From unknown Tue Jun 17 21:56:45 2025 X-Loop: help-debbugs@gnu.org Subject: bug#52461: spontaneous crash with portable dumper Resent-From: YAMAMOTO Mitsuharu Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 13 Dec 2021 01:39:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 52461 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 52461@debbugs.gnu.org X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16393595206456 (code B ref -1); Mon, 13 Dec 2021 01:39:01 +0000 Received: (at submit) by debbugs.gnu.org; 13 Dec 2021 01:38:40 +0000 Received: from localhost ([127.0.0.1]:53481 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwaIa-0001g4-CY for submit@debbugs.gnu.org; Sun, 12 Dec 2021 20:38:40 -0500 Received: from lists.gnu.org ([209.51.188.17]:38852) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwaIY-0001fw-UI for submit@debbugs.gnu.org; Sun, 12 Dec 2021 20:38:39 -0500 Received: from eggs.gnu.org ([209.51.188.92]:44314) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mwaIY-0003uU-NL for bug-gnu-emacs@gnu.org; Sun, 12 Dec 2021 20:38:38 -0500 Received: from mathmail.math.s.chiba-u.ac.jp ([133.82.132.2]:49641) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mwaIS-0003j3-JY for bug-gnu-emacs@gnu.org; Sun, 12 Dec 2021 20:38:35 -0500 Received: from mathent.math.s.chiba-u.ac.jp (mathent [192.168.32.5]) by mathmail.math.s.chiba-u.ac.jp (Postfix) with ESMTP id 2AC4FF08DA for ; Mon, 13 Dec 2021 10:38:28 +0900 (JST) (envelope-from mituharu@math.s.chiba-u.ac.jp) Date: Mon, 13 Dec 2021 10:38:28 +0900 Message-ID: From: YAMAMOTO Mitsuharu User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?Q?Goj=C5=8D?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) Organization: Faculty of Science, Chiba University MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Received-SPF: none client-ip=133.82.132.2; envelope-from=mituharu@math.s.chiba-u.ac.jp; helo=mathmail.math.s.chiba-u.ac.jp X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) During the development of the Mac port based on Emacs 28.0.90, I had spontaneous crash inside dump_cold_charset. % cd src; lldb temacs (lldb) target create "temacs" Current executable set to '/Users/mituharu/src/git/emacs-builds/work-debug/src/temacs' (arm64). (lldb) r -batch -l loadup --temacs=pdump --bin-dest /usr/local/bin/ --eln-dest /usr/local/lib/emacs/28.0.90/ Process 19997 launched: '/Users/mituharu/src/git/emacs-builds/work-debug/src/temacs' (arm64) Loading loadup.el (source)... Dump mode: pdump Using load-path (/Users/mituharu/src/git/emacs-builds/work-debug/../../emacs/work/lisp) Loading emacs-lisp/byte-run... Loading emacs-lisp/backquote... Loading subr... Loading version... Loading widget... Loading custom... Loading emacs-lisp/map-ynp... Loading international/mule... Loading international/mule-conf... Loading env... Loading format... Loading bindings... Loading window... Loading files... Loading emacs-lisp/macroexp... Loading cus-face... Loading faces... Loading loaddefs.el (source)... Loading button... Loading emacs-lisp/nadvice... Loading emacs-lisp/cl-preloaded... Loading obarray... Loading abbrev... Loading simple... Loading help... Loading jka-cmpr-hook... Loading epa-hook... Loading international/mule-cmds... Loading case-table... Loading international/charprop.el (source)... Loading international/characters... Loading international/charscript... Loading international/emoji-zwj... Loading composite... Loading language/chinese... Loading language/cyrillic... Loading language/indian... Loading language/sinhala... Loading language/english... Loading language/ethiopic... Loading language/european... Loading language/czech... Loading language/slovak... Loading language/romanian... Loading language/greek... Loading language/hebrew... Loading international/cp51932... Loading international/eucjp-ms... Loading language/japanese... Loading language/korean... Loading language/lao... Loading language/tai-viet... Loading language/thai... Loading language/tibetan... Loading language/vietnamese... Loading language/misc-lang... Loading language/utf-8-lang... Loading language/georgian... Loading language/khmer... Loading language/burmese... Loading language/cham... Loading indent... Loading emacs-lisp/cl-generic... Loading minibuffer... Loading frame... Loading startup... Loading term/tty-colors... Loading font-core... Loading emacs-lisp/syntax... Loading font-lock... Loading jit-lock... Loading mouse... Loading scroll-bar... Loading select... Loading emacs-lisp/timer... Loading emacs-lisp/easymenu... Loading isearch... Loading rfn-eshadow... Loading menu-bar... Loading tab-bar... Loading emacs-lisp/lisp... Loading textmodes/page... Loading register... Loading textmodes/paragraphs... Loading progmodes/prog-mode... Loading emacs-lisp/lisp-mode... Loading textmodes/text-mode... Loading textmodes/fill... Loading newcomment... Loading replace... Loading emacs-lisp/tabulated-list... Loading buff-menu... Loading fringe... Loading emacs-lisp/regexp-opt... Loading image... Loading international/fontset... Loading dnd... Loading tool-bar... Loading term/common-win... Loading term/mac-win... Loading mwheel... Loading progmodes/elisp-mode... Loading emacs-lisp/float-sup... Loading vc/vc-hooks... Loading vc/ediff-hook... Loading uniquify... Loading electric... Loading paren... Loading emacs-lisp/shorthands... Loading