GNU bug report logs - #47094
27.1; emacs dies with XBM display

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 47094 in the body.
You can then email your comments to 47094 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: ynyaaa <at> gmail.com
To: bug-gnu-emacs <at> gnu.org
Subject: 27.1; emacs dies with XBM display
Date: Fri, 12 Mar 2021 19:19:32 +0900

Try to evaluate the form below, emacs dies before displaying the image.

(let* ((w 256)
       (h 256)
       (s (make-string (* (/ w 8) h) #x55)))
  (insert-image (create-image s 'xbm t :width w :height h)))


In GNU Emacs 27.1 (build 1, x86_64-w64-mingw32)
 of 2020-08-22 built on CIRROCUMULUS
Repository revision: 86d8d76aa36037184db0b2897c434cdaab1a9ae8
Repository branch: HEAD
Windowing system distributor 'Microsoft Corp.', version 10.0.18363
System Description: Microsoft Windows 10 Pro (v10.0.1909.18363.1379)

Recent messages:

Configured using:
 'configure --without-dbus --host=x86_64-w64-mingw32
 --without-compress-install 'CFLAGS=-O2 -static''

Configured features:
XPM JPEG TIFF GIF PNG RSVG SOUND NOTIFY W32NOTIFY ACL GNUTLS LIBXML2
HARFBUZZ ZLIB TOOLKIT_SCROLL_BARS MODULES THREADS JSON PDUMPER LCMS2 GMP

Important settings:
  value of $LANG: JPN
  locale-coding-system: cp932

Major mode: Lisp Interaction

Minor modes in effect:
  tooltip-mode: t
  global-eldoc-mode: t
  eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Load-path shadows:
None found.

Features:
(gnutls network-stream nsm mailalias smtpmail auth-source cl-seq eieio
eieio-core cl-macs eieio-loaddefs json map jka-compr help-fns radix-tree
cl-print debug backtrace find-func ispell misearch multi-isearch mailcap
help-mode pp shadow sort mail-extr emacsbug message rmc puny dired
dired-loaddefs format-spec rfc822 mml easymenu mml-sec password-cache
epa derived epg epg-config gnus-util rmail rmail-loaddefs
text-property-search time-date subr-x seq byte-opt gv bytecomp
byte-compile cconv mm-decode mm-bodies mm-encode mail-parse rfc2231
mailabbrev gmm-utils mailheader cl-loaddefs cl-lib sendmail rfc2047
rfc2045 ietf-drums mm-util mail-prsvr mail-utils term/bobcat japan-util
tooltip eldoc electric uniquify ediff-hook vc-hooks lisp-float-type
mwheel dos-w32 ls-lisp disp-table term/w32-win w32-win w32-vars
term/common-win tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch timer
select scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese composite charscript charprop case-table epa-hook
jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice loaddefs
button faces cus-face macroexp files text-properties overlay sha1 md5
base64 format env code-pages mule custom widget hashtable-print-readable
backquote threads w32notify w32 lcms2 multi-tty make-network-process
emacs)

Memory information:
((conses 16 73868 15520)
 (symbols 48 8874 1)
 (strings 32 24577 1463)
 (string-bytes 1 816558)
 (vectors 16 14181)
 (vector-slots 8 274897 18438)
 (floats 8 29 282)
 (intervals 56 1670 259)
 (buffers 1000 18))

Message #10 received at 47094-done <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: ynyaaa <at> gmail.com
Cc: 47094-done <at> debbugs.gnu.org
Subject: Re: bug#47094: 27.1; emacs dies with XBM display
Date: Fri, 12 Mar 2021 14:42:36 +0200

> From: ynyaaa <at> gmail.com
> Date: Fri, 12 Mar 2021 19:19:32 +0900
> 
> Try to evaluate the form below, emacs dies before displaying the image.
> 
> (let* ((w 256)
>        (h 256)
>        (s (make-string (* (/ w 8) h) #x55)))
>   (insert-image (create-image s 'xbm t :width w :height h)))

I can reproduce in Emacs 27, but not on the current master branch.  So
I guess this has been fixed already, and I'm closing the bug.

