From unknown Mon Jun 23 11:25:19 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#77478 <77478@debbugs.gnu.org> To: bug#77478 <77478@debbugs.gnu.org> Subject: Status: Fixes a crash in the Haiku font driver for daemon mode Reply-To: bug#77478 <77478@debbugs.gnu.org> Date: Mon, 23 Jun 2025 18:25:19 +0000 retitle 77478 Fixes a crash in the Haiku font driver for daemon mode reassign 77478 emacs submitter 77478 Kyle Ambroff-Kao severity 77478 normal tag 77478 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 03 02:55:52 2025 Received: (at submit) by debbugs.gnu.org; 3 Apr 2025 06:55:52 +0000 Received: from localhost ([127.0.0.1]:60637 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u0EUR-0005F8-80 for submit@debbugs.gnu.org; Thu, 03 Apr 2025 02:55:52 -0400 Received: from lists.gnu.org ([2001:470:142::17]:51366) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u0E9V-00049q-N2 for submit@debbugs.gnu.org; Thu, 03 Apr 2025 02:34:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u0E9J-0006lg-8F for bug-gnu-emacs@gnu.org; Thu, 03 Apr 2025 02:34:02 -0400 Received: from fout-a2-smtp.messagingengine.com ([103.168.172.145]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u0E9G-0008Su-VH for bug-gnu-emacs@gnu.org; Thu, 03 Apr 2025 02:34:01 -0400 Received: from phl-compute-05.internal (phl-compute-05.phl.internal [10.202.2.45]) by mailfout.phl.internal (Postfix) with ESMTP id 1E3C413801AB; Thu, 3 Apr 2025 02:33:56 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-05.internal (MEProxy); Thu, 03 Apr 2025 02:33:56 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ambroffkao.com; h=cc:cc:content-type:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to; s=fm3; t=1743662036; x=1743748436; bh=lVhTGT63UYM/6E2nNhNFX XHnXEWHja8xzNelD0FaGxE=; b=enm1e1zG52ywVF2K/D2/cM2s7QMQwJKjg1tm9 vdHT34szhPsPWrNsGFKt4fmRk8RZryAopKUZBnYnKO6jZj2mJ4/wdckSYZ3XY7ip bluVq7V4okrFu9dJ9ilv8+tvLIaGoeWXGmMYBi0vS1cMbdjCYduzBMJnGkCic7P/ MNjb8COPV3P1q6lP9TkrhwENKILaYYnafAWQMTvsmfesmyJ8gXqsmz/rqv3kyug9 Q5h4BRVdFRIkfHgHxgh3mZGduDbuSVMNZqZC9hUuI/Itr4IoRySpL3epp8pFLLrR SrAqQA2uolujMTTrByUkJ3IX6bVLNammWo93QjyfsqrBZ/WUQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1743662036; x= 1743748436; bh=lVhTGT63UYM/6E2nNhNFXXHnXEWHja8xzNelD0FaGxE=; b=v G2yY+FH7jRthGO6jZXMhzHFjgA0IOsT7GbkmbUVqBhZjKNSBMKYq28LiG9tl1Ud/ vvudP97lvdo1B6Y+de+kLXh/8o8VqLZM0BqnEFTvGkX/NhV3NnmWplZyC5X84KWC SeI0b5k6VwHbUK/V8Yuz6aXQ5ie3qmDMcg4jzAX1LLJJkmLBWvEFwMqdAhXm4oXK A7fHfe2hIxnRzXLMqD6RhwPOv1z5w8LXz8aV+fuScU860abF7BYs6SHWrrC236L0 jihDd48Uhbz80It5wTraW43GHCeMivl+4pXpUn+u+e2a5Vk0xaNq/WAVSf12kKYW GfkbYAFvKB81PS8/DSoPw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddukeejkeeiucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefhvf evufffkfggtgesmhdtreertddttdenucfhrhhomhepmfihlhgvucetmhgsrhhofhhfqdfm rghouceokhihlhgvsegrmhgsrhhofhhfkhgrohdrtghomheqnecuggftrfgrthhtvghrnh epffehleehheehffdvvefgledugeeijeetheffheeifefhveeiffdvueegueehfeeinecu vehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepkhihlhgvse grmhgsrhhofhhfkhgrohdrtghomhdpnhgspghrtghpthhtohepvddpmhhouggvpehsmhht phhouhhtpdhrtghpthhtohepkhihlhgvsegrmhgsrhhofhhfkhgrohdrtghomhdprhgtph htthhopegsuhhgqdhgnhhuqdgvmhgrtghssehgnhhurdhorhhg X-ME-Proxy: Feedback-ID: id7114994:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 3 Apr 2025 02:33:55 -0400 (EDT) From: Kyle Ambroff-Kao To: bug-gnu-emacs@gnu.org Subject: Fixes a crash in the Haiku font driver for daemon mode Date: Wed, 02 Apr 2025 23:33:54 -0700 Message-ID: <86cydtg3e5.fsf@bigwrk.mail-host-address-is-not-set> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" Received-SPF: pass client-ip=103.168.172.145; envelope-from=kyle@ambroffkao.com; helo=fout-a2-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.7 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Thu, 03 Apr 2025 02:55:50 -0400 Cc: Kyle Ambroff-Kao X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.3 (/) --=-=-= Content-Type: text/plain Tags: patch Fix use-after-free bug in the Haiku font driver * src/haikufont.c: Set objects freed with haikufont_close to NULL so they will not be reused, which seems to happen in daemon mode when all frames have been closed and fonts are garbage collected. In GNU Emacs 30.1 (build 2, amd64-portbld-freebsd15.0, GTK+ Version 3.24.48, cairo version 1.18.2) System Description: 15.0-CURRENT Configured using: 'configure --disable-build-details --localstatedir=/var --without-gconf --without-libsystemd --without-selinux --with-x --enable-acl --with-cairo --with-dbus --with-gif --with-gnutls --with-gsettings --with-x-toolkit=gtk3 --with-harfbuzz --with-jpeg --with-file-notification=kqueue --with-lcms2 --without-m17n-flt --without-imagemagick --with-mailutils --with-modules --with-native-compilation=aot --with-sound=oss --without-libotf --without-pgtk --with-png --with-toolkit-scroll-bars --with-sqlite3 --with-rsvg --with-threads --with-tiff --with-tree-sitter --with-webp --without-xft --with-xim --with-xml2 --with-xpm --without-xwidgets --x-libraries=/usr/local/lib --x-includes=/usr/local/include --prefix=/usr/local --mandir=/usr/local/share/man --disable-silent-rules --infodir=/usr/local/share/emacs/info/ --build=amd64-portbld-freebsd15.0 'CFLAGS=-O2 -pipe -fstack-protector-strong -Wl,-rpath=/usr/local/lib/gcc13 -isystem /usr/local/include -fno-strict-aliasing ' 'CPPFLAGS=-isystem /usr/local/include' 'LDFLAGS= -fstack-protector-strong -Wl,-rpath=/usr/local/lib/gcc13 -L/usr/local/lib/gcc13 -L/usr/local/lib '' --=-=-= Content-Type: text/patch Content-Disposition: attachment; filename=haiku-font-double-free.diff commit 05846e17841fce3dbbb8e15fe11d38fe44b3e5e5 Author: Kyle Ambroff-Kao Date: Wed Apr 2 22:34:26 2025 -0700 Fix use-after-free bug in the Haiku font driver This fixes a bug in Emacs daemon mode on Haiku. To reproduce: 1. Start emacs with "emacs --daemon" 2. Create a new frame with "emacsclient -c" and then close it. 3. Create a new frame with "emacsclient -c" Step 3 will cause the Emacs daemon to crash. KERN: debug_server: Thread 3616 entered the debugger: Debugger call: `tried to free 0xb960bc9fd0 which points at page 232 which is not an allocation first page' The backtrace from Emacs: heap_free(void*) + 0x35 BFont_close + 0x4d haikufont_close(font*) + 0x29 (/Code/emacs/src/haikufont.c:893) sweep_vectors(void) + 0x1af (/Code/emacs/src/alloc.c:3242) garbage_collect(void) + 0x7b3 (/Code/emacs/src/alloc.c:7247) Ffuncall(ptrdiff_t, Lisp_Object*) + 0x194 (/Code/emacs/src/eval.c:3084) internal_condition_case_n(*, ptrdiff_t, Lisp_Object*, Lisp_Object, *) + 0x6c (/Code/emacs/src/eval.c:1699) safe_funcall(ptrdiff_t, Lisp_Object*) + 0x50 (/Code/emacs/src/eval.c:3114) map_keymap_canonical(Lisp_Object,map_keymap_function_t,Lisp_Object,void*) + 0x2b (/Code/emacs/src/keymap.c:608) ... It