GNU bug report logs - #30481
26.0.91; infinite recursion + edebug = memory corruption

Previous Next

Full log

Message #11 received at 30481 <at> debbugs.gnu.org (full text, mbox):

From: Noam Postavsky <npostavs <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 30481 <at> debbugs.gnu.org
Subject: Re: bug#30481: 26.0.91;
 infinite recursion + edebug = memory corruption
Date: Fri, 16 Feb 2018 22:30:33 -0500

tags 30481 fixed
close 30481 26.1
quit

Eli Zaretskii <eliz <at> gnu.org> writes:

>> From: Noam Postavsky <npostavs <at> gmail.com>
>> Date: Thu, 15 Feb 2018 22:38:10 -0500
>> 
>> The following patch solves the problem by not calling
>> signal-hook-function when the specpdl array is exhausted.  I think it
>> could be safe for emacs-26.
>
> Please push to emacs-26, and thanks.

Pushed (with test) [1: c352434ab8].

> (Is it practical to have a test for this?)

Yes, actually.  I initially had some trouble reproducing without
instrumenting a function with edebug, but now I see that's just because
a function which let-binds only a single variable hits
max-lisp-eval-depth before max-specpdl-size (edebug's intrumentation
adds more bindings per call).  Let-binding two variables allows to
trigger the bug with just

    (defun foo ()
      (let ((x 1)
            (y 2))
        (foo)))

    (let ((signal-hook-function #'ignore))
      (foo))

[1: c352434ab8]: 2018-02-16 22:13:34 -0500
  Avoid memory corruption with specpdl overflow + edebug (Bug#30481)
  https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=c352434ab89617b48c7c1f29342a22e5a5685504

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.