GNU bug report logs -
#30626
26.0.91; Crash when traversing a `stream-of-directory-files'
Previous Next
Reported by: Michael Heerdegen <michael_heerdegen <at> web.de>
Date: Tue, 27 Feb 2018 09:23:01 UTC
Severity: normal
Tags: fixed, patch
Found in version 26.0.91
Done: Noam Postavsky <npostavs <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Eli Zaretskii <eliz <at> gnu.org> writes:
>> From: Noam Postavsky <npostavs <at> gmail.com>
>> Cc: michael_heerdegen <at> web.de, john.b.mastro <at> gmail.com, nicolas <at> petton.fr, 30626 <at> debbugs.gnu.org
>> Date: Sun, 11 Mar 2018 17:51:19 -0400
>>
>> > If you have the address, you could first find the stack frame to which
>> > it belongs, right?
>>
>> Um, how do I do that part?
>
> By comparing the address with the value of $bp in each frame, I'd say.
Hmm, I found a match, but it doesn't make any sense.
#4851 0x0000000000611d4f in mark_vectorlike (ptr=0x2e64c90) at ../../src/alloc.c:6227
#4852 0x0000000000612b42 in mark_object (arg=XIL(0x2e64c95)) at ../../src/alloc.c:6624
#4853 0x000000000060f3ce in mark_maybe_pointer (p=0x2e64c90) at ../../src/alloc.c:4936
#4854 0x000000000060f452 in mark_memory (start=0x7fffffffa520, end=0x7fffffffe868)
at ../../src/alloc.c:4985
#4855 0x000000000060f493 in mark_stack (bottom=0x7fffffffe868 "a\036h\364\377\177",
end=0x7fffffffa520 "0\245\377\377\377\177") at ../../src/alloc.c:5193
(gdb) frame 4854
#4854 0x000000000060f452 in mark_memory (start=0x7fffffffa520, end=0x7fffffffe868)
at ../../src/alloc.c:4985
4985 mark_maybe_pointer (*(void **) pp);
(gdb) p pp
$28 = 0x7fffffffa968 "\220L\346\002"
(gdb) frame 4864
#4864 0x000000000068d950 in exec_byte_code (bytestr=XIL(0x2e7aad4), vector=XIL(0x2e72715),
maxdepth=make_number(18), args_template=make_number(768), nargs=3, args=0x7fffffffad20)
at ../../src/bytecode.c:632
632 TOP = Ffuncall (op + 1, &TOP);
(gdb) p $rbp
$29 = (void *) 0x7fffffffabd0
(gdb) p/x $rbp - $28
$32 = 0x268
(gdb) disas /s
[...]
1180 CASE (Bbuffer_substring):
1181 {
1182 Lisp_Object v1 = POP;
0x000000000068fea4 <+13154>: mov -0x40(%rbp),%rax
0x000000000068fea8 <+13158>: lea -0x8(%rax),%rdx
0x000000000068feac <+13162>: mov %rdx,-0x40(%rbp)
0x000000000068feb0 <+13166>: mov (%rax),%rax
0x000000000068feb3 <+13169>: mov %rax,-0x268(%rbp)
1183 TOP = Fbuffer_substring (TOP, v1);
0x000000000068feba <+13176>: mov -0x268(%rbp),%rdx
0x000000000068fec1 <+13183>: mov -0x40(%rbp),%rax
0x000000000068fec5 <+13187>: mov %rdx,%rsi
0x000000000068fec8 <+13190>: mov (%rax),%rdi
0x000000000068fecb <+13193>: callq 0x627e0a <Fbuffer_substring>
It can't be a buffer-substring arg, but that's the only reference to
-0x268(%rbp) in that function.
This bug report was last modified 6 years and 44 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.