GNU bug report logs - #70385
Crash in note_fringe_highlight

Previous Next

Package: emacs;

Reported by: Juri Linkov <juri <at> linkov.net>

Date: Sun, 14 Apr 2024 16:18:05 UTC

Severity: normal

Merged with 70419, 70420, 70427

Found in version 30.0.50

Full log

View this message in rfc822 format

From: Björn Bidar <bjorn.bidar <at> thaodan.de>
To: 70385 <at> debbugs.gnu.org
Cc: luangruo <at> yahoo.com, vekazanov <at> gmail.com, eliz <at> gnu.org, juri <at> linkov.net
Subject: bug#70385: Crash in note_fringe_highlight
Date: Mon, 15 Apr 2024 20:04:02 +0300

[Message part 1 (text/plain, inline)]
Po Lu via "Bug reports for GNU Emacs, the Swiss army knife of text
editors" <bug-gnu-emacs <at> gnu.org> writes:

> Eli Zaretskii <eliz <at> gnu.org> writes:
>
>> I think this should be
>>
>>   if ((window_outdated (w)
>>        || !w->window_end_valid
>>        || !MATRIX_ROW_DISPLAYS_TEXT_P (MATRIX_ROW (w->current_matrix,
>> 						   vpos)))
>
> Yes, sorry.
>
>> I'm not sure it will help, because it seems the segfault happens in
>> the MATRIX_ROW_DISPLAYS_TEXT_P macro.  So I think we are somehow
>> dealing with w->current_matrix whose 'nrows' is too small.  The
>> mouse-highlight code detects that case in x_y_to_hpos_vpos.
>
> Right.  What about this?
>
> diff --git a/src/xdisp.c b/src/xdisp.c
> index d984c12d1aa..dcecc2b09d4 100644
> --- a/src/xdisp.c
> +++ b/src/xdisp.c
> @@ -35772,6 +35772,7 @@ note_fringe_highlight (struct frame *f, Lisp_Object window, int x, int y,
>    /* Don't access the TEXT_AREA of a row that does not display text, or
>       when the window is outdated.  (bug#70385) */
>    if (window_outdated (w)
> +      || (vpos >= w->current_matrix->nrows)
>        || !MATRIX_ROW_DISPLAYS_TEXT_P (MATRIX_ROW (w->current_matrix,
>  						  vpos)))
>      return;
>
> It's the same test x_y_to_hpos_vpos applies to decide whether to punt
> and return NULL.

Tried the change but it wasn't enough:

