $LANG: en_GB.UTF-8 locale-coding-system: utf-8-unix "Obviously" this same bug can be reproduced inside emacs: 1. Open Emacs. 2. Create a new buffer. 3. Fill the buffer with ` 4. Ctrl-x h 5. M-x eval-region Steve -- https://www.steve.org.uk/ From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Andreas Schwab Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 05 Jul 2017 07:52:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Steve Kemp Cc: 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149924111022179 (code B ref 27585); Wed, 05 Jul 2017 07:52:01 +0000 Received: (at 27585) by debbugs.gnu.org; 5 Jul 2017 07:51:50 +0000 Received: from localhost ([127.0.0.1]:52873 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSf6E-0005lf-3O for submit@debbugs.gnu.org; Wed, 05 Jul 2017 03:51:50 -0400 Received: from mx2.suse.de ([195.135.220.15]:43983 helo=mx1.suse.de) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSf6C-0005lW-59 for 27585@debbugs.gnu.org; Wed, 05 Jul 2017 03:51:48 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id E4F24AB1E; Wed, 5 Jul 2017 07:51:46 +0000 (UTC) From: Andreas Schwab References: <1499235670.28433.1@ssh.steve.org.uk> X-Yow: .. So, if we convert SUPPLY-SIDE SOYBEAN FUTURES into HIGH-YIELD T-BILL INDICATORS, the PRE-INFLATIONARY risks will DWINDLE to a rate of 2 SHOPPING SPREES per EGGPLANT!! Date: Wed, 05 Jul 2017 09:51:46 +0200 In-Reply-To: <1499235670.28433.1@ssh.steve.org.uk> (Steve Kemp's message of "Wed, 05 Jul 2017 06:21:10 +0000") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) On Jul 05 2017, Steve Kemp wrote: > Because I've built from source I can see this backtrace: > > #5 handle_sigsegv (sig=11, siginfo=, arg=) > at sysdep.c:1811 > #6 > #7 read1 (readcharfun=readcharfun@entry=35581829, > pch=pch@entry=0x7ffcc661e010, first_in_list=first_in_list@entry=false) > at lread.c:2923 Most likely just a stack overflow. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Steve Kemp Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 05 Jul 2017 08:28:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149924325125331 (code B ref 27585); Wed, 05 Jul 2017 08:28:01 +0000 Received: (at 27585) by debbugs.gnu.org; 5 Jul 2017 08:27:31 +0000 Received: from localhost ([127.0.0.1]:52926 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSfel-0006aV-LT for submit@debbugs.gnu.org; Wed, 05 Jul 2017 04:27:31 -0400 Received: from mail.steve.org.uk ([80.68.84.102]:33766 helo=ssh.steve.org.uk) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSfek-0006aI-Qk for 27585@debbugs.gnu.org; Wed, 05 Jul 2017 04:27:31 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=steve.org.uk; s=20150726; h=References:In-Reply-To:Message-ID:Date:Subject:From:To; bh=MGSJ7r+pwFP568cM9cWz5/ndgRnQE/thN4IT2kwmqf8=; b=AFTkRk4sTRkmWcWhqGlL7842c8rQzPxcCiq+5IXudkYzcWQGspKAZm7mw6Jcy4nMPz0yI8eopraahUqcZ4+3mYuvOVyzW6PYwHgwchOVMo8/i1uYWiqm7z+l9FkH4U+9H75fa0d2ea/Z74iy547xC7dVPeyXE1C/rlcoeJ53YX4=; Received: from steve by ssh.steve.org.uk with local (Exim 4.84_2) (envelope-from ) id 1dSfef-00007x-3M for 27585@debbugs.gnu.org; Wed, 05 Jul 2017 08:27:25 +0000 From: Steve Kemp Date: Wed, 05 Jul 2017 08:26:53 +0000 Message-ID: <1499243213.32432.0@ssh.steve.org.uk> In-Reply-To: References: <1499235670.28433.1@ssh.steve.org.uk> X-added-header: steve.org.uk X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) > > #5 handle_sigsegv (sig=11, siginfo=, arg=) > > at sysdep.c:1811 > > #6 > > #7 read1 (readcharfun=readcharfun@entry=35581829, > > pch=pch@entry=0x7ffcc661e010, first_in_list=first_in_list@entry=false) > > at lread.c:2923 > > Most likely just a stack overflow. Agreed, but still I think a segfault is unexpected and could be prevented. Steve -- https://www.steve.org.uk/ From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 05 Jul 2017 18:43:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Steve Kemp Cc: 27585@debbugs.gnu.org Reply-To: Eli Zaretskii Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149928013128184 (code B ref 27585); Wed, 05 Jul 2017 18:43:02 +0000 Received: (at 27585) by debbugs.gnu.org; 5 Jul 2017 18:42:11 +0000 Received: from localhost ([127.0.0.1]:53699 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSpFb-0007KW-3x for submit@debbugs.gnu.org; Wed, 05 Jul 2017 14:42:11 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44731) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSpFZ-0007KK-KP for 27585@debbugs.gnu.org; Wed, 05 Jul 2017 14:42:09 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dSpFR-00059t-Ev for 27585@debbugs.gnu.org; Wed, 05 Jul 2017 14:42:04 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:37826) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dSpFR-00059g-Bn; Wed, 05 Jul 2017 14:42:01 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3114 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dSpFQ-0001R9-Os; Wed, 05 Jul 2017 14:42:01 -0400 Date: Wed, 05 Jul 2017 21:41:45 +0300 Message-Id: <83van6n2ty.fsf@gnu.org> From: Eli Zaretskii In-reply-to: <1499235670.28433.1@ssh.steve.org.uk> (message from Steve Kemp on Wed, 05 Jul 2017 06:21:10 +0000) References: <1499235670.28433.1@ssh.steve.org.uk> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) > From: Steve Kemp > Date: Wed, 05 Jul 2017 06:21:10 +0000 > > > I've recently started fuzzing GNU Emacs, using the current git sources. > During the course of that work I stumbled upon this easily reproduced bug: > > deagol ~ $ perl -e 'print "`" x ( 1024 * 1024 * 12);' > t.el > deagol ~ $ /usr/bin/emacs --batch --script ./t.el > .. > Segmentation fault (core dumped) Here it says: Re-entering top level after C stack overflow and doesn't crash. > > Most likely just a stack overflow. > > Agreed, but still I think a segfault is unexpected and could be > prevented. See above: the machinery to try and prevent it exists, but it doesn't always succeed. And it really can't be 100% reliable. So I'm unsure what did you expect, and why. Emacs generally gives you enough rope to hang yourself; it's up to you not to be tempted to do so... IOW: why would someone want to run such a silly "program"? From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Steve Kemp Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 05 Jul 2017 19:05:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149928146730170 (code B ref 27585); Wed, 05 Jul 2017 19:05:01 +0000 Received: (at 27585) by debbugs.gnu.org; 5 Jul 2017 19:04:27 +0000 Received: from localhost ([127.0.0.1]:53707 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSpb9-0007qX-0Q for submit@debbugs.gnu.org; Wed, 05 Jul 2017 15:04:27 -0400 Received: from mail.steve.org.uk ([80.68.84.102]:34938 helo=ssh.steve.org.uk) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSpb6-0007qG-Ot for 27585@debbugs.gnu.org; Wed, 05 Jul 2017 15:04:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=steve.org.uk; s=20150726; h=References:In-Reply-To:Message-ID:Date:Subject:From:To; bh=xN2BEGTPwgeKcPcmvRGYWW3iaPsWKUla/l3Mh005YVc=; b=js5oZFQ7n7eHG8cfwxoL8Rjz+h4XEP16fIR3xBDX1TfDIIuE3fpsQOxyg8lcDZpWYpdn7o4p6RQ6G2xaTSUMlKdzn3v+re9LCCPP9dnTQhvepjAmvJmsOdScpgtYyY4s3mKcw2K0IEC24wAycA78ICdVZ6pApcwtcXhb7qTc+Ag=; Received: from steve by ssh.steve.org.uk with local (Exim 4.84_2) (envelope-from ) id 1dSpb0-0004Na-RS for 27585@debbugs.gnu.org; Wed, 05 Jul 2017 19:04:18 +0000 From: Steve Kemp Date: Wed, 05 Jul 2017 18:55:31 +0000 Message-ID: <1499280931.14677.1@ssh.steve.org.uk> In-Reply-To: <83van6n2ty.fsf@gnu.org> References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> X-added-header: steve.org.uk X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) > > deagol ~ $ perl -e 'print "`" x ( 1024 * 1024 * 12);' > t.el > > deagol ~ $ /usr/bin/emacs --batch --script ./t.el > > .. > > Segmentation fault (core dumped) > > Here it says: > > Re-entering top level after C stack overflow > > and doesn't crash. That's great. For me it crashes on all the versions I've tested. Sometimes with a shorter input, others need longer, but it had seemed universal. > See above: the machinery to try and prevent it exists, but it doesn't > always succeed. And it really can't be 100% reliable. So I'm unsure > what did you expect, and why. Honestly? I expect Emacs to not crash. The mechanics might be simple, or they might be complex but as a mere user I shouldn't be expected to know or care about the details. I expect evaluating lisp to not kill the editor - although I appreciate that executing unknown could code do all kinds of nasty things, from uploading my images to the internet, to running "rm -rf $HOME". The fine manual, in "54.2 When Is There a Bug", agrees. When paraphrased as "segfault == bug". > IOW: why would someone want to run such a silly "program"? In the real world? Nobody. It was just the first crash that came out of fuzz-testing. Perhaps there will be more subtle and interesting ones to report in the future when the fuzzer has ran for a few more days/weeks. Perhaps not. Either way I'd regard it as a bug that should be fixed, even if it is not a security hole, and not something that is going to surprise users in practice. Steve -- https://steve.fi/ From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 05 Jul 2017 19:48:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Steve Kemp Cc: 27585@debbugs.gnu.org Reply-To: Eli Zaretskii Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149928407115477 (code B ref 27585); Wed, 05 Jul 2017 19:48:01 +0000 Received: (at 27585) by debbugs.gnu.org; 5 Jul 2017 19:47:51 +0000 Received: from localhost ([127.0.0.1]:53745 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSqH8-00041Z-Sa for submit@debbugs.gnu.org; Wed, 05 Jul 2017 15:47:51 -0400 Received: from eggs.gnu.org ([208.118.235.92]:58220) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSqH7-00041M-6Y