Package: emacs;
Reported by: Andreas Seltenreich <seltenreich <at> gmx.de>
Date: Mon, 14 Jul 2008 08:50:03 UTC
Severity: normal
Done: Chong Yidong <cyd <at> stupidchicken.com>
Bug is archived. No further changes may be made.
View this message in rfc822 format
From: Andreas Seltenreich <seltenreich <at> gmx.de> To: emacs-pretest-bug <at> gnu.org Subject: bug#558: 23.0.60; crash on M-x make-frame-on-display Date: Mon, 14 Jul 2008 10:40:50 +0200
> Please write in English if possible, because the Emacs maintainers
> usually do not have translators to read other languages for them.
> Your bug report will be posted to the emacs-pretest-bug <at> gnu.org mailing list.
> Please describe exactly what actions triggered the bug
> and the precise symptoms of the bug:
1. compiling emacs from CVS using
./configure --with-x-toolkit=no CFLAGS='-O2 -g -fno-crossjumping'
2. running emacs -Q -nw
3. now there's a 1 in 10 chance M-x make-frame-on-display RET :0 RET
will crash emacs with the following symptoms:
--8<---------------cut here---------------start------------->8---
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47821396663536 (LWP 3159)]
0x00002b7e4864e28e in XPending () from /usr/lib/libX11.so.6
(gdb) bt
#0 0x00002b7e4864e28e in XPending () from /usr/lib/libX11.so.6
#1 0x000000000049a33f in XTread_socket (terminal=0xefcb70, expected=1, hold_quit=0x7fff6301e830) at xterm.c:7193
#2 0x00000000004c2f05 in read_avail_input (expected=1) at keyboard.c:7086
#3 0x00000000004c2fea in handle_async_input () at keyboard.c:7313
#4 0x0000000000494a37 in x_term_init (display_name=20626963, xrm_option=0x0, resource_name=0x1c7c2b0 "emacs") at xterm.c:10128
#5 0x000000000049f783 in x_display_info_for_name (name=20626963) at xfns.c:4101
#6 0x00000000004a453d in Fx_create_frame (parms=28664357) at xfns.c:3149
#7 0x000000000052a4c6 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3042
#8 0x000000000055f32b in Fbyte_code (bytestr=<value optimized out>, vector=19839377, maxdepth=28) at bytecode.c:678
#9 0x0000000000529f6f in funcall_lambda (fun=7562500, nargs=1, arg_vector=0x7fff6301ec38) at eval.c:3229
#10 0x000000000052a345 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3088
#11 0x000000000055f32b in Fbyte_code (bytestr=<value optimized out>, vector=29642081, maxdepth=80) at bytecode.c:678
#12 0x0000000000529f6f in funcall_lambda (fun=8106276, nargs=1, arg_vector=0x7fff6301edc8) at eval.c:3229
#13 0x000000000052a345 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3088
#14 0x000000000055f32b in Fbyte_code (bytestr=<value optimized out>, vector=10541745, maxdepth=26) at bytecode.c:678
#15 0x0000000000529f6f in funcall_lambda (fun=8103764, nargs=1, arg_vector=0x7fff6301ef98) at eval.c:3229
#16 0x000000000052a345 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3088
#17 0x0000000000527522 in Fcall_interactively (function=29659713, record_flag=9669105, keys=9736036) at callint.c:857
#18 0x000000000052a4f4 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3048
#19 0x000000000052a734 in call3 (fn=<value optimized out>, arg1=<value optimized out>, arg2=140734854457392, arg3=140734854457464) at eval.c:2868
#20 0x00000000004c092c in Fexecute_extended_command (prefixarg=9669009) at keyboard.c:10533
#21 0x000000000052a4c6 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3042
#22 0x0000000000527522 in Fcall_interactively (function=9739089, record_flag=9669009, keys=9736036) at callint.c:857
#23 0x000000000052a4f4 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3048
#24 0x000000000052a734 in call3 (fn=<value optimized out>, arg1=<value optimized out>, arg2=140734854457392, arg3=140734854457464) at eval.c:2868
#25 0x00000000004cd322 in command_loop_1 () at keyboard.c:1910