emacs-lisp/eldoc... Loading cus-start... Loading tooltip... Loading international/iso-transl... Loading leim/leim-list.el (source)... Waiting for git... Waiting for git... Finding pointers to doc strings... Finding pointers to doc strings...done Pure-hashed: 17091 strings, 5197 vectors, 42628 conses, 4696 bytecodes, 270 others Dumping under the name emacs.pdmp Dumping fingerprint: 134341316bf9884828a54d89e5feeb5b0544373e345d945d5498970dc66fa98c Process 19997 stopped * thread #2, name = 'org.gnu.Emacs.lisp-main', stop reason = EXC_BAD_ACCESS (code=2, address=0x4300000020) frame #0: 0x00000001912d41a0 libsystem_platform.dylib`_platform_memmove + 144 libsystem_platform.dylib`_platform_memmove: -> 0x1912d41a0 <+144>: ldnp q2, q3, [x1] 0x1912d41a4 <+148>: sub x5, x3, x0 0x1912d41a8 <+152>: add x1, x1, x5 0x1912d41ac <+156>: ldnp q0, q1, [x1] Target 0: (temacs) stopped. (lldb) up frame #1: 0x0000000100247c78 temacs`dump_write(ctx=0x0000000170793bf8, buf=0x0000004300000020, nbyte=256) at pdumper.c:779:3 776 eassert (ctx->flags.dump_object_contents); 777 while (ctx->offset + nbyte > ctx->buf_size) 778 dump_grow_buffer (ctx); -> 779 memcpy ((char *)ctx->buf + ctx->offset, buf, nbyte); 780 ctx->offset += nbyte; 781 } 782 (lldb) p buf (const void *) $0 = 0x0000004300000020 (lldb) up frame #2: 0x0000000100253654 temacs`dump_cold_charset(ctx=0x0000000170793bf8, data=(i = 0x0000000101121f53)) at pdumper.c:3361:3 3358 cs_dump_offset + dump_offsetof (struct charset, code_space_mask), 3359 ctx->offset); 3360 struct charset *cs = charset_table + cs_i; -> 3361 dump_write (ctx, cs->code_space_mask, 256); 3362 } 3363 3364 static void (lldb) p *cs (charset) $1 = { id = 90 hash_index = 386547056672 dimension = 108 code_space = ([0] = 32, [1] = 90, [2] = 112, [3] = 32, [4] = 67, [5] = 99, [6] = 32, [7] = 67, [8] = 102, [9] = 32, [10] = 67, [11] = 115, [12] = 32, [13] = 67, [14] = 111) code_space_mask = 0x0000004300000020 "" code_linear_p = false iso_chars_96 = true ascii_compatible_p = true supplementary_p = true compact_codes_p = false unified_p = true iso_final = 93 iso_revision = 93 emacs_mule_id = 10 method = 0x20 min_code = 32 max_code = 34 char_index_offset = 85 min_char = 110 max_char = 105 invalid_code = 99 fast_map = "o" code_offset = 104 } (lldb) p cs_i (int) $2 = 183 (lldb) p charset_table_used (int) $3 = 183 Because cs_i >= charset_table_used, charset_table[cs_i] (i.e., *cs) contains uninitialized contents. So writing to the area that cs->code_space_mask points to can cause crash or memory corruption. YAMAMOTO Mitsuharu mituharu@math.s.chiba-u.ac.jp From unknown Tue Jun 17 21:56:45 2025 X-Loop: help-debbugs@gnu.org Subject: bug#52461: spontaneous crash with portable dumper Resent-From: YAMAMOTO Mitsuharu Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 13 Dec 2021 01:45:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 52461 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: 52461@debbugs.gnu.org Received: via spool by 52461-submit@debbugs.gnu.org id=B52461.16393598486962 (code B ref 52461); Mon, 13 Dec 2021 01:45:02 +0000 Received: (at 52461) by debbugs.gnu.org; 13 Dec 2021 01:44:08 +0000 Received: from localhost ([127.0.0.1]:53488 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwaNs-0001oE-6P for submit@debbugs.gnu.org; Sun, 12 Dec 2021 20:44:08 -0500 Received: from mathmail.math.s.chiba-u.ac.jp ([133.82.132.2]:49637) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwaNp-0001o5-Rn for 52461@debbugs.gnu.org; Sun, 12 Dec 2021 20:44:06 -0500 Received: from mathent.math.s.chiba-u.ac.jp (mathent [192.168.32.5]) by mathmail.math.s.chiba-u.ac.jp (Postfix) with ESMTP id A4986F08DA for <52461@debbugs.gnu.org>; Mon, 13 Dec 2021 10:44:04 +0900 (JST) (envelope-from mituharu@math.s.chiba-u.ac.jp) Date: Mon, 13 Dec 2021 10:44:04 +0900 Message-ID: From: YAMAMOTO Mitsuharu In-Reply-To: References: User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?Q?Goj=C5=8D?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) Organization: Faculty of Science, Chiba University MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Mon, 13 Dec 2021 10:38:28 +0900, YAMAMOTO Mitsuharu wrote: > > Because cs_i >= charset_table_used, charset_table[cs_i] (i.e., *cs) > contains uninitialized contents. So writing to the area that > cs->code_space_mask points to can cause crash or memory corruption. Sorry, cs->code_space_mask was not the destination address but the source address. So it does not cause memory corruption, but still crash can happen. YAMAMOTO Mitsuharu mituharu@math.s.chiba-u.ac.jp From unknown Tue Jun 17 21:56:45 2025 X-Loop: help-debbugs@gnu.org Subject: bug#52461: spontaneous crash with portable dumper Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 13 Dec 2021 13:32:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 52461 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: YAMAMOTO Mitsuharu Cc: 52461@debbugs.gnu.org Received: via spool by 52461-submit@debbugs.gnu.org id=B52461.16394022846933 (code B ref 52461); Mon, 13 Dec 2021 13:32:02 +0000 Received: (at 52461) by debbugs.gnu.org; 13 Dec 2021 13:31:24 +0000 Received: from localhost ([127.0.0.1]:54416 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwlQJ-0001nl-NI for submit@debbugs.gnu.org; Mon, 13 Dec 2021 08:31:23 -0500 Received: from eggs.gnu.org ([209.51.188.92]:52920) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwlQH-0001nY-Qe for 52461@debbugs.gnu.org; Mon, 13 Dec 2021 08:31:22 -0500 Received: from [2001:470:142:3::e] (port=59576 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mwlQA-00010A-VC; Mon, 13 Dec 2021 08:31:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=XonNLgXKfUwuSqpTs4WM+19VyQ2k/DdUj7N8BXxVuBs=; b=PEFgyrPHgFex nei+GDjbpht7yP9PWxSjQmso2Wk/ype5MoR2eE7+AJv5Wbiz4JyIQNPDjC4AD9zvt+TgnV11aDEz8 B6/zPyZ/TFoKbyaK07NE4namd6ayoJ2qXCgb30VR0uPqyP5JWRdkRtw776TV9UJPMvFMz3/vXY0Ab S7BjzsvJjxHu/ar076jY4ShYxxcXS7T1JR5nNXiY/bJIGoBvURBVGfte+8M7EfPNEpKtbgZnmRy1o D7DcydptGPIC6X1dfyhi3qoWETHh3agc0E0scbeTQwiAhkK9Q+QcwOsruyV7EyrxNjlEVMjRXSihs 1XOaoW9gYJH6Gy+kG51qnw==; Received: from [87.69.77.57] (port=4674 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mwlQA-0006n4-QH; Mon, 13 Dec 2021 08:31:15 -0500 Date: Mon, 13 Dec 2021 15:31:09 +0200 Message-Id: <83czm0my1u.fsf@gnu.org> From: Eli Zaretskii In-Reply-To: (message from YAMAMOTO Mitsuharu on Mon, 13 Dec 2021 10:38:28 +0900) References: X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > Date: Mon, 13 Dec 2021 10:38:28 +0900 > From: YAMAMOTO Mitsuharu > > (lldb) p cs_i > (int) $2 = 183 > (lldb) p charset_table_used > (int) $3 = 183 > > Because cs_i >= charset_table_used, charset_table[cs_i] (i.e., *cs) > contains uninitialized contents. So we somehow have a charset that is not in charset_table, is that what you are saying? Because otherwise how could its ID be beyond the table, when define-charset-internal enlarges the table as needed? Any idea what charset is that, and where it is added/loaded? FWIW, on my system, charset_table_used is 179, so maybe the mac port defines some additional charsets? Thanks. From unknown Tue Jun 17 21:56:45 2025 X-Loop: help-debbugs@gnu.org Subject: bug#52461: spontaneous crash with portable dumper Resent-From: Pip Cet Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 13 Dec 2021 14:45:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 52461 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: 52461@debbugs.gnu.org, YAMAMOTO Mitsuharu Received: via spool by 52461-submit@debbugs.gnu.org id=B52461.163940668713567 (code B ref 52461); Mon, 13 Dec 2021 14:45:01 +0000 Received: (at 52461) by debbugs.gnu.org; 13 Dec 2021 14:44:47 +0000 Received: from localhost ([127.0.0.1]:54492 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwmZK-0003Wl-Nj for submit@debbugs.gnu.org; Mon, 13 Dec 2021 09:44:46 -0500 Received: from mail-lj1-f181.google.com ([209.85.208.181]:34663) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwmZG-0003WV-OB for 52461@debbugs.gnu.org; Mon, 13 Dec 2021 09:44:44 -0500 Received: by mail-lj1-f181.google.com with SMTP id k23so24060082lje.1 for <52461@debbugs.gnu.org>; Mon, 13 Dec 2021 06:44:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TI9Plu4Dr/XLAVjB+Io4vl76QTLX6SsKTlrF1pHBq+8=; b=pUCDoCASIRXMaKmZmNTbPdUcLQ2F25syxsyVuRkz+HCuUoGuU9+3qataoSX/W7HRFa 7Yb2cL4iNptnhQPmX64aT33Pzj6JNQ/jH8uDujqiMo/NCH3R45Siki7oCdsCVlUoA0GL cshyE2s6Qllcus8kihrLOwKnabzS4XmDA3f36oHwtk6cUB0ZyHOsVrJbpZ96zVbtJRbD Orbcvj+qx7IsnQNRJBbRJQ3+3P8l1tTh4W/ZLWTzRPy1kgyqK5/xidr3Y2llpTd56I6e 7JFl5jiF44jjiwXCI6aruGUKUjd+utFCP1e0IJvrKsGZzfokYoI5h4us4aXiJnDeGSpy i0VA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TI9Plu4Dr/XLAVjB+Io4vl76QTLX6SsKTlrF1pHBq+8=; b=43gf+KSZn/OLtJuERk89hHoqDPXKhJlh19isqXJio7zu+BN5ijnqEjQudBKWYhWZ2K y1SjQ1ynhBP/EtTc0WDJZf01mkjFXpWDybjw9cmKHg6PN9M2/ll3cY9T+Yi1miTpdjHh FrqVfV5HtHPZvs+O6pljrhqEyzv9i3FSeEBYC1hJZ7qOhdMybv+84uEEtrTxVBMq7cvf xdTYSgYRxcihUTtrtwHcIRy1COUWaeTHzZDRjazGC08eQD37UeOED3U2jB3xmCZYV+Ox hwrjam+3RzEXg2/8RpcdE3mpTPS2HZeXGljVY5tutH/LUZZQxyLHXGYppn2ef8BpplXJ bcWw== X-Gm-Message-State: AOAM5300HFKtGSFEYRlVp3S2W629n9bNxjG46xL4GxCJFc3gx1OjMGpW V548p4J2w2gRNmb/R7fkvcbPEM95QGNnd+8GEMY= X-Google-Smtp-Source: ABdhPJyG3HMX1zlSzyKZUdxKbKwKmuDWXRMeem9LMEV2SfIkD2JJvZIh8cZVIRA+3wayoPdLWKfPNT4CVnMDIOoMd/w= X-Received: by 2002:a05:651c:1696:: with SMTP id bd22mr29808676ljb.57.1639406676381; Mon, 13 Dec 2021 06:44:36 -0800 (PST) MIME-Version: 1.0 References: <83czm0my1u.fsf@gnu.org> In-Reply-To: <83czm0my1u.fsf@gnu.org> From: Pip Cet Date: Mon, 13 Dec 2021 14:43:55 +0000 Message-ID: Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Mon, Dec 13, 2021 at 1:53 PM Eli Zaretskii wrote: > > Date: Mon, 13 Dec 2021 10:38:28 +0900 > > From: YAMAMOTO Mitsuharu > > > > (lldb) p cs_i > > (int) $2 = 183 > > (lldb) p charset_table_used > > (int) $3 = 183 > > > > Because cs_i >= charset_table_used, charset_table[cs_i] (i.e., *cs) > > contains uninitialized contents. > > So we somehow have a charset that is not in charset_table, is that > what you are saying? Because otherwise how could its ID be beyond the > table, when define-charset-internal enlarges the table as needed? I think there's no great mystery here, and the initial analysis is correct: define-charset-internal enlarges the table, but doesn't zero out the added entries (>= charset_table_used, < charset_table_size). pdumper assumes all entries (< charset_table_size), including the unused ones, contain either valid pointers or NULL. When they're not, but happen to have an invalid pointer in the wrong place, we get a crash. Often, realloc will return zeroed memory so this bug may have stayed invisible for some time. What we can try is debugging the crashing