GNU bug report logs - #75481
31.0.50; Segfault on Windows 11 when using Easy Customization buffer

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 75481 in the body.
You can then email your comments to 75481 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Amir Rajan <ar <at> amirrajan.net>
To: bug-gnu-emacs <at> gnu.org
Subject: 31.0.50; Segfault on Windows 11 when using Easy Customization buffer
Date: Fri, 10 Jan 2025 13:39:34 -0600

[Message part 1 (text/plain, inline)]

In GNU Emacs 31.0.50 (build 1, x86_64-w64-mingw32) of 2025-01-10 built on
AMIRALIRAJA2ACF
Repository revision: 42a5ac3b513ff03c64c9609fc7e79c2b7932b2a4
Repository branch: master
System Description: M1 Mac Book Pro running Windows 11 VM using Parallels

Configured using:
 'configure --enable-checking --prefix=/c/emacs --without-dbus
 'CFLAGS=-ggdb3 -O0' LDFLAGS=-ggdb3'

Configured features:
ACL GIF GMP GNUTLS HARFBUZZ JPEG LCMS2 LIBXML2 MODULES NATIVE_COMP
NOTIFY W32NOTIFY PDUMPER PNG RSVG SOUND SQLITE3 THREADS TIFF
TOOLKIT_SCROLL_BARS TREE_SITTER WEBP XPM ZLIB

Important settings:
  value of $LC_CTYPE: en_US.UTF-8
  value of $LANG: ENU
  locale-coding-system: cp1252

Minimum repro:
  emacs -Q
  M-x customize-mode
  Type anything into search box
  Press Enter

Backtrace:
  addr2line -C -f -i -p -e ./src/emacs.exe < ./emacs_backtrace.txt
  ?? ??:0
  ?? ??:0
  ?? ??:0
  w32_backtrace at C:/other-projects/emacs/src/w32fns.c:11571
  emacs_abort at C:/other-projects/emacs/src/w32fns.c:11610
  terminate_due_to_signal at C:/other-projects/emacs/src/emacs.c:464
  handle_fatal_signal at C:/other-projects/emacs/src/sysdep.c:1799
  deliver_thread_signal at C:/other-projects/emacs/src/sysdep.c:1791
  deliver_fatal_thread_signal at C:/other-projects/emacs/src/sysdep.c:1811
  ?? ??:0
  ?? ??:0
  ?? ??:0
  ?? ??:0
  ?? ??:0
  rescale_for_division at C:/other-projects/emacs/src/floatfns.c:387
  rounding_driver at C:/other-projects/emacs/src/floatfns.c:442
  Ffloor at C:/other-projects/emacs/src/floatfns.c:536
  funcall_subr at C:/other-projects/emacs/src/eval.c:3152
  exec_byte_code at C:/other-projects/emacs/src/bytecode.c:813
  funcall_lambda at C:/other-projects/emacs/src/eval.c:3241
  funcall_general at C:/other-projects/emacs/src/eval.c:3033
  Ffuncall at C:/other-projects/emacs/src/eval.c:3082
  Fapply at C:/other-projects/emacs/src/eval.c:2754
  funcall_subr at C:/other-projects/emacs/src/eval.c:3173
  funcall_general at C:/other-projects/emacs/src/eval.c:3029
  Ffuncall at C:/other-projects/emacs/src/eval.c:3082
  ?? ??:0
  funcall_subr at C:/other-projects/emacs/src/eval.c:3150
  funcall_general at C:/other-projects/emacs/src/eval.c:3029
  Ffuncall at C:/other-projects/emacs/src/eval.c:3082
  timer_check_2 at C:/other-projects/emacs/src/keyboard.c:4804
  timer_check at C:/other-projects/emacs/src/keyboard.c:4869
  readable_events at C:/other-projects/emacs/src/keyboard.c:3601
  get_input_pending at C:/other-projects/emacs/src/keyboard.c:7872
  detect_input_pending_run_timers at
C:/other-projects/emacs/src/keyboard.c:11576
  wait_reading_process_output at C:/other-projects/emacs/src/process.c:5856
  sit_for at C:/other-projects/emacs/src/dispnew.c:6889
  read_char at C:/other-projects/emacs/src/keyboard.c:2925
  read_key_sequence at C:/other-projects/emacs/src/keyboard.c:10746
  command_loop_1 at C:/other-projects/emacs/src/keyboard.c:1424
  internal_condition_case at C:/other-projects/emacs/src/eval.c:1603
  command_loop_2 at C:/other-projects/emacs/src/keyboard.c:1163
  internal_catch at C:/other-projects/emacs/src/eval.c:1286
  command_loop at C:/other-projects/emacs/src/keyboard.c:1141
  recursive_edit_1 at C:/other-projects/emacs/src/keyboard.c:747
  Frecursive_edit at C:/other-projects/emacs/src/keyboard.c:830
  main at C:/other-projects/emacs/src/emacs.c:2635
  __tmainCRTStartup at C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:266
  mainCRTStartup at C:/M/B/src/mingw-w64/mingw-w64-crt/crt/crtexe.c:185
  __start at C:/other-projects/emacs/src/w32proc.c:158
  ?? ??:0
  ?? ??:0
  ?? ??:0