for 27585@debbugs.gnu.org; Wed, 05 Jul 2017 15:47:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dSqGy-00089h-0n for 27585@debbugs.gnu.org; Wed, 05 Jul 2017 15:47:43 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:38572) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dSqGx-00089c-TO; Wed, 05 Jul 2017 15:47:39 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3128 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dSqGx-0002gO-3B; Wed, 05 Jul 2017 15:47:39 -0400 Date: Wed, 05 Jul 2017 22:47:22 +0300 Message-Id: <83tw2qmzsl.fsf@gnu.org> From: Eli Zaretskii In-reply-to: <1499280931.14677.1@ssh.steve.org.uk> (message from Steve Kemp on Wed, 05 Jul 2017 18:55:31 +0000) References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) > From: Steve Kemp > Date: Wed, 05 Jul 2017 18:55:31 +0000 > > > See above: the machinery to try and prevent it exists, but it doesn't > > always succeed. And it really can't be 100% reliable. So I'm unsure > > what did you expect, and why. > > Honestly? I expect Emacs to not crash. You wrote a program that triggers infinite recursion. Such programs will crash in most, if not all, languages. So your expectations are unrealistic. > I expect evaluating lisp to not kill the editor Valid Lisp, I agree. But yours isn't. Moreover, there are those among us (I'm not one of them) who thinks Emacs shouldn't even try to recover from stack overflow, they say it should crash hard right there and then. So your expectations are not necessarily shared, even as aspirations, by some developers. > > IOW: why would someone want to run such a silly "program"? > > In the real world? Nobody. Then why are we discussing this use case? Let's talk about more practical and interesting cases. From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Steve Kemp Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 03:53:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149931317813758 (code B ref 27585); Thu, 06 Jul 2017 03:53:02 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 03:52:58 +0000 Received: from localhost ([127.0.0.1]:54014 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSxqb-0003Zq-Qj for submit@debbugs.gnu.org; Wed, 05 Jul 2017 23:52:57 -0400 Received: from mail.steve.org.uk ([80.68.84.102]:35905 helo=ssh.steve.org.uk) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSxqa-0003Zb-1J for 27585@debbugs.gnu.org; Wed, 05 Jul 2017 23:52:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=steve.org.uk; s=20150726; h=References:In-Reply-To:Message-ID:Date:Subject:From:To; bh=JkTvwmmKwoHiH+NU594eIm3izNymPn0ig8TUdfisR2I=; b=mOJaIc3PDAECg881Hl7dOGOOr5h0TTWz5//AgfUbCPZ4CUKrIImIxxO4xszJVpj4Arb9QAeUkTwaNs4lQXmm5xwbdWJYHPeeJ8P+eSb6FBg453cyHofq4w4mtAbeaIs+KkTYItbgRI08l5hwFRiiQSxi7fYPIOLT27x92/2Dk10=; Received: from steve by ssh.steve.org.uk with local (Exim 4.84_2) (envelope-from ) id 1dSxqT-0008PJ-66 for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 03:52:49 +0000 From: Steve Kemp Date: Thu, 06 Jul 2017 03:46:35 +0000 Message-ID: <1499312795.32152.3@ssh.steve.org.uk> In-Reply-To: <83tw2qmzsl.fsf@gnu.org> References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> <83tw2qmzsl.fsf@gnu.org> X-added-header: steve.org.uk X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) > > I expect evaluating lisp to not kill the editor > > Valid Lisp, I agree. But yours isn't. Here we disagree. I enjoy reporting bugs when invalid things are tried, because I expect software to be robust, or as much as possible. If you feed invalid script to gawk, perl, emacs, etc, etc, I expect an error not a segfault. I appreciate there are often difficult cases, such as infinite recursion, division by zero, and memory exhaustion, but the idea that ones programming environment is free to crash if your code is wrong is .. unpleasant. > > In the real world? Nobody. > > Then why are we discussing this use case? Let's talk about > more practical and interesting cases. I read from this that I should not bother running any more fuzzing, after all if it does result in any crashes they're a result of bogus-coding that would never be hit in the real world. That's unfortunate, but I've no particular wish to argue in public. I will follow your suggestion. Bug left open because it crashes for me, if it fails to crash for others with a somewhat reasonable error message I guess that is good. Steve -- From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Andreas Schwab Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 06:47:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: Steve Kemp , 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149932357829926 (code B ref 27585); Thu, 06 Jul 2017 06:47:02 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 06:46:18 +0000 Received: from localhost ([127.0.0.1]:54113 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT0YM-0007mb-C4 for submit@debbugs.gnu.org; Thu, 06 Jul 2017 02:46:18 -0400 Received: from mx2.suse.de ([195.135.220.15]:48321 helo=mx1.suse.de) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT0YK-0007mT-5Z for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 02:46:16 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id EDE6DAAB9; Thu, 6 Jul 2017 06:46:14 +0000 (UTC) From: Andreas Schwab References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> <83tw2qmzsl.fsf@gnu.org> X-Yow: Sometimes a TABOO is just a good CIGAR -- or a rare STEAK -- or a dry MARTINI! Date: Thu, 06 Jul 2017 08:46:14 +0200 In-Reply-To: <83tw2qmzsl.fsf@gnu.org> (Eli Zaretskii's message of "Wed, 05 Jul 2017 22:47:22 +0300") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) On Jul 05 2017, Eli Zaretskii wrote: > You wrote a program that triggers infinite recursion. This isn't infinite recursion since the input is finite. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 15:18:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Steve Kemp Cc: 27585@debbugs.gnu.org Reply-To: Eli Zaretskii Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149935422924669 (code B ref 27585); Thu, 06 Jul 2017 15:18:03 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 15:17:09 +0000 Received: from localhost ([127.0.0.1]:55286 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT8Wi-0006Po-Pt for submit@debbugs.gnu.org; Thu, 06 Jul 2017 11:17:09 -0400 Received: from eggs.gnu.org ([208.118.235.92]:37471) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT8Wh-0006Pc-PG for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 11:17:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dT8WZ-0001Fw-MN for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 11:17:02 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:53186) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dT8WZ-0001Fg-I3; Thu, 06 Jul 2017 11:16:59 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3499 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dT8WY-0000e8-Na; Thu, 06 Jul 2017 11:16:59 -0400 Date: Thu, 06 Jul 2017 18:16:45 +0300 Message-Id: <83o9sxmw82.fsf@gnu.org> From: Eli Zaretskii In-reply-to: <1499312795.32152.3@ssh.steve.org.uk> (message from Steve Kemp on Thu, 06 Jul 2017 03:46:35 +0000) References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> <83tw2qmzsl.fsf@gnu.org> <1499312795.32152.3@ssh.steve.org.uk> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) > From: Steve Kemp > Date: Thu, 06 Jul 2017 03:46:35 +0000 > > I enjoy reporting bugs when invalid things are tried, because I > expect software to be robust, or as much as possible. If you feed > invalid script to gawk, perl, emacs, etc, etc, I expect an error > not a segfault. I enjoy seeing _any_ bugs reported about Emacs, because we want to make Emacs as robust as possible. Emacs tries very hard not to crash, but sometimes the techniques we use cannot work reliably. As in this case. There's a difference between "as robust as possible" and "100% robust", and expecting not to see segfault _at_all_ from a system with a full-fledged programming language built into it is unrealistic, especially when a program deliberately tries to cause Emacs to run out of memory. > I appreciate there are often difficult cases, such as infinite > recursion, division by zero, and memory exhaustion, but the idea > that ones programming environment is free to crash if your code > is wrong is .. unpleasant. Emacs is not a programming environment. Emacs is an editor and a text-processing environment with a built-in extension language. The extension language is provided for extending the editor, not for running arbitrary programs that have no relation to the editor. You can, of course, do the latter if you wish, but that is not the main use case for Emacs, and not the one for which it is optimized. Making such a marginal use case more important than it is will tax the much more important uses of Emacs as an editor and text-processing tool. Emacs is required not to crash when used in its main roles, or when it runs one of the packages provided with it. It should also try very hard not to crash in other cases as well, but it is not _required_ to do so, not at all costs anyway. What that means is that each crash should first be carefully analyzed in order to understand the underlying reasons and factors which led to the crash. Having found the reasons, if there are reasonable ways of resolving them to prevent the crash, that shall be done. A crash that happens during some use case that belongs to the main Emacs use patterns increases our motivation to seek for a solution, even if the solutions are hard to find or require complicated changes. Crashes outside of the patterns we care about don't produce such an added motivation, but are still solved if the solution is reasonably practical and doesn't adversely affects other important uses. I'm