appears that the BFont has already been closed. I think that the driver is holding on to the pointer to the freed BFont (into->be_font). This patch addresses this by setting be_font to NULL so that this pointer will not be freed again. The same thing applies to info->metrics and info->glyphs, since just making this change to be_font wasn't enough to avoid crashes. With this patch I can open and close as many frames as I want without crashing. I don't totally understand the interactions here, and I see there are similar bugs in other font drivers with different workarounds. For example, in https://debbugs.gnu.org/cgi/bugreport.cgi?bug=16069 which I found from xfont.c:xfont_close, it seems like there is an attempt to just not free the fonts when GC is invoked. I think the solution in this patch seems a little simpler, but possibly means that the fonts are initialized every time the frame count goes from 0 to 1 or more instead of just once for the life of the daemon. diff --git a/src/haikufont.c b/src/haikufont.c index 7522b92207fa..72dfcc4aa3bf 100644 --- a/src/haikufont.c +++ b/src/haikufont.c @@ -890,25 +890,45 @@ haikufont_close (struct font *font) return; block_input (); - if (info && info->be_font) - BFont_close (info->be_font); - for (i = 0; i < info->metrics_nrows; i++) + if (info) { - if (info->metrics[i]) - xfree (info->metrics[i]); + if (info->be_font) + { + BFont_close (info->be_font); + info->be_font = NULL; + } + + if (info->metrics) + { + for (i = 0; i < info->metrics_nrows; i++) + { + if (info->metrics[i]) + { + xfree (info->metrics[i]); + info->metrics[i] = NULL; + } + } + + xfree (info->metrics); + info->metrics = NULL; + } + + if (info->glyphs) + { + for (i = 0; i < 0x100; ++i) + { + if (info->glyphs[i]) + { + xfree (info->glyphs[i]); + } + } + + xfree (info->glyphs); + info->glyphs = NULL; + } } - if (info->metrics) - xfree (info->metrics); - - for (i = 0; i < 0x100; ++i) - { - if (info->glyphs[i]) - xfree (info->glyphs[i]); - } - - xfree (info->glyphs); unblock_input (); } --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 03 04:03:25 2025 Received: (at control) by debbugs.gnu.org; 3 Apr 2025 08:03:25 +0000 Received: from localhost ([127.0.0.1]:60858 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u0FXo-0002tp-RU for submit@debbugs.gnu.org; Thu, 03 Apr 2025 04:03:25 -0400 Received: from mout.gmx.net ([212.227.17.22]:50609) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u0FXl-0002tP-Q6 for control@debbugs.gnu.org; Thu, 03 Apr 2025 04:03:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de; s=s31663417; t=1743667395; x=1744272195; i=michael.albinus@gmx.de; bh=ZaIz0LkljadE1ltGhJKWlBUPr5wSHpaNMP1xY0AbUMo=; h=X-UI-Sender-Class:Date:Message-Id:To:From:Subject:cc: content-transfer-encoding:content-type:date:from:message-id: mime-version:reply-to:subject:to; b=RkpAuA2PufX+Bfy0C3HlF62VDaI/g32d4yzI3yJ68bHKWCFxeFVj8U3e0BlzN+Fq QBZl1iHU7Lsll731eXOm0zR9JeWHMXa7VUSk6KOq0T15tJyzIshsXu2Ax/uzwk2m+ yTlQ8iOPf98MEVH1SDGF0pQxA7S5DzrWRksbbfRpzvXVCEYf45BhaY8dN/xQ8Y0Ar k+lFgmg3tFcN6igYO3xgmxdayJnQclzcswbgCI4gpRbriGblHLSLFVPedNESA/sBw XcQkYtbkxQXF6mlnuHL3QVIbq8m3Fr6pQIf4RsmyaC2CaFUeXo95U25+icC/lwhFV kSEYyW1elMmXeLPR/g== X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a Received: from gandalf.gmx.de ([185.89.37.59]) by mail.gmx.net (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1N17YY-1sy17I3yry-010MM8 for ; Thu, 03 Apr 2025 10:03:15 +0200 Date: Thu, 03 Apr 2025 10:03:14 +0200 Message-Id: <87bjtd7jul.fsf@gmx.de> To: control@debbugs.gnu.org From: Michael Albinus Subject: control message for bug #77478 X-Provags-ID: V03:K1:qXf+URE5KNAXziDhc99lhNwJP8bkLztie/8djX6DeTfLntRcCSn Npw7qIbZhk0AcQl3skp0c+9jEHpQ/1TG0USRC7XN3gAMhlk4fLYtXI4mRr/ZH4ZO2F2elWC QYW/V2bGSTJZ/zZfoB/Aj67pMLhBW+U0Jb3fFABePJFWpeB8psu2QLHqXx0Z8UlpN5XoQc6 SEuDZ1r4bqpqsdZlae3zQ== X-Spam-Flag: NO UI-OutboundReport: notjunk:1;M01:P0:KzJFP0VACWQ=;ZBuW3jm6a/hDbfrb0IGJF2RQfIR ew3XfqOOQxLpzM607BXxSDuowrTJL0aGTIPXsXheoO4i4wriOktZhTdIwphrl/XGm+OfSNddq 1b7JJVakxYR3ONwBs8t/y7BZlhkuvpPh0EXIO5HWhL4iC9frE2S42bptv17yMJ4gOHJnBSKMB VKKe+AgU/RXffQsufFM/B/lkDrlfMsCFsmBN4pRQDEGGlcvYSEAvL9tAj5gX2ADAjhSVgMJuL byWDb6tEGFcR/MtUmpSMmsWpjk3JH9/xhw7fddim+InYk0Mk5LAmdD/7acmm5+TwPbiI5kyqg ftLNDC/B+/O7A9fervLfWf4OzAWAnEGZQikRGj+pCJM3ZUomBWGcZW4xInstg9efswqWUZCbY YiYjrCzGCufjMcRxbgVU6DtXokx5ISB/vZ5Y5NteAogzFy+Gr3yprmqEeTAPjyCNFhCJWLZO+ H48As32A8SBajs7jYXU0vx0ZpRBve1T8DCb1AZN28HZ7f1Lvrpo6dSzIjGBrmE/t0wrz8FBTe 84s28TNW6y0iN/OAs5thkjuzcJ0bp1Km1YnUOtbNy1YiuP3jIwFH7vd7dxYM/mQZan+oaGRJp t7nnwKM3aXftg88n2/xUOu4NVr+2B8uUMAgDrs+YzYp0QacpnAWA9p5nna+wkv/LJEH4O1WMa H9XLq1tZ2qiWrlt0+ayFwSpJcI9ySwOV06Sc6/OdwBU78ALgpsoYWVr8y4KxtTVXRzI1n76if 5l3FZiJHUeZCG2bERI3+G9RwNb24+h2rkV/hkTRg0Xv7S4R8qxZHRkRgS4+fmANz+HI6264Eo VdN8J6dtA5diWV1armhI4mYD6dmITDVkgzdl1cF/ov/kRiAdIoJ6reI8kch/Cc2DHPNpFXJsn 3OR1HlpcxyiYa1wfgVm/AxuN68ofeQWP8C4lkYxqxwjjkUKRWNgmfC3pBwcCBFnQ301244MWW qlIvH0Duc6RCFNPyuu/oq2hdm9tfTqD+6zdzTY0jLIzxQPT4eEc4UAKV+exV1keYEz58zcIwK ea4hoZLs76ptd03BYUrPxJdDwmeMpj/VtEZTDRGZjDH5jU13lHF2zPE+8NPSyczAxGz42Bj7D uBQmw9Zsm7LzQpieHCSOPXeexk1JnRASNKstD/RdAiCfD3YoIt0sMNNrX9smlEb0Vj7tuqxz5 gYBbVB9MQm/9UT+IaXdF30mE8vwXPc4GoaWU/ieUziTKAunCVOE2dPnXbVA+LmGWx6cX3nrNO 13zZyyGcx/G7/beMoSui02g7f55Z1z7MR4OAvufolxbPt7gtJJJWhg7S+2+Abf3QpcjeN79TB 9ENHuv3Q3AqMuxlp/CbijOujztkkrp1psUfTHxoxBZHha8V3BSt3l57Xk9QnbMAI79vUkW6oj 5epCY0hfd9n8ssIM6OdG+C/kg2ARCRN+X25n+jJ3lDHR+5ZRiLp3IEMCAiz4WOuwEfDo2fm6Y 8/rRdc2AKpZkTgIRplx5qjItlLzK3MOyNEsWdc3MmqkbqfCOO X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) merge 77478 77479 quit From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 03 07:34:58 2025 Received: (at 77478) by debbugs.gnu.org; 3 Apr 2025 11:34:58 +0000 Received: from localhost ([127.0.0.1]:33055 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u0IqX-0001qs-SY for submit@debbugs.gnu.org; Thu, 03 Apr 2025 07:34:58 -0400 Received: from fout-a2-smtp.messagingengine.com ([103.168.172.145]:35601) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u0Eii-0005wI-7L for 77478@debbugs.gnu.org; Thu, 03 Apr 2025 03:10:36 -0400 Received: from phl-compute-12.internal (phl-compute-12.phl.internal [10.202.2.52]) by mailfout.phl.internal (Postfix) with ESMTP id DCE381380277 for <77478@debbugs.gnu.org>; Thu, 3 Apr 2025 03:10:30 -0400 (EDT) Received: from phl-imap-11 ([10.202.2.101]) by phl-compute-12.internal (MEProxy); Thu, 03 Apr 2025 03:10:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ambroffkao.com; h=cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm3; t=1743664230; x=1743750630; bh=Xu Y+hqk+vNDjSi73uA633dYF/08xUfKneHgEFyT6gjk=; b=cHbcS3FYDUo+aehfeB nEIEExI2lur+b0MpHNE+MTb/4PBLNtQKPZK3RmAJZlluOKlZ5ldrQaSmvr1SFFQ1 bHOMhUh/qaRhDKGvtAwDc5hhwn6w8BwYiZ74XzC3Ntl5Hcd99Mn3B4EfxfJLe2hi