Package: emacs;
Reported by: Ulrich Mueller <ulm <at> gentoo.org>
Date: Sat, 6 Sep 2008 03:45:03 UTC
Severity: normal
Tags: patch
Merged with 443
Found in version 22.3
Done: Chong Yidong <cyd <at> stupidchicken.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 900 in the body.
You can then email your comments to 900 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
bug-submit-list <at> lists.donarmstrong.com, Emacs Bugs <bug-gnu-emacs <at> gnu.org>:bug#900; Package emacs.
Full text and rfc822 format available.Ulrich Mueller <ulm <at> gentoo.org>:Emacs Bugs <bug-gnu-emacs <at> gnu.org>.
Full text and rfc822 format available.Message #5 received at submit <at> emacsbugs.donarmstrong.com (full text, mbox):
From: Ulrich Mueller <ulm <at> gentoo.org> To: bug-gnu-emacs <at> gnu.org Cc: emacs <at> gentoo.org Subject: temacs segmentation fault in unexec under Linux 2.6.26 Date: Sat, 6 Sep 2008 05:39:15 +0200
Package: emacs
Version: 22.3
Building of Emacs 22.3 under Linux 2.6.26 sometimes fails with a
segmentation fault of temacs in unexec. Part of the build log and a
full backtrace are included at the end of this message.
I had already reported this problem (for Emacs 22.2.92) to emacs-devel
but got no reply:
<http://lists.gnu.org/archive/html/emacs-devel/2008-09/msg00165.html>
The problem is related to kernel heap randomisation,
see <http://lkml.org/lkml/2007/10/23/435>. It doesn't exist under
Linux 2.6.24 or earlier.
In GNU Emacs 22.3.1 (i686-pc-linux-gnu, GTK+ Version 2.12.11)
of 2008-09-06 on a1iulm2
Windowing system distributor `The X.Org Foundation', version 11.0.10402000
configured using `configure '--prefix=/usr'
'--host=i686-pc-linux-gnu' '--mandir=/usr/share/man'
'--infodir=/usr/share/info' '--datadir=/usr/share'
'--sysconfdir=/etc' '--localstatedir=/var/lib'
'--program-suffix=-emacs-22' '--infodir=/usr/share/info/emacs-22'
'--without-carbon' '--with-sound' '--with-x'
'--without-toolkit-scroll-bars' '--with-jpeg' '--with-tiff'
'--with-gif' '--with-png' '--with-xpm' '--with-x-toolkit=gtk'
'--without-hesiod' '--with-kerberos' '--with-kerberos5'
'--build=i686-pc-linux-gnu' 'build_alias=i686-pc-linux-gnu'
'host_alias=i686-pc-linux-gnu' 'CFLAGS=-march=pentium-m -g -O2 -pipe'
'LDFLAGS=-Wl,-O1''
End of the build log:
LC_ALL=C ./temacs -batch -l loadup dump
Loading loadup.el (source)...
Using load-path (/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/lisp)
Loading emacs-lisp/byte-run...
Loading emacs-lisp/backquote...
Loading subr...
Loading version.el (source)...
Loading widget...
Loading custom...
Loading emacs-lisp/map-ynp...
Loading env...
Loading cus-start...
Loading international/mule...
Loading international/mule-conf.el (source)...
Loading format...
Loading bindings...
Loading files...
Loading cus-face...
Loading faces...
Loading button...
Loading startup...
Lists of integers (garbage collection statistics) are normal output
while building Emacs; they do not indicate a problem.
((11177 . 8431) (4849 . 0) (578 . 6) 16345 20225 (11 . 7) (17 . 0) (832 . 2381))
Loading loaddefs.el (source)...
((29161 . 11860) (7821 . 0) (587 . 10) 42301 20225 (37 . 33) (17 . 0) (3704 . 1462))
Loading simple...
Loading help...
Loading jka-cmpr-hook...
Loading international/mule-cmds...
Loading case-table...
Loading international/utf-8...
Loading international/utf-16...
Loading international/characters...
Loading international/latin-1.el (source)...
Loading international/latin-2.el (source)...
Loading international/latin-3.el (source)...
Loading international/latin-4.el (source)...
Loading international/latin-5.el (source)...
Loading international/latin-8.el (source)...
Loading international/latin-9.el (source)...
Loading language/chinese...
Loading language/cyrillic...
Loading language/indian...
Loading language/devanagari.el (source)...
Loading language/malayalam.el (source)...
Loading language/tamil.el (source)...
Loading language/kannada.el (source)...
Loading language/english.el (source)...
Loading language/ethiopic...
Loading language/european...
Loading language/czech.el (source)...
Loading language/slovak.el (source)...
Loading language/romanian.el (source)...
Loading language/greek.el (source)...
Loading language/hebrew.el (source)...
Loading language/japanese.el (source)...
Loading language/korean.el (source)...
Loading language/lao.el (source)...
Loading language/thai.el (source)...
Loading language/tibetan...
Loading language/vietnamese...
Loading language/misc-lang.el (source)...
Loading language/utf-8-lang.el (source)...
Loading language/georgian.el (source)...
Loading international/ucs-tables...
Loading indent...
Loading window...
Loading frame...