[emacs.gdb.note_fringe.3rd.log (text/x-log, inline)]
#0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo <at> entry=11, no_tid=no_tid <at> entry=0) at pthread_kill.c:44
#1  0x00007f0ca9294a73 in __pthread_kill_internal (signo=11, threadid=<optimized out>) at pthread_kill.c:78
#2  0x00007f0ca9241176 in __GI_raise (sig=sig <at> entry=11) at ../sysdeps/posix/raise.c:26
#3  0x00005591d8759f70 in terminate_due_to_signal (sig=11, backtrace_limit=<optimized out>) at ../../emacs-30.0.50.5968.24957ea566b/src/emacs.c:479
#4  0x00005591d875a603 in handle_fatal_signal (sig=<optimized out>) at ../../emacs-30.0.50.5968.24957ea566b/src/sysdep.c:1800
#5  0x00005591d8a235e8 in deliver_thread_signal.constprop.0 (sig=sig <at> entry=11, handler=<optimized out>) at ../../emacs-30.0.50.5968.24957ea566b/src/sysdep.c:1792
#6  0x00005591d88beb29 in deliver_fatal_thread_signal (sig=11) at ../../emacs-30.0.50.5968.24957ea566b/src/sysdep.c:1812
#7  handle_sigsegv (sig=11, siginfo=<optimized out>, arg=<optimized out>) at ../../emacs-30.0.50.5968.24957ea566b/src/sysdep.c:1950
#8  0x00007f0ca9241240 in <signal handler called> () at /lib64/libc.so.6
#9  0x00005591d87d0799 in note_fringe_highlight (part=<optimized out>, y=<optimized out>, x=<optimized out>, window=XIL(0x5591dfb7bc85), f=0x5591dfb7b988) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:35776
#10 note_mouse_highlight (f=0x5591dfb7b988, x=<optimized out>, y=<optimized out>) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:36037
#11 0x00005591d8859710 in x_note_mouse_movement (frame=0x5591dfb7b988, event=0x7ffc900620e0, device=<optimized out>) at ../../emacs-30.0.50.5986.55a200d7071/src/xterm.c:14667
#12 0x00005591d886470a in handle_one_xevent (dpyinfo=0x5591e83799f0, event=<optimized out>, finish=<optimized out>, hold_quit=0x7ffc90062860) at ../../emacs-30.0.50.5986.55a200d7071/src/xterm.c:23162
#13 0x00005591d885c401 in event_handler_gdk (gxev=0x7ffc900625d0, ev=<optimized out>, data=<optimized out>) at ../../emacs-30.0.50.5986.55a200d7071/src/xterm.c:17890
#14 0x00007f0cb418b82f in gdk_event_apply_filters (xevent=xevent <at> entry=0x7ffc900625d0, event=event <at> entry=0x5591de546770, window=window <at> entry=0x0) at ../gdk/x11/gdkeventsource.c:79
#15 0x00007f0cb419303f in gdk_event_source_translate_event (xevent=0x7ffc900625d0, event_source=0x5591e114da10) at ../gdk/x11/gdkeventsource.c:198
#16 _gdk_x11_display_queue_events (display=0x5591ebef2f00) at ../gdk/x11/gdkeventsource.c:341
#17 0x00007f0cb413b9b9 in gdk_display_get_event (display=0x5591ebef2f00) at ../gdk/gdkdisplay.c:442
#18 0x00007f0cb4193412 in gdk_event_source_dispatch.lto_priv () at ../gdk/x11/gdkeventsource.c:354
#19 0x00007f0cb3ae9710 in  () at /lib64/libglib-2.0.so.0
#20 0x00007f0cb3aeb358 in  () at /lib64/libglib-2.0.so.0
#21 0x00007f0cb3aeba0c in g_main_context_iteration () at /lib64/libglib-2.0.so.0
#22 0x00007f0cb43f6b95 in gtk_main_iteration () at ../gtk/gtkmain.c:1433
#23 0x00005591d886c022 in XTread_socket (terminal=<optimized out>, hold_quit=0x7ffc90062860) at ../../emacs-30.0.50.5986.55a200d7071/src/xterm.c:25657
#24 0x00005591d88ae662 in gobble_input () at ../../emacs-30.0.50.5968.24957ea566b/src/keyboard.c:7898
#25 0x00005591d88ae965 in handle_async_input () at ../../emacs-30.0.50.5968.24957ea566b/src/keyboard.c:8137
#26 process_pending_signals () at ../../emacs-30.0.50.5968.24957ea566b/src/keyboard.c:8151
#27 unblock_input_to (level=<optimized out>) at ../../emacs-30.0.50.5968.24957ea566b/src/keyboard.c:8166
#28 unblock_input_to (level=<optimized out>) at ../../emacs-30.0.50.5968.24957ea566b/src/keyboard.c:8160
#29 unblock_input () at ../../emacs-30.0.50.5968.24957ea566b/src/keyboard.c:8185
#30 0x00005591d891f163 in garbage_collect () at ../../emacs-30.0.50.5968.24957ea566b/src/alloc.c:6685
#31 0x00005591d891f685 in maybe_garbage_collect () at ../../emacs-30.0.50.5968.24957ea566b/src/alloc.c:6507
#32 0x00005591d8999842 in maybe_gc () at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/lisp.h:5891
#33 exec_byte_code (fun=<optimized out>, args_template=<optimized out>, nargs=<optimized out>, args=<optimized out>) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/bytecode.c:789
#34 0x00005591d894614a in funcall_lambda (fun=fun <at> entry=XIL(0x5591dcada08d), nargs=nargs <at> entry=0, arg_vector=arg_vector <at> entry=0x7ffc90062b20) at ../../emacs-30.0.50.5986.55a200d7071/src/eval.c:3190
#35 0x00005591d89462d9 in apply_lambda (fun=<optimized out>, args=<optimized out>, count=count <at> entry=...) at ../../emacs-30.0.50.5986.55a200d7071/src/eval.c:3144
#36 0x00005591d89439fb in eval_sub (form=form <at> entry=XIL(0x7f0ca217a4a3)) at ../../emacs-30.0.50.5986.55a200d7071/src/eval.c:2615
#37 0x00005591d8945baf in Feval (form=XIL(0x7f0ca217a4a3), lexical=<optimized out>) at ../../emacs-30.0.50.5986.55a200d7071/src/eval.c:2389
#38 0x00005591d894340d in funcall_subr (subr=0x5591d8fa1760 <Seval>, numargs=numargs <at> entry=2, args=args <at> entry=0x7ffc90062e68) at ../../emacs-30.0.50.5986.55a200d7071/src/eval.c:3092