SYIvfGZVLiW5WEzkHfMaGRBkp/pfvG203GwpiMHVqujVFVtNzgtQA2R9K7x/ftnd cKcTW5If0SDh6gkjGSBEgYHnnBD787ZpKKuTyQ3t8v7nj63bEsx7Rm/oBjSVx2Dg gpm8BWa3qe00oUBlic1xXMabv4wtSZDqfFOJVbzkORg0eWfXuh5Cl0MCpZ+0UQyP 2rLQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:message-id:mime-version:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1743664230; x=1743750630; bh=XuY+hqk+vNDjSi73uA633dYF/08xUfKneHg EFyT6gjk=; b=hYTPsPoonBH7tdbCKsPsuctrrI4vIGrsNvGZlf9KVzMshKj+FkJ NcG/kbDTZ4LW+911Q4DIPrkT7s0dIBOWe9pjqtIkSqEGXYRFCl7I2GOGh76ySMxK v+RZ8Y3fqjmksqMB3zATUSZYk1WXRq9Mcw8HlYrZOzhb9YHAHYfoG9Rfc0u1Bmd9 1zSzOBZ0AfDgQ804Ijw3O5hB3/w+DflZof5Ilp9z32jFSYJvLbDJUd6YXvyvNslg pgqR3eg+Faprmx1ohd1RrJ6lPKOcHSPKGMDviByBxz/bRi3Ozm8bVi8LR+o4IlEr iqcNVxnh7GRogCJrt/UZcgOX5OYGwTXFY+A== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgddukeejledvucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggv pdfurfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefogg ffhffvkffutgfgsehtjeertdertddtnecuhfhrohhmpedfmfihlhgvucetmhgsrhhofhhf qdfmrghofdcuoehkhihlvgesrghmsghrohhffhhkrghordgtohhmqeenucggtffrrghtth gvrhhnpeffhfeiveehjefhieevfffffeevieelgeeghfeggfdtfeekueejjeetieeviedt vdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehkhi hlvgesrghmsghrohhffhhkrghordgtohhmpdhnsggprhgtphhtthhopedupdhmohguvgep shhmthhpohhuthdprhgtphhtthhopeejjeegjeekseguvggssghughhsrdhgnhhurdhorh hg X-ME-Proxy: Feedback-ID: id7114994:Fastmail Received: by mailuser.phl.internal (Postfix, from userid 501) id 82C3C2220073; Thu, 3 Apr 2025 03:10:30 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface MIME-Version: 1.0 Date: Thu, 03 Apr 2025 07:10:53 +0000 From: "Kyle Ambroff-Kao" To: 77478@debbugs.gnu.org Message-Id: Subject: Details Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 77478 X-Mailman-Approved-At: Thu, 03 Apr 2025 07:34:55 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) This fixes double-free bug in Emacs daemon mode on Haiku. To reproduce: 1. Start emacs with "emacs --daemon" 2. Create a new frame with "emacsclient -c" and then close it. 3. Create a new frame with "emacsclient -c" Step 3 will cause the Emacs daemon to crash. KERN: debug_server: Thread 3616 entered the debugger: Debugger call: `tried to free 0xb960bc9fd0 which points at page 232 which is not an allocation first page' The backtrace from Emacs: heap_free(void*) + 0x35 BFont_close + 0x4d haikufont_close(font*) + 0x29 (/Code/emacs/src/haikufont.c:893) sweep_vectors(void) + 0x1af (/Code/emacs/src/alloc.c:3242) garbage_collect(void) + 0x7b3 (/Code/emacs/src/alloc.c:7247) Ffuncall(ptrdiff_t, Lisp_Object*) + 0x194 (/Code/emacs/src/eval.c:3084) internal_condition_case_n(*, ptrdiff_t, Lisp_Object*, Lisp_Object, *) + 0x6c (/Code/emacs/src/eval.c:1699) safe_funcall(ptrdiff_t, Lisp_Object*) + 0x50 (/Code/emacs/src/eval.c:3114) map_keymap_canonical(Lisp_Object,map_keymap_function_t,Lisp_Object,void*) + 0x2b (/Code/emacs/src/keymap.c:608) ... It appears that the BFont has already been closed. I think that the driver is holding on to the pointer to the freed BFont (into->be_font). This patch addresses this by setting be_font to NULL so that this pointer will not be freed again. The same thing applies to info->metrics and info->glyphs, since just making this change to be_font wasn't enough to avoid crashes. With this patch I can open and close as many frames as I want without crashing. I don't totally understand the interactions here, and I see there are similar bugs in other font drivers with different workarounds. For example, in Bug#16069 which I found from xfont.c:xfont_close, it seems like there is an attempt to just not free the fonts when GC is invoked. I think the solution in this patch seems a little simpler, but possibly means that the fonts are initialized every time the frame count goes from 0 to 1 or more instead of just once for the life of the daemon. From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 12 07:35:35 2025 Received: (at 77478) by debbugs.gnu.org; 12 Apr 2025 11:35:36 +0000 Received: from localhost ([127.0.0.1]:54288 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u3Z92-00082p-TG for submit@debbugs.gnu.org; Sat, 12 Apr 2025 07:35:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35908) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u3Z8w-0007v7-Ob for 77478@debbugs.gnu.org; Sat, 12 Apr 2025 07:35:29 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u3Z8r-0006dZ-6B; Sat, 12 Apr 2025 07:35:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=08M+Qnaem0WUCn8Hqk11TmN/poVX1nH9nuv0tzGBzFc=; b=BAJYoQkABDNC tTAyUF1nhGVMV9hPDOz4qUN54XlhBDVExRwQesNFpVqq81aHkyhRVF4z9jEhx7bM9GDjYCWo0V6qU 201R9cA+bwZzxFLMv0ERnPDpQAT6oBnvSJaY/npcPvYlfNP8AmHBRxkvvJkqOcfa3q3uklAl6ucef wqn3rkQ0i8gYywRK2+K1P43Sp4n3Xcv3jSV+BmgYX5UrfvlTNana8FhuPSr503P/1aS17iVNsmtW2 x+b6hMHq33zFgGvxjHz8nnQSOZWqvb8GPXb9PtOapEJAPs0cXPtagZg5366ZOMB4XFNkrrtL4wA4C u3cAG3sWa/HDQFlAi1V69Q==; Date: Sat, 12 Apr 2025 14:35:17 +0300 Message-Id: <86cydhmx3e.fsf@gnu.org> From: Eli Zaretskii To: "Kyle Ambroff-Kao" , Po Lu In-Reply-To: (kyle@ambroffkao.com) Subject: Re: bug#77478: Details References: <86cydtg3e5.fsf@bigwrk.mail-host-address-is-not-set> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 77478 Cc: 77478@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > Date: Thu, 03 Apr 2025 07:10:53 +0000 > From: "Kyle Ambroff-Kao" > > This fixes double-free bug in Emacs daemon mode on Haiku. To reproduce: > > 1. Start emacs with "emacs --daemon" > 2. Create a new frame with "emacsclient -c" and then close it. > 3. Create a new frame with "emacsclient -c" > > Step 3 will cause the Emacs daemon to crash. > > KERN: debug_server: Thread 3616 entered the debugger: Debugger call: > `tried to free 0xb960bc9fd0 which points at page 232 which is not an > allocation first page' > > The backtrace from Emacs: > heap_free(void*) + 0x35 > BFont_close + 0x4d > haikufont_close(font*) + 0x29 (/Code/emacs/src/haikufont.c:893) > sweep_vectors(void) + 0x1af (/Code/emacs/src/alloc.c:3242) > garbage_collect(void) + 0x7b3 (/Code/emacs/src/alloc.c:7247) > Ffuncall(ptrdiff_t, Lisp_Object*) + 0x194 (/Code/emacs/src/eval.c:3084) > internal_condition_case_n(*, ptrdiff_t, Lisp_Object*, Lisp_Object, *) > + 0x6c (/Code/emacs/src/eval.c:1699) > safe_funcall(ptrdiff_t, Lisp_Object*) + 0x50 (/Code/emacs/src/eval.c:3114) > map_keymap_canonical(Lisp_Object,map_keymap_function_t,Lisp_Object,void*) > + 0x2b (/Code/emacs/src/keymap.c:608) > ... > > It appears that the BFont has already been closed. I think that the > driver is holding on to the pointer to the freed BFont > (into->be_font). This patch addresses this by setting be_font to NULL so > that this pointer will not be freed again. > > The same thing applies to info->metrics and info->glyphs, since just > making this change to be_font