Notes:
Updating the rounding_driver function in ./src/floatfns.c from Emacs 26
resolved the issue.

diff --git a/src/floatfns.c b/src/floatfns.c
index 4492815c765..26c2e15da05 100644
--- a/src/floatfns.c
+++ b/src/floatfns.c
@@ -400,48 +400,79 @@ rescale_for_division (Lisp_Object n, mpz_t *t, int
nscale, int dscale)

 /* the rounding functions  */

+static bool
+integer_value (Lisp_Object a)
+{
+  if (FLOATP (a))
+    {
+      double d = XFLOAT_DATA (a);
+      return d == floor (d) && isfinite (d);
+    }
+  return true;
+}
+
 static Lisp_Object
-rounding_driver (Lisp_Object n, Lisp_Object d,
+rounding_driver (Lisp_Object arg, Lisp_Object divisor,
  double (*double_round) (double),
  void (*int_divide) (mpz_t, mpz_t const, mpz_t const),
  EMACS_INT (*fixnum_divide) (EMACS_INT, EMACS_INT))
 {
-  CHECK_NUMBER (n);
+  CHECK_NUMBER (arg);

-  if (NILP (d))
-    return FLOATP (n) ? double_to_integer (double_round (XFLOAT_DATA (n)))
: n;
-
-  CHECK_NUMBER (d);
-
-  int dscale = 0;
-  if (FIXNUMP (d))
+  double d;
+  if (NILP (divisor))
     {
-      if (XFIXNUM (d) == 0)
- xsignal0 (Qarith_error);
-
-      /* Divide fixnum by fixnum specially, for speed.  */
-      if (FIXNUMP (n))
- return make_int (fixnum_divide (XFIXNUM (n), XFIXNUM (d)));
+      if (! FLOATP (arg))
+ return arg;
+      d = XFLOAT_DATA (arg);
     }
-  else if (FLOATP (d))
+  else
     {
-      if (XFLOAT_DATA (d) == 0)
- xsignal0 (Qarith_error);
-      dscale = double_integer_scale (XFLOAT_DATA (d));
-    }
+      CHECK_NUMBER (divisor);
+      if (integer_value (arg) && integer_value (divisor))
+ {
+  /* Divide as integers.  Converting to double might lose
+     info, even for fixnums; also see the FIXME below.  */

-  int nscale = FLOATP (n) ? double_integer_scale (XFLOAT_DATA (n)) : 0;
+  if (FLOATP (arg))
+    arg = double_to_integer (XFLOAT_DATA (arg));
+  if (FLOATP (divisor))
+    divisor = double_to_integer (XFLOAT_DATA (divisor));