Message #13 received at 47094 <at> debbugs.gnu.org (full text, mbox):

From: Alan Third <alan <at> idiocy.org>
To: 47094 <at> debbugs.gnu.org, eliz <at> gnu.org, ynyaaa <at> gmail.com
Subject: Re: bug#47094: 27.1; emacs dies with XBM display
Date: Fri, 12 Mar 2021 22:08:10 +0000

On Fri, Mar 12, 2021 at 02:42:36PM +0200, Eli Zaretskii wrote:
> > From: ynyaaa <at> gmail.com
> > Date: Fri, 12 Mar 2021 19:19:32 +0900
> > 
> > Try to evaluate the form below, emacs dies before displaying the image.
> > 
> > (let* ((w 256)
> >        (h 256)
> >        (s (make-string (* (/ w 8) h) #x55)))
> >   (insert-image (create-image s 'xbm t :width w :height h)))
> 
> I can reproduce in Emacs 27, but not on the current master branch.  So
> I guess this has been fixed already, and I'm closing the bug.

I can reproduce on the master branch. It looks like a stack overflow
in xbm_read_bitmap_data.

I tried it in a debugger, but the backtrace looks truncated.
-- 
Alan Third

Message #16 received at 47094 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Alan Third <alan <at> idiocy.org>
Cc: ynyaaa <at> gmail.com, 47094 <at> debbugs.gnu.org
Subject: Re: bug#47094: 27.1; emacs dies with XBM display
Date: Sat, 13 Mar 2021 09:19:17 +0200

> Date: Fri, 12 Mar 2021 22:08:10 +0000
> From: Alan Third <alan <at> idiocy.org>
> 
> > > (let* ((w 256)
> > >        (h 256)
> > >        (s (make-string (* (/ w 8) h) #x55)))
> > >   (insert-image (create-image s 'xbm t :width w :height h)))
> > 
> > I can reproduce in Emacs 27, but not on the current master branch.  So
> > I guess this has been fixed already, and I'm closing the bug.
> 
> I can reproduce on the master branch. It looks like a stack overflow
> in xbm_read_bitmap_data.

I did indeed get an infinite recursion on the emacs-27 branch, but not
on master.

> I tried it in a debugger, but the backtrace looks truncated.

Before or after SIGSEGV?  If it's after, then it isn't surprising you
get a truncated backtrace.

I think if you see the infinite recursion we should understand why it
happens in the first place, and try to prevent it.

Message #19 received at 47094 <at> debbugs.gnu.org (full text, mbox):

From: Alan Third <alan <at> idiocy.org>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: ynyaaa <at> gmail.com, 47094 <at> debbugs.gnu.org
Subject: Re: bug#47094: 27.1; emacs dies with XBM display
Date: Sat, 13 Mar 2021 22:07:14 +0000

On Sat, Mar 13, 2021 at 09:19:17AM +0200, Eli Zaretskii wrote:
> > Date: Fri, 12 Mar 2021 22:08:10 +0000
> > From: Alan Third <alan <at> idiocy.org>
> > 
> > > > (let* ((w 256)
> > > >        (h 256)
> > > >        (s (make-string (* (/ w 8) h) #x55)))
> > > >   (insert-image (create-image s 'xbm t :width w :height h)))
> > > 
> > > I can reproduce in Emacs 27, but not on the current master branch.  So
> > > I guess this has been fixed already, and I'm closing the bug.
> > 
> > I can reproduce on the master branch. It looks like a stack overflow
> > in xbm_read_bitmap_data.
> 
> I did indeed get an infinite recursion on the emacs-27 branch, but not
> on master.
> 
> > I tried it in a debugger, but the backtrace looks truncated.
> 
> Before or after SIGSEGV?  If it's after, then it isn't surprising you
> get a truncated backtrace.
> 
> I think if you see the infinite recursion we should understand why it
> happens in the first place, and try to prevent it.

It turns out it was a buffer overflow in xbm_scan that was clobbering
the stack. I've pushed a fix to the master branch.

-- 
Alan Third

Message #22 received at 47094-done <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Alan Third <alan <at> idiocy.org>
Cc: ynyaaa <at> gmail.com, 47094-done <at> debbugs.gnu.org
Subject: Re: bug#47094: 27.1; emacs dies with XBM display
Date: Sun, 14 Mar 2021 07:51:40 +0200

> Date: Sat, 13 Mar 2021 22:07:14 +0000
> From: Alan Third <alan <at> idiocy.org>
> Cc: ynyaaa <at> gmail.com, 47094 <at> debbugs.gnu.org
> 
> It turns out it was a buffer overflow in xbm_scan that was clobbering
> the stack. I've pushed a fix to the master branch.

Thanks, I've cherry-picked that to the emacs-27 branch.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.