GNU bug report logs - #46426
28.0.50; Emacs crashes when call-process destination argument is a cons cell

Previous Next

Package: emacs;

Reported by: Stephen Perry <stevoooo <at> gmail.com>

Date: Wed, 10 Feb 2021 17:13:02 UTC

Severity: normal

Found in version 28.0.50

Fixed in version 27.2

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Stephen Perry <stevoooo <at> gmail.com>
To: 46426 <at> debbugs.gnu.org
Subject: bug#46426: 28.0.50; Emacs crashes when call-process destination argument is a cons cell
Date: Wed, 10 Feb 2021 17:09:38 +0000

Hi - got my destination argument to call-process wrong by using a 
cons
cell instead of a list and managed to kill my Emacs.  Have also
reproduced it using the following in Emacs 26.1 on Debian and 
Emacs 27.1
on macOS:

 emacs -Q --eval '(call-process "wc" nil (cons :file 
 "/tmp/foo"))'

Backtrace from 28.0.50 on macOS:

Process 41314 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = 
 EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
   frame #0: 0x000000010017e01f 
   /Users/stp/src/emacs/src/emacs`print_object [inlined] 
   SYMBOL_NAME(sym=0xff00000000000000) at 
   /Users/stp/src/emacs/src/lisp.h:2196:29 [opt]
  2193	INLINE Lisp_Object
  2194	SYMBOL_NAME (Lisp_Object sym)
  2195	{
-> 2196	  return XSYMBOL (sym)->u.s.name;
   	                            ^
  2197	}
  2198	
  2199	/* Value is true if SYM is an interned symbol.  */
Target 0: (emacs) stopped.
(lldb) p sym
p sym
(Lisp_Object) $0 = 0xff00000000000000
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = 
 EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
 * frame #0: 0x000000010017e01f 
 /Users/stp/src/emacs/src/emacs`print_object [inlined] 
 SYMBOL_NAME(sym=0xff00000000000000) at 
 /Users/stp/src/emacs/src/lisp.h:2196:29 [opt]
   frame #1: 0x000000010017e018 
   /Users/stp/src/emacs/src/emacs`print_object(obj=0xff00000000000000, 
   printcharfun=0x0000000000000030, escapeflag=true) at 
   /Users/stp/src/emacs/src/print.c:2061 [opt]
   frame #2: 0x000000010017b179 
   /Users/stp/src/emacs/src/emacs`print(obj=<unavailable>, 
   printcharfun=<unavailable>, escapeflag=<unavailable>) at 
   /Users/stp/src/emacs/src/print.c:1145:3 [opt] [artificial]
   frame #3: 0x000000010017ad41 
   /Users/stp/src/emacs/src/emacs`Fprin1(object=0xff00000000000000, 
   printcharfun=0x0000000000000030) at 
   /Users/stp/src/emacs/src/print.c:651:3 [opt]
   frame #4: 0x000000010017cbbf 
   /Users/stp/src/emacs/src/emacs`print_error_message(data=<unavailable>, 
   stream=<unavailable>, context=<unavailable>, 
   caller=<unavailable>) at 
   /Users/stp/src/emacs/src/print.c:977:4 [opt]
   frame #5: 0x00000001000d4b07 
   /Users/stp/src/emacs/src/emacs`Fcommand_error_default_function(data=0x000000010c8a6db3, 
   context=0x00000001070236ac, signal=0x0000000000005700) at 
   /Users/stp/src/emacs/src/keyboard.c:1032:7 [opt]
   frame #6: 0x000000010015cb71 
   /Users/stp/src/emacs/src/emacs`funcall_subr(subr=0x0000000100280870, 
   numargs=3, args=<unavailable>) at 
   /Users/stp/src/emacs/src/eval.c:2987:19 [opt]
   frame #7: 0x000000010015c131 
   /Users/stp/src/emacs/src/emacs`Ffuncall(nargs=<unavailable>, 
   args=<unavailable>) at /Users/stp/src/emacs/src/eval.c:2909:11 
   [opt]