-  /* If the numerator is finite and the denominator infinite, the
-     quotient is zero and there is no need to try the impossible task
-     of rescaling the denominator.  */
-  if (dscale == DBL_MANT_DIG - DBL_MIN_EXP + 1 && nscale < dscale)
-    return make_fixnum (0);
+  if (FIXNUMP (divisor))
+    {
+      if (XFIXNUM (divisor) == 0)
+ xsignal0 (Qarith_error);
+      if (FIXNUMP (arg))
+ return make_int (fixnum_divide (XFIXNUM (arg),
+ XFIXNUM (divisor)));
+    }
+  int_divide (mpz[0],
+      ,*bignum_integer (&mpz[0], arg),
+      ,*bignum_integer (&mpz[1], divisor));
+  return make_integer_mpz ();
+ }

-  int_divide (mpz[0],
-      *rescale_for_division (n, &mpz[0], nscale, dscale),
-      *rescale_for_division (d, &mpz[1], dscale, nscale));
-  return make_integer_mpz ();
+      double f1 = XFLOATINT (arg);
+      double f2 = XFLOATINT (divisor);
+      if (! IEEE_FLOATING_POINT && f2 == 0)
+ xsignal0 (Qarith_error);
+      /* FIXME: This division rounds, so the result is double-rounded.  */
+      d = f1 / f2;
+    }
+
+  /* Round, coarsely test for fixnum overflow before converting to
+     EMACS_INT (to avoid undefined C behavior), and then exactly test
+     for overflow after converting (as FIXNUM_OVERFLOW_P is inaccurate
+     on floats).  */
+  double dr = double_round (d);
+  if (fabs (dr) < 2 * (MOST_POSITIVE_FIXNUM + 1))
+    {
+      EMACS_INT ir = dr;
+      if (! FIXNUM_OVERFLOW_P (ir))
+ return make_fixnum (ir);
+    }
+  return double_to_integer (dr);
 }

 static EMACS_INT

[Message part 2 (text/html, inline)]

Message #8 received at 75481 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Amir Rajan <ar <at> amirrajan.net>
Cc: 75481 <at> debbugs.gnu.org
Subject: Re: bug#75481: 31.0.50;
 Segfault on Windows 11 when using Easy Customization buffer
Date: Sat, 11 Jan 2025 09:51:41 +0200

> From: Amir Rajan <ar <at> amirrajan.net>
> Date: Fri, 10 Jan 2025 13:39:34 -0600
> 
> Minimum repro:
>   emacs -Q
>   M-x customize-mode
>   Type anything into search box
>   Press Enter

When I type "M-x customize-mode" after launching "emacs -Q", Emacs
prompts me for mode.  What should I type at that prompt?  Because I
cannot see any search box unless I specify some mode.

IOW, could you please make the reproducible recipe complete with all
the details?

> Updating the rounding_driver function in ./src/floatfns.c from Emacs 26 resolved the issue.

You mean, you reverted the changes in rounding_driver that were made
since Emacs 26?

Thanks.

Message #11 received at 75481 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Amir Rajan <ar <at> amirrajan.net>
Cc: 75481 <at> debbugs.gnu.org
Subject: Re: bug#75481: 31.0.50; Segfault on Windows 11 when using Easy
 Customization buffer
Date: Sat, 11 Jan 2025 10:24:00 +0200

[Please use Reply All to reply, to keep the bug tracker CC'ed.]

> From: Amir Rajan <ar <at> amirrajan.net>
> Date: Sat, 11 Jan 2025 01:52:43 -0600
> 
> You can provide any mode to get to the customization box

I tried text-mode and emacs-lisp-mode, but I don't get any crash.

By "search box" do you mean the one after the first 3 lines in the
*Customize Group: Text* buffer, the one which says "Search" on the
right?  If so, what did you type there?

Alternatively, can run Emacs under GDB, and when it crashes, show the
arguments to 'floor'?  (Let me know if you need instructions for how
to do that in GDB.)

