GNU bug report logs -
#77230
31.0.50; 753b678db16 feature/igc crash, with full -O0 -ggdb -gg3 debug info.
Previous Next
Reported by: Eval Exec <execvy <at> gmail.com>
Date: Mon, 24 Mar 2025 04:27:02 UTC
Severity: normal
Found in version 31.0.50
Done: Pip Cet <pipcet <at> protonmail.com>
Bug is archived. No further changes may be made.
Full log
Message #8 received at 77230 <at> debbugs.gnu.org (full text, mbox):
"Eval Exec" <execvy <at> gmail.com> writes:
> Hello,
>
> I got a crash on feature/igc branch, This happen when I click a word on
> header-line. the header-line-format and gdb back trace is:
Thanks for the report!
> (gdb) bt full
> #0 0x00007f2c8369a88c in __pthread_kill_implementation () from /nix/store/maxa3xhmxggrc5v2vc0c3pjb79hjlkp9-glibc-2.40-66/lib/libc.so.6
> No symbol table info available.
> #1 0x00007f2c83648576 in raise () from /nix/store/maxa3xhmxggrc5v2vc0c3pjb79hjlkp9-glibc-2.40-66/lib/libc.so.6
> No symbol table info available.
> #2 0x000000000056efec in terminate_due_to_signal (sig=11, backtrace_limit=40) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/emacs.c:463
> No locals.
> #3 0x00000000005a3921 in handle_fatal_signal (sig=11) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1793
> No locals.
> #4 0x00000000005a38ec in deliver_thread_signal (sig=11, handler=0x5a3907 <handle_fatal_signal>) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1785
> old_errno = 11
> #5 0x00000000005a396a in deliver_fatal_thread_signal (sig=11) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1805
> No locals.
> #6 0x00000000005a3b1a in handle_sigsegv (sig=11, siginfo=0x969ab0 <sigsegv_stack+62672>, arg=0x969980 <sigsegv_stack+62368>) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/sysdep.c:1943
> fatal = false
> #7 <signal handler called>
> No symbol table info available.
> #8 0x00007f2c8364886b in kill () from /nix/store/maxa3xhmxggrc5v2vc0c3pjb79hjlkp9-glibc-2.40-66/lib/libc.so.6
> No symbol table info available.
> #9 0x000000000080ce49 in sigHandle ()
> No symbol table info available.
> #10 <signal handler called>
> No symbol table info available.
> #11 0x00000000006fe635 in header_tag (h=0x0) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/igc.c:658
> No locals.
> #12 0x00000000006fe6ad in igc_header_hash (h=0x0) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/igc.c:684
> No locals.
> #13 0x0000000000707464 in igc_hash (key=XIL(0x5)) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/igc.c:4099
> word = 5
> tag = 5
> client = 0x0
> h = 0x0
> #14 0x000000000065de12 in sxhash_obj (obj=XIL(0x7f2c1350a945), depth=2) at /home/exec/Projects/git.savannah.gnu.org/git/emacs/src/fns.c:6040
> bytepos = 0
> hash = 6599806
> buf = XIL(0x5)
> pvec_type = PVEC_MARKER
That's this code:
Lisp_Object buf;
XSETBUFFER (buf, XMARKER (obj)->buffer);
hash = igc_hash (buf);
which doesn't check for XMARKER (obj)->buffer == NULL, making
(sxhash (make-marker))
crash.
This patch should fix things, but I'll add a test before pushing it:
From cfcc3e8577cf9e8c237836ce6a7549c29c375100 Mon Sep 17 00:00:00 2001
From: Pip Cet <pipcet <at> protonmail.com>
Subject: [PATCH] [MPS] Don't crash when hashing a non-positioned marker
(bug#77230)
* src/fns.c (sxhash_obj): Return 0 if a marker has no buffer.
---
src/fns.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/fns.c b/src/fns.c
index 9d7066f4a90..7bf5761ef7b 100644
--- a/src/fns.c
+++ b/src/fns.c
@@ -6035,9 +6035,14 @@ sxhash_obj (Lisp_Object obj, int depth)
= XMARKER (obj)->buffer ? XMARKER (obj)->bytepos : 0;
EMACS_UINT hash;
#ifdef HAVE_MPS
- Lisp_Object buf;
- XSETBUFFER (buf, XMARKER (obj)->buffer);
- hash = igc_hash (buf);
+ if (XMARKER (obj)->buffer)
+ {
+ Lisp_Object buf;
+ XSETBUFFER (buf, XMARKER (obj)->buffer);
+ hash = igc_hash (buf);
+ }
+ else
+ hash = 0;
#else
hash = (intptr_t) XMARKER (obj)->buffer;
#endif
--
2.48.1
This bug report was last modified 55 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.