GNU bug report logs - #78473
30.1; feature/igc: multiple crashes with pgtk_handle_selection_*

Previous Next

Package: emacs;

Reported by: Oliver Reiter <oliver.reiter <at> snapdragon.cc>

Date: Sat, 17 May 2025 20:44:02 UTC

Severity: normal

Found in version 30.1

Done: Paul Eggert <eggert <at> cs.ucla.edu>

Full log

Message #8 received at 78473 <at> debbugs.gnu.org (full text, mbox):

From: Pip Cet <pipcet <at> protonmail.com>
To: 78473 <at> debbugs.gnu.org, Oliver Reiter <oliver.reiter <at> snapdragon.cc>
Subject: Re: bug#78473: 30.1;
 feature/igc: multiple crashes with pgtk_handle_selection_*
Date: Sat, 17 May 2025 20:58:49 +0000

"Oliver Reiter via \"Bug reports for GNU Emacs, the Swiss army knife of text editors\"" <bug-gnu-emacs <at> gnu.org> writes:

> Dear all,
>
> I have encountered multiple crashes on feature/igc with pgtk when
> copying from Emacs to somewhere else. All crashes seem to involve some
> form of 'pgtk_handle_selection_*' function (xbacktrace is always empty).
> These crashes appear to be reproducible for me, if you need further
> info.

Thanks for the report!  Can you try adding -fno-tree-sra to your CFLAGS
and recompiling?  This looks like
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117423

> #9  pgtk_handle_selection_request (event=0x7fffffffc780)
>     at /home/reitero/build/sources/emacs/emacs_debug/src/pgtkselect.c:585
>         local_selection_time = <optimized out>
>         dpyinfo = 0x55dee7e0

This pointer has been truncated to 32 bits; it should be 0x555555dee7e0.
That's consistent with the gcc bug above (and
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119085, which has been
correctly marked as a duplicate).

>         selection = 0x45
>         selection_symbol = XIL(0x1c0)
>         target = <optimized out>
>         target_symbol = XIL(0x3f00)
>         property = 0x5e
>         local_selection_data = <optimized out>
>         success = false
>         count = <optimized out>
>         pushed = false
>         alias = <optimized out>
>         tem = <optimized out>
>         DONE = <optimized out>

> Configured using:
>  'configure 'CFLAGS=-g3 -ggdb -O3 -mtune=native -march=native
>  -fomit-frame-pointer' CPPFLAGS=-I/home/reitero/.local/lib/mps

Using -fomit-frame-pointer will result in the compiler putting
references to GC-able objects in %rbp; since MPS usually uses setjmp to
spill the registers to the stack, and setjmp "scrambles" %rbp for
security reasons, that will result in references which are invisible to
MPS, which will cause other crashes.

Pip
This bug report was last modified 23 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.