sorry I have to describe all this, which I have no doubt you understand very well. It's just that this discussion until now seems to somehow ignore these simple and clear-cut considerations, without which I feel the discussion loses its important context, and you somehow feel that this project is not interested in hearing about bugs, which is simply not true. > > > In the real world? Nobody. > > > > Then why are we discussing this use case? Let's talk about > > more practical and interesting cases. > > I read from this that I should not bother running any more > fuzzing, after all if it does result in any crashes they're a result > of bogus-coding that would never be hit in the real world. I suggested nothing of the kind. Fuzzing can uncover any number of problems of different nature. Each one of those should be analyzed first, before the decision is made whether it should be fixed and with what priority. I presume that the above is due to some offense you took from what I wrote, which is why I thought it was important to explain what I think should be the way of handling bug reports -- any bug reports -- submitted against Emacs. > That's unfortunate, but I've no particular wish to argue > in public. I will follow your suggestion. Once again, there was no suggestion from me that fuzzing will never uncover any bugs we will consider important to fix, or even unimportant but easy enough to fix. Each bug report is analyzed on its own right, and the decision whether to fix it and at what priority is made independently for each one of them. It doesn't matter what method was used to trigger the problem, the analysis and the conclusion consider the problem itself, not the method used to find it. In this case, Emacs already does everything we knew was possible with modern operating systems (and some of us think we do too much). Emacs tries to avoid stack overflow both on the Lisp level and on the C level, with some non-negligible degree of success. It is entirely clear to us that a cleverly constructed Lisp program could circumvent these defenses and cause a segfault anyway, but Emacs is not supposed to be a 100% safe environment for running such malicious programs; crashing for them is IMO way better than some other possible outcomes, like wiping out the filesystem or wedging the OS kernel. In sum, I hope you will continue trying to break Emacs and will report any "successes", so we could improve Emacs in the future. Thanks. From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 15:20:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Andreas Schwab Cc: steve@steve.org.uk, 27585@debbugs.gnu.org Reply-To: Eli Zaretskii Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149935437624958 (code B ref 27585); Thu, 06 Jul 2017 15:20:02 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 15:19:36 +0000 Received: from localhost ([127.0.0.1]:55303 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT8Z6-0006UU-He for submit@debbugs.gnu.org; Thu, 06 Jul 2017 11:19:36 -0400 Received: from eggs.gnu.org ([208.118.235.92]:38625) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT8Z4-0006UI-JL for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 11:19:34 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dT8Yy-00035N-Hc for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 11:19:29 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:53242) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dT8Yy-00035G-EC; Thu, 06 Jul 2017 11:19:28 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3500 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dT8Yx-0000uV-MJ; Thu, 06 Jul 2017 11:19:28 -0400 Date: Thu, 06 Jul 2017 18:19:14 +0300 Message-Id: <83mv8hmw3x.fsf@gnu.org> From: Eli Zaretskii In-reply-to: (message from Andreas Schwab on Thu, 06 Jul 2017 08:46:14 +0200) References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> <83tw2qmzsl.fsf@gnu.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) > From: Andreas Schwab > Cc: Steve Kemp , 27585@debbugs.gnu.org > Date: Thu, 06 Jul 2017 08:46:14 +0200 > > On Jul 05 2017, Eli Zaretskii wrote: > > > You wrote a program that triggers infinite recursion. > > This isn't infinite recursion since the input is finite. If we want to be pedantically accurate, then no "infinite" recursion is ever truly infinite, since it will always stop when the system is shut down, or the power fails, or the world ends, whichever happens first. So we are actually always talking about recursions deep enough to blow up the stack. From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Andreas Schwab Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 15:32:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: steve@steve.org.uk, 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149935509826115 (code B ref 27585); Thu, 06 Jul 2017 15:32:02 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 15:31:38 +0000 Received: from localhost ([127.0.0.1]:55318 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT8kk-0006n9-Cb for submit@debbugs.gnu.org; Thu, 06 Jul 2017 11:31:38 -0400 Received: from mx2.suse.de ([195.135.220.15]:38789 helo=mx1.suse.de) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT8kj-0006n1-44 for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 11:31:37 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id E9245AC37; Thu, 6 Jul 2017 15:31:35 +0000 (UTC) From: Andreas Schwab References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> <83tw2qmzsl.fsf@gnu.org> <83mv8hmw3x.fsf@gnu.org> X-Yow: Hmmm.. A hash-singer and a cross-eyed guy were SLEEPING on a deserted island, when... Date: Thu, 06 Jul 2017 17:31:35 +0200 In-Reply-To: <83mv8hmw3x.fsf@gnu.org> (Eli Zaretskii's message of "Thu, 06 Jul 2017 18:19:14 +0300") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) On Jul 06 2017, Eli Zaretskii wrote: >> From: Andreas Schwab >> Cc: Steve Kemp , 27585@debbugs.gnu.org >> Date: Thu, 06 Jul 2017 08:46:14 +0200 >> >> On Jul 05 2017, Eli Zaretskii wrote: >> >> > You wrote a program that triggers infinite recursion. >> >> This isn't infinite recursion since the input is finite. > > If we want to be pedantically accurate, then no "infinite" recursion > is ever truly infinite, since it will always stop when the system is > shut down, or the power fails, or the world ends, whichever happens > first. This is not a useful way to categorize infinite recursion. In this case, the recursion is always bounded by the size of the input. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Steve Kemp Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 15:38:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149935545826604 (code B ref 27585); Thu, 06 Jul 2017 15:38:01 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 15:37:38 +0000 Received: from localhost ([127.0.0.1]:55323 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT8qY-0006v2-4B for submit@debbugs.gnu.org; Thu, 06 Jul 2017 11:37:38 -0400 Received: from mail.steve.org.uk ([80.68.84.102]:37227 helo=ssh.steve.org.uk) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT8qV-0006up-SU for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 11:37:36 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=steve.org.uk; s=20150726; h=References:In-Reply-To:Message-ID:Date:Subject:From:To; bh=V95VceHfaWaCvKHO1tultwfXQYoUSJrvRD8wQkCGVtQ=; b=K1e5ZFTfcegn6VMw3713co2t0WjWC8laVjfCmN/Nu+lDmLq6/ELnOPQ+/BpVGq64n9ANAFKetm/StxA5RinEO/IK5lIxi4gBvrY6wk1ojC60E1Ux1Ss4+puyVg1xCrlR/aPpVWGkTkPLZbOjp/5HwBQXVvbPrMK9bq4FvD8ED8w=; Received: from steve by ssh.steve.org.uk with local (Exim 4.84_2) (envelope-from ) id 1dT8qO-0004ug-Ic for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 15:37:28 +0000 From: Steve Kemp Date: Thu, 06 Jul 2017 15:33:42 +0000 Message-ID: <1499355222.18729.1@ssh.steve.org.uk> In-Reply-To: <83o9sxmw82.fsf@gnu.org> References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> <83tw2qmzsl.fsf@gnu.org> <1499312795.32152.3@ssh.steve.org.uk> <83o9sxmw82.fsf@gnu.org> X-added-header: steve.org.uk X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) > I presume that the above is due to some offense you > took from what I wrote, which is why I thought it was important to > explain what I think should be the way of handling bug reports -- any > bug reports -- submitted against Emacs. I appreciate the time you took to do so, but no, no offense was taken. I only thought stopping was sensible because my experience is that fuzzing tends to discover are things that are malformed, broken, and almost never the kind of things that a user would intend to do. In short your initial response to this particular case seems like it would apply to any similar issue which is liable to be discovered - they'd be genuine bugs, but they'd also be things that would never happen "in the wild", so while they wouldn't be ignored, it would be easy to push them to the back of the queue. > In sum, I hope you will continue trying to break Emacs and will report > any "successes", so we could improve Emacs in the future. THanks. I'm sitting on a couple of hundred crashing cases, just trying to simplify them and see if they share the same cause (they probably do). Steve -- https://steve.fi/ From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 15:39:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Andreas Schwab Cc: steve@steve.org.uk, 27585@debbugs.gnu.org Reply-To: Eli Zaretskii Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149935548326668 (code B ref 27585); Thu, 06 Jul 2017 15:39:02 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 15:38:03 +0000 Received: from localhost ([127.0.0.1]:55327 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT8qx-0006w4-DX for submit@debbugs.gnu.org; Thu, 06 Jul 2017 11:38:03 -0400 Received: from eggs.gnu.org ([208.118.235.92]:44706) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT8qv-0006vT-4d for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 11:38:01 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dT8qm-00088m-Fs for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 11:37:55 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:53582) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dT8qm-00088T-Cv; Thu, 06 Jul 2017 11:37:52 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3513 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dT8ql-0008CI-IY; Thu, 06 Jul 2017 11:37:52 -0400 Date: Thu, 06 Jul 2017 18:37:37 +0300 Message-Id: <83inj5mv9a.fsf@gnu.org> From: Eli Zaretskii In-reply-to: (message from Andreas Schwab on Thu, 06 Jul 2017 17:31:35 +0200) References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> <83tw2qmzsl.fsf@gnu.org> <83mv8hmw3x.fsf@gnu.