Message #14 received at 75481 <at> debbugs.gnu.org (full text, mbox):

From: Amir Rajan <ar <at> amirrajan.net>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 75481 <at> debbugs.gnu.org
Subject: Re: bug#75481: 31.0.50; Segfault on Windows 11 when using Easy
 Customization buffer
Date: Sat, 11 Jan 2025 02:26:06 -0600

[Message part 1 (text/plain, inline)]

Typing anything into the search box causes the crash for me. I’ll get you
the values of the parameters soon!


* Amir Rajan
** PS
I welcome VSRE emails. Learn more at http://vsre.info/.
** PPS
I reply to every legitimate email I get. So, if you don't hear from me
within a week. Email me again since there's a high chance that the email
got lost in my inbox.


On Sat, Jan 11, 2025 at 2:24 AM Eli Zaretskii <eliz <at> gnu.org> wrote:

> [Please use Reply All to reply, to keep the bug tracker CC'ed.]
>
> > From: Amir Rajan <ar <at> amirrajan.net>
> > Date: Sat, 11 Jan 2025 01:52:43 -0600
> >
> > You can provide any mode to get to the customization box
>
> I tried text-mode and emacs-lisp-mode, but I don't get any crash.
>
> By "search box" do you mean the one after the first 3 lines in the
> *Customize Group: Text* buffer, the one which says "Search" on the
> right?  If so, what did you type there?
>
> Alternatively, can run Emacs under GDB, and when it crashes, show the
> arguments to 'floor'?  (Let me know if you need instructions for how
> to do that in GDB.)
>

[Message part 2 (text/html, inline)]

Message #17 received at 75481 <at> debbugs.gnu.org (full text, mbox):

From: Amir Rajan <ar <at> amirrajan.net>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 75481 <at> debbugs.gnu.org
Subject: Re: bug#75481: 31.0.50; Segfault on Windows 11 when using Easy
 Customization buffer
Date: Sat, 11 Jan 2025 03:19:43 -0600

[Message part 1 (text/plain, inline)]

It may be worth establishing a baseline. Try the following and see if you
get a segfault:

  1. Download and install
https://mirrors.ibiblio.org/gnu/emacs/windows/emacs-29/emacs-29.4-installer.exe
  2. After installation, use Windows Explorer/Start Button to run Emacs (do
not run via MSYS terminal).
  3. M-x customize-group, and then choose any group to get to the "Easy
Customization" screen.
  4. Place cursor in the search field:

     For help using this buffer, see [Easy Customization] in the [Emacs
manual].

     [                                      ]  [ Search ]
      ^
      +---------- place within search area

  5. Type any group name to customize. I typed "default" for the group and
pressed enter.
  6. The segfault should occur right after pressing enter.

If this doesn't segfault for you, then it may be something specifically
related to running Emacs within a Windows 11 VM via Parallels on an M1
MacBook Pro (ARM64).

On Sat, Jan 11, 2025 at 2:26 AM Amir Rajan <ar <at> amirrajan.net> wrote:

> Typing anything into the search box causes the crash for me. I’ll get you
> the values of the parameters soon!
>
>
> * Amir Rajan
> ** PS
> I welcome VSRE emails. Learn more at http://vsre.info/.
> ** PPS
> I reply to every legitimate email I get. So, if you don't hear from me
> within a week. Email me again since there's a high chance that the email
> got lost in my inbox.
>
>
> On Sat, Jan 11, 2025 at 2:24 AM Eli Zaretskii <eliz <at> gnu.org> wrote:
>
>> [Please use Reply All to reply, to keep the bug tracker CC'ed.]
>>
>> > From: Amir Rajan <ar <at> amirrajan.net>
>> > Date: Sat, 11 Jan 2025 01:52:43 -0600
>> >
>> > You can provide any mode to get to the customization box
>>
>> I tried text-mode and emacs-lisp-mode, but I don't get any crash.
>>
>> By "search box" do you mean the one after the first 3 lines in the
>> *Customize Group: Text* buffer, the one which says "Search" on the
>> right?  If so, what did you type there?
>>
>> Alternatively, can run Emacs under GDB, and when it crashes, show the
>> arguments to 'floor'?  (Let me know if you need instructions for how
>> to do that in GDB.)
>>
>

