From unknown Wed Jun 25 09:10:50 2025 X-Loop: help-debbugs@gnu.org Subject: bug#46791: 27.1; crash at gtk_label_new() Resent-From: YASUOKA Masahiko Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 26 Feb 2021 07:39:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 46791 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 46791@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.161432514011244 (code B ref -1); Fri, 26 Feb 2021 07:39:02 +0000 Received: (at submit) by debbugs.gnu.org; 26 Feb 2021 07:39:00 +0000 Received: from localhost ([127.0.0.1]:40185 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFXiF-0002vI-Jk for submit@debbugs.gnu.org; Fri, 26 Feb 2021 02:39:00 -0500 Received: from lists.gnu.org ([209.51.188.17]:45896) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFXiC-0002v9-O1 for submit@debbugs.gnu.org; Fri, 26 Feb 2021 02:38:58 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:36332) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lFXiC-00036G-HH for bug-gnu-emacs@gnu.org; Fri, 26 Feb 2021 02:38:56 -0500 Received: from s247156.ppp.asahi-net.or.jp ([220.157.247.156]:55366) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lFXi9-0005Fx-KU for bug-gnu-emacs@gnu.org; Fri, 26 Feb 2021 02:38:56 -0500 Received: by mail.2ndsoft.com (OpenSMTPD) with ESMTP id bba0a6d6; Fri, 26 Feb 2021 16:32:07 +0900 (JST) Date: Fri, 26 Feb 2021 16:32:06 +0900 (JST) Message-Id: <20210226.163206.1318676287968973294.yasuoka@yasuoka.net> From: YASUOKA Masahiko X-Mailer: Mew version 6.8 on Emacs 27.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: permerror client-ip=220.157.247.156; envelope-from=yasuoka@yasuoka.net; helo=s247156.ppp.asahi-net.or.jp X-Spam_score_int: -8 X-Spam_score: -0.9 X-Spam_bar: / X-Spam_report: (-0.9 / 5.0 requ) BAYES_00=-1.9, RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) When I'm using Mew(https://mew.org/) on emacs 27.1, emacs crashes frequently. It happens when I am composing a mail message in "draft mode" of Mew. A backtrace by gdb (gdb) bt #0 _rthread_tls_destructors (thread=0xadfdf3e3ad0) at /usr/src/lib/libc/thread/rthread_tls.c:180 #1 0x00000adfdef1396e in handle_fatal_signal (sig=Variable "sig" is not available. ) at sysdep.c:1793 #2 0x00000adfdef139f2 in deliver_thread_signal (sig=Variable "sig" is not available. ) at sysdep.c:1767 #3 0x00000adfdef127f9 in deliver_fatal_thread_signal (sig=Variable "sig" is not available. ) at sysdep.c:1805 #4 0x00000adfdef13a3a in handle_sigsegv (sig=11, siginfo=0xadfdf3e3c30, arg=Variable "arg" is not available. ) at sysdep.c:1890 #5 #6 0x00000ae226ab9961 in gtk_label_new () from /usr/local/lib/libgtk-3.so.2201.0 #7 0x00000adfdeedd087 in update_frame_tool_bar (f=Variable "f" is not available. ) at gtkutil.c:4712 #8 0x00000adfdee444fe in redisplay_window (window=0xae275466c35, just_this_one_p=false) at xdisp.c:14152 #9 0x00000adfdee3ef94 in redisplay_window_0 (window=Variable "window" is not available. ) at xdisp.c:16314 #10 0x00000adfdef86b1f in internal_condition_case_1 (bfun=Variable "bfun" is not available. ) at eval.c:1380 #11 0x00000adfdee3e55d in redisplay_windows (window=0xae275466c35) at xdisp.c:16294 #12 0x00000adfdee1219a in redisplay_internal () at xdisp.c:15762 #13 0x00000adfdeef8d70 in read_char (commandflag=1, map=0xae24f0ae3c3, prev_event=0x0, used_mouse_menu=0x7f7ffffda2f7, end_time=0x0) at keyboard.c:2493 #14 0x00000adfdeef67ea in read_key_sequence (keybuf=Variable "keybuf" is not available. ) at keyboard.c:9553 #15 0x00000adfdeef51c0 in command_loop_1 () at keyboard.c:1350 #16 0x00000adfdef86a76 in internal_condition_case (bfun=Variable "bfun" is not available. ) at eval.c:1356 #17 0x00000adfdef06450 in command_loop_2 (ignore=Variable "ignore" is not available. ) at keyboard.c:1091 #18 0x00000adfdef86347 in internal_catch (tag=Variable "tag" is