temacs binary, setting a breakpoint to the point where define-charset-internal calls xpalloc (in a very strange manner), at about line 1126 in charset.c, and zero the memory after the call by executing memset (new_table, 0, new_size * sizeof (new_table[0])) in the debugger (I don't use lldb so I'm not sure precisely how to do that), then continuing to the memcpy. If that fixes things, we should make the obvious change, I think. Pip From unknown Tue Jun 17 21:56:45 2025 X-Loop: help-debbugs@gnu.org Subject: bug#52461: spontaneous crash with portable dumper Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 13 Dec 2021 16:54:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 52461 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Pip Cet Cc: 52461@debbugs.gnu.org, mituharu@math.s.chiba-u.ac.jp Received: via spool by 52461-submit@debbugs.gnu.org id=B52461.163941438428377 (code B ref 52461); Mon, 13 Dec 2021 16:54:01 +0000 Received: (at 52461) by debbugs.gnu.org; 13 Dec 2021 16:53:04 +0000 Received: from localhost ([127.0.0.1]:56670 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwoZT-0007Nd-Vj for submit@debbugs.gnu.org; Mon, 13 Dec 2021 11:53:04 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54168) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwoZT-0007N8-2G for 52461@debbugs.gnu.org; Mon, 13 Dec 2021 11:53:03 -0500 Received: from [2001:470:142:3::e] (port=36546 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mwoZL-0006Sr-TT; Mon, 13 Dec 2021 11:52:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=NZVT28qp2kiPlGIjCtnc3nICozD9SxXt32qKOeggN2g=; b=qRhJQoJPyx9q yda/Ulm/ggKQs60vhE4xAu9gQcQnzsqDrxonDYMz7ZnUKeDZwIqvPDsG/xeFYP88/2U7dMhkUKq0o /1YplQxbW+US3DwL/Xr4Ss6ud5CB/wFhfENEP1U2wY2MsqK3NVpazTwTw+FUC5ehLZF+jje9XfPwe xZSXZ4n15CM9sMkGkbIrGJyPQWgcYWPbD8O5joj8mCOcVmEvhBDoUGS7Yuypwth50IdyUPAqdWpw/ FrijPF9TyKpqrK6Yu0A50erfRRm4HRQzXnFXcTJNQgpnN6M5bP2K4HaIRqUBYICkS6coCF1yQDJUW n1JgDBIP3N7jxKs3mQzHtA==; Received: from [87.69.77.57] (port=1388 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mwoZL-0007bQ-OP; Mon, 13 Dec 2021 11:52:56 -0500 Date: Mon, 13 Dec 2021 18:52:51 +0200 Message-Id: <83zgp4la58.fsf@gnu.org> From: Eli Zaretskii In-Reply-To: (message from Pip Cet on Mon, 13 Dec 2021 14:43:55 +0000) References: <83czm0my1u.fsf@gnu.org> X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: Pip Cet > Date: Mon, 13 Dec 2021 14:43:55 +0000 > Cc: YAMAMOTO Mitsuharu , 52461@debbugs.gnu.org > > What we can try is debugging the crashing temacs binary, setting a > breakpoint to the point where define-charset-internal calls xpalloc > (in a very strange manner), at about line 1126 in charset.c, and zero > the memory after the call by executing > memset (new_table, 0, new_size * sizeof (new_table[0])) > in the debugger (I don't use lldb so I'm not sure precisely how to do > that), then continuing to the memcpy. > > If that fixes things, we should make the obvious change, I think. Sounds like a plan, thanks. From unknown Tue Jun 17 21:56:45 2025 X-Loop: help-debbugs@gnu.org Subject: bug#52461: spontaneous crash with portable dumper Resent-From: YAMAMOTO Mitsuharu Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 14 Dec 2021 08:05:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 52461 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: 52461@debbugs.gnu.org, Pip Cet Received: via spool by 52461-submit@debbugs.gnu.org id=B52461.16394690932954 (code B ref 52461); Tue, 14 Dec 2021 08:05:01 +0000 Received: (at 52461) by debbugs.gnu.org; 14 Dec 2021 08:04:53 +0000 Received: from localhost ([127.0.0.1]:57519 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mx2nt-0000lZ-Bz for submit@debbugs.gnu.org; Tue, 14 Dec 2021 03:04:53 -0500 Received: from mathmail.math.s.chiba-u.ac.jp ([133.82.132.2]:64864) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mx2nq-0000lP-L5 for 52461@debbugs.gnu.org; Tue, 14 Dec 2021 03:04:51 -0500 Received: from mathent.math.s.chiba-u.ac.jp (mathent [192.168.32.5]) by mathmail.math.s.chiba-u.ac.jp (Postfix) with ESMTP id 5B8B6F08E1; Tue, 14 Dec 2021 17:04:48 +0900 (JST) (envelope-from mituharu@math.s.chiba-u.ac.jp) Date: Tue, 14 Dec 2021 17:04:48 +0900 Message-ID: From: YAMAMOTO Mitsuharu In-Reply-To: <83zgp4la58.fsf@gnu.org> <83czm0my1u.fsf@gnu.org> References: <83czm0my1u.fsf@gnu.org> <83zgp4la58.fsf@gnu.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?Q?Goj=C5=8D?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) Organization: Faculty of Science, Chiba University MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Mon, 13 Dec 2021 22:31:09 +0900, Eli Zaretskii wrote: > > FWIW, on my system, charset_table_used is 179, so maybe the mac port > defines some additional charsets? Yes. On Tue, 14 Dec 2021 01:52:51 +0900, Eli Zaretskii wrote: > > > From: Pip Cet > > Date: Mon, 13 Dec 2021 14:43:55 +0000 > > Cc: YAMAMOTO Mitsuharu , 52461@debbugs.gnu.org > > > > What we can try is debugging the crashing temacs binary, setting a > > breakpoint to the point where define-charset-internal calls xpalloc > > (in a very strange manner), at about line 1126 in charset.c, and zero > > the memory after the call by executing > > memset (new_table, 0, new_size * sizeof (new_table[0])) > > in the debugger (I don't use lldb so I'm not sure precisely how to do > > that), then continuing to the memcpy. > > > > If that