[Message part 2 (text/html, inline)]

Message #20 received at 75481 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Amir Rajan <ar <at> amirrajan.net>, Corwin Brust <corwin <at> bru.st>
Cc: 75481 <at> debbugs.gnu.org
Subject: Re: bug#75481: 31.0.50; Segfault on Windows 11 when using Easy
 Customization buffer
Date: Sat, 11 Jan 2025 11:20:39 +0200

> From: Amir Rajan <ar <at> amirrajan.net>
> Date: Sat, 11 Jan 2025 02:26:06 -0600
> Cc: 75481 <at> debbugs.gnu.org
> 
> Typing anything into the search box causes the crash for me.

Then I cannot reproduce this here.

> I’ll get you the values of the parameters soon!

Thank you.

Given that the problem goes away for you if you completely remove the
calls to functions from the GMP library, my guess so far would be that
this is some bug in the version of GMP you are using.

Can someone else who uses a 64-bit build of Emacs 31 on Windows
reproduce this?  If so, what version of GMP is being used?

Message #23 received at 75481 <at> debbugs.gnu.org (full text, mbox):

From: Amir Rajan <ar <at> amirrajan.net>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 75481 <at> debbugs.gnu.org, Corwin Brust <corwin <at> bru.st>
Subject: Re: bug#75481: 31.0.50; Segfault on Windows 11 when using Easy
 Customization buffer
Date: Sat, 11 Jan 2025 03:36:43 -0600

[Message part 1 (text/plain, inline)]

I do think it is related to GMP. When I stepped through the code via GDB,
the segfault occurs when mpz_set_d is invoked. It didn't step into the
function call/segfaulted on the invocation.


* Amir Rajan
** PS
I welcome VSRE emails. Learn more at http://vsre.info/.
** PPS
I reply to every legitimate email I get. So, if you don't hear from me
within a week. Email me again since there's a high chance that the email
got lost in my inbox.


On Sat, Jan 11, 2025 at 3:20 AM Eli Zaretskii <eliz <at> gnu.org> wrote:

> > From: Amir Rajan <ar <at> amirrajan.net>
> > Date: Sat, 11 Jan 2025 02:26:06 -0600
> > Cc: 75481 <at> debbugs.gnu.org
> >
> > Typing anything into the search box causes the crash for me.
>
> Then I cannot reproduce this here.
>
> > I’ll get you the values of the parameters soon!
>
> Thank you.
>
> Given that the problem goes away for you if you completely remove the
> calls to functions from the GMP library, my guess so far would be that
> this is some bug in the version of GMP you are using.
>
> Can someone else who uses a 64-bit build of Emacs 31 on Windows
> reproduce this?  If so, what version of GMP is being used?
>

[Message part 2 (text/html, inline)]

Message #26 received at 75481 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Amir Rajan <ar <at> amirrajan.net>
Cc: 75481 <at> debbugs.gnu.org, corwin <at> bru.st
Subject: Re: bug#75481: 31.0.50; Segfault on Windows 11 when using Easy
 Customization buffer
Date: Sat, 11 Jan 2025 11:45:08 +0200

> From: Amir Rajan <ar <at> amirrajan.net>
> Date: Sat, 11 Jan 2025 03:36:43 -0600
> Cc: Corwin Brust <corwin <at> bru.st>, 75481 <at> debbugs.gnu.org
> 
> I do think it is related to GMP. When I stepped through the code via GDB, the segfault occurs when
> mpz_set_d is invoked. It didn't step into the function call/segfaulted on the invocation.

OK.  So can you show the arguments with which rescale_for_division is
called when the call to mpz_set_d crashes?

