GNU bug report logs - #58334
29.0.50; ASAN heap use after free in gui_produce_glyphs

Previous Next

Package: emacs;

Reported by: Gerd Möllmann <gerd.moellmann <at> gmail.com>

Date: Thu, 6 Oct 2022 15:04:01 UTC

Severity: normal

Found in version 29.0.50

Full log

Message #140 received at 58334 <at> debbugs.gnu.org (full text, mbox):

From: Gerd Möllmann <gerd.moellmann <at> gmail.com>
To: 58334 <at> debbugs.gnu.org
Subject: Re: bug#58334: 29.0.50; ASAN heap use after free in gui_produce_glyphs
Date: Sat, 08 Oct 2022 08:58:02 +0200

I'd like to finish this one way or another, so here it goes...

The call to redisplay in nsterm.m was identified as the problem because
it can free realized faces, that other code relies on not to happen.

The call to redisplay was introduced in the commit below, and I'm
looking at the bugs mentioned in it.

68bd6f3ea9c05637501139c46f1f4304482db95f
Author:     Alan Third <alan <at> idiocy.org>
CommitDate: Sat Feb 13 22:41:25 2021 +0000

Fix flicker when resizing NS frame programmatically (bug#46155)
; Incidentally fixes bug#21326.

IÄm using Emacs master on macOS 12.6 with

modified   src/nsterm.m
@@ -8672,7 +8672,7 @@ - (void)layoutSublayersOfLayer:(CALayer *)layer
       waiting_for_input = 0;
       block_input ();
 
-      redisplay ();
+      //redisplay ();
 
       unblock_input ();
       waiting_for_input = owfi;


------------------------------------------------------------------------
bug#46155: 28.0.50; Regression: buffer contents flicker on macOS
------------------------------------------------------------------------

The bug complains that

(dotimes (n 10)
  (set-frame-parameter nil 'width (+ 80 n))
  (sit-for 0.1))

leads to flicker.  Not reproducible.

This funny comment by Alan made my day, so I'll quote it here :-)

    Well... I tried something ridiculous and it appears to work...

    I suspect forcing redisplay this way within the NS run loop is bad
    form, but it appears to work.

In the mails under bug#46155, someone mentions that Emacs displays an
empty buffer while busy on startup.  Reproducible.

That's all I checked.

------------------------------------------------------------------------
bug#21326: 24.5; OS X, frame blank while resizing
------------------------------------------------------------------------

Not reproducible.

------------------------------------------------------------------------
Possible solutions:

1. Don't call redisplay, depending on OS version.

2. What Eli said - make uses of realized faces resilient against face
cache clearing.

3. Block input in vertical-motion etc. as Po Lu suggested.

4. Do nothing because that's all esoteric.

I favour (1) or (4) because (2) I'm not motivated to do, and TBH I agree
with Alan's comment above :-).  Can't say much about (3), except that
Eli doesn't seem to like it.
This bug report was last modified 2 years and 310 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.