GNU bug report logs - #76847
31.0.50; feature/igc: Breakpoint 1, terminate_due_to_signal (sig=sig@entry=11, backtrace_limit=backtrace_limit@entry=40) at ./src/emacs.c:425

Previous Next

Package: emacs;

Reported by: Gregor Zattler <telegraph <at> gmx.net>

Date: Fri, 7 Mar 2025 22:48:02 UTC

Severity: normal

Found in version 31.0.50

Done: Pip Cet <pipcet <at> protonmail.com>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 76847 <at> debbugs.gnu.org (full text, mbox):

From: Pip Cet <pipcet <at> protonmail.com>
To: 76847 <at> debbugs.gnu.org, Gregor Zattler <telegraph <at> gmx.net>
Subject: Re: bug#76847: 31.0.50;
 feature/igc: Breakpoint 1, terminate_due_to_signal (sig=sig <at> entry=11,
 backtrace_limit=backtrace_limit <at> entry=40) at ./src/emacs.c:425
Date: Sat, 08 Mar 2025 09:58:41 +0000

"Gregor Zattler via \"Bug reports for GNU Emacs, the Swiss army knife of text editors\"" <bug-gnu-emacs <at> gnu.org> writes:

> Dear Emacs developers, I just typed into
> an email reply when Emacs stopped
> working.

Thanks for the report! Just to confirm, you're using
https://www.emacswiki.org/emacs/download/key-chord.el ?

I believe this is due to the very strange memory management in
current_minor_maps.  This should have prevented the crash, but I can't
properly test it right now.  It also changes behavior when running out
of memory, but I don't think that's a real issue with MPS.

diff --git a/src/keymap.c b/src/keymap.c
index bc731c54ef0..43979bed905 100644
--- a/src/keymap.c
+++ b/src/keymap.c
@@ -53,6 +53,7 @@
 #include "intervals.h"
 #include "keymap.h"
 #include "window.h"
+#include "igc.h"
 
 /* Actually allocate storage for these variables.  */
 
@@ -1588,26 +1589,42 @@ current_minor_maps (Lisp_Object **modeptr, Lisp_Object **mapptr)
 		/* Use malloc here.  See the comment above this function.
 		   Avoid realloc here; it causes spurious traps on GNU/Linux [KFS] */
 		block_input ();
+#ifdef HAVE_MPS
+		newmodes = igc_xzalloc_ambig (allocsize);
+#else
 		newmodes = malloc (allocsize);
+#endif
 		if (newmodes)
 		  {
 		    if (cmm_modes)
 		      {
 			memcpy (newmodes, cmm_modes,
 				cmm_size * sizeof cmm_modes[0]);
+#ifdef HAVE_MPS
+			igc_xfree (cmm_modes);
+#else
 			free (cmm_modes);
+#endif
 		      }
 		    cmm_modes = newmodes;
 		  }
 
+#ifdef HAVE_MPS
+		newmaps = igc_xzalloc_ambig (allocsize);
+#else
 		newmaps = malloc (allocsize);
+#endif
 		if (newmaps)
 		  {
 		    if (cmm_maps)
 		      {
 			memcpy (newmaps, cmm_maps,
 				cmm_size * sizeof cmm_maps[0]);
+#ifdef HAVE_MPS
+			igc_xfree (cmm_maps);
+#else
 			free (cmm_maps);
+#endif
 		      }
 		    cmm_maps = newmaps;
 		  }


Thanks again!

Pip
This bug report was last modified 147 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.