fixes things, we should make the obvious change, I think. > > Sounds like a plan, thanks. I directly inserted the memset line just after the xpalloc call in charset.c, and dumped 10 times. No crash occured. I also tried the change below, and it seems to work, too. YAMAMOTO Mitsuharu mituharu@math.s.chiba-u.ac.jp diff --git a/src/charset.c b/src/charset.c index 7cd0fa78f0..670fd48a2d 100644 --- a/src/charset.c +++ b/src/charset.c @@ -63,7 +63,7 @@ Copyright (C) 2003, 2004 /* Table of struct charset. */ struct charset *charset_table; int charset_table_size; -static int charset_table_used; +int charset_table_used; /* Special charsets corresponding to symbols. */ int charset_ascii; diff --git a/src/charset.h b/src/charset.h index 97122d82a6..8c538234d8 100644 --- a/src/charset.h +++ b/src/charset.h @@ -249,6 +249,7 @@ #define EMACS_CHARSET_H /* Table of struct charset. */ extern struct charset *charset_table; extern int charset_table_size; +extern int charset_table_used; #define CHARSET_FROM_ID(id) (charset_table + (id)) diff --git a/src/pdumper.c b/src/pdumper.c index 98c760162e..2782648e7a 100644 --- a/src/pdumper.c +++ b/src/pdumper.c @@ -3174,7 +3174,7 @@ dump_charset (struct dump_context *ctx, int cs_i) DUMP_FIELD_COPY (&out, cs, hash_index); DUMP_FIELD_COPY (&out, cs, dimension); memcpy (out.code_space, &cs->code_space, sizeof (cs->code_space)); - if (cs->code_space_mask) + if (cs_i < charset_table_used && cs->code_space_mask) dump_field_fixup_later (ctx, &out, cs, &cs->code_space_mask); DUMP_FIELD_COPY (&out, cs, code_linear_p); DUMP_FIELD_COPY (&out, cs, iso_chars_96); @@ -3195,7 +3195,7 @@ dump_charset (struct dump_context *ctx, int cs_i) memcpy (out.fast_map, &cs->fast_map, sizeof (cs->fast_map)); DUMP_FIELD_COPY (&out, cs, code_offset); dump_off offset = dump_object_finish (ctx, &out, sizeof (out)); - if (cs->code_space_mask) + if (cs_i < charset_table_used && cs->code_space_mask) dump_remember_cold_op (ctx, COLD_OP_CHARSET, Fcons (dump_off_to_lisp (cs_i), dump_off_to_lisp (offset))); From unknown Tue Jun 17 21:56:45 2025 X-Loop: help-debbugs@gnu.org Subject: bug#52461: spontaneous crash with portable dumper Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 14 Dec 2021 13:21:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 52461 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: YAMAMOTO Mitsuharu Cc: 52461@debbugs.gnu.org, pipcet@gmail.com Received: via spool by 52461-submit@debbugs.gnu.org id=B52461.16394880458562 (code B ref 52461); Tue, 14 Dec 2021 13:21:01 +0000 Received: (at 52461) by debbugs.gnu.org; 14 Dec 2021 13:20:45 +0000 Received: from localhost ([127.0.0.1]:57824 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mx7jZ-0002E2-AM for submit@debbugs.gnu.org; Tue, 14 Dec 2021 08:20:45 -0500 Received: from eggs.gnu.org ([209.51.188.92]:50540) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mx7jW-0002Do-RY for 52461@debbugs.gnu.org; Tue, 14 Dec 2021 08:20:43 -0500 Received: from [2001:470:142:3::e] (port=38180 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mx7jP-00025l-50; Tue, 14 Dec 2021 08:20:36 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=n2sM/sN+yWR5p2qXwqoZPeU9q6nLZUik4/oVw88IOgo=; b=pTdcJmDE/zf2 yshSzlbopQyodvWRSwu0gJFDm6ae+GmC3qJCB966HNFh/cm7WTkJg31J7NB5bmBletCSNrkaG+iRL l3BfH+vNFe1gBFSd/Ik0dwc+R1A8NDuT4fWtRtIQH2OfP+VzakBqDserBjaDc7q+7ryTHHYKekS8u oIV69JmtTH/S319JhtFgB+LSnlicP1+nzkJzjs+XmCoajEzRljv+f3XKPZ1epcK5t1N/P3VKhSS/5 dAx6llVAHoJ27tknFfY901MgDLo7qK9xNVpPmuzJqIUWwimEPEvLw6qx8GKrdig4WL8gZHC/ZhAOg 5+Og/JLRyePGmC1MCsg1rQ==; Received: from [87.69.77.57] (port=1040 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mx7jN-0002jv-BX; Tue, 14 Dec 2021 08:20:34 -0500 Date: Tue, 14 Dec 2021 15:20:30 +0200 Message-Id: <83czlzl3vl.fsf@gnu.org> From: Eli Zaretskii In-Reply-To: (message from YAMAMOTO Mitsuharu on Tue, 14 Dec 2021 17:04:48 +0900) References: <83czm0my1u.fsf@gnu.org> <83zgp4la58.fsf@gnu.org> X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > Date: Tue, 14 Dec 2021 17:04:48 +0900 > From: YAMAMOTO Mitsuharu > Cc: Pip Cet , > 52461@debbugs.gnu.org > > I directly inserted the memset line just after the xpalloc call in > charset.c, and dumped 10 times. No crash occured. > > I also tried the change below, and it seems to work, too. Thanks. I think I prefer the second variant. Do you think we need more testing of this, since the problem was intermittent? From unknown Tue Jun 17 21:56:45 2025 X-Loop: help-debbugs@gnu.org Subject: bug#52461: spontaneous crash with portable dumper Resent-From: YAMAMOTO Mitsuharu Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 15 Dec 2021 03:05:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 52461 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: 52461@debbugs.gnu.org, pipcet@gmail.com Received: via spool by 52461-submit@debbugs.gnu.org id=B52461.163953747615097 (code B ref 52461); Wed, 15 Dec 2021 03:05:01 +0000 Received: (at 52461) by debbugs.gnu.org; 15 Dec 2021 03:04:36 +0000 Received: from localhost ([127.0.0.1]:59950 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mxKaq-0003vR-Gs for submit@debbugs.gnu.org; Tue, 14 Dec 2021 22:04:36 -0500 Received: from mathmail.math.s.chiba-u.ac.jp ([133.82.132.2]:64375) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mxKao-0003vG-AL for 52461@debbugs.gnu.org; Tue, 14 Dec 2021 22:04:35 -0500 Received: from mathent.math.s.chiba-u.ac.jp (mathent [192.168.32.5]) by mathmail.math.s.chiba-u.ac.jp (Postfix) with ESMTP id 6AB22F08DA; Wed, 15 Dec 2021 12:04:31 +0900 (JST) (envelope-from mituharu@math.s.chiba-u.ac.jp) Date: Wed, 15 Dec 2021 12:04:31 +0900 Message-ID: From: YAMAMOTO Mitsuharu In-Reply-To: <83czlzl3vl.fsf@gnu.org> References: <83czm0my1u.fsf@gnu.org> <83zgp4la58.fsf@gnu.org> <83czlzl3vl.fsf@gnu.