not available. ) at eval.c:1117 #19 0x00000adfdeef405a in command_loop () at keyboard.c:1070 #20 0x00000adfdeef3f21 in recursive_edit_1 () at keyboard.c:714 #21 0x00000adfdeef424a in Frecursive_edit () at keyboard.c:786 #22 0x00000adfdeef2e78 in main (argc=Cannot access memory at address 0x0 ) at emacs.c:2062 (gdb) In src/gtkutil.c, update_frame_tool_bar(): 5197 ti = xg_make_tool_item (f, w, &wbutton, label, i, horiz, text_image); this "label" is invalid when the crash happens. This "label" 5006 for (i = j = 0; i < f->n_tool_bar_items; ++i) 5007 { 5008 bool enabled_p = !NILP (PROP (TOOL_BAR_ITEM_ENABLED_P)); 5009 bool selected_p = !NILP (PROP (TOOL_BAR_ITEM_SELECTED_P)); 5022 const char *label 5023 = (EQ (style, Qimage) || (vert_only && horiz)) ? NULL 5024 : STRINGP (PROP (TOOL_BAR_ITEM_LABEL)) 5025 ? SSDATA (PROP (TOOL_BAR_ITEM_LABEL)) 5026 : ""; is set at the begining of the loop(#5006), 5065 specified_file = file_for_image (image); 5066 if (!NILP (specified_file) && !NILP (Ffboundp (Qx_gtk_map_stock))) 5067 stock = call1 (Qx_gtk_map_stock, specified_file); 5068 it sometimes become invalid just after #5067. Then it is passed to gtk_label_new() through xg_make_tool_item(), the crash will happen. Since we can get a valid "label" pointer again by setting it in the same way of the beginning of the loop, we can fix the bug by moving the initialization of "label" to a place just before it is used. The following diff does this: Index: src/gtkutil.c --- src/gtkutil.c.orig +++ src/gtkutil.c @@ -5019,11 +5019,7 @@ update_frame_tool_bar (struct frame *f) GtkWidget *wbutton = NULL; Lisp_Object specified_file; bool vert_only = ! NILP (PROP (TOOL_BAR_ITEM_VERT_ONLY)); - const char *label - = (EQ (style, Qimage) || (vert_only && horiz)) ? NULL - : STRINGP (PROP (TOOL_BAR_ITEM_LABEL)) - ? SSDATA (PROP (TOOL_BAR_ITEM_LABEL)) - : ""; + const char *label; ti = gtk_toolbar_get_nth_item (GTK_TOOLBAR (wtoolbar), j); @@ -5133,6 +5129,11 @@ update_frame_tool_bar (struct frame *f) continue; } } + + label = (EQ (style, Qimage) || (vert_only && horiz)) ? NULL + : STRINGP (PROP (TOOL_BAR_ITEM_LABEL)) + ? SSDATA (PROP (TOOL_BAR_ITEM_LABEL)) + : ""; /* If there is an existing widget, check if it's stale; if so, remove it and make a new tool item from scratch. */ The crash doesn't happen after the diff is applied. In GNU Emacs 27.1 (build 1, x86_64-unknown-openbsd, GTK+ Version 3.24.23) of 2021-02-24 built on yasuoka-ob1.tokyo.iiji.jp Repository revision: f7d512d526f0b515194e5ef243120e30547ae1c7 Repository branch: work Windowing system distributor 'The X.Org Foundation', version 11.0.12008000 System Description: OpenBSD yasuoka-ob1.tokyo.iiji.jp 6.9 GENERIC.MP#215 amd64 Recent messages: For information about GNU Emacs and the GNU system, type C-a. Quit [2 times] Setting up Mew world... Updating status...done Setting up Mew world...done Scanning +inbox...done Making completion list... [2 times] Configured using: 'configure --build=amd64-unknown-openbsd --without-sound --with-x-toolkit=gtk3 --prefix=/usr/local --sysconfdir=/etc --mandir=/usr/local/man --infodir=/usr/local/info --localstatedir=/var --disable-silent-rules --disable-gtk-doc 'CFLAGS=-O2 -pipe -g' CPPFLAGS=-I/usr/local/include 'LDFLAGS=-L/usr/local/lib -g'' Configured features: XPM JPEG TIFF GIF PNG RSVG DBUS GSETTINGS GLIB NOTIFY KQUEUE GNUTLS LIBXML2 FREETYPE HARFBUZZ M17N_FLT LIBOTF XFT ZLIB TOOLKIT_SCROLL_BARS GTK3 X11 XDBE XIM MODULES THREADS JSON PDUMPER LCMS2 GMP Important settings: value of $LC_CTYPE: ja_JP.UTF-8 value of $LANG: ja_JP.UTF-8 value of $XMODIFIERS: locale-coding-system: utf-8-unix Major mode: Summary Minor modes in effect: tooltip-mode: t global-eldoc-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t buffer-read-only: t transient-mark-mode: t Load-path shadows: None found. Features: (shadow vc-git