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) > From: Andreas Schwab > Cc: steve@steve.org.uk, 27585@debbugs.gnu.org > Date: Thu, 06 Jul 2017 17:31:35 +0200 > > > If we want to be pedantically accurate, then no "infinite" recursion > > is ever truly infinite, since it will always stop when the system is > > shut down, or the power fails, or the world ends, whichever happens > > first. > > This is not a useful way to categorize infinite recursion. Neither is this hair-splitting. From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Andreas Schwab Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 15:42:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: steve@steve.org.uk, 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149935570226974 (code B ref 27585); Thu, 06 Jul 2017 15:42:01 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 15:41:42 +0000 Received: from localhost ([127.0.0.1]:55331 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT8uU-000710-0H for submit@debbugs.gnu.org; Thu, 06 Jul 2017 11:41:42 -0400 Received: from mx2.suse.de ([195.135.220.15]:39310 helo=mx1.suse.de) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT8uS-00070s-8C for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 11:41:40 -0400 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 77A52AC37; Thu, 6 Jul 2017 15:41:39 +0000 (UTC) From: Andreas Schwab References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> <83tw2qmzsl.fsf@gnu.org> <83mv8hmw3x.fsf@gnu.org> <83inj5mv9a.fsf@gnu.org> X-Yow: .. hubub, hubub, HUBUB, hubub, hubub, hubub, HUBUB, hubub, hubub, hubub. Date: Thu, 06 Jul 2017 17:41:39 +0200 In-Reply-To: <83inj5mv9a.fsf@gnu.org> (Eli Zaretskii's message of "Thu, 06 Jul 2017 18:37:37 +0300") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) On Jul 06 2017, Eli Zaretskii wrote: >> From: Andreas Schwab >> Cc: steve@steve.org.uk, 27585@debbugs.gnu.org >> Date: Thu, 06 Jul 2017 17:31:35 +0200 >> >> > If we want to be pedantically accurate, then no "infinite" recursion >> > is ever truly infinite, since it will always stop when the system is >> > shut down, or the power fails, or the world ends, whichever happens >> > first. >> >> This is not a useful way to categorize infinite recursion. > > Neither is this hair-splitting. Nothing of this is hair-splitting. Andreas. -- Andreas Schwab, SUSE Labs, schwab@suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Daniel Colascione Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 15:49:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii ,Steve Kemp Cc: 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149935613927596 (code B ref 27585); Thu, 06 Jul 2017 15:49:02 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 15:48:59 +0000 Received: from localhost ([127.0.0.1]:55335 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT91W-0007B2-Pz for submit@debbugs.gnu.org; Thu, 06 Jul 2017 11:48:59 -0400 Received: from dancol.org ([96.126.100.184]:34092) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT91V-0007Av-Hs for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 11:48:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; s=x; h=Message-ID:From:CC:To:Subject:Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Date; bh=j/Gim+LNmwycvfdit/VGa1N50JVo/NkuWWxlu/UhWpU=; b=jcZ13U7FIsupQ49g6XulICzm+v44FGcAXcPNinjA2JGS7U8D+e7JAlxu9rQqP1e10GxqBwUaHxeJLHfGEvgHWWuml2UHwxU2/x9hGZ5maZpgeYoZ/wqrYpb1/HyhWsfdBEN6FOeAFLyNp28icZt3xOsSUrvrszRg14BDbi1zC58l8tyivnNG0sayRDY62OAcNXsYVR18++drkIcORy3AGtZ2Rj+RxSzbPQ848xXmw9C/F8dxuz2T9P2RsLiLL/g2LHvLl6W+nlSB/NDqAon0B0wwere/ZITvZuV+mZ2gBEmgEu1eyJsxQEoRx6DLJ2mkwws5RKDlkO48FOqmknfQDA==; Received: from [2601:602:9803:17b3:e939:8d47:78c0:9e9] by dancol.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dT91R-00073U-0i; Thu, 06 Jul 2017 08:48:53 -0700 Date: Thu, 06 Jul 2017 08:48:44 -0700 User-Agent: K-9 Mail for Android In-Reply-To: <83van6n2ty.fsf@gnu.org> References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Daniel Colascione Message-ID: <89EFFA90-3F70-49E5-927C-7A52619EC286@dancol.org> X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On July 5, 2017 11:41:45 AM PDT, Eli Zaretskii wrote: >> From: Steve Kemp >> Date: Wed, 05 Jul 2017 06:21:10 +0000 >>=20 >>=20 >> I've recently started fuzzing GNU Emacs, using the current git >sources=2E >> During the course of that work I stumbled upon this easily >reproduced bug: >>=20 >> deagol ~ $ perl -e 'print "`" x ( 1024 * 1024 * 12);' > t=2Eel >> deagol ~ $ /usr/bin/emacs --batch --script =2E/t=2Eel >> =2E=2E >> Segmentation fault (core dumped) > >Here it says: > > Re-entering top level after C stack overflow > >and doesn't crash=2E > >> > Most likely just a stack overflow=2E >>=20 >> Agreed, but still I think a segfault is unexpected and could be >> prevented=2E > >See above: the machinery to try and prevent it exists, but it doesn't >always succeed=2E And it really can't be 100% reliable=2E So I'm unsure >what did you expect, and why=2E Emacs generally gives you enough rope >to hang yourself; it's up to you not to be tempted to do so=2E=2E=2E This argument doesn't make sense to me=2E If we're happy letting elisp seg= fault, why bounds check AREF?=20 Other managed runtimes --- Java, C# --- are perfectly capable of reliably = detecting and recovering from stack exhaustion=2E There is absolutely no re= ason, aside from an implementation defect, for the elisp runtime not to do = the same=2E Stack overflow detection could be made perfectly reliable=2E > >IOW: why would someone want to run such a silly "program"? From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Daniel Colascione Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 15:53:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii ,Steve Kemp Cc: 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149935637827937 (code B ref 27585); Thu, 06 Jul 2017 15:53:02 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 15:52:58 +0000 Received: from localhost ([127.0.0.1]:55339 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT95O-0007GV-Df for submit@debbugs.gnu.org; Thu, 06 Jul 2017 11:52:58 -0400 Received: from dancol.org ([96.126.100.184]:34100) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT95M-0007GN-G8 for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 11:52:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; s=x; h=Message-ID:From:CC:To:Subject:Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Date; bh=hOcImo3+C+EnnXlWPKrIpmjzh375OhnG1773PUt9Fv4=; b=DVdsTS+5KqsRkaw5yRAZ9ICTHnxRgFfTfl0SyNpckEqgDZ3/YZ1Bnv6b3J8pvDKjGSMyBd9c6LNG4+rvFMr9vBx/REbodJDFtBzaHB41DtTfUNSDp7qK+3ReFXlDBqnNQ3CBdhB3zvbE8pGh7f/HLXlYJ1jOrs1rEMcbm1IGBaI/sa47bk6SAIiI4yhvg+qq2T7F8Zo5zlqCWX93cZrfQ26VRJgj3FXAMlZinhCfSngdTJg5HSdcw09ET1c/fHprecpP9UeTzqHmkA83gWDEsQJpoXyDY4QsAqjHCOu+uqTk11mu0WLOd325VEG6Zx0Syd8ZiKsp0HEGY41LWVSv9Q==; Received: from [2601:602:9803:17b3:e939:8d47:78c0:9e9] by dancol.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dT95J-00075Q-VM; Thu, 06 Jul 2017 08:52:54 -0700 Date: Thu, 06 Jul 2017 08:52:44 -0700 User-Agent: K-9 Mail for Android In-Reply-To: <83tw2qmzsl.fsf@gnu.org> References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> <83tw2qmzsl.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Daniel Colascione Message-ID: <6EDA4B5A-B345-4A8A-8F03-2925B671505B@dancol.org> X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On July 5, 2017 12:47:22 PM PDT, Eli Zaretskii wrote: >> From: Steve Kemp >> Date: Wed, 05 Jul 2017 18:55:31 +0000 >>=20 >> > See above: the machinery to try and prevent it exists, but it >doesn't >> > always succeed=2E And it really can't be 100% reliable=2E So I'm >unsure >> > what did you expect, and why=2E >>=20 >> Honestly? I expect Emacs to not crash=2E > >You wrote a program that triggers infinite recursion=2E Such programs >will crash in most, if not all, languages=2E So your expectations are >unrealistic=2E > >> I expect evaluating lisp to not kill the editor > >Valid Lisp, I agree=2E But yours isn't=2E > >Moreover, there are those among us (I'm not one of them) who thinks >Emacs shouldn't even try to recover from stack overflow, they say it >should crash hard right there and then=2E Native stack? Certainly=2E The current approach, a signal handler that lon= gjmps to top-level, cannot possibly work reliability, since it interrupts a= nd abandons whatever the code is doing=2E If it has some kind of lock held = and you try to take that lock again, you deadlock=2E Data structures might = be in completely incoherent states=2E The last time we had this discussion,= someone asserted that the worst that could happen might be a "memory leak"= =2E That's very wrong=2E This signal handler is a huge, ticking time bomb, and I completely turn it= off in my Emacs=2E Everyone else should too=2E Recovering when elisp blows the stack is a different matter=2E > >So your