   frame #8: 0x000000010015bc80 
   /Users/stp/src/emacs/src/emacs`Fapply(nargs=2, 
   args=0x00007ffeefbff0d8) at 
   /Users/stp/src/emacs/src/eval.c:2539:24 [opt]
   frame #9: 0x000000010015c131 
   /Users/stp/src/emacs/src/emacs`Ffuncall(nargs=<unavailable>, 
   args=<unavailable>) at /Users/stp/src/emacs/src/eval.c:2909:11 
   [opt]
   frame #10: 0x00000001001a03a0 
   /Users/stp/src/emacs/src/emacs`exec_byte_code(bytestr=<unavailable>, 
   vector=0x0000000107a105bd, maxdepth=<unavailable>, 
   args_template=<unavailable>, nargs=<unavailable>, 
   args=<unavailable>) at 
   /Users/stp/src/emacs/src/bytecode.c:632:12 [opt]
   frame #11: 0x000000010015d0b4 
   /Users/stp/src/emacs/src/emacs`funcall_lambda [inlined] 
   fetch_and_exec_byte_code(fun=<unavailable>, 
   syms_left=<unavailable>, nargs=<unavailable>, 
   args=<unavailable>) at /Users/stp/src/emacs/src/eval.c:3031:10 
   [opt] [artificial]
   frame #12: 0x000000010015c0cf 
   /Users/stp/src/emacs/src/emacs`Ffuncall(nargs=<unavailable>, 
   args=<unavailable>) at /Users/stp/src/emacs/src/eval.c:0:4 
   [opt]
   frame #13: 0x000000010015c804 
   /Users/stp/src/emacs/src/emacs`call3(fn=0x0000000107a1058d, 
   arg1=0x000000010c8a6db3, arg2=<unavailable>, 
   arg3=<unavailable>) at /Users/stp/src/emacs/src/eval.c:2783:10 
   [opt]
   frame #14: 0x00000001000e53c0 
   /Users/stp/src/emacs/src/emacs`cmd_error [inlined] 
   cmd_error_internal(data=0x000000010c8a6db3, context="") at 
   /Users/stp/src/emacs/src/keyboard.c:987:5 [opt]
   frame #15: 0x00000001000e5350 
   /Users/stp/src/emacs/src/emacs`cmd_error(data=0x000000010c8a6db3) 
   at /Users/stp/src/emacs/src/keyboard.c:956 [opt]
   frame #16: 0x000000010015a5b2 
   /Users/stp/src/emacs/src/emacs`internal_condition_case(bfun=(emacs`top_level_2 
   at keyboard.c:1102), handlers=0x0000000000000090, 
   hfun=(emacs`cmd_error at keyboard.c:922)) at 
   /Users/stp/src/emacs/src/eval.c:1437:14 [opt]
   frame #17: 0x00000001000e51cd 
   /Users/stp/src/emacs/src/emacs`top_level_1(ignore=<unavailable>) 
   at /Users/stp/src/emacs/src/keyboard.c:1111:5 [opt]
   frame #18: 0x0000000100159d82 
   /Users/stp/src/emacs/src/emacs`internal_catch(tag=0x000000000000d0b0, 
   func=(emacs`top_level_1 at keyboard.c:1108), 
   arg=0x0000000000000000) at 
   /Users/stp/src/emacs/src/eval.c:1185:25 [opt]
   frame #19: 0x00000001002245e6 
   /Users/stp/src/emacs/src/emacs`recursive_edit_1.cold.1 at 
   /Users/stp/src/emacs/src/keyboard.c:1072:2 [opt]
   frame #20: 0x00000001000d44b9 
   /Users/stp/src/emacs/src/emacs`recursive_edit_1 [inlined] 
   command_loop at /Users/stp/src/emacs/src/keyboard.c:1070:5 
   [opt]
   frame #21: 0x00000001000d44b4 
   /Users/stp/src/emacs/src/emacs`recursive_edit_1 at 
   /Users/stp/src/emacs/src/keyboard.c:720 [opt]
   frame #22: 0x00000001000d464b 
   /Users/stp/src/emacs/src/emacs`Frecursive_edit at 
   /Users/stp/src/emacs/src/keyboard.c:789:3 [opt]
   frame #23: 0x00000001000d36d2 
   /Users/stp/src/emacs/src/emacs`main(argc=<unavailable>, 
   argv=<unavailable>) at /Users/stp/src/emacs/src/emacs.c:2049:3 
   [opt]
   frame #24: 0x00007fff2037c621 
   /usr/lib/system/libdyld.dylib`start + 1
   frame #25: 0x00007fff2037c621 
   /usr/lib/system/libdyld.dylib`start + 1