#39 0x00005591d8940ad0 in funcall_general (fun=<optimized out>, numargs=numargs <at> entry=2, args=args <at> entry=0x7ffc90062e68) at ../../emacs-30.0.50.5986.55a200d7071/src/lisp.h:2242
#40 0x00005591d8940cc6 in Ffuncall (nargs=nargs <at> entry=3, args=args <at> entry=0x7ffc90062e60) at ../../emacs-30.0.50.5986.55a200d7071/src/eval.c:3022
#41 0x00005591d89401a1 in internal_condition_case_n (bfun=0x5591d8940bd0 <Ffuncall>, nargs=3, args=0x7ffc90062e60, handlers=<optimized out>, hfun=0x5591d8787420 <dsafe_eval_handler>) at ../../emacs-30.0.50.5986.55a200d7071/src/eval.c:1617
#42 0x00005591d87d4c54 in dsafe__call.part.0.lto_priv.0 (inhibit_quit=true, f=0x5591d8940bd0 <Ffuncall>, nargs=3, args=0x7ffc90062e60) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:3067
#43 0x00005591d87c3c04 in dsafe__call (args=0x7ffc90062e60, nargs=3, f=<optimized out>, inhibit_quit=true) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:3056
#44 dsafe_eval (sexpr=<optimized out>) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:3103
#45 display_mode_element (it=it <at> entry=0x7ffc90063020, depth=2, depth <at> entry=1, field_width=0, precision=precision <at> entry=0, elt=XIL(0x7f0ca217a4c3), props=props <at> entry=XIL(0), risky=false) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:27876
#46 0x00005591d87c3cdc in display_mode_element (it=0x7ffc90063020, depth=1, field_width=0, precision=0, elt=<optimized out>, props=XIL(0), risky=false) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:27962
#47 0x00005591d87b92ca in display_mode_line (w=w <at> entry=0x5591dfb7bc80, face_id=MODE_LINE_ACTIVE_FACE_ID, format=XIL(0x7f0ca217a4e3)) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:27387
#48 0x00005591d87b9b12 in display_mode_lines (w=0x5591dfb7bc80) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:27300
#49 0x00005591d87abdd9 in redisplay_window (window=<optimized out>, just_this_one_p=just_this_one_p <at> entry=false) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:20921
#50 0x00005591d87af5fb in redisplay_window_0 (window=window <at> entry=XIL(0x5591dfb7bc85)) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:18012
#51 0x00005591d894004c in internal_condition_case_1 (bfun=0x5591d87af5d0 <redisplay_window_0>, arg=XIL(0x5591dfb7bc85), handlers=<optimized out>, hfun=0x5591d87a2890 <redisplay_window_error>) at ../../emacs-30.0.50.5986.55a200d7071/src/eval.c:1561
#52 0x00005591d87a2a09 in redisplay_windows (window=XIL(0x5591dfb7bc85)) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:17981
#53 0x00005591d87a5d8e in redisplay_internal () at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:17381
#54 0x00005591d87a726a in redisplay_preserve_echo_area (from_where=<optimized out>) at /usr/src/debug/emacs-30.0.50.5990.9b755244bf0/src/xdisp.c:17740
#55 0x00005591d89ae509 in wait_reading_process_output (time_limit=<optimized out>, nsecs=<optimized out>, read_kbd=<optimized out>, do_display=<optimized out>, wait_for_cell=<optimized out>, wait_proc=<optimized out>, just_wait_proc=<optimized out>) at ../../emacs-30.0.50.5968.24957ea566b/src/process.c:5434
#56 0x00005591d876ffb6 in sit_for (timeout=<optimized out>, reading=true, display_option=<optimized out>) at ../../emacs-30.0.50.5986.55a200d7071/src/dispnew.c:6318
#57 0x00005591d88aaac2 in read_char (commandflag=1, map=XIL(0x5591f0dda9f3), prev_event=XIL(0), used_mouse_menu=0x7ffc90068cfb, end_time=0x0) at ../../emacs-30.0.50.5968.24957ea566b/src/keyboard.c:2922
#58 0x00005591d88bbc3f in read_key_sequence (keybuf=0x7ffc90068e90, prompt=XIL(0), dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false, disable_text_conversion_p=false) at ../../emacs-30.0.50.5968.24957ea566b/src/keyboard.c:10722
#59 0x00005591d88a2fe7 in command_loop_1 () at ../../emacs-30.0.50.5968.24957ea566b/src/keyboard.c:1428
#60 0x00005591d893ffb7 in internal_condition_case (bfun=0x5591d88a2e10 <command_loop_1>, handlers=<optimized out>, hfun=0x5591d88a1ef0 <cmd_error>) at ../../emacs-30.0.50.5986.55a200d7071/src/eval.c:1537
#61 0x00005591d88a232e in command_loop_2 (handlers=handlers <at> entry=XIL(0x90)) at ../../emacs-30.0.50.5968.24957ea566b/src/keyboard.c:1167
#62 0x00005591d893fec1 in internal_catch (tag=<optimized out>, func=0x5591d88a2300 <command_loop_2>, arg=XIL(0x90)) at ../../emacs-30.0.50.5986.55a200d7071/src/eval.c:1217
#63 0x00005591d88a0e99 in command_loop () at ../../emacs-30.0.50.5968.24957ea566b/src/keyboard.c:1145
#64 0x00005591d88a19d6 in recursive_edit_1 () at ../../emacs-30.0.50.5968.24957ea566b/src/keyboard.c:753
#65 0x00005591d88a1dec in Frecursive_edit () at ../../emacs-30.0.50.5968.24957ea566b/src/keyboard.c:836
#66 0x00005591d8764adc in main (argc=2, argv=0x7ffc90069348) at ../../emacs-30.0.50.5968.24957ea566b/src/emacs.c:2626
You can't do that without a process to debug.
quit
This bug report was last modified 1 year and 62 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.