diff-mode easy-mmode emacsbug message rmc puny dired dired-loaddefs format-spec rfc822 mml mml-sec password-cache epa derived epg epg-config gnus-util rmail rmail-loaddefs text-property-search time-date subr-x seq byte-opt gv bytecomp byte-compile cconv mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils pp mew-varsx mew-unix mew-auth mew-config mew-imap2 mew-imap mew-nntp2 mew-nntp mew-pop mew-smtp mew-ssl mew-ssh mew-net mew-highlight mew-sort mew-fib mew-ext mew-refile mew-demo mew-attach mew-draft mew-message mew-thread mew-virtual mew-summary4 mew-summary3 mew-summary2 mew-summary mew-search mew-pick mew-passwd mew-scan mew-syntax mew-bq mew-smime mew-pgp mew-header mew-exec mew-mark mew-mime mew-edit mew-decode mew-encode mew-cache mew-minibuf mew-complete mew-addrbook mew-local mew-vars3 mew-vars2 mew-vars mew-env mew-lang-jp mew-mule3 mew-mule mew-gemacs easymenu mew-key mew-func mew-blvs mew-const mew edmacro kmacro cl-loaddefs cl-lib japan-util tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type mwheel term/x-win x-win term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode elisp-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite charscript charprop case-table epa-hook jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote threads dbusbind kqueue lcms2 dynamic-setting system-font-setting font-render-setting move-toolbar gtk x-toolkit x multi-tty make-network-process emacs) Memory information: ((conses 16 101329 6741) (symbols 48 12110 3) (strings 32 36425 1488) (string-bytes 1 1044411) (vectors 16 18772) (vector-slots 8 476303 14814) (floats 8 49 42) (intervals 56 602 0) (buffers 1000 13)) From debbugs-submit-bounces@debbugs.gnu.org Fri Feb 26 03:59:11 2021 Received: (at control) by debbugs.gnu.org; 26 Feb 2021 08:59:11 +0000 Received: from localhost ([127.0.0.1]:40283 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFYxq-0006u4-Vj for submit@debbugs.gnu.org; Fri, 26 Feb 2021 03:59:11 -0500 Received: from quimby.gnus.org ([95.216.78.240]:34046) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFYxp-0006tq-47 for control@debbugs.gnu.org; Fri, 26 Feb 2021 03:59:09 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnus.org; s=20200322; h=Subject:From:To:Message-Id:Date:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=waqrM5yKqiQ4P2couQFiX7ic18JqwwqM9iRf935PoF8=; b=f/P+dy4HD5Hjdl3MBk13tQU9Ey oCGwxCV8O+KXcNkfnYJtomiMu90YoEtVRdT5YDxhKyV22jmydvC7unVkgaJ13XiFnAraQPtAtwqXS PCgIueSBha291cY+3jSa84b82uZbQHoWGtzxWB+trpa7dirRN6ZaEGoXEnvDqxIjW2hc=; Received: from cm-84.212.220.105.getinternet.no ([84.212.220.105] helo=xo) by quimby.gnus.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lFYxh-0000X7-Jd for control@debbugs.gnu.org; Fri, 26 Feb 2021 09:59:03 +0100 Date: Fri, 26 Feb 2021 09:59:00 +0100 Message-Id: <8735xjmch7.fsf@gnus.org> To: control@debbugs.gnu.org From: Lars Ingebrigtsen Subject: control message for bug #46791 X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: tags 46791 + patch quit Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) tags 46791 + patch quit From unknown Wed Jun 25 09:10:50 2025 X-Loop: help-debbugs@gnu.org Subject: bug#46791: 27.1; crash at gtk_label_new() Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 26 Feb 2021 14:38:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46791 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch To: YASUOKA Masahiko Cc: 46791@debbugs.gnu.org Received: via spool by 46791-submit@debbugs.gnu.org id=B46791.161435024725032 (code B ref 46791); Fri, 26 Feb 2021 14:38:02 +0000 Received: (at 46791) by debbugs.gnu.org; 26 Feb 2021 14:37:27 +0000 Received: from localhost ([127.0.0.1]:40519 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFeFC-0006Vg-Jl for submit@debbugs.gnu.org; Fri, 26 Feb 2021 09:37:26 -0500 Received: from eggs.gnu.org ([209.51.188.92]:56164) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFeFA-0006VT-Ia for 46791@debbugs.gnu.org; Fri, 26 Feb 2021 09:37:25 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:33704) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lFeF4-0007qB-I3; Fri, 26 Feb 2021 09:37:18 -0500 Received: from 84.94.185.95.cable.012.net.il ([84.94.185.95]:2285 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lFeF3-0006uq-6v; Fri, 26 Feb 2021 09:37:17 -0500 Date: Fri, 26 Feb 2021 16:37:03 +0200 Message-Id: <831rd2rj3k.fsf@gnu.org> From: Eli Zaretskii In-Reply-To: <20210226.163206.1318676287968973294.yasuoka@yasuoka.net> (message from YASUOKA Masahiko on Fri, 26 Feb 2021 16:32:06 +0900 (JST)) References: <20210226.163206.1318676287968973294.yasuoka@yasuoka.net> X-Spam-Score: -0.7 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) > Date: Fri, 26 Feb 2021 16:32:06 +0900 (JST) > From: YASUOKA Masahiko > > When I'm using Mew(https://mew.org/) on emacs 27.1, emacs crashes > frequently. It happens when I am composing a mail message in "draft > mode" of Mew. > [...] > In src/gtkutil.c, update_frame_tool_bar(): > > 5197 ti = xg_make_tool_item (f, w, &wbutton, label, i, horiz, text_image); > > this "label" is invalid when the crash happens. This "label" > > 5006 for (i = j = 0; i < f->n_tool_bar_items; ++i) > 5007 { > 5008 bool enabled_p = !NILP (PROP (TOOL_BAR_ITEM_ENABLED_P)); > 5009 bool selected_p = !NILP (PROP (TOOL_BAR_ITEM_SELECTED_P)); > > 5022 const char *label > 5023 = (EQ (style, Qimage) || (vert_only && horiz)) ? NULL > 5024 : STRINGP (PROP (TOOL_BAR_ITEM_LABEL)) > 5025 ? SSDATA (PROP (TOOL_BAR_ITEM_LABEL)) > 5026 : ""; > > is set at the begining of the loop(#5006), > > 5065 specified_file = file_for_image (image); > 5066 if (!NILP (specified_file) && !NILP (Ffboundp (Qx_gtk_map_stock))) > 5067 stock = call1 (Qx_gtk_map_stock, specified_file); > 5068 > > it sometimes become invalid just after #5067. Then it is passed to > gtk_label_new() through xg_make_tool_item(), the crash will happen. > > Since we can get a valid "label" pointer again by setting it in the > same way of the beginning of the loop, we can fix the bug by moving > the initialization of "label" to a place just before it is used. The > following diff does this: Thanks. Could you please try the slightly different patch below? It is IMO safer, since it doesn't depend on a 'char *' pointer into a Lisp string's data to remain valid after some point in the code. diff --git a/src/gtkutil.c b/src/gtkutil.c index d824601..825fbe1 100644 --- a/src/gtkutil.c +++ b/src/gtkutil.c @@ -5019,11 +5019,10 @@ update_frame_tool_bar (struct frame *f) GtkWidget *wbutton = NULL; Lisp_Object specified_file; bool vert_only = ! NILP (PROP (TOOL_BAR_ITEM_VERT_ONLY)); - const char *label - = (EQ (style, Qimage) || (vert_only && horiz)) ? NULL - : STRINGP (PROP (TOOL_BAR_ITEM_LABEL)) - ? SSDATA (PROP (TOOL_BAR_ITEM_LABEL)) - : ""; + Lisp_Object label + = (EQ (style, Qimage) || (vert_only && horiz)) + ? Qnil + : PROP (TOOL_BAR_ITEM_LABEL); ti = gtk_toolbar_get_nth_item (GTK_TOOLBAR (wtoolbar), j); @@ -5136,8 +5135,11 @@ update_frame_tool_bar (struct frame *f) /* If there is an existing widget, check if it's stale; if so, remove it and make a new tool item from scratch. */ - if (ti && xg_tool_item_stale_p (wbutton, stock_name, icon_name, - img, label, horiz)) + if (ti && xg_tool_item_stale_p (wbutton, stock_name, icon_name, img, + NILP (label) + ? NULL + : STRINGP (label) ? SSDATA (label) : "", + horiz)) { gtk_container_remove (GTK_CONTAINER (wtoolbar), GTK_WIDGET (ti)); @@ -5194,7 +5196,11 @@ update_frame_tool_bar (struct frame *f) #else if (w) gtk_misc_set_padding (GTK_MISC (w), hmargin, vmargin); #endif - ti = xg_make_tool_item (f, w, &wbutton, label, i, horiz, text_image); + ti = xg_make_tool_item (f, w, &wbutton, + NILP (label) + ? NULL + : STRINGP (label) ? SSDATA (label) : "", + i, horiz, text_image); gtk_toolbar_insert (GTK_TOOLBAR (wtoolbar), ti, j); } From unknown Wed Jun 25 09:10:50 2025 X-Loop: help-debbugs@gnu.org Subject: bug#46791: 27.1; crash at gtk_label_new() Resent-From: YASUOKA Masahiko Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Sat, 27 Feb 2021 03:37:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 46791 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: patch To: eliz@gnu.org Cc: 46791@debbugs.gnu.org Received: via spool by 46791-submit@debbugs.gnu.org id=B46791.161439696626003 (code B ref 46791); Sat, 27 Feb 2021 03:37:02 +0000 Received: (at 46791) by debbugs.gnu.org; 27 Feb 2021 03:36:06 +0000 Received: from localhost ([127.0.0.1]:42926 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFqOk-0006lL-2s for submit@debbugs.gnu.org; Fri, 26 Feb 2021 22:36:06 -0500 Received: from s247156.ppp.asahi-net.or.jp ([220.157.247.156]:62421) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFqOg-0006kr-Ab for 46791@debbugs.gnu.org; Fri, 26 Feb 2021 22:36:04 -0500 Received: by mail.2ndsoft.com (OpenSMTPD) with ESMTP id 48264f7f; Sat, 27 Feb 2021 12:35:59 +0900 (JST) Date: Sat, 27 Feb 2021 12:35:56 +0900 (JST) Message-Id: <20210227.123556.1905602128538185076.yasuoka@yasuoka.net> From: YASUOKA Masahiko In-Reply-To: <831rd2rj3k.fsf@gnu.org> References: <20210226.163206.1318676287968973294.yasuoka@yasuoka.net> <831rd2rj3k.fsf@gnu.org> X-Mailer: Mew version 6.8 on Emacs 27.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Score: 0.4 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.6 (/) On Fri, 26 Feb 2021 16:37:03 +0200 Eli Zaretskii wrote: >> Date: Fri, 26 Feb 2021 16:32:06 +0900 (JST) >> From: YASUOKA Masahiko >> >> When I'm using Mew(https://mew.org/) on emacs 27.1, emacs crashes >> frequently. It happens when I am composing a mail message in "draft >> mode" of Mew. >> [...] >> In src/gtkutil.c, update_frame_tool_bar(): >> >> 5197 ti = xg_make_tool_item (f, w, &wbutton, label, i, horiz, text_image); >> >> this "label" is invalid when the crash happens. This "label" >> >> 5006 for (i = j = 0; i < f->n_tool_bar_items; ++i) >> 5007 { >> 5008 bool enabled_p = !NILP (PROP (TOOL_BAR_ITEM_ENABLED_P)); >> 5009 bool selected_p = !NILP (PROP (TOOL_BAR_ITEM_SELECTED_P)); >> >> 5022 const char *label >> 5023 = (EQ (style, Qimage) || (vert_only && horiz)) ? NULL >> 5024 : STRINGP (PROP (TOOL_BAR_ITEM_LABEL)) >> 5025 ? SSDATA (PROP (TOOL_BAR_ITEM_LABEL)) >> 5026 : ""; >> >> is set at the begining of the loop(#5006), >> >> 5065 specified_file = file_for_image (image); >> 5066 if (!NILP (specified_file) && !NILP (Ffboundp (Qx_gtk_map_stock))) >> 5067 stock = call1 (Qx_gtk_map_stock, specified_file); >> 5068 >> >> it sometimes become invalid just after #5067. Then it is passed to >> gtk_label_new() through xg_make_tool_item(), the crash will happen. >> >> Since we can get a valid "label" pointer again by setting it in the >> same way of the beginning of the loop, we can fix the bug by moving >> the initialization of "label" to a place just before it is used. The >> following diff does this: > > Thanks. Could you please try the slightly different patch below? It > is IMO safer, since it doesn't depend on a 'char *' pointer into a > Lisp string's data to remain valid after some point in the code. Yes. I tested your patch, it seems to fix the problem. Thanks, From unknown Wed Jun 25 09:10:50 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: YASUOKA Masahiko Subject: bug#46791: closed (Re: bug#46791: 27.1; crash at gtk_label_new()) Message-ID: References: <83a6rqotlz.fsf@gnu.org> <20210226.163206.1318676287968973294.yasuoka@yasuoka.net> X-Gnu-PR-Message: they-closed 46791 X-Gnu-PR-Package: emacs X-Gnu-PR-Keywords: patch Reply-To: 