GNU bug report logs -
#72692
Emacs 31.05 (40eecd594ac) get SIGSEGV on Linux (Linux 6.6.45 Kde Wayland)
Previous Next
Reported by: Eval EXEC <execvy <at> gmail.com>
Date: Sun, 18 Aug 2024 08:31:01 UTC
Severity: normal
Done: Eli Zaretskii <eliz <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
Message #53 received at 72692 <at> debbugs.gnu.org (full text, mbox):
"Pip Cet" <pipcet <at> protonmail.com> writes:
> "Eli Zaretskii" <eliz <at> gnu.org> writes:
>
>>> Date: Sun, 18 Aug 2024 14:59:51 +0000
>>> From: Pip Cet <pipcet <at> protonmail.com>
>>> Cc: execvy <at> gmail.com, 72692 <at> debbugs.gnu.org
>>>
>>> I don't understand yet what underlying assumption is violated, and what
>>> precisely happened.
>>>
>>> But I have just reproduced the crash, I think. It does need this patch,
>>> which means we will actually crash when accessing a formerly-valid
>>> fontset, rather than accessing random and inappropriate data, so I think
>>> we need to first establish that this patch doesn't break things and
>>> cause a different crash.
>>
>> I don't understand: is this patch needed to trigger a crash, or are
>> you saying we need it to fix crashes?
>
> It helps trigger the crash, which might take a long time without the
> patch.
And I understand why it's so rare now: the non-ASCII face contains a
dangling pointer to the (freed!) old ASCII face, and we verify in
'face_for_font' that the pointer matches the new ASCII face, which it
can do only if the new ASCII face happens to be allocated at the same
address the old one had.
But, it happens, and we need to fix it somehow. The easiest fix would
be to use a refcount in 'struct face' and do the actual freeing (of
fontset and struct face) only when no other 'struct face' refers to our
face through ->ascii_face.
Or is there a simpler solution?
Pip
This bug report was last modified 258 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.