GNU bug report logs - #6214
23.1; json-read-string crashes emacs with long string

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Carl Worth <cworth <at> cworth.org>
Subject: bug#6214: closed (Re: bug#6214: 23.1; json-read-string crashes
 emacs with long string)
Date: Tue, 18 May 2010 18:08:02 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#6214: 23.1; json-read-string crashes emacs with long string

which was filed against the emacs package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 6214 <at> debbugs.gnu.org.

-- 
6214: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=6214
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Chong Yidong <cyd <at> stupidchicken.com>
To: Carl Worth <cworth <at> cworth.org>
Cc: Notmuch mailing list <notmuch <at> notmuchmail.org>, 6214-done <at> debbugs.gnu.org,
	Dirk Hohndel <hohndel <at> infradead.org>
Subject: Re: bug#6214: 23.1; json-read-string crashes emacs with long string
Date: Tue, 18 May 2010 14:07:10 -0400

Carl Worth <cworth <at> cworth.org> writes:

> A user of the emacs-based mail client, Notmuch [*], found that
> attempting to display a particular message would consistently
> causes a segmentation fault in emacs.
>
> I haven't attempted to debug this within gdb yet, (I'll have to get my
> hands on a build of emacs with debugging symbols first). But I wanted to
> share things right away, so that perhaps someone else could do further
> debugging and follow up.

Looks like a stack overflow in the `string' function.  I've checked in a
fix, thanks for the bug report.

[Message part 3 (message/rfc822, inline)]

From: Carl Worth <cworth <at> cworth.org>
To: bug-gnu-emacs <at> gnu.org
Cc: Notmuch mailing list <notmuch <at> notmuchmail.org>,
	Carl Worth <cworth <at> cworth.org>, Dirk Hohndel <hohndel <at> infradead.org>
Subject: 23.1; json-read-string crashes emacs with long string
Date: Tue, 18 May 2010 09:08:17 -0700

> Please describe exactly what actions triggered the bug
> and the precise symptoms of the bug:

A user of the emacs-based mail client, Notmuch [*], found that
attempting to display a particular message would consistently
causes a segmentation fault in emacs.

I tracked this down to calling `json-read-string' with a very long
string, (roughly 1 million characters). Rather than including that
enormous string in this message, here's a little snippet of emacs lisp
that creates and reads such a string. So, if evaluated, this code should
trigger the segmentation fault, (assuming a copy of GPLv3 exists at
/usr/share/emacs/23.1/etc/COPYING---adjust the filename if necessary).

;; Caution: Evaluating the block below has been known to crash emacs
(with-temp-buffer
  (require 'json)
  ;; First we just need a lot of text. 32 copies of GPLv3 seems to do it
  (dotimes (i 32)
    (insert-file "/usr/share/emacs/23.1/etc/COPYING"))
  ;; Now create a buffer with a json-encoded version of the text
  (let ((json-string (json-encode-string (buffer-string))))
    (with-temp-buffer
      (insert json-string)
      (goto-char (point-min))
      ;; And try to read the string. This triggers the segfault.
      (json-read-string))))

> If Emacs crashed, and you have the Emacs process in the gdb debugger,
> please include the output from the following gdb commands:
>    `bt full' and `xbacktrace'.

I haven't attempted to debug this within gdb yet, (I'll have to get my
hands on a build of emacs with debugging symbols first). But I wanted to
share things right away, so that perhaps someone else could do further
debugging and follow up.

In the meantime, notmuch folks, if you've got a good idea for modifying
notmuch to avoid this bug I'd be glad to hear it. Adjust followups to
include the notmuch list and not the gnu.org bug address as appropriate.

-Carl

[*] http://notmuchmail.org

PS. Here are some of the details provided by `report-emacs-bug':

In GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.18.2)
 of 2010-01-26 on raven, modified by Debian
Windowing system distributor `The X.Org Foundation', version 11.0.10799001
configured using `configure  '--build=i486-linux-gnu' '--host=i486-linux-gnu' '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib' '--localstatedir=/var/lib' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-pop=yes' '--enable-locallisppath=/etc/emacs23:/etc/emacs:/usr/local/share/emacs/23.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/23.1/site-lisp:/usr/share/emacs/site-lisp:/usr/share/emacs/23.1/leim' '--with-x=yes' '--with-x-toolkit=gtk' '--with-toolkit-scroll-bars' 'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu' 'CFLAGS=-DDEBIAN -g -O2' 'LDFLAGS=-g' 'CPPFLAGS=''

Important settings:
  value of $LC_ALL: nil
  value of $LC_COLLATE: nil
  value of $LC_CTYPE: nil
  value of $LC_MESSAGES: nil
  value of $LC_MONETARY: nil
  value of $LC_NUMERIC: nil
  value of $LC_TIME: nil
  value of $LANG: en_US.UTF-8
  value of $XMODIFIERS: nil
  locale-coding-system: utf-8-unix
  default-enable-multibyte-characters: t

-- 
carl.d.worth <at> intel.com

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.