46791@debbugs.gnu.org Date: Sat, 27 Feb 2021 07:31:01 +0000 Content-Type: multipart/mixed; boundary="----------=_1614411061-23887-1" This is a multi-part message in MIME format... ------------=_1614411061-23887-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #46791: 27.1; crash at gtk_label_new() which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 46791@debbugs.gnu.org. --=20 46791: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D46791 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1614411061-23887-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 46791-done) by debbugs.gnu.org; 27 Feb 2021 07:30:54 +0000 Received: from localhost ([127.0.0.1]:43110 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFu3y-0006Cx-4N for submit@debbugs.gnu.org; Sat, 27 Feb 2021 02:30:54 -0500 Received: from eggs.gnu.org ([209.51.188.92]:38672) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFu3w-0006Cg-MV for 46791-done@debbugs.gnu.org; Sat, 27 Feb 2021 02:30:53 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:56268) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lFu3o-0002pe-G2; Sat, 27 Feb 2021 02:30:46 -0500 Received: from 84.94.185.95.cable.012.net.il ([84.94.185.95]:4596 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lFu3k-0008Ku-SO; Sat, 27 Feb 2021 02:30:43 -0500 Date: Sat, 27 Feb 2021 09:30:32 +0200 Message-Id: <83a6rqotlz.fsf@gnu.org> From: Eli Zaretskii To: YASUOKA Masahiko In-Reply-To: <20210227.123556.1905602128538185076.yasuoka@yasuoka.net> (message from YASUOKA Masahiko on Sat, 27 Feb 2021 12:35:56 +0900 (JST)) Subject: Re: bug#46791: 27.1; crash at gtk_label_new() References: <20210226.163206.1318676287968973294.yasuoka@yasuoka.net> <831rd2rj3k.fsf@gnu.org> <20210227.123556.1905602128538185076.yasuoka@yasuoka.net> X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 46791-done Cc: 46791-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) > Date: Sat, 27 Feb 2021 12:35:56 +0900 (JST) > Cc: 46791@debbugs.gnu.org > From: YASUOKA Masahiko > > > Thanks. Could you please try the slightly different patch below? It > > is IMO safer, since it doesn't depend on a 'char *' pointer into a > > Lisp string's data to remain valid after some point in the code. > > Yes. I tested your patch, it seems to fix the problem. Thanks, I installed the change on the emacs-27 branch, for the upcoming Emacs 27.2, and I'm therefore marking this bug done. ------------=_1614411061-23887-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 26 Feb 2021 07:39:00 +0000 Received: from localhost ([127.0.0.1]:40185 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFXiF-0002vI-Jk for submit@debbugs.gnu.org; Fri, 26 Feb 2021 02:39:00 -0500 Received: from lists.gnu.org ([209.51.188.17]:45896) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lFXiC-0002v9-O1 for submit@debbugs.gnu.org; Fri, 26 Feb 2021 02:38:58 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:36332) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lFXiC-00036G-HH for bug-gnu-emacs@gnu.org; Fri, 26 Feb 2021 02:38:56 -0500 Received: from s247156.ppp.asahi-net.or.jp ([220.157.247.156]:55366) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lFXi9-0005Fx-KU for bug-gnu-emacs@gnu.org; Fri, 26 Feb 2021 02:38:56 -0500 Received: by mail.2ndsoft.com (OpenSMTPD) with ESMTP id bba0a6d6; Fri, 26 Feb 2021 16:32:07 +0900 (JST) Date: Fri, 26 Feb 2021 16:32:06 +0900 (JST) Message-Id: <20210226.163206.1318676287968973294.yasuoka@yasuoka.net> To: bug-gnu-emacs@gnu.org Subject: 27.1; crash at gtk_label_new() From: YASUOKA Masahiko X-Mailer: Mew version 6.8 on Emacs 27.