Message #29 received at 75481 <at> debbugs.gnu.org (full text, mbox):

From: Cecilio Pardo <cpardo <at> imayhem.com>
To: Eli Zaretskii <eliz <at> gnu.org>, Amir Rajan <ar <at> amirrajan.net>,
 Corwin Brust <corwin <at> bru.st>
Cc: 75481 <at> debbugs.gnu.org
Subject: Re: bug#75481: 31.0.50; Segfault on Windows 11 when using Easy
 Customization buffer
Date: Sat, 11 Jan 2025 20:10:31 +0100

> Can someone else who uses a 64-bit build of Emacs 31 on Windows
> reproduce this?  If so, what version of GMP is being used?

Can't reproduce, tried 31 and 29.4.

Message #32 received at 75481 <at> debbugs.gnu.org (full text, mbox):

From: Cecilio Pardo <cpardo <at> imayhem.com>
To: Eli Zaretskii <eliz <at> gnu.org>, Amir Rajan <ar <at> amirrajan.net>,
 Corwin Brust <corwin <at> bru.st>
Cc: 75481 <at> debbugs.gnu.org
Subject: Re: bug#75481: 31.0.50; Segfault on Windows 11 when using Easy
 Customization buffer
Date: Sat, 11 Jan 2025 20:53:24 +0100

> Given that the problem goes away for you if you completely remove the
> calls to functions from the GMP library, my guess so far would be that
> this is some bug in the version of GMP you are using.

Maybe you can check that emacs is actually loading the libgmp10.dll that 
comes with the package, and not one located somewhere else. You can use 
a tool such as sysinternals' listdlls64.exe, which is not free but can 
be considered a part of mswindows.

Message #35 received at 75481 <at> debbugs.gnu.org (full text, mbox):

From: Corwin Brust <corwin <at> bru.st>
To: Cecilio Pardo <cpardo <at> imayhem.com>
Cc: Amir Rajan <ar <at> amirrajan.net>, Eli Zaretskii <eliz <at> gnu.org>,
 75481 <at> debbugs.gnu.org
Subject: Re: bug#75481: 31.0.50; Segfault on Windows 11 when using Easy
 Customization buffer
Date: Sun, 12 Jan 2025 11:22:42 -0600

On Sat, Jan 11, 2025 at 1:10 PM Cecilio Pardo <cpardo <at> imayhem.com> wrote:
>
> > Can someone else who uses a 64-bit build of Emacs 31 on Windows
> > reproduce this?  If so, what version of GMP is being used?
>
> Can't reproduce, tried 31 and 29.4.
>
>

Nor have I (although I tried recent builds of emacs-30 and the master branch).

Message #38 received at 75481 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Corwin Brust <corwin <at> bru.st>
Cc: ar <at> amirrajan.net, cpardo <at> imayhem.com, 75481 <at> debbugs.gnu.org
Subject: Re: bug#75481: 31.0.50; Segfault on Windows 11 when using Easy
 Customization buffer
Date: Sat, 18 Jan 2025 12:18:30 +0200

tags 75481 unreproducible
close 75481
thanks

> From: Corwin Brust <corwin <at> bru.st>
> Date: Sun, 12 Jan 2025 11:22:42 -0600
> Cc: Eli Zaretskii <eliz <at> gnu.org>, Amir Rajan <ar <at> amirrajan.net>, 75481 <at> debbugs.gnu.org
> 
> On Sat, Jan 11, 2025 at 1:10 PM Cecilio Pardo <cpardo <at> imayhem.com> wrote:
> >
> > > Can someone else who uses a 64-bit build of Emacs 31 on Windows
> > > reproduce this?  If so, what version of GMP is being used?
> >
> > Can't reproduce, tried 31 and 29.4.
> >
> >
> 
> Nor have I (although I tried recent builds of emacs-30 and the master branch).

Thanks, so I presume this is due to some botched installation of GMP,
and I'm therefore closing this bug as not reproducible.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.