GNU bug report logs - #78444
30.1; Crash in GC (vector_marked_p)

Previous Next

Package: emacs;

Reported by: George P <georgepanagopo <at> gmail.com>

Date: Thu, 15 May 2025 18:46:01 UTC

Severity: normal

Found in version 30.1

Full log

Message #83 received at 78444 <at> debbugs.gnu.org (full text, mbox):

From: Pip Cet <pipcet <at> protonmail.com>
To: George P <georgepanagopo <at> gmail.com>
Cc: martin rudalics <rudalics <at> gmx.at>, Eli Zaretskii <eliz <at> gnu.org>,
 acorallo <at> gnu.org, 78444 <at> debbugs.gnu.org
Subject: Re: bug#78444: 30.1; Crash in GC (vector_marked_p)
Date: Sun, 15 Jun 2025 17:49:42 +0000

"George P" <georgepanagopo <at> gmail.com> writes:

> Yes, that is precisely what it says....
>
> (gdb) p displayed_buffer
> $1 = (struct buffer *) 0xfffffffffffffffb

That's XBUFFER (Qnil), possibly set by this code in redisplay_internal:

  else if (FRAME_REDISPLAY_P (sf) && !FRAME_OBSCURED_P (sf))
    {
      sf->inhibit_clear_image_cache = true;
      displayed_buffer = XBUFFER (XWINDOW (selected_window)->contents);
      /* Use list_of_error, not Qerror, so that
	 we catch only errors and don't run the debugger.  */
      internal_condition_case_1 (redisplay_window_1, selected_window,
				 list_of_error,
				 redisplay_window_error);

However, I believe that's only the surface of the bug: the selected
window's contents should never be nil, right?  According to this comment
in window.h, that would mean it's a pseudo window, but another comment
says the selected window is always a leaf window:

    /* For a leaf window or a tooltip window this is the buffer shown
       in the window; for a combination window this is the first of
       its child windows; for a pseudo window showing the menu bar or
       tool bar this is nil.  It is a buffer for a minibuffer window
       as well.  */
    Lisp_Object contents;

/* This is the window in which the terminal's cursor should be left when
   nothing is being done with it.  This must always be a leaf window, and its
   buffer is selected by the top level editing loop at the end of each command.

   This value is always the same as FRAME_SELECTED_WINDOW (selected_frame).  */

So this looks like an inconsistent state reached by the redisplay
machinery.  We'd have to check whether it's the code above or actually
this code:

      if (update_miniwindow_p)
	{
	  Lisp_Object mini_window = FRAME_MINIBUF_WINDOW (sf);

	  displayed_buffer = XBUFFER (XWINDOW (mini_window)->contents);
	  internal_condition_case_1 (redisplay_window_1, mini_window,
				     list_of_error,
				     redisplay_window_error);
	}

While it would probably would have avoided the crash to check whether
XWINDOW (whichever)->contents is Qnil before setting displayed_buffer,
I don't think that's the right fix: violating that internal redisplay
assumption is a bad thing, and we need to figure out why it can happen
when windows are being deleted (possibly in delete-window-internal?)

Can you look up the line numbers against your source tree to see which
code segment was active when the error happened?

Thanks!
Pip
This bug report was last modified 3 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.