wasn't enough to avoid crashes. > > With this patch I can open and close as many frames as I want without > crashing. > > I don't totally understand the interactions here, and I see there are > similar bugs in other font drivers with different workarounds. For > example, in Bug#16069 which I found from xfont.c:xfont_close, it seems > like there is an attempt to just not free the fonts when GC is invoked. > > I think the solution in this patch seems a little simpler, but possibly > means that the fonts are initialized every time the frame count goes > from 0 to 1 or more instead of just once for the life of the daemon. Po Lu, any suggestions or comments? From debbugs-submit-bounces@debbugs.gnu.org Sat Apr 26 07:35:13 2025 Received: (at 77478) by debbugs.gnu.org; 26 Apr 2025 11:35:13 +0000 Received: from localhost ([127.0.0.1]:58823 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u8doO-0004or-U3 for submit@debbugs.gnu.org; Sat, 26 Apr 2025 07:35:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33136) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1u8doM-0004kc-Ob for 77478@debbugs.gnu.org; Sat, 26 Apr 2025 07:35:11 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u8doH-0000Sh-9w; Sat, 26 Apr 2025 07:35:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=IWcbO0qqHS6XALZ7fGr8QiSjt4clbNMIXkT0PuMbYE0=; b=rrgzxSVEDNXC XffQD/+k5iAwb2LRDHryadgp8SUqExkVE+DAkJG7GqZfUUzF8EX90SDgGbzLJ7qlQFxW2xCGslBGx hPMOh14wsstt6YLQ3Y6KFgsdc5YpB8h5xl+wmbD54tabwlE/NZ12xvjN0wcpapl3Y3cMxSprL6Geq JiZtPW4q0bGuvV+lKgjWAny1/JOSj8uBnjccgOYg6biHJnGMFw6GLCGclKW6JG5cJrToAeDeYMmLG rLA11IhlahJBiOYaPgC06im/BpomL8WlRTIluMKSYUFHDaIhhGSEKbQlgA28Vzk3oShs1Q7T+ttGR 2Xh9l5yvd/uCi4tMAo0duw==; Date: Sat, 26 Apr 2025 14:34:52 +0300 Message-Id: <86bjsjuper.fsf@gnu.org> From: Eli Zaretskii To: luangruo@yahoo.com In-Reply-To: <86cydhmx3e.fsf@gnu.org> (message from Eli Zaretskii on Sat, 12 Apr 2025 14:35:17 +0300) Subject: Re: bug#77478: Fixes a crash in the Haiku font driver for daemon mode References: <86cydtg3e5.fsf@bigwrk.mail-host-address-is-not-set> <86cydhmx3e.fsf@gnu.org> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 77478 Cc: kyle@ambroffkao.com, 77478@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ping! Po Lu, any suggestions or comments? > Cc: 77478@debbugs.gnu.org > Date: Sat, 12 Apr 2025 14:35:17 +0300 > From: Eli Zaretskii > > > Date: Thu, 03 Apr 2025 07:10:53 +0000 > > From: "Kyle Ambroff-Kao" > > > > This fixes double-free bug in Emacs daemon mode on Haiku. To reproduce: > > > > 1. Start emacs with "emacs --daemon" > > 2. Create a new frame with "emacsclient -c" and then close it. > > 3. Create a new frame with "emacsclient -c" > > > > Step 3 will cause the Emacs daemon to crash. > > > > KERN: debug_server: Thread 3616 entered the debugger: Debugger call: > > `tried to free 0xb960bc9fd0 which points at page 232 which is not an > > allocation first page' > > > > The backtrace from Emacs: > > heap_free(void*) + 0x35 > > BFont_close + 0x4d > > haikufont_close(font*) + 0x29 (/Code/emacs/src/haikufont.c:893) > > sweep_vectors(void) + 0x1af (/Code/emacs/src/alloc.c:3242) > > garbage_collect(void) + 0x7b3 (/Code/emacs/src/alloc.c:7247) > > Ffuncall(ptrdiff_t, Lisp_Object*) + 0x194 (/Code/emacs/src/eval.c:3084) > > internal_condition_case_n(*, ptrdiff_t, Lisp_Object*, Lisp_Object, *) > > + 0x6c (/Code/emacs/src/eval.c:1699) > > safe_funcall(ptrdiff_t, Lisp_Object*) + 0x50 (/Code/emacs/src/eval.c:3114) > > map_keymap_canonical(Lisp_Object,map_keymap_function_t,Lisp_Object,void*) > > + 0x2b (/Code/emacs/src/keymap.c:608) > > ... > > > > It appears that the BFont has already been closed. I think that the > > driver is holding on to the pointer to the freed BFont > > (into->be_font). This patch addresses this by setting be_font to NULL so > > that this pointer will not be freed again. > > > > The same thing applies to info->metrics and info->glyphs, since just > > making this change to be_font wasn't enough to avoid crashes. > > > > With this patch I can open and close as many frames as I want without > > crashing. > > > > I don't totally understand the interactions here, and I see there are > > similar bugs in other font drivers with different workarounds. For > > example, in Bug#16069 which I found from xfont.c:xfont_close, it seems > > like there is an attempt to just not free the fonts when GC is invoked. > > > > I think the solution in this patch seems a little simpler, but possibly > > means that the fonts are initialized every time the frame count goes > > from 0 to 1 or more instead of just once for the life of the daemon. > > Po Lu, any suggestions or comments? > > > > From debbugs-submit-bounces@debbugs.gnu.org Sat May 10 05:30:14 2025 Received: (at 77478) by debbugs.gnu.org; 10 May 2025 09:30:14 +0000 Received: from localhost ([127.0.0.1]:43904 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uDgX8-0005Lx-62 for submit@debbugs.gnu.org; Sat, 10 May 2025 05:30:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:56144) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uDgX6-0005Gc-3U for 77478@debbugs.gnu.org; Sat, 10 May 2025 05:30:12 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uDgX0-0001VV-El; Sat, 10 May 2025 05:30:06 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=cyVEFxoguXDAY/9wT5UX1hsQpQ8WmGv0NoGvaAzlm3w=; b=e7GnElyA6Cme J3RoaIgGjEPiqoXGc2tsG+3Sc09GQiMFegyhQ9WehsvxeaWZZB89CqZrkj1RnBiyyNkNcRA2JiNpe 2tuOdUXRlzfHia6N6aXF7aMuVoE0YLEATMKJ5Ki8Ui6tUWUqJrrvjmnEd82b4gUmTCmOs0QNGRLbL wryQEmikLGmliDmy3SZdTaR8a77Qc957hIYJVk4ZVgKaUVJ3b1Fj8hTNozx+t5VdmJlpMHHcuU024 +fDUf5ZmhxpW7GZh54t+ivE7RwyQVGfWEwoZB3Z7+CvjItRLEF8wHPQuIuMGRw+Q2+fz6/lsy+/gt 8ANW/uQoqa6uN5tOmub4hw==; Date: Sat, 10 May 2025 12:30:03 +0300 Message-Id: <868qn4byp0.fsf@gnu.org> From: Eli Zaretskii To: luangruo@yahoo.com In-Reply-To: <86bjsjuper.fsf@gnu.org> (message from Eli Zaretskii on Sat, 26 Apr 2025 14:34:52 +0300) Subject: Re: bug#77478: Fixes a crash in the Haiku font driver for daemon mode References: <86cydtg3e5.fsf@bigwrk.mail-host-address-is-not-set> <86cydhmx3e.fsf@gnu.org> <86bjsjuper.fsf@gnu.org> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 77478 Cc: kyle@ambroffkao.com, 77478@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ping! Ping! Po Lu, please respond. > Cc: kyle@ambroffkao.com, 77478@debbugs.gnu.org > Date: Sat, 26 Apr 2025 14:34:52 +0300 > From: Eli Zaretskii > > Ping! Po Lu, any suggestions or comments? > > > Cc: 77478@debbugs.gnu.org > > Date: Sat, 12 Apr 2025 14:35:17 +0300 > > From: Eli Zaretskii > > > > > Date: Thu, 03 Apr 2025 07:10:53 +0000 > > > From: "Kyle Ambroff-Kao" > > > > > > This fixes double-free bug in Emacs daemon mode on Haiku. To reproduce: > > > > > > 1. Start emacs with "emacs --daemon" > > > 2. Create a new