GNU bug report logs - #76559
31.0.50; [-O3 + PGTK] Crash when 'copying as kill'/'killing word'

Previous Next

Package: emacs;

Reported by: Iurie Marian <marian.iurie <at> gmail.com>

Date: Tue, 25 Feb 2025 17:34:01 UTC

Severity: normal

Merged with 76729

Found in version 31.0.50

Full log

Message #29 received at 76559 <at> debbugs.gnu.org (full text, mbox):

From: Pip Cet <pipcet <at> protonmail.com>
To: Iurie Marian <marian.iurie <at> gmail.com>
Cc: Michael Albinus <michael.albinus <at> gmx.de>, 76559 <at> debbugs.gnu.org
Subject: Re: bug#76559: 31.0.50;
 [-O3 + PGTK] Crash when 'copying as kill'/'killing word'
Date: Wed, 26 Feb 2025 17:08:40 +0000

"Iurie Marian" <marian.iurie <at> gmail.com> writes:

> Dear Maintainers,
>
> Emacs is crashing while copying-as-kill/killing-word, only when compiled
> with -O3 optimizations. I am using PGTK (see the configure command
> below). I did a git bisect, and it seems that the commit below is
> triggering the bug. To reproduce it just compile with -O3 and PGTK, then
> simply hit M-<backspace>.

Just for completeness, you're using lto as well as -O3, which seems more
likely to trigger this bug than Michael's change below.

And I can't reproduce it here.

Which precise compiler are you using?  gcc --version would be very
helpful here.

> (gdb) list
> 566       pushed = false;
> 567
> 568       if (!dpyinfo)
> 569         goto DONE;
> 570
> 571       local_selection_data = LOCAL_SELECTION (selection_symbol, dpyinfo);
> 572
> 573       /* Decline if we don't own any selections.  */
> 574       if (NILP (local_selection_data)) goto DONE;
> 575
>
> (gdb) fr 2
> #2  process_special_events () at
> /home/rce/.local/emacs/sources/src/keyboard.c:4570
> 4570              pgtk_handle_selection_event (&copy);
> (gdb) list
> 4565              input_pending = readable_events (0);
> 4566
> 4567    #ifdef HAVE_X11
> 4568              x_handle_selection_event (&copy);
> 4569    #else
> 4570              pgtk_handle_selection_event (&copy);
> 4571    #endif
> 4572    #elif defined HAVE_HAIKU
> 4573              if (event->ie.kind != SELECTION_CLEAR_EVENT)
> 4574                emacs_abort ();
> (gdb) info locals
> event = 0x555555957a40 <kbd_buffer+384>
> copy = {kind = SELECTION_REQUEST_EVENT, dpyinfo = 0x55cf0b00,

dypinfo looks like it was truncated to 32 bits.  Can you check that
0x555555cf0b00 is a valid dpyinfo structure?

The definition in question is:

struct selection_input_event
{
  ENUM_BF (event_kind) kind : EVENT_KIND_WIDTH;
  struct pgtk_display_info *dpyinfo;
  /* We spell it with an "o" here because X does.  */
  GdkWindow *requestor;
  GdkAtom selection, target, property;
  guint32 time;
};

Can you run "ptype/o struct selection_input_event" and "ptype/o struct
input_event" to see what might be going on?  "ptype/o union
buffered_input_event" would also be interesting, to see whether our
union trick might no longer be working.

Pip
This bug report was last modified 109 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.