Package: emacs;
Reported by: Jan Synacek <jsynacek <at> redhat.com>
Date: Tue, 20 Mar 2018 10:26:01 UTC
Severity: important
Tags: fixed
Merged with 30045, 31547, 31758, 31801, 31936
Found in versions 26.1, 27.0.50, 25.3
Fixed in version 26.2
Done: Robert Pluim <rpluim <at> gmail.com>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: Jan Synacek <jsynacek <at> redhat.com> To: Eli Zaretskii <eliz <at> gnu.org> Cc: 30874 <at> debbugs.gnu.org Subject: bug#30874: 27.0.50; Emacs crashes Date: Tue, 20 Mar 2018 13:12:53 +0100
On Tue, Mar 20, 2018 at 1:04 PM, Eli Zaretskii <eliz <at> gnu.org> wrote:
>> From: Jan Synacek <jsynacek <at> redhat.com>
>> Date: Tue, 20 Mar 2018 11:24:51 +0100
>>
>>
>> Emacs crashes after executing the following on the current master
>> (commit b39ca55e294d3be3e4c6e142975256d7f8cdfe76):
>>
>> emacs -Q --eval="(switch-to-buffer \"*scratch*\")" --eval="(insert-char #x274c)" --eval="(set-fontset-font \"fontset-default\" 'unicode \"Dejavu Sans Mono\")"
>
> Please show a C-level backtrace from the crash.
Since the reproducer is so trivial, I didn't consider it important,
but there you go (just basic backtrace, the full one is hilariously
huge):
Thread 4 (Thread 0x7fffd9d3d700 (LWP 25228)):
#0 0x00007fffefb0a3db in poll () at /lib64/libc.so.6
#1 0x00007ffff4e03e99 in g_main_context_iterate.isra () at
/lib64/libglib-2.0.so.0
#2 0x00007ffff4e03fac in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#3 0x00007fffd9d4542d in dconf_gdbus_worker_thread () at
/usr/lib64/gio/modules/libdconfsettings.so
#4 0x00007ffff4e2b486 in g_thread_proxy () at /lib64/libglib-2.0.so.0
#5 0x00007ffff047761b in start_thread () at /lib64/libpthread.so.0
#6 0x00007fffefb1698f in clone () at /lib64/libc.so.6
Thread 3 (Thread 0x7fffdbdfc700 (LWP 25227)):
#0 0x00007fffefb0a3db in poll () at /lib64/libc.so.6
#1 0x00007ffff4e03e99 in g_main_context_iterate.isra () at
/lib64/libglib-2.0.so.0
#2 0x00007ffff4e04232 in g_main_loop_run () at /lib64/libglib-2.0.so.0
#3 0x00007ffff53ecb56 in gdbus_shared_thread_func () at /lib64/libgio-2.0.so.0
#4 0x00007ffff4e2b486 in g_thread_proxy () at /lib64/libglib-2.0.so.0
#5 0x00007ffff047761b in start_thread () at /lib64/libpthread.so.0
#6 0x00007fffefb1698f in clone () at /lib64/libc.so.6
Thread 2 (Thread 0x7fffe0e08700 (LWP 25226)):
#0 0x00007fffefb0a3db in poll () at /lib64/libc.so.6
#1 0x00007ffff4e03e99 in g_main_context_iterate.isra () at
/lib64/libglib-2.0.so.0
#2 0x00007ffff4e03fac in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#3 0x00007ffff4e03ff1 in glib_worker_main () at /lib64/libglib-2.0.so.0
#4 0x00007ffff4e2b486 in g_thread_proxy () at /lib64/libglib-2.0.so.0
#5 0x00007ffff047761b in start_thread () at /lib64/libpthread.so.0
#6 0x00007fffefb1698f in clone () at /lib64/libc.so.6
Thread 1 (Thread 0x7ffff7fa2fc0 (LWP 25222)):
#0 0x00007ffff048298b in raise () at /lib64/libpthread.so.0
#1 0x00000000004f0571 in terminate_due_to_signal (sig=sig <at> entry=6,
backtrace_limit=backtrace_limit <at> entry=40) at emacs.c:395
#2 0x00000000005096a3 in emacs_abort () at sysdep.c:2426
#3 0x00000000004bf4c6 in x_connection_closed
(dpy=dpy <at> entry=0x2c59000, error_message=<optimized out>,
error_message <at> entry=0x7fffffff45b0 "X protocol error: BadLength
