GNU bug report logs - #58288
29.0.50; (flyspell-correct-word-before-point) followed by <down> crashes emacs

Previous Next

Package: emacs;

Reported by: Andrew John De Angelis <ajd2195 <at> columbia.edu>

Date: Tue, 4 Oct 2022 11:06:03 UTC

Severity: normal

Found in version 29.0.50

Full log

Message #26 received at 58288 <at> debbugs.gnu.org (full text, mbox):

From: Robert Pluim <rpluim <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 58288 <at> debbugs.gnu.org, larsi <at> gnus.org, ajd2195 <at> columbia.edu
Subject: Re: bug#58288: 29.0.50; (flyspell-correct-word-before-point)
 followed by <down> crashes emacs
Date: Wed, 05 Oct 2022 12:01:03 +0200

>>>>> On Tue, 04 Oct 2022 19:30:00 +0300, Eli Zaretskii <eliz <at> gnu.org> said:

    >> Itʼs being set up, but menu_items is ending up as Qnil for some reason
    >> (I suspect something is going wrong with save_menu_items).

    Eli> GC, perhaps?

No, not GC.

frame #1: 0x00000001000754e0 emacs`find_and_return_menu_selection(f=0x00006210000c1530, keymaps=false, client_data=0x00006210006854e8) at menu.c:989:11
   986
   987 	  while (i < menu_items_used)
   988 	    {
-> 989 	      if (NILP (AREF (menu_items, i)))
   990 	        {
   991 	          subprefix_stack[submenu_depth++] = prefix;
   992 	          prefix = entry;
(lldb) p menu_items_used
(int) $36 = 59
(lldb) p menu_items
(Lisp_Object) $37 = NULL

So the code is assuming that menu_items_used > 0 means that menu_items
is valid, but we have this in menu.c:

    void
    save_menu_items (void)
    {
      Lisp_Object saved = list4 (menu_items_inuse ? menu_items : Qnil,
                                 make_fixnum (menu_items_used),
                                 make_fixnum (menu_items_n_panes),
                                 make_fixnum (menu_items_submenu_depth));
      record_unwind_protect (restore_menu_items, saved);
      menu_items_inuse = false;
      menu_items = Qnil;
    }

This fixes it, but it seems a bit dodgy to me, why has no other
platform ever run into this?

diff --git a/src/menu.c b/src/menu.c
index eeb0c9a7e5..a368da373b 100644
--- a/src/menu.c
+++ b/src/menu.c
@@ -147,7 +147,7 @@ restore_menu_items (Lisp_Object saved)
 void
 save_menu_items (void)
 {
-  Lisp_Object saved = list4 (menu_items_inuse ? menu_items : Qnil,
+  Lisp_Object saved = list4 (menu_items,
 			     make_fixnum (menu_items_used),
 			     make_fixnum (menu_items_n_panes),
 			     make_fixnum (menu_items_submenu_depth));


Robert
--
This bug report was last modified 2 years and 260 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.