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?Q?Goj=C5=8D?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) Organization: Faculty of Science, Chiba University MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Tue, 14 Dec 2021 22:20:30 +0900, Eli Zaretskii wrote: > > > I directly inserted the memset line just after the xpalloc call in > > charset.c, and dumped 10 times. No crash occured. > > > > I also tried the change below, and it seems to work, too. > > Thanks. I think I prefer the second variant. > > Do you think we need more testing of this, since the problem was > intermittent? I don't think so. The members of struct charset other than code_space_mask is non-pointer values, so they do not involve any dereference. Can I install it to the emacs-28 branch? Currently, we have charset_table_used == 179, and charset_table_size == 180, so the problem does not manifest itself without additional charsets defined before dumping. YAMAMOTO Mitsuharu mituharu@math.s.chiba-u.ac.jp From unknown Tue Jun 17 21:56:45 2025 X-Loop: help-debbugs@gnu.org Subject: bug#52461: spontaneous crash with portable dumper Resent-From: YAMAMOTO Mitsuharu Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 15 Dec 2021 03:25:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 52461 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: Eli Zaretskii Cc: 52461@debbugs.gnu.org, pipcet@gmail.com Received: via spool by 52461-submit@debbugs.gnu.org id=B52461.163953867817064 (code B ref 52461); Wed, 15 Dec 2021 03:25:01 +0000 Received: (at 52461) by debbugs.gnu.org; 15 Dec 2021 03:24:38 +0000 Received: from localhost ([127.0.0.1]:59956 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mxKuE-0004RA-6H for submit@debbugs.gnu.org; Tue, 14 Dec 2021 22:24:38 -0500 Received: from mathmail.math.s.chiba-u.ac.jp ([133.82.132.2]:64352) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mxKuC-0004R1-Ch for 52461@debbugs.gnu.org; Tue, 14 Dec 2021 22:24:37 -0500 Received: from mathent.math.s.chiba-u.ac.jp (mathent [192.168.32.5]) by mathmail.math.s.chiba-u.ac.jp (Postfix) with ESMTP id B61D8F08DA; Wed, 15 Dec 2021 12:24:33 +0900 (JST) (envelope-from mituharu@math.s.chiba-u.ac.jp) Date: Wed, 15 Dec 2021 12:24:33 +0900 Message-ID: From: YAMAMOTO Mitsuharu In-Reply-To: References: <83czm0my1u.fsf@gnu.org> <83zgp4la58.fsf@gnu.org> <83czlzl3vl.fsf@gnu.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?UTF-8?Q?Goj=C5=8D?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) Organization: Faculty of Science, Chiba University MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Spam-Score: 0.0 (/) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Wed, 15 Dec 2021 12:04:31 +0900, YAMAMOTO Mitsuharu wrote: > > Can I install it to the emacs-28 branch? Currently, we have > charset_table_used == 179, and charset_table_size == 180, so the > problem does not manifest itself without additional charsets defined > before dumping. Oops. The latter half of the last sentence was not right. Forget about it. YAMAMOTO Mitsuharu mituharu@math.s.chiba-u.ac.jp From unknown Tue Jun 17 21:56:45 2025 X-Loop: help-debbugs@gnu.org Subject: bug#52461: spontaneous crash with portable dumper Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 15 Dec 2021 03:31:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 52461 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: To: YAMAMOTO Mitsuharu Cc: 52461@debbugs.gnu.org, pipcet@gmail.com Received: via spool by 52461-submit@debbugs.gnu.org id=B52461.163953904317676 (code B ref 52461); Wed, 15 Dec 2021 03:31:02 +0000 Received: (at 52461) by debbugs.gnu.org; 15 Dec 2021 03:30:43 +0000 Received: from localhost ([127.0.0.1]:59961 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mxL06-0004b2-Pj for submit@debbugs.gnu.org; Tue, 14 Dec 2021 22:30:42 -0500 Received: from eggs.gnu.org ([209.51.188.92]:34798) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mxL04-0004ap-PM for 52461@debbugs.gnu.org; Tue, 14 Dec 2021 22:30:41 -0500 Received: from [2001:470:142:3::e] (port=36348 helo=fencepost.gnu.org) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mxKzy-00063l-HD; Tue, 14 Dec 2021 22:30:34 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=GG1MRITHeMLoBVVsES8VIeuQjpVhXGO1eJuZYGo6Tgw=; b=fbx3lM4KJF/r nwaA8bHKZjCR5QuokuQn8szmGyo7DHrHoqyVMnrS8F/TzM0kzY+z7Po8AHIK2KVb+tg39o+/Jgg75 BAjdlSjURoPq8dhaI0sDzHcbYjYsBRrjOQO37B9S0Rst8WJ6cQZO5oWhI41wgx76+W8PfJU3pc7ll ZRzeGkuYdZiPh42uuvQkSeJT5bi6r8xmBTeTzPELZVlayFSl6ICJUHi/HpmV5vFzUQ5MeiNJIhOt3 98zy8VsUdog5eitCBT4x/c/UU6udjv6xKD3Ybp9+uf+LD8dV/IZXWndNtB+BvtjdhrTa4aLCjdjA/ fkGa5wNCJa+JzT4Jgt/Bng==; Received: from [87.69.77.57] (port=1497 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mxKzy-00016B-10; Tue, 14 Dec 2021 22:30:34 -0500 Date: Wed, 15 Dec 2021 05:30:19 +0200 Message-Id: <83czlyk0j8.fsf@gnu.org> From: Eli Zaretskii In-Reply-To: (message from YAMAMOTO Mitsuharu on Wed, 15 Dec 2021 12:04:31 +0900) References: <83czm0my1u.fsf@gnu.org> <83zgp4la58.fsf@gnu.org> <83czlzl3vl.fsf@gnu.org> X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > Date: Wed, 15 Dec 2021 12:04:31 +0900 > From: YAMAMOTO Mitsuharu > Cc: pipcet@gmail.com, > 52461@debbugs.gnu.org > > On Tue, 14 Dec 2021 22:20:30 +0900, > Eli Zaretskii wrote: > > > > Thanks. I think I prefer the second variant. > > > > Do you think we need more testing of this, since the problem was > > intermittent? > > I don't think so. The members of struct charset other than > code_space_mask is non-pointer values, so they do not involve any > dereference. > > Can I install it to the emacs-28 branch? Yes, please. From unknown Tue Jun 17 21:56:45 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: YAMAMOTO Mitsuharu Subject: bug#52461: closed (Re: bug#52461: spontaneous crash with portable dumper) Message-ID: References: X-Gnu-PR-Message: they-closed 52461 X-Gnu-PR-Package: emacs Reply-To: 52461@debbugs.gnu.org Date: Wed, 15 Dec 2021 04:16:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1639541762-22023-1" This is a multi-part message in MIME format... ------------=_1639541762-22023-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #52461: spontaneous crash with portable dumper which was filed against the emacs package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 52461@debbugs.gnu.org. --=20 52461: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D52461 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1639541762-22023-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 52461-done) by debbugs.gnu.org; 15 Dec 2021 04:15:59 +0000 Received: from localhost ([127.0.0.1]:59972 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mxLhv-0005ix-LA for submit@debbugs.gnu.org; Tue, 14 Dec 2021 23:15:59 -0500 Received: from mathmail.math.s.chiba-u.ac.jp ([133.82.132.2]:64286) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mxLhu-0005im-6L for 52461-done@debbugs.gnu.org; Tue, 14 Dec 2021 23:15:58 -0500 Received: from mathent.math.s.chiba-u.ac.jp (mathent [192.168.32.5]) by mathmail.math.s.chiba-u.ac.jp (Postfix) with ESMTP id 11355F08DA; Wed, 15 Dec 2021 13:15:56 +0900 (JST) (envelope-from mituharu@math.s.chiba-u.ac.jp) Date: Wed, 15 Dec 2021 13:15:56 +0900 Message-ID: From: YAMAMOTO Mitsuharu To: Eli Zaretskii Subject: Re: bug#52461: spontaneous crash with portable dumper In-Reply-To: <83czlyk0j8.fsf@gnu.org> References: <83czm0my1u.fsf@gnu.org> <83zgp4la58.fsf@gnu.org> <83czlzl3vl.fsf@gnu.org> <83czlyk0j8.fsf@gnu.org> User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) Organization: Faculty of Science, Chiba University MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 52461-done Cc: 52461-done@debbugs.gnu.org, pipcet@gmail.com X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) On Wed, 15 Dec 2021 12:30:19 +0900, Eli Zaretskii wrote: > > > Can I install it to the emacs-28 branch? > > Yes, please. Done. Closing. YAMAMOTO Mitsuharu mituharu@math.s.chiba-u.ac.jp ------------=_1639541762-22023-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 13 Dec 2021 01:38:40 +0000 Received: from localhost ([127.0.0.1]:53481 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwaIa-0001g4-CY for submit@debbugs.gnu.org; Sun, 12 Dec 2021 20:38:40 -0500 Received: from lists.gnu.org ([209.51.188.17]:38852) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1mwaIY-0001fw-UI for submit@debbugs.gnu.org; Sun, 12 Dec 2021 20:38:39 -0500 Received: from eggs.gnu.org ([209.51.188.92]:44314) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mwaIY-0003uU-NL for bug-gnu-emacs@gnu.org; Sun, 12 Dec 2021 20:38:38 -0500 Received: from mathmail.math.s.chiba-u.ac.jp ([133.82.132.2]:49641) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mwaIS-0003j3-JY for bug-gnu-emacs@gnu.org; Sun, 12 Dec 2021 20:38:35 -0500 Received: from mathent.math.s.chiba-u.ac.jp (mathent [192.168.32.5]) by mathmail.math.s.chiba-u.ac.jp (Postfix) with ESMTP id 2AC4FF08DA for ; Mon, 13 Dec 2021 10:38:28 +0900 (JST) (envelope-from mituharu@math.s.chiba-u.ac.jp) Date: Mon, 13 Dec 2021 10:38:28 +0900 Message-ID: From: YAMAMOTO Mitsuharu To: bug-gnu-emacs@gnu.org Subject: spontaneous crash with portable dumper User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM-LB/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL-LB/10.8 EasyPG/1.0.0 Emacs/27.2 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) Organization: Faculty of Science, Chiba University MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Received-SPF: none client-ip=133.82.132.2; envelope-from=mituharu@math.s.chiba-u.ac.jp; helo=mathmail.math.s.chiba-u.ac.jp X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) During the development of the Mac port based on Emacs 28.0.90, I had spontaneous crash inside dump_cold_charset. % cd src; lldb temacs (lldb) target create "temacs" Current executable set to '/Users/mituharu/src/git/emacs-builds/work-debug/src/temacs' (arm64). (lldb) r -batch -l loadup --temacs=pdump --bin-dest /usr/local/bin/ --eln-dest /usr/local/lib/emacs/28.0.90/ Process 19997 launched: '/Users/mituharu/src/git/emacs-builds/work-debug/src/temacs' (arm64) Loading loadup.el (source)... Dump mode: pdump Using load-path (/Users/mituharu/src/git/emacs-builds/work-debug/../../emacs/work/lisp) Loading emacs-lisp/byte-run... Loading