(poly request too large or internal Xlib length error) on protocol
request 138", ioerror=ioerror <at> entry=false) at xterm.c:9831
#4 0x00000000004c2f50 in x_error_quitter (display=0x2c59000,
event=<optimized out>, event=<optimized out>) at xterm.c:9919
#5 0x00000000004c2fcb in x_error_handler (display=0x2c59000,
event=0x7fffffff4770) at xterm.c:9889
#6 0x00007ffff469ce3a in _XError () at /lib64/libX11.so.6
#7 0x00007ffff4699d6b in handle_error () at /lib64/libX11.so.6
#8 0x00007ffff4699e15 in handle_response () at /lib64/libX11.so.6
#9 0x00007ffff469a745 in _XEventsQueued () at /lib64/libX11.so.6
#10 0x00007ffff467bcca in XFlush () at /lib64/libX11.so.6
#11 0x00007ffff46b965e in _XimProtoDestroyIC () at /lib64/libX11.so.6
#12 0x00007ffff46a7a02 in XDestroyIC () at /lib64/libX11.so.6
#13 0x00000000004d408f in free_frame_xic (f=f <at> entry=0x13f0c30
<bss_sbrk_buffer+8312368>) at xfns.c:2676
#14 0x00000000004cc648 in x_free_frame_resources (f=0x13f0c30
<bss_sbrk_buffer+8312368>) at xterm.c:11777
#15 0x00000000004ccd1b in x_destroy_window (f=<optimized out>) at xterm.c:11906
#16 0x00000000004280d0 in delete_frame (frame=<optimized out>,
force=force <at> entry=0x98a0) at frame.c:2055
#17 0x00000000004bf543 in x_connection_closed
(dpy=dpy <at> entry=0x2c59000, error_message=<optimized out>,
error_message <at> entry=0x7fffffff5b80 "X protocol error: BadLength
(poly request too large or internal Xlib length error) on protocol
request 138", ioerror=ioerror <at> entry=false) at xterm.c:9810
#18 0x00000000004c2f50 in x_error_quitter (display=0x2c59000,
event=<optimized out>, event=<optimized out>) at xterm.c:9919
#19 0x00000000004c2fcb in x_error_handler (display=0x2c59000,
event=0x7fffffff5d40) at xterm.c:9889
#20 0x00007ffff469ce3a in _XError () at /lib64/libX11.so.6
#21 0x00007ffff4699d6b in handle_error () at /lib64/libX11.so.6
---Type <return> to continue, or q <return> to quit---
#22 0x00007ffff4699e15 in handle_response () at /lib64/libX11.so.6
#23 0x00007ffff469a745 in _XEventsQueued () at /lib64/libX11.so.6
#24 0x00007ffff468c2bd in XPending () at /lib64/libX11.so.6
#25 0x00007ffff64f2c2e in gdk_event_source_prepare () at /lib64/libgdk-3.so.0
#26 0x00007ffff4e033f9 in g_main_context_prepare () at /lib64/libglib-2.0.so.0
#27 0x00007ffff4e03dcb in g_main_context_iterate.isra () at
/lib64/libglib-2.0.so.0
#28 0x00007ffff4e03f57 in g_main_context_pending () at /lib64/libglib-2.0.so.0
#29 0x00007ffff69b2d1d in gtk_events_pending () at /lib64/libgtk-3.so.0
#30 0x00000000004bfee7 in XTread_socket (terminal=<optimized out>,
hold_quit=0x7fffffff6040) at xterm.c:9146
#31 0x00000000004f7301 in gobble_input () at keyboard.c:6890
#32 0x00000000004f7925 in handle_async_input () at keyboard.c:7127
#33 0x00000000004f7925 in process_pending_signals () at keyboard.c:7141
#34 0x00000000005c8e5c in xftfont_open (f=0x13f0c30
<bss_sbrk_buffer+8312368>, entity=0x1243cb5 <bss_sbrk_buffer+6555317>,
pixel_size=15) at xftfont.c:391
#35 0x000000000057a91c in font_open_entity (f=0x13f0c30
<bss_sbrk_buffer+8312368>, entity=0x1243cb5 <bss_sbrk_buffer+6555317>,
pixel_size=15) at font.c:2903
#36 0x00000000005cb0a4 in fontset_find_font
(fontset=fontset <at> entry=0x142ac35 <bss_sbrk_buffer+8549941>,
c=c <at> entry=10060, face=face <at> entry=0x32a8610,