frame with "emacsclient -c" and then close it. > > > 3. Create a new frame with "emacsclient -c" > > > > > > Step 3 will cause the Emacs daemon to crash. > > > > > > KERN: debug_server: Thread 3616 entered the debugger: Debugger call: > > > `tried to free 0xb960bc9fd0 which points at page 232 which is not an > > > allocation first page' > > > > > > The backtrace from Emacs: > > > heap_free(void*) + 0x35 > > > BFont_close + 0x4d > > > haikufont_close(font*) + 0x29 (/Code/emacs/src/haikufont.c:893) > > > sweep_vectors(void) + 0x1af (/Code/emacs/src/alloc.c:3242) > > > garbage_collect(void) + 0x7b3 (/Code/emacs/src/alloc.c:7247) > > > Ffuncall(ptrdiff_t, Lisp_Object*) + 0x194 (/Code/emacs/src/eval.c:3084) > > > internal_condition_case_n(*, ptrdiff_t, Lisp_Object*, Lisp_Object, *) > > > + 0x6c (/Code/emacs/src/eval.c:1699) > > > safe_funcall(ptrdiff_t, Lisp_Object*) + 0x50 (/Code/emacs/src/eval.c:3114) > > > map_keymap_canonical(Lisp_Object,map_keymap_function_t,Lisp_Object,void*) > > > + 0x2b (/Code/emacs/src/keymap.c:608) > > > ... > > > > > > It appears that the BFont has already been closed. I think that the > > > driver is holding on to the pointer to the freed BFont > > > (into->be_font). This patch addresses this by setting be_font to NULL so > > > that this pointer will not be freed again. > > > > > > The same thing applies to info->metrics and info->glyphs, since just > > > making this change to be_font wasn't enough to avoid crashes. > > > > > > With this patch I can open and close as many frames as I want without > > > crashing. > > > > > > I don't totally understand the interactions here, and I see there are > > > similar bugs in other font drivers with different workarounds. For > > > example, in Bug#16069 which I found from xfont.c:xfont_close, it seems > > > like there is an attempt to just not free the fonts when GC is invoked. > > > > > > I think the solution in this patch seems a little simpler, but possibly > > > means that the fonts are initialized every time the frame count goes > > > from 0 to 1 or more instead of just once for the life of the daemon. > > > > Po Lu, any suggestions or comments? > > > > > > > > > > > > From debbugs-submit-bounces@debbugs.gnu.org Sat May 10 09:11:20 2025 Received: (at 77478) by debbugs.gnu.org; 10 May 2025 13:11:20 +0000 Received: from localhost ([127.0.0.1]:45202 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uDjz5-0007am-GF for submit@debbugs.gnu.org; Sat, 10 May 2025 09:11:19 -0400 Received: from sonic306-21.consmr.mail.ne1.yahoo.com ([66.163.189.83]:43633) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uDjz2-0007Zq-F7 for 77478@debbugs.gnu.org; Sat, 10 May 2025 09:11:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1746882670; bh=fkC7IPf/BrB0PU/D+OKF+JBgNBi7r8qONZTawe2CJf0=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From:Subject:Reply-To; b=Oezpz2OPXhR1KgpyyoB926S3VKn8CU4WdpxpXw+NqNrxqfiLSnuPvHEHZo7+IgrSt4qxoEcrKTdFneBnvb0izav2k2bBO1dMh2OS7/hsPKX6+rGZ9UBgLuFb+fGRnwYaOPtU9gGAz1F8S88I44iQ9R7mXsjAnbIvxlnjbdrh+csw9EPwFrqVVbza6OVStTVX9frXXti4CnbD31Tbz99GgBtRNSiJFt9TiHknNjYlybQl2LdOfqQ8ieP4SP5pMwWb4QzWC728QK6foLDyxJoY80U0yF5U+jXOGqmkAx0Lr7VR4TDA8wHx8sFkN5X6sQo8UpjvQF1YuMPQf+5ANu0/LA== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1746882670; bh=ft4awsvncVQPUjubr/P0sLjI3gjG87fy4Ef+FnW881b=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=KYmWpyKcIwbNIN7n0PQ3jNNVMrUAIZJsNvEq90A2+XvJqA0sDCelG75Jkp360ycr9MmLrykpjz5qXzp8R1V6HWzidkn02kZmQ2k9mgy342k6YTXxAZb3kSwq1pjxThfpRpCwQaZTWomgrAT2AMJUUFgGV2dgpqZHDE6fFkLLKjcYAN4ljtmdxtkiV8mID2OOM0mZLP4/rPHi+ClpmEVWELnyyGf5KnwsFpBZC13iF4hj6XZ3+SrEuo/qlLOOWZiiyh5d8K77nnN+27buzfn2viCbacbN+wQ7WNDSUhSaghPnn1MI3DtyMEPfh7T3i2RaLUbuwU5gWRVGfRWVxEffsw== X-YMail-OSG: qO2cuxcVM1ldW6hJCII1MHIP0a1EOsY7MUbM3iLXUXiQGZaFd28gbLsWMS9iN9f avRKtToGFuli5h2H9pWA1L.RIE5AOp.5sW.STdb6fVspijIAI3OCLslw4XJ.IJZqQPq9femwbm4H qA68gTZ_0Yswl2NbzwQnWd0BtE7qv7lAsBjxKBYzVl_jbxDbdeoLysTTZHdIInq6azVL15x5mGan FaIEoUDyYJdhKGxSPXfarh3TCxMX6286ie3dIFP4ygqy8PSfWGWiUheBd6h3SzAxwiHEcBB6TeJ2 llHjBRBXNDMfgLg_SnSV5o50Dxv4w_c4bc.92vKBGGOI79WVCsbMUi5YvnE7aVaTNvC8qvxbqDiU FfsU0.gF9VL6w3H5AYIKKpKF1tQIYjl89O9MVXRPeTEmhj8hPj40tDUV1Vti8quiR2TOSpGzSYpS vFw6cPal71wGSYTl9ZeOiRmLefKjPl9PurMZE8MYMEpnijrg6prPT1ociyKysmZaGH9mI25mfPoO jN72f98LE1N6klmn7SYMtuzEK8IGx6CADNVLLgNaoJthL9Bg8MIIf_E6lS6V.j3r.htEgL6CwpRD r42JwCNKJ_6.K2z3Orx11nvpFHxdDceR7Duuh0GBKrL3MNwyCbhL5OzJFn5iOz6q1VsmT_MU.3uJ r.jjLm8I9glcZXTJlsUgtVE43wrvUFnP_w5BYmzRTEOWPmBNs91dVqAGBqqTep.1OTcyL6j4UohK F9U_W_rVvhbapLWc3eopM7mcO1BWx4HJUXwHlE8oaxc14c4pb3C31MRG0feuXIB5R20ZjVLS7edV q6uIYytVjSbFqgRFoJVIdkg0fC4vjrBXZvXhNlrUj841oU2EvjypYvBN3uaY3BW7bGPBz54leGeg qoo4IBohwKvwIYoow1EX27yQ3II2LWa7Dbtgk4NL23ifb3oJwpm0oMb6uxVYRjcVjBTHcGKVI2UZ 27v8tgHbtLeFUSutKeM82uDRv6aZrtSjUmc2MK_6YS0jhqNoIK1pNGVGBqtir3N1PNcQccJgQApG Oqqai4riI77fN2kF6lVPJc57gyPpebEGr4I09BvG66JWrt2D9XWg5pm3grVmt3Vr6uuFBn0F62N7 hWB4XFSZKUHhQyGCnosVin6YbbLF9NOgT.GogmYOquk_QwIVMOpodsRfpVhzCFUswjaDJlq2DojU Ra8rgB.N_7gJr13K69tEwUWiuEYlGaybZDaeyGs2ePAeWxC1MMhVFq9DX1aD6Z4vl5SRG_.O6.xo 6uSfuqvScB7EffSGrDUF4bkKxQWy98QmMFDwBF1KOo0UOL249gHFDqXByic.avXAppE.s6moPcBd fHosDM95pnCnTiu._rM4Ifb_mioASESePzjiY367G.7kiwYgBr8CHQuKJzK5gOituJwmDzWwogmR YC6EyP2QOxmldHLC.5pYCEhQkLQXnwZNC_HpCfb6CdQaCIOSEISjXVtYYGzcQhG1m6LKljC8dTW7 CC74Il.keA88Hvkp91cPpZ1c1LyK5UMijF9syYKzSDn8A0f15sMBJtAb70JnG8KXbPI2_FgUvHcv r1FWh1AEIgoQRGo1WIxkuCajMov2OtWvygVHKt.B.wHm63ECodXe668zSAQNZ71AKXiFa_4xMZ42 KpvPtt3P6fbWCJjqq15it.zhxzW9kDxJwzZE2NH5P1fhqxzdFppzdrzFxbTizebJaDLz9ET1fiYw NjCvuy1_IxyH1ybPesUyRjKWeo4Cfe6vsneKuNnu6kgjRrNBbqCBzPgqzewLRHspTv7gtKtPHZRO BrGJmlSNAuhh9q_a3_ZAPNZkrFd_94VrUsVOrlefI6Q2_8Cf724ctaRM2bisIOez8OgJH_EvCadR HfYFc0q1ijynKZA8jDVeT7D4PKHvNZtXnEn2t8VIM.MS1WD7Ya8fnDafhSQKoz0AyDuejYF32.S2 YgUJ1N0gDyp9eOidXPLQjhHl5BZlyy0qu7pF92v1koG9LhErcIpmft8VydC4kbrWQ_jw2PkHzJBS yFE.rFgJXfbJolrI9iQEJxcG9_3r1bHT7AbHoJYzXY5yx.Fla_UDi4ipVqDO86fXsb_mXpVSQcpC E5uTO6UKMQ5m1MsYxGa598rk59.u5vX94Irr9sE4IBzzWMv5x6I2u7yxqFgff5CRPHanUzJbB5af CV2mDbH2lRHNqP.5xJPQ0bDoHQWE0SS_WKOdbXz2ygRIwK0kXRuvrb3tLc_hBSGxK3e8_Wyl.rKh oUIzXiYW5yeGDkpNtP5dafwYU7buy4OkDJmPTBAJG0ufkOWoTVl7n X-Sonic-MF: X-Sonic-ID: 33ee8947-a719-4a69-ba96-c03830e21143 Received: from sonic.gate.mail.ne1.yahoo.com by sonic306.consmr.mail.ne1.yahoo.com with HTTP; Sat, 10 May 2025 13:11:10 +0000 Received: by hermes--production-sg3-cdfd77c9c-j9cxk (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 0651f8852fd18b3e5a0816c898e8615f; Sat, 10 May 2025 13:11:05 +0000 (UTC) From: Po Lu To: Eli Zaretskii Subject: Re: bug#77478: Fixes a crash in the Haiku font driver for daemon mode In-Reply-To: <868qn4byp0.fsf@gnu.org> References: <86cydtg3e5.fsf@bigwrk.mail-host-address-is-not-set> <86cydhmx3e.fsf@gnu.org> <86bjsjuper.fsf@gnu.org> <868qn4byp0.fsf@gnu.org> Date: Sat, 10 May 2025 21:10:59 +0800 Message-ID: <87h61svcf0.fsf@yahoo.