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Received-SPF: permerror client-ip=220.157.247.156; envelope-from=yasuoka@yasuoka.net; helo=s247156.ppp.asahi-net.or.jp X-Spam_score_int: -8 X-Spam_score: -0.9 X-Spam_bar: / X-Spam_report: (-0.9 / 5.0 requ) BAYES_00=-1.9, RDNS_DYNAMIC=0.982, SPF_HELO_NONE=0.001, T_SPF_PERMERROR=0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) When I'm using Mew(https://mew.org/) on emacs 27.1, emacs crashes frequently. It happens when I am composing a mail message in "draft mode" of Mew. A backtrace by gdb (gdb) bt #0 _rthread_tls_destructors (thread=0xadfdf3e3ad0) at /usr/src/lib/libc/thread/rthread_tls.c:180 #1 0x00000adfdef1396e in handle_fatal_signal (sig=Variable "sig" is not available. ) at sysdep.c:1793 #2 0x00000adfdef139f2 in deliver_thread_signal (sig=Variable "sig" is not available. ) at sysdep.c:1767 #3 0x00000adfdef127f9 in deliver_fatal_thread_signal (sig=Variable "sig" is not available. ) at sysdep.c:1805 #4 0x00000adfdef13a3a in handle_sigsegv (sig=11, siginfo=0xadfdf3e3c30, arg=Variable "arg" is not available. ) at sysdep.c:1890 #5 #6 0x00000ae226ab9961 in gtk_label_new () from /usr/local/lib/libgtk-3.so.2201.0 #7 0x00000adfdeedd087 in update_frame_tool_bar (f=Variable "f" is not available. ) at gtkutil.c:4712 #8 0x00000adfdee444fe in redisplay_window (window=0xae275466c35, just_this_one_p=false) at xdisp.c:14152 #9 0x00000adfdee3ef94 in redisplay_window_0 (window=Variable "window" is not available. ) at xdisp.c:16314 #10 0x00000adfdef86b1f in internal_condition_case_1 (bfun=Variable "bfun" is not available. ) at eval.c:1380 #11 0x00000adfdee3e55d in redisplay_windows (window=0xae275466c35) at xdisp.c:16294 #12 0x00000adfdee1219a in redisplay_internal () at xdisp.c:15762 #13 0x00000adfdeef8d70 in read_char (commandflag=1, map=0xae24f0ae3c3, prev_event=0x0, used_mouse_menu=0x7f7ffffda2f7, end_time=0x0) at keyboard.c:2493 #14 0x00000adfdeef67ea in read_key_sequence (keybuf=Variable "keybuf" is not available. ) at keyboard.c:9553 #15 0x00000adfdeef51c0 in command_loop_1 () at keyboard.c:1350 #16 0x00000adfdef86a76 in internal_condition_case (bfun=Variable "bfun" is not available. ) at eval.c:1356 #17 0x00000adfdef06450 in command_loop_2 (ignore=Variable "ignore" is not available. ) at keyboard.c:1091 #18 0x00000adfdef86347 in internal_catch (tag=Variable "tag" is not available. ) at eval.c:1117 #19 0x00000adfdeef405a in command_loop () at keyboard.c:1070 #20 0x00000adfdeef3f21 in recursive_edit_1 () at keyboard.c:714 #21 0x00000adfdeef424a in Frecursive_edit () at keyboard.c:786 #22 0x00000adfdeef2e78 in main (argc=Cannot access memory at address 0x0 ) at emacs.c:2062 (gdb) In src/gtkutil.c, update_frame_tool_bar(): 5197 ti = xg_make_tool_item (f, w, &wbutton, label, i, horiz, text_image); this "label" is invalid when the crash happens. This "label" 5006 for (i = j = 0; i < f->n_tool_bar_items; ++i) 5007 { 5008 bool enabled_p = !NILP (PROP (TOOL_BAR_ITEM_ENABLED_P)); 5009 bool selected_p = !NILP (PROP (TOOL_BAR_ITEM_SELECTED_P)); 5022 const char *label 5023 = (EQ (style, Qimage) || (vert_only && horiz)) ? NULL 5024 : STRINGP (PROP (TOOL_BAR_ITEM_LABEL)) 5025 ? SSDATA (PROP (TOOL_BAR_ITEM_LABEL)) 5026 : ""; is set at the begining of the loop(#5006), 5065 specified_file = file_for_image (image); 5066 if (!NILP (specified_file) && !NILP (Ffboundp (Qx_gtk_map_stock))) 5067 stock = call1 (Qx_gtk_map_stock, specified_file); 5068 it sometimes become invalid just after #5067. Then it is passed to gtk_label_new() through xg_make_tool_item(), the crash will happen. Since we can get a valid "label" pointer again by setting it in the same way of the beginning of the loop, we can fix the bug by moving the initialization of "label" to a place just before it is used. The following diff does this: Index: src/gtkutil.c --- src/gtkutil.c.orig +++ src/gtkutil.c @@ -5019,11 +5019,7 @@ update_frame_tool_bar (struct frame *f) GtkWidget *wbutton = NULL; Lisp_Object specified_file; bool vert_only = ! NILP (PROP (TOOL_BAR_ITEM_VERT_ONLY)); - const