charset_id=charset_id <at> entry=-1, fallback=fallback <at> entry=true)
at fontset.c:707
#37 0x00000000005cb8bb in fontset_font
(fontset=fontset <at> entry=0x142ac35 <bss_sbrk_buffer+8549941>,
c=c <at> entry=10060, face=face <at> entry=0x32a8610, id=-1) at fontset.c:788
#38 0x00000000005cbbbc in face_for_char (f=0x13f0c30
<bss_sbrk_buffer+8312368>, face=face <at> entry=0x32a8610, c=10060,
pos=<optimized out>, object=<optimized out>) at fontset.c:990
#39 0x00000000004474d9 in FACE_FOR_CHAR (object=<optimized out>,
pos=<optimized out>, character=<optimized out>, face=0x32a8610,
f=<optimized out>) at dispextern.h:1818
#40 0x00000000004474d9 in get_next_display_element
(it=it <at> entry=0x7fffffff8a90) at xdisp.c:7324
#41 0x000000000044e5f8 in display_line (it=it <at> entry=0x7fffffff8a90,
cursor_vpos=cursor_vpos <at> entry=0) at xdisp.c:21502
#42 0x00000000004536fd in try_window (window=window <at> entry=0x13f1c35
<bss_sbrk_buffer+8316469>, pos=..., flags=flags <at> entry=1) at
xdisp.c:17718
#43 0x0000000000466751 in redisplay_window (window=0x13f1c35
<bss_sbrk_buffer+8316469>,
just_this_one_p=just_this_one_p <at> entry=false) at xdisp.c:17165
#44 0x00000000004692eb in redisplay_window_0
(window=window <at> entry=0x13f1c35 <bss_sbrk_buffer+8316469>) at
xdisp.c:14922
#45 0x0000000000561e86 in internal_condition_case_1
(bfun=bfun <at> entry=0x4692c0 <redisplay_window_0>,
arg=arg <at> entry=0x13f1c35 <bss_sbrk_buffer+8316469>, handlers=<optimized
out>, hfun=hfun <at> entry=0x42f220 <redisplay_window_error>) at
eval.c:1356
#46 0x0000000000434315 in redisplay_windows (window=0x13f1c35
<bss_sbrk_buffer+8316469>) at xdisp.c:14902
#47 0x000000000045705d in redisplay_internal () at xdisp.c:14385
#48 0x0000000000458d55 in redisplay () at xdisp.c:13597
#49 0x00000000004fa4bb in read_char (commandflag=commandflag <at> entry=1,
map=map <at> entry=0x15484b3 <bss_sbrk_buffer+9719475>, prev_event=0x0,
used_mouse_menu=used_mouse_menu <at> entry=0x7fffffffdf8b,
end_time=end_time <at> entry=0x0) at keyboard.c:2486
#50 0x00000000004fcffb in read_key_sequence
(keybuf=keybuf <at> entry=0x7fffffffe060, prompt=prompt <at> entry=0x0,
dont_downcase_last=dont_downcase_last <at> entry=false,
can_return_switch_frame=can_return_switch_frame <at> entry=true,
fix_current_buffer=fix_current_buffer <at> entry=true,
prevent_redisplay=prevent_redisplay <at> entry=false, bufsize=30) at
keyboard.c:9137
#51 0x00000000004feaee in command_loop_1 () at keyboard.c:1370
#52 0x0000000000561dee in internal_condition_case
(bfun=bfun <at> entry=0x4fe900 <command_loop_1>,
handlers=handlers <at> entry=0x5280, hfun=hfun <at> entry=0x4f5b20 <cmd_error>)
at eval.c:1332
#53 0x00000000004f093c in command_loop_2 (ignore=ignore <at> entry=0x0) at
keyboard.c:1111
#54 0x0000000000561d5d in internal_catch (tag=tag <at> entry=0xc750,
func=func <at> entry=0x4f0920 <command_loop_2>, arg=arg <at> entry=0x0) at
eval.c:1097
#55 0x00000000004f08e4 in command_loop () at keyboard.c:1090
#56 0x00000000004f5743 in recursive_edit_1 () at keyboard.c:696
#57 0x00000000004f5a57 in Frecursive_edit () at keyboard.c:767
#58 0x000000000041a73f in main (argc=5, argv=0x7fffffffe3c8) at emacs.c:1724
--
Jan Synacek
Software Engineer, Red Hat
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.