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Mailer: WebService/1.1.23772 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Content-Length: 3044 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77478 Cc: kyle@ambroffkao.com, 77478@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Eli Zaretskii writes: > Ping! Ping! Po Lu, please respond. > >> Cc: kyle@ambroffkao.com, 77478@debbugs.gnu.org >> Date: Sat, 26 Apr 2025 14:34:52 +0300 >> From: Eli Zaretskii >> >> Ping! Po Lu, any suggestions or comments? >> >> > Cc: 77478@debbugs.gnu.org >> > Date: Sat, 12 Apr 2025 14:35:17 +0300 >> > From: Eli Zaretskii >> > >> > > Date: Thu, 03 Apr 2025 07:10:53 +0000 >> > > From: "Kyle Ambroff-Kao" >> > > >> > > This fixes double-free bug in Emacs daemon mode on Haiku. To reproduce: >> > > >> > > 1. Start emacs with "emacs --daemon" >> > > 2. Create a new frame with "emacsclient -c" and then close it. >> > > 3. Create a new frame with "emacsclient -c" >> > > >> > > Step 3 will cause the Emacs daemon to crash. >> > > >> > > KERN: debug_server: Thread 3616 entered the debugger: Debugger call: >> > > `tried to free 0xb960bc9fd0 which points at page 232 which is not an >> > > allocation first page' >> > > >> > > The backtrace from Emacs: >> > > heap_free(void*) + 0x35 >> > > BFont_close + 0x4d >> > > haikufont_close(font*) + 0x29 (/Code/emacs/src/haikufont.c:893) >> > > sweep_vectors(void) + 0x1af (/Code/emacs/src/alloc.c:3242) >> > > garbage_collect(void) + 0x7b3 (/Code/emacs/src/alloc.c:7247) >> > > Ffuncall(ptrdiff_t, Lisp_Object*) + 0x194 (/Code/emacs/src/eval.c:3084) >> > > internal_condition_case_n(*, ptrdiff_t, Lisp_Object*, Lisp_Object, *) >> > > + 0x6c (/Code/emacs/src/eval.c:1699) >> > > safe_funcall(ptrdiff_t, Lisp_Object*) + 0x50 (/Code/emacs/src/eval.c:3114) >> > > map_keymap_canonical(Lisp_Object,map_keymap_function_t,Lisp_Object,void*) >> > > + 0x2b (/Code/emacs/src/keymap.c:608) >> > > ... >> > > >> > > It appears that the BFont has already been closed. I think that the >> > > driver is holding on to the pointer to the freed BFont >> > > (into->be_font). This patch addresses this by setting be_font to NULL so >> > > that this pointer will not be freed again. >> > > >> > > The same thing applies to info->metrics and info->glyphs, since just >> > > making this change to be_font wasn't enough to avoid crashes. >> > > >> > > With this patch I can open and close as many frames as I want without >> > > crashing. >> > > >> > > I don't totally understand the interactions here, and I see there are >> > > similar bugs in other font drivers with different workarounds. For >> > > example, in Bug#16069 which I found from xfont.c:xfont_close, it seems >> > > like there is an attempt to just not free the fonts when GC is invoked. >> > > >> > > I think the solution in this patch seems a little simpler, but possibly >> > > means that the fonts are initialized every time the frame count goes >> > > from 0 to 1 or more instead of just once for the life of the daemon. >> > >> > Po Lu, any suggestions or comments? Sorry for the very belated response. I'll get around to reading these bug reports in roughly a week--but superficially the OP's analysis appears correct. From debbugs-submit-bounces@debbugs.gnu.org Sat May 17 20:47:20 2025 Received: (at 77478) by debbugs.gnu.org; 18 May 2025 00:47:20 +0000 Received: from localhost ([127.0.0.1]:52621 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uGSBT-0005Qg-Ta for submit@debbugs.gnu.org; Sat, 17 May 2025 20:47:20 -0400 Received: from sonic308-10.consmr.mail.ne1.yahoo.com ([66.163.187.33]:42019) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uGSBR-0005QJ-Bq for 77478@debbugs.gnu.org; Sat, 17 May 2025 20:47:17 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1747529231; bh=A5eeAMzYaoutHxwpSMucgAyQ183rg5vccqt4mBGk55A=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From:Subject:Reply-To; b=HPOHbYfO68WD08b67sFLzQn7fAQbtueI1WhDM7h2ruOgff1igH6y3AsAirz6QLWzzTL53nTYlrMdfre7R0yAE7btNvIKylJqGXkd7rbIM2YycIDakSCWAoPNExXRTkGcAMtZ2A1jwEQKayfedN3kz123iHvPbjloJDuqz19B8Zvv6YMz5DBEP1QBsEJXzGmbXtFWaXTeHcArB8Xz/H2nFTTPYikUN8iVCv9Y3+Rm6pLoE9XH2W4+wMH3LtXR4oy9LXuG0GIYN6cd5TfvcLHQBM9nNazBxno+1aRb5wV4+z+LLknq6GsKXegnyW53ofVooIyhrp5vildt517mVsJKPQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1747529231; bh=cv24I/BtHlGOvMr3x5vb7g8y/ltx+IfQc7/jdq5hpNe=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=XBrvZWLKJdPHohJVnXxgID4CWG/U2PcSF0IxHEgeVFyOgy/XwKCZ2vB0Nlf+OSxp81D+WtBNz7faR9R/wyzrtf8YtKXGJJCbCtqZ/M+uboMIhmhEu5FICEzDsi3ZEJlLLlLi5Oyn/AvoxCJIeEcRDNrHU31Dalrf4OpzMqIkpEY0VLg+5IAs8UlVDkkD/DihoKWPO3btngbHHSuKweCf065nE61NsjZQyXadYFUqUuo0AIh+ekma40aTmKsYtIf6n+Vdn9HcrPQ5yCjWRoMysiPTJtj+CR2Vve7R7C3an0d7QLoOu0q+qsfLU/e6RKqVyHCoUo7AIcyKJSo3AX/WDQ== X-YMail-OSG: BbTjkEEVM1lCpeoLVqOH9.1X1M2PRQYffoFm07kJabLXbrBJghiIt6NKKevhWnh 1bv3e__gXhfj58c.lkxLtF4fj9oLEuNLNKAvnIsp32ainEdKtp2HMjU74U0sglo47ZQuMawfFk3Y n7WXqtinY5sWQO9kMVAX9l3XL2BiHVd3Ic_hD7aXf0_N5wXezHDF_BJAIrB4gTk2wyIsUq3GzUTl F7nF7IKwfynAKKPscH.2NyGeV9NGtfXmSPHYVHd0lX2qzX2dQXG32dUxAtPcK_Xk5PfAFt5TC9fP GUtpz36lQeKcBK.UNV90tXRjvFpVmNErSiFfMmvvG6Q4ba2T_Hs95j4aA.Y6cKb.Ya2dvfLmkeYO YqFYDr55JD0y5UMhKc5sLZLB.MVNT_K5Q_qKCzsuhpBALIr2Or5d9PUeXqjEX7Qd4fKN1HdowvHu ntAMvizcLr6jyIDO3.J6Djt0Jm.Q_74po0uDGnSLozJbihHdkRzpy9MXYmnCkcj87sxwp8H4s8ee yeBxoRL76Zu1I1i_X_nqH9A22rDnsEl70bjA.Sp8aXvuPfjWeJTO0Oo9KUPp3pKRAyy7hXe2Rmsj 3BQtr4n6idO3Qj_KYPWV1pvpyhZw.KJ1F8cuc_tQI2CzrGVEVrfInedkDrKjQxTDhVXDorLkHoKh 1IuSmh4o5Tmc_ooz8.7NcLjiOK0LUq4tfpzM88WzP6XIGkF_AjkbSNVWyfolVuQTWFbbXsMd2V87 4BuBMjATRkI3U2c998UMz27XqI2pfHusTjZ07iCtMmwpIJbOBTnaxkO6zPJ2x6k5K3qXEToWSysD 9zC6kfeypruhQ2zFi1hyO_l4Z0IPptdheG.XNvGyoodSKmDqyccYRjKGGKURqDLKIDSe.8O2ZSgY si2oEmgnftnrSwCph6fg6IPs5NnpxV8JWpAnftfEEa.TvLKTZJgznocN_cgU8aFlfartoI6UPmL1 As2PlEBty7JFO53LfCZ6rzXA2Wb4D53zO.W2oGg0tOS9GRXCZfe0Y7dPnCxsKcs000lqWFA_gqKu 31cwgs4b8AyF40hPi7y5Wgq6Yw5F555A8LRuoB8XE5c615f3koCa3UiakoUtzSjCEixuGiA_RE9p xW7G5xlYvRGKOZ4Q9dIg2DVeVaDlF4SeBxSZS1zWwwQG78HAmyqTPjtrnnT0x4lnBaaZA_cmf6Wl GkIVC3QFkRfDDwGasvKw_MeATozSPgCPlEd_Q.n5HIpVtNkFumy3l_a8QZItT8EbOd476qVFYx6f mRgVjWwuM4dJ4.hLdQbV0AyhIGDkDvCzy8z9beI.ag7KXTr0s02IAwRzXYMuvhM1Fy1d9nOhc7zK 1IUeyZsySBsDshGO.dBtFZo0MosU7n0qYWe36OEjXvhaoe7UHtcC.Euiay53FoIf8YJG43x0adBK 6WxkpulL9CEaRaTU4R7bbJW9l7aX2PDu7s0wNlPbWc5tjucYu0Ze3u7xAKcig31JDqB_74O9JeYO OEv3Potd9fvLjBXxp0TGrggLlH9wbCH82Neptt8TwWi8pONUsPl4I1fhkeenEn3FP9QV0E5xHwu1 FRld1aAfh2op2GNh1jQ5sSiO8oSJsQruuzHgwuX0hd.CX9OYw.UqZ6Msh.isLHyUQdZ0Eu.WwPyf tezDQd7OmdK.vzQmkwV8MHyHmNgdh0.brhpc8eDeCtu8R2mQzZbu6RQxkIapzlvANJZvtU2ZrX5e 3NbjiADcLz05kdnOmN5t.xQccb0IVDB6WZLEZ_qj1cOnpMhvbdToA7H3.4Scjk_ZlvR5NKOJFXk7 BlLD8wyyBfp6TgwBVg3RWkWGFid0ISNOBp49eLd8xoIs7.FNkGeGtYArFKJ.xbX4Ts590WnW6fBX