GNU bug report logs - #78473
30.1; feature/igc: multiple crashes with pgtk_handle_selection_*

Previous Next

Package: emacs;

Reported by: Oliver Reiter <oliver.reiter <at> snapdragon.cc>

Date: Sat, 17 May 2025 20:44:02 UTC

Severity: normal

Found in version 30.1

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Full log

Message #17 received at 78473 <at> debbugs.gnu.org (full text, mbox):

From: Oliver Reiter <oliver.reiter <at> snapdragon.cc>
To: Pip Cet <pipcet <at> protonmail.com>
Cc: 78473 <at> debbugs.gnu.org
Subject: Re: bug#78473: 30.1; feature/igc: multiple crashes with
 pgtk_handle_selection_*
Date: Sun, 18 May 2025 13:26:42 +0200

[Message part 1 (text/plain, inline)]
Pip Cet <pipcet <at> protonmail.com> writes:

> "Oliver Reiter via \"Bug reports for GNU Emacs, the Swiss army knife of text editors\"" <bug-gnu-emacs <at> gnu.org> writes:
>
>> Dear all,
>>
>> I have encountered multiple crashes on feature/igc with pgtk when
>> copying from Emacs to somewhere else. All crashes seem to involve some
>> form of 'pgtk_handle_selection_*' function (xbacktrace is always empty).
>> These crashes appear to be reproducible for me, if you need further
>> info.
>
> Thanks for the report!  Can you try adding -fno-tree-sra to your CFLAGS
> and recompiling?  This looks like
> <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117423>
>

I can confirm that adding this flag solves it, no more crashes when
copying stuff from Emacs.

>> #9  pgtk_handle_selection_request (event=0x7fffffffc780)
>>     at /home/reitero/build/sources/emacs/emacs_debug/src/pgtkselect.c:585
>>         local_selection_time = <optimized out>
>>         dpyinfo = 0x55dee7e0
>
> This pointer has been truncated to 32 bits; it should be 0x555555dee7e0.
> That's consistent with the gcc bug above (and
> <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119085>, which has been
> correctly marked as a duplicate).
>
>>         selection = 0x45
>>         selection_symbol = XIL(0x1c0)
>>         target = <optimized out>
>>         target_symbol = XIL(0x3f00)
>>         property = 0x5e
>>         local_selection_data = <optimized out>
>>         success = false
>>         count = <optimized out>
>>         pushed = false
>>         alias = <optimized out>
>>         tem = <optimized out>
>>         DONE = <optimized out>
>
>> Configured using:
>>  'configure 'CFLAGS=-g3 -ggdb -O3 -mtune=native -march=native
>>  -fomit-frame-pointer' CPPFLAGS=-I/home/reitero/.local/lib/mps
>
> Using -fomit-frame-pointer will result in the compiler putting
> references to GC-able objects in %rbp; since MPS usually uses setjmp to
> spill the registers to the stack, and setjmp "scrambles" %rbp for
> security reasons, that will result in references which are invisible to
> MPS, which will cause other crashes.
>
> Pip

Thanks, I'll use -fno-omit-frame-pointer for now.

Oliver
This bug report was last modified 23 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.