expectations are not necessarily shared, even as aspirations, >by some developers=2E > >> > IOW: why would someone want to run such a silly "program"? >>=20 >> In the real world? Nobody=2E > >Then why are we discussing this use case? Let's talk about >more practical and interesting cases=2E From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 16:21:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Daniel Colascione Cc: steve@steve.org.uk, 27585@debbugs.gnu.org Reply-To: Eli Zaretskii Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149935800630310 (code B ref 27585); Thu, 06 Jul 2017 16:21:01 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 16:20:06 +0000 Received: from localhost ([127.0.0.1]:55359 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT9Vd-0007sn-Nn for submit@debbugs.gnu.org; Thu, 06 Jul 2017 12:20:05 -0400 Received: from eggs.gnu.org ([208.118.235.92]:34491) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT9Vc-0007sG-1H for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 12:20:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dT9VT-0000kL-SP for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 12:19:58 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_40,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:54518) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dT9VT-0000kD-Ob; Thu, 06 Jul 2017 12:19:55 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3531 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dT9VS-000152-S9; Thu, 06 Jul 2017 12:19:55 -0400 Date: Thu, 06 Jul 2017 19:19:40 +0300 Message-Id: <83fue9mtb7.fsf@gnu.org> From: Eli Zaretskii In-reply-to: <6EDA4B5A-B345-4A8A-8F03-2925B671505B@dancol.org> (message from Daniel Colascione on Thu, 06 Jul 2017 08:52:44 -0700) References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> <83tw2qmzsl.fsf@gnu.org> <6EDA4B5A-B345-4A8A-8F03-2925B671505B@dancol.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) > Date: Thu, 06 Jul 2017 08:52:44 -0700 > CC: 27585@debbugs.gnu.org > From: Daniel Colascione > > >Moreover, there are those among us (I'm not one of them) who thinks > >Emacs shouldn't even try to recover from stack overflow, they say it > >should crash hard right there and then. > > Native stack? Certainly. Yes, this discussion is about the native stack, not the ELisp stack. > Recovering when elisp blows the stack is a different matter. I believe we already do that. From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 16:25:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Steve Kemp Cc: 27585@debbugs.gnu.org Reply-To: Eli Zaretskii Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149935828730717 (code B ref 27585); Thu, 06 Jul 2017 16:25:02 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 16:24:47 +0000 Received: from localhost ([127.0.0.1]:55363 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT9aB-0007zN-Bi for submit@debbugs.gnu.org; Thu, 06 Jul 2017 12:24:47 -0400 Received: from eggs.gnu.org ([208.118.235.92]:36723) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT9a9-0007zA-Ox for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 12:24:46 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dT9a1-0003vd-HG for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 12:24:40 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:54583) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dT9a1-0003vZ-DP; Thu, 06 Jul 2017 12:24:37 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3534 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dT9a0-0001MO-Op; Thu, 06 Jul 2017 12:24:37 -0400 Date: Thu, 06 Jul 2017 19:24:23 +0300 Message-Id: <83efttmt3c.fsf@gnu.org> From: Eli Zaretskii In-reply-to: <1499355222.18729.1@ssh.steve.org.uk> (message from Steve Kemp on Thu, 06 Jul 2017 15:33:42 +0000) References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> <83tw2qmzsl.fsf@gnu.org> <1499312795.32152.3@ssh.steve.org.uk> <83o9sxmw82.fsf@gnu.org> <1499355222.18729.1@ssh.steve.org.uk> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) > From: Steve Kemp > Date: Thu, 06 Jul 2017 15:33:42 +0000 > > In short your initial response to this particular case seems > like it would apply to any similar issue which is liable to > be discovered - they'd be genuine bugs, but they'd also be things > that would never happen "in the wild", so while they wouldn't > be ignored, it would be easy to push them to the back of the queue. That wasn't my intent, and I apologize if my wording somehow implied that. I was only talking about the particular crash you reported. Any other crash should be analyzed separately, and the conclusion could very well be different. > THanks. I'm sitting on a couple of hundred crashing cases, just > trying to simplify them and see if they share the same cause (they > probably do). Well, I hope some of them are for different reasons. It is strange you cannot trigger the stack-overflow protection in your build, though. If you write a trivial infinite-recursion Lisp function, and then run it after lifting max-lisp-eval-depth and max-specpdl-size to the largest positive number, don't you see what I saw on my system? From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Daniel Colascione Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 16:38:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: steve@steve.org.uk, 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.149935906131916 (code B ref 27585); Thu, 06 Jul 2017 16:38:02 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 16:37:41 +0000 Received: from localhost ([127.0.0.1]:55368 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT9mf-0008Ii-It for submit@debbugs.gnu.org; Thu, 06 Jul 2017 12:37:41 -0400 Received: from dancol.org ([96.126.100.184]:34714) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dT9md-0008IZ-UA for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 12:37:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; s=x; h=Message-ID:From:CC:To:Subject:Content-Transfer-Encoding:Content-Type:MIME-Version:References:In-Reply-To:Date; bh=5KUNp9AC9vVRcHk2MfUOrBBrhBzNV36d4Sdc4mVguAA=; b=NobzPHEkPqhFyB+SZXEp2DjkDotv4yH65VhsVQ6Euw9oZiywzU4UL7Uy9v88YL2r3J5hukQThHNuiqzFrwObAqSTVc9rGALvshqOB/4Bs9d+W2XWizwZNT2t8yWuHTLKBhHGd2lWC7FfuvwDs1SxjiA5EXUltTZuIkevdjPoZobTI5NxvNAN1ruc5pGBOMvLBwzmUMMEvV0pyfBO5V+3XckmYUAvzHG/U8OjkQXgYyn+8TXO0AiVmPDxPKeQ5CRKBJB8vLUovP+FFfDZc1aCDeeFXNAWRF6KUODA10NT5o/Skk9SzP9K+tpCexSZaWEX2LYbthpwsIt8TlZa1cmUIA==; Received: from [2601:602:9803:17b3:e939:8d47:78c0:9e9] by dancol.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1dT9mb-0007VA-At; Thu, 06 Jul 2017 09:37:37 -0700 Date: Thu, 06 Jul 2017 09:37:30 -0700 User-Agent: K-9 Mail for Android In-Reply-To: <83fue9mtb7.fsf@gnu.org> References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> <83tw2qmzsl.fsf@gnu.org> <6EDA4B5A-B345-4A8A-8F03-2925B671505B@dancol.org> <83fue9mtb7.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable From: Daniel Colascione Message-ID: X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On July 6, 2017 9:19:40 AM PDT, Eli Zaretskii wrote: >> Date: Thu, 06 Jul 2017 08:52:44 -0700 >> CC: 27585@debbugs=2Egnu=2Eorg >> From: Daniel Colascione >>=20 >> >Moreover, there are those among us (I'm not one of them) who thinks >> >Emacs shouldn't even try to recover from stack overflow, they say it >> >should crash hard right there and then=2E >>=20 >> Native stack? Certainly=2E > >Yes, this discussion is about the native stack, not the ELisp stack=2E Sort of --- an elisp file is driving the native code to blow its stack=2E = I really don't think that any valid syntax should cause Emacs to segfault= =2E In this instance, couldn't we add a hard threshold to limit recursion? > >> Recovering when elisp blows the stack is a different matter=2E > >I believe we already do that=2E We have a threshold=2E It's conservative, but it works most of the time=2E= IMHO, explicit stack probing would be both less conservative and note robu= st=2E From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 06 Jul 2017 17:29:03 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Daniel Colascione Cc: steve@steve.org.uk, 27585@debbugs.gnu.org Reply-To: Eli Zaretskii Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.14993621063967 (code B ref 27585); Thu, 06 Jul 2017 17:29:03 +0000 Received: (at 27585) by debbugs.gnu.org; 6 Jul 2017 17:28:26 +0000 Received: from localhost ([127.0.0.1]:55397 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTAZm-00011u-4g for submit@debbugs.gnu.org; Thu, 06 Jul 2017 13:28:26 -0400 Received: from eggs.gnu.org ([208.118.235.92]:38837) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dTAZk-00011h-2M for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 13:28:24 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dTAZZ-0001rj-Pl for 27585@debbugs.gnu.org; Thu, 06 Jul 2017 13:28:18 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.0 required=5.0 tests=BAYES_20,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:55400) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dTAZZ-0001rX-Lt; Thu, 06 Jul 2017 13:28:13 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:3552 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dTAZY-0002rE-Se; Thu, 06 Jul 2017 13:28:13 -0400 Date: Thu, 06 Jul 2017 20:27:59 +0300 Message-Id: <83bmoxmq5c.fsf@gnu.org> From: Eli Zaretskii In-reply-to: (message from Daniel Colascione on Thu, 06 Jul 2017 09:37:30 -0700) References: <1499235670.28433.1@ssh.steve.org.uk> <83van6n2ty.fsf@gnu.org> <1499280931.14677.1@ssh.steve.org.uk> <83tw2qmzsl.fsf@gnu.org> <6EDA4B5A-B345-4A8A-8F03-2925B671505B@dancol.org> <83fue9mtb7.fsf@gnu.