GNU bug report logs - #74902
31.0.50; Segfault when deleting frames

Previous Next

Package: emacs;

Reported by: Steven Allen <steven <at> stebalien.com>

Date: Sun, 15 Dec 2024 22:02:02 UTC

Severity: normal

Tags: fixed

Found in version 31.0.50

Fixed in version 31.1

Done: Robert Pluim <rpluim <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 74902 <at> debbugs.gnu.org (full text, mbox):

From: Robert Pluim <rpluim <at> gmail.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: Steven Allen <steven <at> stebalien.com>, 74902 <at> debbugs.gnu.org
Subject: Re: bug#74902: 31.0.50; Segfault when deleting frames
Date: Mon, 16 Dec 2024 18:20:34 +0100

>>>>> On Mon, 16 Dec 2024 08:12:46 -0800, Steven Allen via "Bug reports for GNU Emacs, the Swiss army knife of text editors" <bug-gnu-emacs <at> gnu.org> said:

    Steven> Eli Zaretskii <eliz <at> gnu.org> writes:
    >>> As far as I can tell, this is because `delete-frame' calls `delq' (from
    >>> C) which then handles a signal (not sure what signal) via the
    >>> `FOR_EACH_TAIL' macro while deleting the frame. Unfortunately, that
    >>> eventually calls `gobble_input' which operates on frames.
    >>> 
    >>> 
    >>> Backtrace:
    >>> 
    >>> /usr/bin/emacs(emacs_backtrace+0x4e) [0x61e77935447e]
    >>> /usr/bin/emacs(terminate_due_to_signal+0xaf) [0x61e7791a4c5d]
    >>> /usr/bin/emacs(+0x5e062) [0x61e7791a6062]
    >>> /usr/lib/libc.so.6(+0x42150) [0x7e3a544dc150]
    >>> /usr/bin/emacs(+0xeff78) [0x61e779237f78]
    >>> /usr/bin/emacs(+0x19a564) [0x61e7792e2564]
    >>> /usr/bin/emacs(+0x19a829) [0x61e7792e2829]
    >>> /usr/bin/emacs(+0x1a1c58) [0x61e7792e9c58]
    >>> /usr/bin/emacs(+0x1b0bb8) [0x61e7792f8bb8]
    >>> /usr/bin/emacs(gobble_input+0x272) [0x61e77933f3a2]
    >>> /usr/bin/emacs(probably_quit+0xc6) [0x61e7793ec666]
    >>> /usr/bin/emacs(Fdelq+0xb6) [0x61e77940c196]
    >>> /usr/bin/emacs(delete_frame+0x2d4) [0x61e7791d77b4]
    >>> /usr/bin/emacs(Fdelete_frame+0x17) [0x61e7791d8a07]
    >> 
    >> This is less useful than a backtrace could be.  Can you run Emacs
    >> under GDB, and when it crashes, type
    >> 
    >> (gdb) thread apply all bt
    >> 
    >> and post here everything GDB produces as result?

    Steven> Yeah, I agree. I'll do that if I can find a reliable way to reproduce
    Steven> it. At the moment it happens once every few months.

If you do find a reproducer, then based on the trace above I think the
following should fix it:

diff --git a/src/frame.c b/src/frame.c
index f6053fca3ef..ff9e1d24ea1 100644
--- a/src/frame.c
+++ b/src/frame.c
@@ -2281,7 +2281,9 @@ delete_frame (Lisp_Object frame, Lisp_Object force)
   delete_all_child_windows (f->root_window);
   fset_root_window (f, Qnil);
 
+  block_input();
   Vframe_list = Fdelq (frame, Vframe_list);
+  unblock_input();
   SET_FRAME_VISIBLE (f, 0);
 
   /* Allow the vector of menu bar contents to be freed in the next





Robert
--
This bug report was last modified 183 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.