char *label - = (EQ (style, Qimage) || (vert_only && horiz)) ? NULL - : STRINGP (PROP (TOOL_BAR_ITEM_LABEL)) - ? SSDATA (PROP (TOOL_BAR_ITEM_LABEL)) - : ""; + const char *label; ti = gtk_toolbar_get_nth_item (GTK_TOOLBAR (wtoolbar), j); @@ -5133,6 +5129,11 @@ update_frame_tool_bar (struct frame *f) continue; } } + + label = (EQ (style, Qimage) || (vert_only && horiz)) ? NULL + : STRINGP (PROP (TOOL_BAR_ITEM_LABEL)) + ? SSDATA (PROP (TOOL_BAR_ITEM_LABEL)) + : ""; /* If there is an existing widget, check if it's stale; if so, remove it and make a new tool item from scratch. */ The crash doesn't happen after the diff is applied. In GNU Emacs 27.1 (build 1, x86_64-unknown-openbsd, GTK+ Version 3.24.23) of 2021-02-24 built on yasuoka-ob1.tokyo.iiji.jp Repository revision: f7d512d526f0b515194e5ef243120e30547ae1c7 Repository branch: work Windowing system distributor 'The X.Org Foundation', version 11.0.12008000 System Description: OpenBSD yasuoka-ob1.tokyo.iiji.jp 6.9 GENERIC.MP#215 amd64 Recent messages: For information about GNU Emacs and the GNU system, type C-a. Quit [2 times] Setting up Mew world... Updating status...done Setting up Mew world...done Scanning +inbox...done Making completion list... [2 times] Configured using: 'configure --build=amd64-unknown-openbsd --without-sound --with-x-toolkit=gtk3 --prefix=/usr/local --sysconfdir=/etc --mandir=/usr/local/man --infodir=/usr/local/info --localstatedir=/var --disable-silent-rules --disable-gtk-doc 'CFLAGS=-O2 -pipe -g' CPPFLAGS=-I/usr/local/include 'LDFLAGS=-L/usr/local/lib -g'' Configured features: XPM JPEG TIFF GIF PNG RSVG DBUS GSETTINGS GLIB NOTIFY KQUEUE GNUTLS LIBXML2 FREETYPE HARFBUZZ M17N_FLT LIBOTF XFT ZLIB TOOLKIT_SCROLL_BARS GTK3 X11 XDBE XIM MODULES THREADS JSON PDUMPER LCMS2 GMP Important settings: value of $LC_CTYPE: ja_JP.UTF-8 value of $LANG: ja_JP.UTF-8 value of $XMODIFIERS: locale-coding-system: utf-8-unix Major mode: Summary Minor modes in effect: tooltip-mode: t global-eldoc-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t buffer-read-only: t transient-mark-mode: t Load-path shadows: None found. Features: (shadow vc-git diff-mode easy-mmode emacsbug message rmc puny dired dired-loaddefs format-spec rfc822 mml mml-sec password-cache epa derived epg epg-config gnus-util rmail rmail-loaddefs text-property-search time-date subr-x seq byte-opt gv bytecomp byte-compile cconv mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils pp mew-varsx mew-unix mew-auth mew-config mew-imap2 mew-imap mew-nntp2 mew-nntp mew-pop mew-smtp mew-ssl mew-ssh mew-net mew-highlight mew-sort mew-fib mew-ext mew-refile mew-demo mew-attach mew-draft mew-message mew-thread mew-virtual mew-summary4 mew-summary3 mew-summary2 mew-summary mew-search mew-pick mew-passwd mew-scan mew-syntax mew-bq mew-smime mew-pgp mew-header mew-exec mew-mark mew-mime mew-edit mew-decode mew-encode mew-cache mew-minibuf mew-complete mew-addrbook mew-local mew-vars3 mew-vars2 mew-vars mew-env mew-lang-jp mew-mule3 mew-mule mew-gemacs easymenu mew-key mew-func mew-blvs mew-const mew edmacro kmacro cl-loaddefs cl-lib japan-util tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type mwheel term/x-win x-win term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode elisp-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite charscript charprop case-table epa-hook jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote threads dbusbind kqueue lcms2 dynamic-setting system-font-setting font-render-setting move-toolbar gtk x-toolkit x multi-tty make-network-process emacs) Memory information: ((conses 16 101329 6741) (symbols 48 12110 3) (strings 32 36425 1488) (string-bytes 1 1044411) (vectors 16 18772) (vector-slots 8 476303 14814) (floats 8 49 42) (intervals 56 602 0) (buffers 1000 13)) ------------=_1614411061-23887-1--