ZJA8lAb3cRVaOvbpWUrv0DEYv0lK0Q6F4q57SDwUgdeQ75vtcwDYuCYBsWmhlMuBSmuTxE6q4QGJ qlenwZ964kLApAcoqqZ8GPboVtvGCqRcOJtCMK7mfvThun8agf5FsBWh1oqsoh47G1X7Iy11EXqW RG8VNiEmRpVIKRS4OxDqYff.8R9Mtq_VoPSXlu4IXMeJtDt9b9yIc2rCznTXWUSRHhTS0UalF13w tfdqxX1ni8Lh7j_A2WR8FHq1XGemFO2tNMQk8ulY9qNAZNAFPivkVHOHgkFk38TndLR2HXbhMmiD rMftpCkGMHoufr8cB2Ns- X-Sonic-MF: X-Sonic-ID: 0ec21a82-2c91-45de-9876-4cb31bcb1099 Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ne1.yahoo.com with HTTP; Sun, 18 May 2025 00:47:11 +0000 Received: by hermes--production-sg3-cdfd77c9c-gk59v (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 2823686ab23e821242ea09bd75df6fbe; Sun, 18 May 2025 00:47:07 +0000 (UTC) From: Po Lu To: Eli Zaretskii Subject: Re: bug#77478: Fixes a crash in the Haiku font driver for daemon mode In-Reply-To: <868qn4byp0.fsf@gnu.org> References: <86cydtg3e5.fsf@bigwrk.mail-host-address-is-not-set> <86cydhmx3e.fsf@gnu.org> <86bjsjuper.fsf@gnu.org> <868qn4byp0.fsf@gnu.org> Date: Sun, 18 May 2025 08:47:03 +0800 Message-ID: <871psmvj7c.fsf@yahoo.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Mailer: WebService/1.1.23840 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Content-Length: 367 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77478 Cc: kyle@ambroffkao.com, 77478@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Eli Zaretskii writes: >> > > This fixes double-free bug in Emacs daemon mode on Haiku. To reproduce: >> > > >> > > 1. Start emacs with "emacs --daemon" >> > > 2. Create a new frame with "emacsclient -c" and then close it. >> > > 3. Create a new frame with "emacsclient -c" I think I've fixed this slightly differently. Please test and ack, thanks. From debbugs-submit-bounces@debbugs.gnu.org Sat May 24 05:18:51 2025 Received: (at 77478) by debbugs.gnu.org; 24 May 2025 09:18:51 +0000 Received: from localhost ([127.0.0.1]:57069 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uIl1m-0008VT-LH for submit@debbugs.gnu.org; Sat, 24 May 2025 05:18:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48334) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uIl1k-0008Uf-Fn for 77478@debbugs.gnu.org; Sat, 24 May 2025 05:18:49 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1uIl1f-0002Gh-6N; Sat, 24 May 2025 05:18:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=9BR/p1UE/u4AfZuYtfhVBe9GqlIdDYPC8jGYKJZQTok=; b=N1+73bmZXsST YZrvC6BbRNOl2sWESonNVIqWK3ZjhPw3qZ64aWKY8EX15qr7qe9ITy/II4dy2ZPBxzOkj0kmJoaYb +L8ttdPWKa2quCqQyxo0FpOUHaHwTyeWrSC90xGd4MZjxPialj5LOPWOsKyeDheFL1S4oIxsULxNu 3saPBxGQKl0fm5FUGO1/Qp84YmBlASsxyh0WMqjFmlWgufj89RKrxo7v0FG6RAH5tqEgYhHS5mG6D nc/qoHhOe/E+C0BKSjDp7KcPwhe1pRg/DIDf/bEPNWpboriNbkC3pIP/zrwJnwG5Cb6CR/elMY6Tu ZEozsctAiOXqGNTU0pszpw==; Date: Sat, 24 May 2025 12:18:41 +0300 Message-Id: <86msb21i4u.fsf@gnu.org> From: Eli Zaretskii To: kyle@ambroffkao.com, Po Lu In-Reply-To: <871psmvj7c.fsf@yahoo.com> (message from Po Lu on Sun, 18 May 2025 08:47:03 +0800) Subject: Re: bug#77478: Fixes a crash in the Haiku font driver for daemon mode References: <86cydtg3e5.fsf@bigwrk.mail-host-address-is-not-set> <86cydhmx3e.fsf@gnu.org> <86bjsjuper.fsf@gnu.org> <868qn4byp0.fsf@gnu.org> <871psmvj7c.fsf@yahoo.com> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 77478 Cc: 77478@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) > From: Po Lu > Cc: kyle@ambroffkao.com, 77478@debbugs.gnu.org > Date: Sun, 18 May 2025 08:47:03 +0800 > > Eli Zaretskii writes: > > >> > > This fixes double-free bug in Emacs daemon mode on Haiku. To reproduce: > >> > > > >> > > 1. Start emacs with "emacs --daemon" > >> > > 2. Create a new frame with "emacsclient -c" and then close it. > >> > > 3. Create a new frame with "emacsclient -c" > > I think I've fixed this slightly differently. Please test and ack, > thanks. Kyle, could you please test the fix and report back? From debbugs-submit-bounces@debbugs.gnu.org Wed May 28 02:47:40 2025 Received: (at 77478) by debbugs.gnu.org; 28 May 2025 06:47:40 +0000 Received: from localhost ([127.0.0.1]:49416 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uKAZf-00011G-6S for submit@debbugs.gnu.org; Wed, 28 May 2025 02:47:40 -0400 Received: from fhigh-b5-smtp.messagingengine.com ([202.12.124.156]:55955) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1uK9FZ-0002tR-P7 for 77478@debbugs.gnu.org; Wed, 28 May 2025 01:22:50 -0400 Received: from phl-compute-04.internal (phl-compute-04.phl.internal [10.202.2.44]) by mailfhigh.stl.internal (Postfix) with ESMTP id 0C6772540163; Wed, 28 May 2025 01:22:44 -0400 (EDT) Received: from phl-imap-17 ([10.202.2.105]) by phl-compute-04.internal (MEProxy); Wed, 28 May 2025 01:22:44 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ambroffkao.com; h=cc:cc:content-transfer-encoding:content-type:content-type :date:date:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:subject:subject:to:to; s=fm2; t=1748409763; x=1748496163; bh=Q1b3kjrz9E732cDFNwbIhznpI20tLLyH n5NMloSTEZc=; b=w23dKxO3m9HSKlf8vien06pxu0vfxOUMUM5kS3MDnn1LFHeb 8754arkz+CNeqfxXH0Ua88+OV3BdN9auIGLI2TGorTa+BeEVf7kjU7dj19IQZfFs YhYOWRw3SE9O4AGOr+M6DCeDokAH5YPk62p2gpVVeWG6wK7yUXd+HMKQ5nsYo6il PXr2IQqno/hUOGe3Cg+d9NZvA7n8n07axjktErgs/A9+XwRbCusMxncr0zc3w4zx r3TNwKfCIcisySkA1L+BXJMVoQyeqtjd1gbm8lw6rvdtbPC5mhpfvS+aEty9VEx8 iwUlJJlI8ufjatXNBGStYX33hz2UniWRuR7iHA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1748409763; x= 1748496163; bh=Q1b3kjrz9E732cDFNwbIhznpI20tLLyHn5NMloSTEZc=; b=D kajjCss8ionZbLYPjUu4fdF1ggoILhsyefzGhkvROQ8jUfohFgG/qrLgh14J4OzO Ujahv5W/mWT9XMmBgnxp4HQmnwhX3XZPFBei6vzMm51aABoRH/6VKQB2CpfVzXsU NjRea1tPLZm+waayjU9YfAojWaBzSLDXofWw727uILfAGGLy3arN3URQZqQntWde O2nCOZZsYr2MG2EJf4N2LX3Qi06oXzVxrnV+B8pg+jfme02mVH2iWpfbuUV45G9r r2bwgxqpy7QtGvvMiphuucnRS5B4E8yVaYFmTcrFuDcwSc1dIc/HL4Qf7xhUJNvg 84Rd5yorlnYTzD2ysLLOA== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddtgddvvdegudculddtuddrgeefvddrtd dtmdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggft fghnshhusghstghrihgsvgdpuffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftd dtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefoggffhffvvefk jghfufgtgfesthejredtredttdenucfhrhhomhepfdfmhihlvgcutehmsghrohhffhdqmf grohdfuceokhihlhgvsegrmhgsrhhofhhfkhgrohdrtghomheqnecuggftrfgrthhtvghr nhepvdevjeehtedvhfejgfelgeejleehhfdtheetgeevteffkedvkeettdfgfedufeekne cuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepkhihlhgv segrmhgsrhhofhhfkhgrohdrtghomhdpnhgspghrtghpthhtohepfedpmhhouggvpehsmh htphhouhhtpdhrtghpthhtohepjeejgeejkeesuggvsggsuhhgshdrghhnuhdrohhrghdp rhgtphhtthhopegvlhhiiiesghhnuhdrohhrghdprhgtphhtthhopehluhgrnhhgrhhuoh eshigrhhhoohdrtghomh X-ME-Proxy: Feedback-ID: id7114994:Fastmail Received: by mailuser.phl.internal (Postfix, from userid 501) id 287DAC40065; Wed, 28 May 2025 01:22:43 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface MIME-Version: 1.0 X-ThreadId: Te4aae61d2e7a578d Date: Tue, 27 May 2025 22:22:19 -0700 From: "Kyle Ambroff-Kao" To: "Eli Zaretskii" , "Po Lu" Message-Id: <255ab5e1-fb81-4c1a-997a-6f1bde93d8f0@app.fastmail.com> In-Reply-To: <86msb21i4u.fsf@gnu.org> References: <86cydtg3e5.fsf@bigwrk.mail-host-address-is-not-set> <86cydhmx3e.fsf@gnu.org> <86bjsjuper.fsf@gnu.org> <868qn4byp0.fsf@gnu.org> <871psmvj7c.fsf@yahoo.com> <86msb21i4u.fsf@gnu.org> Subject: Re: bug#77478: Fixes a crash in the Haiku font driver for daemon mode Content-Type: text/plain Content-Transfer-Encoding: 7bit X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 77478 X-Mailman-Approved-At: Wed, 28 May 2025 02:47:37 -0400 Cc: 77478@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) On Sat, May 24, 2025, at 2:18 AM, Eli Zaretskii wrote: > > From: Po Lu > > Cc: kyle@ambroffkao.com, 77478@debbugs.gnu.org > > Date: Sun, 18 May 2025 08:47:03 +0800 > > > > Eli Zaretskii writes: > > > > >> > > This fixes double-free bug in Emacs daemon mode on Haiku. To reproduce: > > >> > > > > >> > > 1. Start emacs with "emacs --daemon" > > >> > > 2. Create a new frame with "emacsclient -c" and then close it. > > >> > > 3. Create a new frame with "emacsclient -c" > > > > I think I've fixed this slightly differently. Please test and ack, > > thanks. > > Kyle, could you please test the fix and report back? Thanks for looking into this everybody. I tested your variant of the fix Po and it also prevents the crash for me. From debbugs-submit-bounces@debbugs.gnu.org Wed May 28 20:25:59 2025 Received: (at 77478-done) by debbugs.gnu.org; 29 May 2025 00:25:59 +0000 Received: from localhost ([127.0.0.1]:58708 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1uKR5q-0001hi-NG for submit@debbugs.gnu.org; Wed, 28 May 2025 20:25:59 -0400 Received: from sonic303-22.consmr.mail.ne1.yahoo.com ([66.163.188.148]:37935) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1uKR5m-0001gs-W4 for 77478-done@debbugs.gnu.org; Wed, 28 May 2025 20:25:55 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1748478348; bh=osdKe34ozdaFoy8uOrt95mwLkutwv1HwJLvtEsd+UKI=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From:Subject:Reply-To; b=mr4mkE59aG+BkYhMY1qU6SuYn05xpEoxqxSrxwsptmnCJq4zcRc4de0440a7MnwSBeazo2u2D7iClyK9/co8wf1jJUXG3padmf208vL2QOCS2uE8k9CL2LPkz0C5wCaDwWTXYppgxwL+4iz5lWmmNKtQY03hnOF63N8mevoMI0bVgD3yvMss+lM+TIG/+yQ/BG3UMM4UI5NkiV7qY5sW7txx1WEvXVtCM9J48dqipxln96vl0O9lpnFHDvOhUYYXuMm5ThXFpE1I1TUGoMCX96E+eIfqbbHh/lHz5jV4QApV2TaPoIUddLDbO4uvA1rzxbAoo2GPxBLu5w2bm93CRg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1748478348; bh=SHYZ3uoLCHvaDe2lcDuy+uA6wotqgQIPgBwoUR7AvtC=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=cFbeG0H3qk2hLWSPmD5yIHDw91XR7RkXkhpUp8/EgAgQZgsL7oIpkw3GVjbOU/C4jl21mlCcDmUph2oBQ31a3keF3jCSsLciZVRNrg2zBuoEyZMfk1cQACG/yYmXg4EFssjwiZHUHnn4LiE8XHP6h2tl3TezTQF+A3AHuoTsSiIZY7LyGw5ZxEM66BROYkF4IL+fuiFJy6hCkk0v9mtdYjSRjHqqy/sprQOyrSl1dqWtCv9MUqhY5vXAdqAdHdBXVMI9QLHi32xKvPuMG4A7tVR0Ue6KyhT1BRBmRU6aTHprDXH/e9vvxC5zTC2tD1Vha8K1Pbpy+qUzgVg/S/Z2Iw== X-YMail-OSG: RMKU.VYVM1mSKd67q34Wmp4t.29U6ZkyNnr80Me.mdUtKZk_OB0D3.aUukyRTsd lth0ptZwYNYDWqpKuCBgu41tb89HNYM_dE9mXgHaXGcYAWRbi2y_gn.PGf37gh9QlIZRRXzT_uem aEdN0Zu4SgSukeZNaTtpmJ2rKctTJKKIz1BsBFRadOM4MAYIikyw038_A9U0qYzh5btqCySBkBxw QWsv8n8lbS_yb_PZy12frPWfH4jTMnrZGiGETFT3p6Y2BLPRXiXJ_LOnxMq9yiFjiHG5IxCKHvSR gFq419S9pQZB1xMqEl1akeD2EP5EeWr70XQ1CophhcDAKsQtAcK.2zJS2ONwpCFX2PhLF0i2HQVg zO7_hUdwdsVYggvsDKPZfozxqcptCnGgx5uCZUdTkb7IW0L5AzR7VN4S3BDra2E1svlI5Jc9fY6t CmD6WWWNhEySw1z94yDYYBrcgQwuLZaty5wWVjgYe_f8rCRj26Y51xDw3O5iAEW5g77aRrf6XgtS he63nreO9mIqrGuoj9Od87X8sMy9eX5KaDgaUmvNoiU6i3fX0VYwJAFq4hBNCIAymnlFzYox62LC Z7kw.Gif0FyC3uylzTwUwX.1JtB19ARAxqJGajeWyWH8i3yUIDEXBicfjgqA8iNlUi4irGqnRLSD nDDGesjTQ2m4g6.d.r6E0Awoj3MoJAT0CWhbeOsSwt6s0YCk2QUexYLUsgl4X9rEPWVSVAbBoJDd KLKY9GfFfId6u3O1etV_wQN3oJYPlpOwVPdCVIQE9XkjCfhSh8VxknjNzQtNDQr5OvSa018gAWkP 1z0FJRdPrh9ko7bsDcVhAYOScUQu8EcVR1OI5iogkFJHi5FbPky8cskzqFQsQIrWKqYzU22xg6Sa yCbftYAEijvW.6g8UUswF8_4xIo1eBbBJaKbCv9M8DgDDqbcMMlwB74bRODPJ6MnuGNWjvX1i_4G nH_EfkAZhtJYsIhAhwpG0LPhQt4XtwdYcUkuDQBe1xDPz3guWHB8WuArrtLsBwQdcVCXJPl_FlCf wgS9JnHijXSd5MzBZZoJKJf6YAP0AtLywSYVJL5oKeaNfq4ZuiErqw_dLbpy1_cFZ.pTIFuMCerp fLZjsW4G6y2BmIWl8CaEhWD8JWnatFNNieRAmaa7e94.PsAiQfU_lALXNAsEf80l4RrQMKvH6i_4 ROX6m9rCY89X3pR2c4NUlk0nCS_UqHsU5rLtgHk1Wm1VBlty_Qfph0OaaMSYZ0ptc0scDzjyHJWP K6Legx2oR5mrOnX2xDqoDZfNqIlBXx81BONXSZoW9cLtMIbEX_AxmdK6GVLASnkZcDJs2gjRCHri rmi6HEg8OxLkCnaRQ7Ysi7LCsslT40C1aJpcFiLsIXYASGnINGPOYM1L9HiC0eEZE1oIOrb8Zh7v p.EEQOz.DIYHYGoRDup0pQ0byLrgK2lOCSqLZQD_Krhwb2iVH9dPyr7HLlkrbiaWaW6iBs9kj1Ao eVa36Prw6QKjKUP0fXhrG5af7QayuHtF_Vq770qzzZzZMWiOuS1XL2eWJLjhybBNVGvPucWiqZgq nNcq0_cda_jE2YJY5TTwC9oYTSJu48zIg1jgyTo7kQ0ZgYVwnspI3UZf.aDP.H3i0ZDg.kGswdeV KgoupnEzBYhpDRooZ2.POCA3FjTiKBaqYgV7rJ6eoslwD37VhXpadd_Fu_0.Lzjx1Ck5XCBGRkEz jI_loiwPCWt091SrlKzO0cPkEoTmh_a94H5OPk1rVlrEPqyjZkwtfEdS.OGk4trSYMG7bbCinCty 7XndBx63oPlnOlOCLx70ddI4V2UtF3J03AawPUdgWkDWpvd3hjDDFawpPmYCRIkxm.Fxn6_u3PPH Ua0ywUND2qEbwVIrJw67TqQYpaZ8._OZMOpqOuZSmZPN0P4OXICExpf4_wCdj6oIHV7m6isNz8v7 fPOswa0gqMtV_o3OX.i4kLirWyIXgIOKo6_hl.RkzJzbzvM12YTFKm6LVhDkAauoGe2llIkiVxlC 9xQ8WrHAyR.6OrpXOcelHARbZnJY4ZuvjYO1zBIxXMg1cMUyPFx9SOVgPeJN363Dh7STFLmGY.yr 2AZdZL5u43BLE8vBDoTqqOz6LSZQTMuH7WlxmEDDo789mrqNoaEfhek.b_z7LC.fWYWcYc2P2KeP lJ3fPX9Rq6O55p0MT9knhIPpabrwZnME0uREZZWjEXYgPxDQY7l0G_W07_pJgiJwwy0ftjn6Z1Xo G4zae3PrOVd0psRDpOXcyfzGNGpmpL8EDmqeL8FmS.Wo6HHviAdg8PXK5tFkUjA-- X-Sonic-MF: X-Sonic-ID: a0013212-85ac-4abb-b644-1342c5fed614 Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ne1.yahoo.com with HTTP; Thu, 29 May 2025 00:25:48 +0000 Received: by hermes--production-sg3-cdfd77c9c-tzjrq (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 7ee134508e05c0954271c7c8a14e6346; Thu, 29 May 2025 00:25:45 +0000 (UTC) From: Po Lu To: "Kyle Ambroff-Kao" Subject: Re: bug#77478: Fixes a crash in the Haiku font driver for daemon mode In-Reply-To: <255ab5e1-fb81-4c1a-997a-6f1bde93d8f0@app.fastmail.com> References: <86cydtg3e5.fsf@bigwrk.mail-host-address-is-not-set> <86cydhmx3e.fsf@gnu.org> <86bjsjuper.fsf@gnu.org> <868qn4byp0.fsf@gnu.org> <871psmvj7c.fsf@yahoo.com> <86msb21i4u.fsf@gnu.org> <255ab5e1-fb81-4c1a-997a-6f1bde93d8f0@app.fastmail.com> Date: Thu, 29 May 2025 08:25:40 +0800 Message-ID: <87o6vcs1ob.fsf@yahoo.com> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Mailer: WebService/1.1.23884 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Content-Length: 187 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 77478-done Cc: Eli Zaretskii , 77478-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) "Kyle Ambroff-Kao" writes: > Thanks for looking into this everybody. I tested your variant of the > fix Po and it also prevents the crash for me. Closing, thanks.