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) > Date: Thu, 06 Jul 2017 09:37:30 -0700 > CC: steve@steve.org.uk,27585@debbugs.gnu.org > From: Daniel Colascione > > In this instance, couldn't we add a hard threshold to limit recursion? I'm not sure I understand the proposal. Could you elaborate? > >> Recovering when elisp blows the stack is a different matter. > > > >I believe we already do that. > > We have a threshold. It's conservative, but it works most of the time. IMHO, explicit stack probing would be both less conservative and note robust. Won't it be expensive? Or maybe I don't have a clear idea what you meant by "stack probing". From unknown Fri Aug 15 16:58:05 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Steve Kemp Subject: bug#27585: closed (Re: bug#27585: segfault when evaluating a file containing only backticks) Message-ID: References: <070206be-9f8b-a324-0650-fd21b37a4132@cs.ucla.edu> <1499235670.28433.1@ssh.steve.org.uk> X-Gnu-PR-Message: they-closed 27585 X-Gnu-PR-Package: emacs Reply-To: 27585@debbugs.gnu.org Date: Fri, 14 Jul 2017 12:10:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1500034202-26236-1" This is a multi-part message in MIME format... ------------=_1500034202-26236-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #27585: segfault when evaluating a file containing only backticks which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 27585@debbugs.gnu.org. --=20 27585: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D27585 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1500034202-26236-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 27585-done) by debbugs.gnu.org; 14 Jul 2017 12:09:44 +0000 Received: from localhost ([127.0.0.1]:37829 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dVzPj-0006od-Mn for submit@debbugs.gnu.org; Fri, 14 Jul 2017 08:09:44 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:33030) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dVzPh-0006oN-Sb for 27585-done@debbugs.gnu.org; Fri, 14 Jul 2017 08:09:42 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 071EB1601EA; Fri, 14 Jul 2017 05:09:36 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 8LVoba2Z6IK9; Fri, 14 Jul 2017 05:09:34 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id E0E76160182; Fri, 14 Jul 2017 05:09:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id GBr3Xqxo-tNr; Fri, 14 Jul 2017 05:09:34 -0700 (PDT) Received: from [192.168.1.9] (unknown [47.153.184.153]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id BD63A1600D7; Fri, 14 Jul 2017 05:09:34 -0700 (PDT) To: Steve Kemp From: Paul Eggert Subject: Re: bug#27585: segfault when evaluating a file containing only backticks Organization: UCLA Computer Science Department Message-ID: <070206be-9f8b-a324-0650-fd21b37a4132@cs.ucla.edu> Date: Fri, 14 Jul 2017 05:09:34 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="------------F10835463FC78717B7C06DF8" Content-Language: en-US X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: 27585-done Cc: 27585-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) This is a multi-part message in MIME format. --------------F10835463FC78717B7C06DF8 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Thanks for reporting the bug. I reproduced the problem on Fedora 26 x86-6= 4,=20 fixed it in master by applying the attached patch, and am boldly marking = the bug=20 as fixed. As Eli and Daniel mentioned, this area of Emacs cannot be 100% reliable a= nd to=20 some extent is indeed a "ticking time bomb". That being said, the problem= in=20 this particular case was that Emacs had a bad heuristic for guessing whet= her a=20 segmentation violation address was due to stack overflow on GNU/Linux. Th= is bad=20 heuristic has been in place for years without anybody reporting it. It's = good=20 that we fixed this bug (though I hope "normal" users never notice the bug= fix :-). --------------F10835463FC78717B7C06DF8 Content-Type: text/x-patch; name="0001-Improve-stack-overflow-heuristic-on-GNU-Linux.patch" Content-Transfer-Encoding: quoted-printable Content-Disposition: attachment; filename="0001-Improve-stack-overflow-heuristic-on-GNU-Linux.patch" =46rom 9dee1c884eb50ba282eb9dd2495c5269add25963 Mon Sep 17 00:00:00 2001 From: Paul Eggert Date: Fri, 14 Jul 2017 04:54:05 -0700 Subject: [PATCH] Improve stack-overflow heuristic on GNU/Linux Problem reported by Steve Kemp (Bug#27585). * src/eval.c (near_C_stack_top): Remove. All uses replaced by current_thread->stack_top. (record_in_backtrace): Set current_thread->stack_top. This is for when the Lisp interpreter calls itself. * src/lread.c (read1): Set current_thread->stack_top. This is for recursive s-expression reads. * src/print.c (print_object): Set current_thread->stack_top. This is for recursive s-expression printing. * src/thread.c (mark_one_thread): Get stack top first. * src/thread.h (struct thread_state.stack_top): Now void *, not char *. --- src/eval.c | 9 +-------- src/lisp.h | 1 - src/lread.c | 1 + src/print.c | 2 +- src/sysdep.c | 2 +- src/thread.c | 10 ++++++---- src/thread.h | 10 ++++++++-- 7 files changed, 18 insertions(+), 17 deletions(-) diff --git a/src/eval.c b/src/eval.c index 8f293c9..e590038 100644 --- a/src/eval.c +++ b/src/eval.c @@ -213,13 +213,6 @@ backtrace_next (union specbinding *pdl) return pdl; } =20 -/* Return a pointer to somewhere near the top of the C stack. */ -void * -near_C_stack_top (void) -{ - return backtrace_args (backtrace_top ()); -} - void init_eval_once (void) { @@ -2090,7 +2083,7 @@ record_in_backtrace (Lisp_Object function, Lisp_Obj= ect *args, ptrdiff_t nargs) specpdl_ptr->bt.kind =3D SPECPDL_BACKTRACE; specpdl_ptr->bt.debug_on_exit =3D false; specpdl_ptr->bt.function =3D function; - specpdl_ptr->bt.args =3D args; + current_thread->stack_top =3D specpdl_ptr->bt.args =3D args; specpdl_ptr->bt.nargs =3D nargs; grow_specpdl (); =20 diff --git a/src/lisp.h b/src/lisp.h index f5cb6c7..1e8ef7a 100644 --- a/src/lisp.h +++ b/src/lisp.h @@ -3874,7 +3874,6 @@ extern Lisp_Object vformat_string (const char *, va= _list) ATTRIBUTE_FORMAT_PRINTF (1, 0); extern void un_autoload (Lisp_Object); extern Lisp_Object call_debugger (Lisp_Object arg); -extern void *near_C_stack_top (void); extern void init_eval_once (void); extern Lisp_Object safe_call (ptrdiff_t, Lisp_Object, ...); extern Lisp_Object safe_call1 (Lisp_Object, Lisp_Object); diff --git a/src/lread.c b/src/lread.c index fe5de38..901e40b 100644 --- a/src/lread.c +++ b/src/lread.c @@ -2676,6 +2676,7 @@ read1 (Lisp_Object readcharfun, int *pch, bool firs= t_in_list) bool uninterned_symbol =3D false; bool multibyte; char stackbuf[MAX_ALLOCA]; + current_thread->stack_top =3D stackbuf; =20 *pch =3D 0; =20 diff --git a/src/print.c b/src/print.c index b6ea3ff..12edf01 100644 --- a/src/print.c +++ b/src/print.c @@ -1748,7 +1748,7 @@ print_object (Lisp_Object obj, Lisp_Object printcha= rfun, bool escapeflag) char buf[max (sizeof "from..to..in " + 2 * INT_STRLEN_BOUND (EMACS_INT= ), max (sizeof " . #" + INT_STRLEN_BOUND (printmax_t), 40))]; - + current_thread->stack_top =3D buf; maybe_quit (); =20 /* Detect circularities and truncate them. */ diff --git a/src/sysdep.c b/src/sysdep.c index b522367..db99f53 100644 --- a/src/sysdep.c +++ b/src/sysdep.c @@ -1772,7 +1772,7 @@ stack_overflow (siginfo_t *siginfo) /* The known top and bottom of the stack. The actual stack may extend a bit beyond these boundaries. */ char *bot =3D stack_bottom; - char *top =3D near_C_stack_top (); + char *top =3D current_thread->stack_top; =20 /* Log base 2 of the stack heuristic ratio. This ratio is the size of the known stack divided by the size of the guard area past the diff --git a/src/thread.c b/src/thread.c index e378797..1f7ced3 100644 --- a/src/thread.c +++ b/src/thread.c @@ -595,14 +595,15 @@ thread_select (select_func *func, int max_fds, fd_s= et *rfds, static void mark_one_thread (struct thread_state *thread) { - struct handler *handler; - Lisp_Object tem; + /* Get the stack top now, in case mark_specpdl changes it. */ + void *stack_top =3D thread->stack_top; =20 mark_specpdl (thread->m_specpdl, thread->m_specpdl_ptr); =20 - mark_stack (thread->m_stack_bottom, thread->stack_top); + mark_stack (thread->m_stack_bottom, stack_top); =20 - for (handler =3D thread->m_handlerlist; handler; handler =3D handler->= next) + for (struct handler *handler =3D thread->m_handlerlist; + handler; handler =3D handler->next) { mark_object (handler->tag_or_ch); mark_object (handler->val); @@ -610,6 +611,7 @@ mark_one_thread (struct thread_state *thread) =20 if (thread->m_current_buffer) { + Lisp_Object tem; XSETBUFFER (tem, thread->m_current_buffer); mark_object (tem); } diff --git a/src/thread.h b/src/thread.h index 9e94de5..52b16f1 100644 --- a/src/thread.h +++ b/src/thread.h @@ -62,8 +62,14 @@ struct thread_state char *m_stack_bottom; #define stack_bottom (current_thread->m_stack_bottom) =20 - /* An address near the top of the stack. */ - char *stack_top; + /* The address of an object near the C stack top, used to determine + which words need to be scanned by the garbage collector. This is + also used to detect heuristically whether segmentation violation + address indicates stack overflow, as opposed to some internal + error in Emacs. If the C function F calls G which calls H which + calls ... F, then at least one of the functions in the chain + should set this to the address of a local variable. */ + void *stack_top; =20 struct catchtag *m_catchlist; #define catchlist (current_thread->m_catchlist) --=20 2.7.4 --------------F10835463FC78717B7C06DF8-- ------------=_1500034202-26236-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 5 Jul 2017 06:28:58 +0000 Received: from localhost ([127.0.0.1]:52836 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSdo2-0003q8-6t for submit@debbugs.gnu.org; Wed, 05 Jul 2017 02:28:58 -0400 Received: from eggs.gnu.org ([208.118.235.92]:43018) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dSdo0-0003pu-AF for submit@debbugs.gnu.org; Wed, 05 Jul 2017 02:28:56 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dSdnu-0006J3-45 for submit@debbugs.gnu.org; Wed, 05 Jul 2017 02:28:51 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:33981) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dSdnu-0006Iz-0P for submit@debbugs.gnu.org; Wed, 05 Jul 2017 02:28:50 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:33983) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dSdns-0006fT-8k for bug-gnu-emacs@gnu.org; Wed, 05 Jul 2017 02:28:49 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dSdno-0006ID-9M for bug-gnu-emacs@gnu.org; Wed, 05 Jul 2017 02:28:48 -0400 Received: from mail.steve.org.uk ([80.68.84.102]:33492 helo=ssh.steve.org.uk) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dSdno-0006Hu-0w for bug-gnu-emacs@gnu.org; Wed, 05 Jul 2017 02:28:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=steve.org.uk; s=20150726; h=Date:Message-ID:Subject:From:To; bh=25AdITRiXVwkv7wLNY7pWJMaD9p0EH+ylloDyjYUF2E=; b=g1Ot9mXQNB3+sL5h+0mAUmdrBeTyPHQLLN9ufPnp6z6t15ERwL+3OERnYWvXErvXbA27iKqYFFChWV/BbQ1rxss97G8JJVg31eo1fKVqN7AE3rCrtmrlJloKE1erPU+o8rFQI9IX0NN9Cz0SQcSigSRMwi1EKY04JdBiqVHbm+0=; Received: from steve by ssh.steve.org.uk with local (Exim 4.84_2) (envelope-from ) id 1dSdni-0007gL-BS for bug-gnu-emacs@gnu.org; Wed, 05 Jul 2017 06:28:38 +0000 To: bug-gnu-emacs@gnu.org From: Steve Kemp Subject: segfault when evaluating a file containing only backticks Message-ID: <1499235670.28433.1@ssh.steve.org.uk> Date: Wed, 05 Jul 2017 06:21:10 +0000 X-added-header: steve.org.uk X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.0 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.0 (----) I've recently started fuzzing GNU Emacs, using the current git sources. During the course of that work I stumbled upon this easily reproduced bug: deagol ~ $ perl -e 'print "`" x ( 1024 * 1024 * 12);' > t.el deagol ~ $ /usr/bin/emacs --batch --script ./t.el .. Segmentation fault (core dumped) (So I'm trying to call "emacs --batch --script $file" where the file contains thousands of repeated backtick-characters.) Because I've built from source I can see this backtrace: #5 handle_sigsegv (sig=11, siginfo=, arg=) at sysdep.c:1811 #6 #7 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc661e010, first_in_list=first_in_list@entry=false) at lread.c:2923 #8 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #9 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc66220c0, first_in_list=first_in_list@entry=false) at lread.c:3149 #10 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #11 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc6626170, first_in_list=first_in_list@entry=false) at lread.c:3149 #12 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #13 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc662a220, first_in_list=first_in_list@entry=false) at lread.c:3149 #14 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #15 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc662e2d0, first_in_list=first_in_list@entry=false) at lread.c:3149 #16 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #17 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc6632380, first_in_list=first_in_list@entry=false) at lread.c:3149 #18 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #19 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc6636430, first_in_list=first_in_list@entry=false) at lread.c:3149 #20 0x0000000000ad8cda in read0 (readcharfun=35581829) at lread.c:2220 #21 read1 (readcharfun=readcharfun@entry=35581829, pch=pch@entry=0x7ffcc663a4e0, first_in_list=first_in_list@entry=false) at lread.c:3149 .... I've replicated this upon the package of GNU Emacs as available to the old-stable/jessie release of Debian GNU/Linux, which identifies itself as: In GNU Emacs 24.5.1 (x86_64-pc-linux-gnu, GTK+ Version 3.14.5) of 2016-03-19 on trouble, modified by Debian Windowing system distributor `The X.Org Foundation', version 11.0.11604000 System Description: Debian GNU/Linux 8.8 (jessie) Configured using: `configure --build x86_64-linux-gnu --prefix=/usr --sharedstatedir=/var/lib --libexecdir=/usr/lib --localstatedir=/var/lib --infodir=/usr/share/info --mandir=/usr/share/man --with-pop=yes --enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-lisp:/usr/share/emacs/site-lisp --build x86_64-linux-gnu --prefix=/usr --sharedstatedir=/var/lib --libexecdir=/usr/lib --localstatedir=/var/lib --infodir=/usr/share/info --mandir=/usr/share/man --with-pop=yes --enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-lisp:/usr/share/emacs/site-lisp --with-x=yes --with-x-toolkit=gtk3 --with-toolkit-scroll-bars 'CFLAGS=-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wall' CPPFLAGS=-D_FORTIFY_SOURCE=2 LDFLAGS=-Wl,-z,relro' My current-git build reports as: In GNU Emacs 26.0.50 (build 1, x86_64-pc-linux-gnu) of 2017-07-05 built on kernel.default.skx.uk0.bigv.io Repository revision: 5d62247323f53f3ae9c7d9f51e951635887b2fb6 Recent messages: For information about GNU Emacs and the GNU system, type C-h C-a. Making completion list... Configured using: 'configure --prefix=/tmp/emacs/ --without-makeinfo --with-gnutls=no' Configured features: SOUND NOTIFY ZLIB Important settings: value of $LC_ALL: en_US.UTF8 value of $LANG: en_GB.UTF-8 locale-coding-system: utf-8-unix "Obviously" this same bug can be reproduced inside emacs: 1. Open Emacs. 2. Create a new buffer. 3. Fill the buffer with ` 4. Ctrl-x h 5. M-x eval-region Steve -- https://www.steve.org.uk/ ------------=_1500034202-26236-1-- From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 14 Jul 2017 13:31:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Paul Eggert Cc: steve@steve.org.uk, 27585@debbugs.gnu.org Reply-To: Eli Zaretskii Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.150003903515419 (code B ref 27585); Fri, 14 Jul 2017 13:31:02 +0000 Received: (at 27585) by debbugs.gnu.org; 14 Jul 2017 13:30:35 +0000 Received: from localhost ([127.0.0.1]:37949 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dW0fz-00040d-0a for submit@debbugs.gnu.org; Fri, 14 Jul 2017 09:30:35 -0400 Received: from eggs.gnu.org ([208.118.235.92]:45743) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dW0fx-00040P-3m for 27585@debbugs.gnu.org; Fri, 14 Jul 2017 09:30:33 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dW0fr-0000gC-6t for 27585@debbugs.gnu.org; Fri, 14 Jul 2017 09:30:27 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:40679) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dW0fk-0000cq-Jq; Fri, 14 Jul 2017 09:30:20 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:4414 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dW0fe-0003nv-KI; Fri, 14 Jul 2017 09:30:15 -0400 Date: Fri, 14 Jul 2017 16:30:16 +0300 Message-Id: <83mv87f8nr.fsf@gnu.org> From: Eli Zaretskii In-reply-to: <070206be-9f8b-a324-0650-fd21b37a4132@cs.ucla.edu> (message from Paul Eggert on Fri, 14 Jul 2017 05:09:34 -0700) References: <1499235670.28433.1@ssh.steve.org.uk> <070206be-9f8b-a324-0650-fd21b37a4132@cs.ucla.edu> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) > From: Paul Eggert > Date: Fri, 14 Jul 2017 05:09:34 -0700 > Cc: 27585-done@debbugs.gnu.org > > It's good that we fixed this bug (though I hope "normal" users never > notice the bug fix :-). Indeed, thanks. From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Steve Kemp Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 15 Jul 2017 05:04:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: Paul Eggert , 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.150009500325677 (code B ref 27585); Sat, 15 Jul 2017 05:04:02 +0000 Received: (at 27585) by debbugs.gnu.org; 15 Jul 2017 05:03:23 +0000 Received: from localhost ([127.0.0.1]:39446 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dWFEg-0006g5-Uv for submit@debbugs.gnu.org; Sat, 15 Jul 2017 01:03:23 -0400 Received: from mail.steve.org.uk ([80.68.84.102]:59959 helo=ssh.steve.org.uk) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dWFEe-0006fo-Uh for 27585@debbugs.gnu.org; Sat, 15 Jul 2017 01:03:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=steve.org.uk; s=20150726; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=dRnDsIr6gyBuQpQM6yx0A5bfuhp76xJIBwLjmOZufmM=; b=EaOUO2WVxz/GHzN7RQGXmmYvfcde4MMPVZPGHVe7RZV/rd0NzWOb1m9NuCEjuDWXsEUCELLZcAJ/wHAEvS0Ey9OK2TgoeaZx9xAPJ7E2QfJxBQxjfzjZ+fj78hHX9Vaeq6ELwq23qi4OKJDxwP1oBxs4kOG1gH5GMbkNU2HdyQo=; Received: from steve by ssh.steve.org.uk with local (Exim 4.84_2) (envelope-from ) id 1dWFES-0004Nn-FY; Sat, 15 Jul 2017 05:03:08 +0000 Date: Sat, 15 Jul 2017 05:03:08 +0000 From: Steve Kemp Message-ID: <20170715050308.GA16419@steve.org.uk> References: <1499235670.28433.1@ssh.steve.org.uk> <070206be-9f8b-a324-0650-fd21b37a4132@cs.ucla.edu> <83mv87f8nr.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <83mv87f8nr.fsf@gnu.