emacs-lisp/backquote... Loading subr... Loading version... Loading widget... Loading custom... Loading emacs-lisp/map-ynp... Loading international/mule... Loading international/mule-conf... Loading env... Loading format... Loading bindings... Loading window... Loading files... Loading emacs-lisp/macroexp... Loading cus-face... Loading faces... Loading loaddefs.el (source)... Loading button... Loading emacs-lisp/nadvice... Loading emacs-lisp/cl-preloaded... Loading obarray... Loading abbrev... Loading simple... Loading help... Loading jka-cmpr-hook... Loading epa-hook... Loading international/mule-cmds... Loading case-table... Loading international/charprop.el (source)... Loading international/characters... Loading international/charscript... Loading international/emoji-zwj... Loading composite... Loading language/chinese... Loading language/cyrillic... Loading language/indian... Loading language/sinhala... Loading language/english... Loading language/ethiopic... Loading language/european... Loading language/czech... Loading language/slovak... Loading language/romanian... Loading language/greek... Loading language/hebrew... Loading international/cp51932... Loading international/eucjp-ms... Loading language/japanese... Loading language/korean... Loading language/lao... Loading language/tai-viet... Loading language/thai... Loading language/tibetan... Loading language/vietnamese... Loading language/misc-lang... Loading language/utf-8-lang... Loading language/georgian... Loading language/khmer... Loading language/burmese... Loading language/cham... Loading indent... Loading emacs-lisp/cl-generic... Loading minibuffer... Loading frame... Loading startup... Loading term/tty-colors... Loading font-core... Loading emacs-lisp/syntax... Loading font-lock... Loading jit-lock... Loading mouse... Loading scroll-bar... Loading select... Loading emacs-lisp/timer... Loading emacs-lisp/easymenu... Loading isearch... Loading rfn-eshadow... Loading menu-bar... Loading tab-bar... Loading emacs-lisp/lisp... Loading textmodes/page... Loading register... Loading textmodes/paragraphs... Loading progmodes/prog-mode... Loading emacs-lisp/lisp-mode... Loading textmodes/text-mode... Loading textmodes/fill... Loading newcomment... Loading replace... Loading emacs-lisp/tabulated-list... Loading buff-menu... Loading fringe... Loading emacs-lisp/regexp-opt... Loading image... Loading international/fontset... Loading dnd... Loading tool-bar... Loading term/common-win... Loading term/mac-win... Loading mwheel... Loading progmodes/elisp-mode... Loading emacs-lisp/float-sup... Loading vc/vc-hooks... Loading vc/ediff-hook... Loading uniquify... Loading electric... Loading paren... Loading emacs-lisp/shorthands... Loading emacs-lisp/eldoc... Loading cus-start... Loading tooltip... Loading international/iso-transl... Loading leim/leim-list.el (source)... Waiting for git... Waiting for git... Finding pointers to doc strings... Finding pointers to doc strings...done Pure-hashed: 17091 strings, 5197 vectors, 42628 conses, 4696 bytecodes, 270 others Dumping under the name emacs.pdmp Dumping fingerprint: 134341316bf9884828a54d89e5feeb5b0544373e345d945d5498970dc66fa98c Process 19997 stopped * thread #2, name = 'org.gnu.Emacs.lisp-main', stop reason = EXC_BAD_ACCESS (code=2, address=0x4300000020) frame #0: 0x00000001912d41a0 libsystem_platform.dylib`_platform_memmove + 144 libsystem_platform.dylib`_platform_memmove: -> 0x1912d41a0 <+144>: ldnp q2, q3, [x1] 0x1912d41a4 <+148>: sub x5, x3, x0 0x1912d41a8 <+152>: add x1, x1, x5 0x1912d41ac <+156>: ldnp q0, q1, [x1] Target 0: (temacs) stopped. (lldb) up frame #1: 0x0000000100247c78 temacs`dump_write(ctx=0x0000000170793bf8, buf=0x0000004300000020, nbyte=256) at pdumper.c:779:3 776 eassert (ctx->flags.dump_object_contents); 777 while (ctx->offset + nbyte > ctx->buf_size) 778 dump_grow_buffer (ctx); -> 779 memcpy ((char *)ctx->buf + ctx->offset, buf, nbyte); 780 ctx->offset += nbyte; 781 } 782 (lldb) p buf (const void *) $0 = 0x0000004300000020 (lldb) up frame #2: 0x0000000100253654 temacs`dump_cold_charset(ctx=0x0000000170793bf8, data=(i = 0x0000000101121f53)) at pdumper.c:3361:3 3358 cs_dump_offset + dump_offsetof (struct charset, code_space_mask), 3359 ctx->offset); 3360 struct charset *cs = charset_table + cs_i; -> 3361 dump_write (ctx, cs->code_space_mask, 256); 3362 } 3363 3364 static void (lldb) p *cs (charset) $1 = { id = 90 hash_index = 386547056672 dimension = 108 code_space = ([0] = 32, [1] = 90, [2] = 112, [3] = 32, [4] = 67, [5] = 99, [6] = 32, [7] = 67, [8] = 102, [9] = 32, [10] = 67, [11] = 115, [12] = 32, [13] = 67, [14] = 111) code_space_mask = 0x0000004300000020 "" code_linear_p = false iso_chars_96 = true ascii_compatible_p = true supplementary_p = true compact_codes_p = false unified_p = true iso_final = 93 iso_revision = 93 emacs_mule_id = 10 method = 0x20 min_code = 32 max_code = 34 char_index_offset = 85 min_char = 110 max_char = 105 invalid_code = 99 fast_map = "o" code_offset = 104 } (lldb) p cs_i (int) $2 = 183 (lldb) p charset_table_used (int) $3 = 183 Because cs_i >= charset_table_used, charset_table[cs_i] (i.e., *cs) contains uninitialized contents. So writing to the area that cs->code_space_mask points to can cause crash or memory corruption. YAMAMOTO Mitsuharu mituharu@math.s.chiba-u.ac.jp ------------=_1639541762-22023-1--