GNU bug report logs - #74902
31.0.50; Segfault when deleting frames

Previous Next

Package: emacs;

Reported by: Steven Allen <steven <at> stebalien.com>

Date: Sun, 15 Dec 2024 22:02:02 UTC

Severity: normal

Tags: fixed

Found in version 31.0.50

Fixed in version 31.1

Done: Robert Pluim <rpluim <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #17 received at 74902 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Robert Pluim <rpluim <at> gmail.com>
Cc: steven <at> stebalien.com, 74902 <at> debbugs.gnu.org
Subject: Re: bug#74902: 31.0.50; Segfault when deleting frames
Date: Sat, 28 Dec 2024 13:35:41 +0200

> From: Robert Pluim <rpluim <at> gmail.com>
> Cc: Steven Allen <steven <at> stebalien.com>,  74902 <at> debbugs.gnu.org
> Date: Mon, 16 Dec 2024 18:20:34 +0100
> 
> >>>>> On Mon, 16 Dec 2024 08:12:46 -0800, Steven Allen via "Bug reports for GNU Emacs, the Swiss army knife of text editors" <bug-gnu-emacs <at> gnu.org> said:
> 
>     Steven> Eli Zaretskii <eliz <at> gnu.org> writes:
>     >>> As far as I can tell, this is because `delete-frame' calls `delq' (from
>     >>> C) which then handles a signal (not sure what signal) via the
>     >>> `FOR_EACH_TAIL' macro while deleting the frame. Unfortunately, that
>     >>> eventually calls `gobble_input' which operates on frames.
>     >>> 
>     >>> 
>     >>> Backtrace:
>     >>> 
>     >>> /usr/bin/emacs(emacs_backtrace+0x4e) [0x61e77935447e]
>     >>> /usr/bin/emacs(terminate_due_to_signal+0xaf) [0x61e7791a4c5d]
>     >>> /usr/bin/emacs(+0x5e062) [0x61e7791a6062]
>     >>> /usr/lib/libc.so.6(+0x42150) [0x7e3a544dc150]
>     >>> /usr/bin/emacs(+0xeff78) [0x61e779237f78]
>     >>> /usr/bin/emacs(+0x19a564) [0x61e7792e2564]
>     >>> /usr/bin/emacs(+0x19a829) [0x61e7792e2829]
>     >>> /usr/bin/emacs(+0x1a1c58) [0x61e7792e9c58]
>     >>> /usr/bin/emacs(+0x1b0bb8) [0x61e7792f8bb8]
>     >>> /usr/bin/emacs(gobble_input+0x272) [0x61e77933f3a2]
>     >>> /usr/bin/emacs(probably_quit+0xc6) [0x61e7793ec666]
>     >>> /usr/bin/emacs(Fdelq+0xb6) [0x61e77940c196]
>     >>> /usr/bin/emacs(delete_frame+0x2d4) [0x61e7791d77b4]
>     >>> /usr/bin/emacs(Fdelete_frame+0x17) [0x61e7791d8a07]
>     >> 
>     >> This is less useful than a backtrace could be.  Can you run Emacs
>     >> under GDB, and when it crashes, type
>     >> 
>     >> (gdb) thread apply all bt
>     >> 
>     >> and post here everything GDB produces as result?
> 
>     Steven> Yeah, I agree. I'll do that if I can find a reliable way to reproduce
>     Steven> it. At the moment it happens once every few months.
> 
> If you do find a reproducer, then based on the trace above I think the
> following should fix it:
> 
> diff --git a/src/frame.c b/src/frame.c
> index f6053fca3ef..ff9e1d24ea1 100644
> --- a/src/frame.c
> +++ b/src/frame.c
> @@ -2281,7 +2281,9 @@ delete_frame (Lisp_Object frame, Lisp_Object force)
>    delete_all_child_windows (f->root_window);
>    fset_root_window (f, Qnil);
>  
> +  block_input();
>    Vframe_list = Fdelq (frame, Vframe_list);
> +  unblock_input();
>    SET_FRAME_VISIBLE (f, 0);
>  
>    /* Allow the vector of menu bar contents to be freed in the next

Robert, I think you should install this on the master branch.

Thanks.
This bug report was last modified 183 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.