GNU bug report logs - #35784
(force-window-update <DELETED-WINDOW>) segfaults

Previous Next

Package: emacs;

Reported by: Marc Munro <marc <at> bloodnok.com>

Date: Fri, 17 May 2019 21:07:02 UTC

Severity: normal

Tags: fixed, patch

Fixed in version 26.3

Done: Noam Postavsky <npostavs <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #38 received at 35784 <at> debbugs.gnu.org (full text, mbox):

From: Noam Postavsky <npostavs <at> gmail.com>
To: martin rudalics <rudalics <at> gmx.at>
Cc: 35784 <at> debbugs.gnu.org, Eli Zaretskii <eliz <at> gnu.org>, marc <at> bloodnok.com
Subject: Re: bug#35784: emacs 26 crash
Date: Sat, 18 May 2019 22:54:59 -0400

>>> #2  0x000000000061849e in die (msg=0x743f3f "BUFFERP (a)",
>>> file=0x743f36 "buffer.h", line=914) at alloc.c:7406
>>> #3  0x00000000005802b3 in XBUFFER (a=0) at buffer.h:914
>>> #4  0x0000000000468bb3 in mark_window_display_accurate_1 (w=0x558e410,
>>> accurate_p=false) at xdisp.c:14754
>>>          b = 0x7ffe74b60e40
>>> #5  0x0000000000468ffd in mark_window_display_accurate
>>> (window=89711637, accurate_p=false) at xdisp.c:14811
>>>          w = 0x558e410
>>> #6  0x00000000004bbe06 in Fforce_window_update (object=89711637) at
>>> window.c:3643
>>>          w = 0x558e410
>>
>> This seems to imply that we are trying to update a non-leaf window,
>> something that should never happen.  There's no Lisp-level backtrace,
>> so it's hard to tell what Lisp called force-window-update, and how the
>> window in question became non-leaf, but maybe some crazy Lisp hook
>> switched windows behind redisplay's back or something.
>
> I'd rather guess that this is the result of 'kill-buffer' called from
> 'delete-frame-functions' or 'delete-frame' called from
> 'kill-buffer-hook'.  But at the moment I can't reproduce the bug here
> any more.

The Lisp backtrace is:

"force-window-update" (0xffffd640)
0x2f61c80 Lisp type 3
"mapc" (0xffffd960)
"k-tabbar2::pc-handle-queued-updates" (0xffffdb00)
"k-tabbar2::post-command-fn" (0xffffddf0)

I think the problem is just that the Lisp code is calling
force-window-update on a deleted window.  At least, I can trigger the
crash with

    (let ((w (split-window)))
      (delete-window w)
      (force-window-update w))

And the following fixes it:

--- i/src/window.c
+++ w/src/window.c
@@ -4089,7 +4089,7 @@ displaying that buffer.  */)
       return Qt;
     }
 
-  if (WINDOWP (object))
+  if (WINDOW_LIVE_P (object))
     {
       struct window *w = XWINDOW (object);
       mark_window_display_accurate (object, false);
This bug report was last modified 6 years and 86 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.