#26 0x0000000000528d34 in internal_condition_case (bfun=0x4ccf60 <command_loop_1>, handlers=9756209, hfun=0x4c6ab0 <cmd_error>) at eval.c:1511
#27 0x00000000004c5d9a in command_loop_2 () at keyboard.c:1367
#28 0x0000000000528e37 in internal_catch (tag=<value optimized out>, func=0x4c5d80 <command_loop_2>, arg=9669009) at eval.c:1247
#29 0x00000000004c68f3 in command_loop () at keyboard.c:1346
#30 0x00000000004c6c8c in recursive_edit_1 () at keyboard.c:955
#31 0x00000000004c6df0 in Frecursive_edit () at keyboard.c:1017
#32 0x00000000004bc533 in main (argc=3, argv=0x7fff6301fe38) at emacs.c:1762
Lisp Backtrace:
"x-create-frame" (0x6301eaa8)
"x-create-frame-with-faces" (0x6301ec38)
"make-frame" (0x6301edc8)
"make-frame-on-display" (0x6301ef98)
"call-interactively" (0x6301f1b8)
"execute-extended-command" (0x6301f368)
"call-interactively" (0x6301f578)
(gdb) up
#1 0x000000000049a33f in XTread_socket (terminal=0xefcb70, expected=1, hold_quit=0x7fff6301e830) at xterm.c:7193
(gdb) list
7188 #endif
7189 }
7190 #endif
7191
7192 #ifndef USE_GTK
7193 while (XPending (terminal->display_info.x->display))
7194 {
7195 int finish;
7196
7197 XNextEvent (terminal->display_info.x->display, &event);
(gdb) p terminal->display_info.x->display
$1 = (Display *) 0x0
(gdb) up
#2 0x00000000004c2f05 in read_avail_input (expected=1) at keyboard.c:7086
(gdb)
#3 0x00000000004c2fea in handle_async_input () at keyboard.c:7313
(gdb)
#4 0x0000000000494a37 in x_term_init (display_name=20626963, xrm_option=0x0, resource_name=0x1c7c2b0 "emacs") at xterm.c:10128
(gdb) list
10123 init_kboard (terminal->kboard);
10124 terminal->kboard->Vwindow_system = intern ("x");
10125 if (!EQ (XSYMBOL (Qvendor_specific_keysyms)->function, Qunbound))
10126 {
10127 char *vendor = ServerVendor (dpy);
10128 UNBLOCK_INPUT;
10129 terminal->kboard->Vsystem_key_alist
10130 = call1 (Qvendor_specific_keysyms,
10131 vendor ? build_string (vendor) : empty_unibyte_string);
10132 BLOCK_INPUT;
(gdb) p terminal == terminal_list
$2 = 1
(gdb) p terminal->display_info.x->display
$3 = (Display *) 0x0
(gdb)
--8<---------------cut here---------------end--------------->8---
I can no longer trigger any crashes after patching xterm.c like this:
--8<---------------cut here---------------start------------->8---
*** xterm.c.~1.1000.~ 2008-07-13 18:20:31.000000000 +0200
--- xterm.c 2008-07-14 05:22:26.000000000 +0200
***************
*** 10125,10135 ****
--- 10125,10140 ----
if (!EQ (XSYMBOL (Qvendor_specific_keysyms)->function, Qunbound))
{
char *vendor = ServerVendor (dpy);
+ /* temporarily hide the partially initialized terminal */
+ xassert(terminal_list == terminal);
+ terminal_list = terminal->next;
UNBLOCK_INPUT;
terminal->kboard->Vsystem_key_alist
= call1 (Qvendor_specific_keysyms,
vendor ? build_string (vendor) : empty_unibyte_string);
BLOCK_INPUT;
+ terminal->next = terminal_list;
+ terminal_list = terminal;
}
terminal->kboard->next_kboard = all_kboards;
--8<---------------cut here---------------end--------------->8---
Here's a ChangeLog entry in case this fix is actually correct.
--8<---------------cut here---------------start------------->8---
2008-07-14 Andreas Seltenreich <seltenreich <at> gmx.de>
* xterm.c (x_term_init) [MULTI_KBOARD]: Hide the partially
initialized terminal while unblocking input for call1 of
Qvendor_specific_keysyms.
--8<---------------cut here---------------end--------------->8---
regards,
andreas
> In GNU Emacs 23.0.60.6 (x86_64-unknown-linux-gnu)
> of 2008-07-14 on tengen
> Windowing system distributor `The X.Org Foundation', version 11.0.70101000
> configured using `configure '--with-x-toolkit=no' '--enable-debug''
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.