Cheers!


In GNU Emacs 28.0.50 (build 1, x86_64-apple-darwin20.2.0, NS 
appkit-2022.20 Version 11.1 (Build 20C69))
of 2021-01-23 built on stephens-mbp.lan
Repository revision: 6a6fde0375d499a418f81a0dafe803d6cb0d4c97
Repository branch: master
Windowing system distributor 'Apple', version 10.3.2022
System Description:  macOS 11.1

Configured using:
'configure LDFLAGS=-L/opt/local/lib CPPFLAGS=-I/opt/local/include
--with-imagemagick --with-x-toolkit=gtk3 --with-xwidgets'

Configured features:
ACL DBUS GIF GLIB GMP GNUTLS IMAGEMAGICK JPEG JSON LCMS2 LIBXML2 
MODULES
NOTIFY KQUEUE NS PDUMPER PNG RSVG THREADS TIFF TOOLKIT_SCROLL_BARS 
XIM
XWIDGETS ZLIB

Important settings:
 value of $LANG: en_GB.UTF-8
 locale-coding-system: utf-8-unix

Major mode: Lisp Interaction

Minor modes in effect:
 text-scale-mode: t
 tooltip-mode: t
 global-eldoc-mode: t
 eldoc-mode: t
 electric-indent-mode: t
 mouse-wheel-mode: t
 tool-bar-mode: t
 menu-bar-mode: t
 file-name-shadow-mode: t
 global-font-lock-mode: t
 font-lock-mode: t
 blink-cursor-mode: t
 auto-composition-mode: t
 auto-encryption-mode: t
 auto-compression-mode: t
 line-number-mode: t
 transient-mark-mode: t

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug message rmc puny dired 
dired-loaddefs
rfc822 mml easymenu mml-sec epa derived epg epg-config gnus-util 
rmail
rmail-loaddefs auth-source cl-seq eieio eieio-core cl-macs
eieio-loaddefs password-cache json map text-property-search 
time-date
subr-x seq byte-opt gv bytecomp byte-compile cconv mm-decode 
mm-bodies
mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader 
cl-loaddefs
cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr 
mail-utils
face-remap iso-transl tooltip eldoc electric uniquify ediff-hook
vc-hooks lisp-float-type mwheel term/ns-win ns-win ucs-normalize
mule-util term/common-win tool-bar dnd fontset image regexp-opt 
fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch timer
select scroll-bar mouse jit-lock font-lock syntax facemenu 
font-core
term/tty-colors frame minibuffer cl-generic cham georgian 
utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese 
eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic 
indian
cyrillic chinese composite charscript charprop case-table epa-hook
jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice 
button
loaddefs faces cus-face macroexp files window text-properties 
overlay
sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote threads xwidget-internal 
dbusbind
kqueue cocoa ns lcms2 multi-tty make-network-process emacs)

Memory information:
((conses 16 51323 6299)
(symbols 48 6869 1)
(strings 32 18623 2178)
(string-bytes 1 612643)
(vectors 16 11639)
(vector-slots 8 171397 10089)
(floats 8 24 36)
(intervals 56 195 0)
(buffers 984 10))
This bug report was last modified 2 years and 340 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.