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-added-header: steve.org.uk X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On Fri Jul 14, 2017 at 16:30:16 +0300, Eli Zaretskii wrote: > > It's good that we fixed this bug (though I hope "normal" users never > > notice the bug fix :-). > > Indeed, thanks. Thanks again. I do note one behaviour change though, which is perhaps worth noting. Previously this segfaulted: $ perl -e 'print "," x ( 1024 * 1024 * 12);' > t.el $ /tmp/emacs/bin/emacs -Q --batch --script ./t.el Now it does not, as the bug is fixed, but I'd expect the emacs process to terminate when the script is loaded. That doesn't happen though: $ /tmp/emacs/bin/emacs -Q --batch --script ./t.el Re-entering top level after C stack overflow [emacs still running] Compare that with the normal example: $ echo "(defun foo() "Test")" > t.el $ /tmp/emacs/bin/emacs -Q --batch --script ./t.el $ Perhaps not a huge problem, but it is a change I think? Steve -- https://steve.fi/ From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Paul Eggert Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 15 Jul 2017 05:13:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Steve Kemp , Eli Zaretskii Cc: 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.150009554526999 (code B ref 27585); Sat, 15 Jul 2017 05:13:01 +0000 Received: (at 27585) by debbugs.gnu.org; 15 Jul 2017 05:12:25 +0000 Received: from localhost ([127.0.0.1]:39451 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dWFNQ-00071P-Qc for submit@debbugs.gnu.org; Sat, 15 Jul 2017 01:12:24 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:57490) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dWFNM-000718-G1 for 27585@debbugs.gnu.org; Sat, 15 Jul 2017 01:12:20 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id A58061600BF; Fri, 14 Jul 2017 22:12:13 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id JUuPceKg2nGO; Fri, 14 Jul 2017 22:12:13 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id EEF411601C6; Fri, 14 Jul 2017 22:12:12 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ehBELC4ev-Tm; Fri, 14 Jul 2017 22:12:12 -0700 (PDT) Received: from [192.168.1.9] (unknown [47.153.184.153]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id C29DE1600BF; Fri, 14 Jul 2017 22:12:12 -0700 (PDT) References: <1499235670.28433.1@ssh.steve.org.uk> <070206be-9f8b-a324-0650-fd21b37a4132@cs.ucla.edu> <83mv87f8nr.fsf@gnu.org> <20170715050308.GA16419@steve.org.uk> From: Paul Eggert Organization: UCLA Computer Science Department Message-ID: <5b24c202-0d78-f9a8-56a7-50ff4ecdc423@cs.ucla.edu> Date: Fri, 14 Jul 2017 22:12:08 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1 MIME-Version: 1.0 In-Reply-To: <20170715050308.GA16419@steve.org.uk> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Steve Kemp wrote: > $ /tmp/emacs/bin/emacs -Q --batch --script ./t.el > Re-entering top level after C stack overflow > [emacs still running] > > Compare that with the normal example: > > $ echo "(defun foo() "Test")" > t.el > $ /tmp/emacs/bin/emacs -Q --batch --script ./t.el > $ > > Perhaps not a huge problem, but it is a change I think? After a stack overflow, Emacs drops what it's doing and goes to the top level, regardless of its command-line arguments. Perhaps it would be better if Emacs did something else for this particular case. It's low priority, though. From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 15 Jul 2017 07:16:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Paul Eggert Cc: steve@steve.org.uk, 27585@debbugs.gnu.org Reply-To: Eli Zaretskii Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.15001029535694 (code B ref 27585); Sat, 15 Jul 2017 07:16:01 +0000 Received: (at 27585) by debbugs.gnu.org; 15 Jul 2017 07:15:53 +0000 Received: from localhost ([127.0.0.1]:39470 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dWHIv-0001Tl-1C for submit@debbugs.gnu.org; Sat, 15 Jul 2017 03:15:53 -0400 Received: from eggs.gnu.org ([208.118.235.92]:59285) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dWHIt-0001TX-Js for 27585@debbugs.gnu.org; Sat, 15 Jul 2017 03:15:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dWHIk-0001XM-BS for 27585@debbugs.gnu.org; Sat, 15 Jul 2017 03:15:46 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:55920) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dWHIj-0001X0-Vy; Sat, 15 Jul 2017 03:15:42 -0400 Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:1330 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1dWHIj-0008NA-5B; Sat, 15 Jul 2017 03:15:41 -0400 Date: Sat, 15 Jul 2017 10:15:46 +0300 Message-Id: <83a846f9wd.fsf@gnu.org> From: Eli Zaretskii In-reply-to: <5b24c202-0d78-f9a8-56a7-50ff4ecdc423@cs.ucla.edu> (message from Paul Eggert on Fri, 14 Jul 2017 22:12:08 -0700) References: <1499235670.28433.1@ssh.steve.org.uk> <070206be-9f8b-a324-0650-fd21b37a4132@cs.ucla.edu> <83mv87f8nr.fsf@gnu.org> <20170715050308.GA16419@steve.org.uk> <5b24c202-0d78-f9a8-56a7-50ff4ecdc423@cs.ucla.edu> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) > Cc: 27585@debbugs.gnu.org > From: Paul Eggert > Date: Fri, 14 Jul 2017 22:12:08 -0700 > > Steve Kemp wrote: > > $ /tmp/emacs/bin/emacs -Q --batch --script ./t.el > > Re-entering top level after C stack overflow > > [emacs still running] > > > > Compare that with the normal example: > > > > $ echo "(defun foo() "Test")" > t.el > > $ /tmp/emacs/bin/emacs -Q --batch --script ./t.el > > $ > > > > Perhaps not a huge problem, but it is a change I think? > > After a stack overflow, Emacs drops what it's doing and goes to the top level, > regardless of its command-line arguments. Perhaps it would be better if Emacs > did something else for this particular case. It's low priority, though. I think the idea is to let the user do whatever is necessary to end the session as quickly as possible. Granted, it is optimized for interactive usage, since the goal of the stack-overflow protection is to avoid losing unrelated edits due to some code that's gone awry, and that makes little sense in non-interactive sessions. So batch invocations might indeed do something else, like exit. I agree that the priority is not too high, because again, stack overflow is most harmful in interactive sessions. From debbugs-submit-bounces@debbugs.gnu.org Sun Sep 24 18:44:25 2017 Received: (at control) by debbugs.gnu.org; 24 Sep 2017 22:44:25 +0000 Received: from localhost ([127.0.0.1]:56710 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dwFdR-00062u-AZ for submit@debbugs.gnu.org; Sun, 24 Sep 2017 18:44:25 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:52134) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dwFdQ-00062h-4q for control@debbugs.gnu.org; Sun, 24 Sep 2017 18:44:24 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 9CB9E160E0D for ; Sun, 24 Sep 2017 15:44:18 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id pJfOxExUcY9o for ; Sun, 24 Sep 2017 15:44:18 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 05F7B160E10 for ; Sun, 24 Sep 2017 15:44:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id u4NgjVdZrZyj for ; Sun, 24 Sep 2017 15:44:17 -0700 (PDT) Received: from [192.168.1.9] (unknown [47.154.18.85]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id DFB04160E0D for ; Sun, 24 Sep 2017 15:44:17 -0700 (PDT) To: control@debbugs.gnu.org From: Paul Eggert Subject: 27585 is still live Organization: UCLA Computer Science Department Message-ID: <8be0622c-4746-3e60-79d5-d9183b418efd@cs.ucla.edu> Date: Sun, 24 Sep 2017 15:44:17 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) unarchive 27585 From unknown Fri Aug 15 16:58:05 2025 X-Loop: help-debbugs@gnu.org Subject: bug#27585: Fwd: Re: bug#27585: segfault when evaluating a file containing only backticks Resent-From: Paul Eggert Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sun, 24 Sep 2017 22:48:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 27585 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 27585@debbugs.gnu.org Received: via spool by 27585-submit@debbugs.gnu.org id=B27585.150629326123575 (code B ref 27585); Sun, 24 Sep 2017 22:48:02 +0000 Received: (at 27585) by debbugs.gnu.org; 24 Sep 2017 22:47:41 +0000 Received: from localhost ([127.0.0.1]:56717 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dwFga-00068B-P7 for submit@debbugs.gnu.org; Sun, 24 Sep 2017 18:47:40 -0400 Received: from zimbra.cs.ucla.edu ([131.179.128.68]:52394) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1dwFgY-00067w-Tt for 27585@debbugs.gnu.org; Sun, 24 Sep 2017 18:47:39 -0400 Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id 8DB88160E0D for <27585@debbugs.gnu.org>; Sun, 24 Sep 2017 15:47:33 -0700 (PDT) Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id XvfI-ezjb9od for <27585@debbugs.gnu.org>; Sun, 24 Sep 2017 15:47:32 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by zimbra.cs.ucla.edu (Postfix) with ESMTP id D9654160E10 for <27585@debbugs.gnu.org>; Sun, 24 Sep 2017 15:47:32 -0700 (PDT) X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu Received: from zimbra.cs.ucla.edu ([127.0.0.1]) by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id GrtukVdh_XcA for <27585@debbugs.gnu.org>; Sun, 24 Sep 2017 15:47:32 -0700 (PDT) Received: from [192.168.1.9] (unknown [47.154.18.85]) by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id C0216160E0D for <27585@debbugs.gnu.org>; Sun, 24 Sep 2017 15:47:32 -0700 (PDT) References: <58232171-11ff-4d19-5107-0e705606d0e8@cs.ucla.edu> From: Paul Eggert Organization: UCLA Computer Science Department X-Forwarded-Message-Id: <58232171-11ff-4d19-5107-0e705606d0e8@cs.ucla.edu> Message-ID: <9488bb21-17eb-e13b-fbb0-77089e1d682e@cs.ucla.edu> Date: Sun, 24 Sep 2017 15:47:32 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: <58232171-11ff-4d19-5107-0e705606d0e8@cs.ucla.edu> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) [Sending this again since the bug was archived and read-only earlier today.] -------- Forwarded Message -------- Subject: Re: bug#27585: segfault when evaluating a file containing only backticks Date: Sun, 24 Sep 2017 11:32:44 -0700 From: Paul Eggert Philipp Stephani wrote: > Paul Eggert schrieb am Fr., 14. Juli 2017 um 14:10 Uhr: > >> As Eli and Daniel mentioned, this area of Emacs cannot be 100% reliable >> > > Why? Surely Emacs could switch away from recursion for the reader and the > evaluator to an explicitly-managed stack. That would be a bit of work, but > certainly not impossible. You are right, on both points. By "this area of Emacs" I was assuming the current recursive implementation. It's not the only place Emacs recurses, though.