Loading term/tty-colors...
Loading font-core...
Loading facemenu...
Loading emacs-lisp/syntax...
Loading font-lock...
Loading jit-lock...
Loading mouse...
Loading scroll-bar...
Loading select...
Loading emacs-lisp/timer...
Loading isearch...
Loading rfn-eshadow...
((49507 . 18627) (10733 . 0) (622 . 92) 64080 164411 (67 . 4) (18 . 12) (4997 . 1681))
Loading menu-bar...
Loading paths.el (source)...
Loading emacs-lisp/lisp...
Loading textmodes/page...
Loading register...
Loading textmodes/paragraphs...
Loading emacs-lisp/lisp-mode...
Loading textmodes/text-mode...
Loading textmodes/fill...
((55968 . 12166) (11261 . 0) (624 . 90) 76368 166081 (67 . 4) (18 . 12) (5507 . 1801))
Loading replace...
Loading abbrev...
Loading buff-menu...
Loading fringe...
Loading image...
Loading international/fontset...
Loading dnd...
Loading mwheel...
Loading tool-bar...
Loading x-dnd...
((57901 . 10233) (11774 . 0) (625 . 89) 77920 166663 (69 . 8) (18 . 12) (5601 . 1581))
Loading emacs-lisp/float-sup...
((57933 . 10201) (11778 . 0) (625 . 89) 78085 166663 (70 . 9) (18 . 12) (5606 . 1576))
Loading vc-hooks...
Loading ediff-hook...
Loading tooltip...
((59259 . 8875) (11935 . 0) (626 . 88) 79285 166714 (72 . 7) (18 . 12) (5676 . 1506))
Finding pointers to doc strings...
Finding pointers to doc strings...done
Dumping under names emacs and emacs-22.3.1
make[1]: *** [emacs] Segmentation fault (core dumped)
make[1]: *** Deleting file `emacs'
make[1]: Leaving directory `/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src'
make: *** [src] Error 2
Backtrace:
GNU gdb 6.8
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...
Really redefine built-in command "frame"? (y or n) [answered Y; input not from terminal]
Really redefine built-in command "thread"? (y or n) [answered Y; input not from terminal]
Really redefine built-in command "start"? (y or n) [answered Y; input not from terminal]
Reading symbols from /usr/lib/libgtk-x11-2.0.so.0...done.
Loaded symbols for /usr/lib/libgtk-x11-2.0.so.0
Reading symbols from /usr/lib/libgdk-x11-2.0.so.0...done.
Loaded symbols for /usr/lib/libgdk-x11-2.0.so.0
Reading symbols from /usr/lib/libatk-1.0.so.0...done.
Loaded symbols for /usr/lib/libatk-1.0.so.0
Reading symbols from /usr/lib/libgdk_pixbuf-2.0.so.0...done.
Loaded symbols for /usr/lib/libgdk_pixbuf-2.0.so.0
Reading symbols from /usr/lib/libpangocairo-1.0.so.0...done.
Loaded symbols for /usr/lib/libpangocairo-1.0.so.0
Reading symbols from /usr/lib/libpango-1.0.so.0...done.
Loaded symbols for /usr/lib/libpango-1.0.so.0
Reading symbols from /usr/lib/libcairo.so.2...done.
Loaded symbols for /usr/lib/libcairo.so.2
Reading symbols from /usr/lib/libgobject-2.0.so.0...done.
Loaded symbols for /usr/lib/libgobject-2.0.so.0
Reading symbols from /usr/lib/libgmodule-2.0.so.0...done.
Loaded symbols for /usr/lib/libgmodule-2.0.so.0
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /usr/lib/libglib-2.0.so.0...done.
Loaded symbols for /usr/lib/libglib-2.0.so.0
Reading symbols from /lib/libpthread.so.0...done.
Loaded symbols for /lib/libpthread.so.0
Reading symbols from /usr/lib/libSM.so.6...done.
Loaded symbols for /usr/lib/libSM.so.6
Reading symbols from /usr/lib/libICE.so.6...done.
Loaded symbols for /usr/lib/libICE.so.6
Reading symbols from /usr/lib/libtiff.so.3...done.
Loaded symbols for /usr/lib/libtiff.so.3
Reading symbols from /usr/lib/libjpeg.so.62...done.
Loaded symbols for /usr/lib/libjpeg.so.62
Reading symbols from /usr/lib/libpng12.so.0...done.
Loaded symbols for /usr/lib/libpng12.so.0
Reading symbols from /lib/libz.so.1...done.
Loaded symbols for /lib/libz.so.1
Reading symbols from /lib/libm.so.6...done.
Loaded symbols for /lib/libm.so.6
Reading symbols from /usr/lib/libgif.so.4...done.
Loaded symbols for /usr/lib/libgif.so.4
Reading symbols from /usr/lib/libXpm.so.4...done.
Loaded symbols for /usr/lib/libXpm.so.4
Reading symbols from /usr/lib/libX11.so.6...done.
Loaded symbols for /usr/lib/libX11.so.6
Reading symbols from /usr/lib/libXft.so.2...done.
Loaded symbols for /usr/lib/libXft.so.2
Reading symbols from /usr/lib/libXrender.so.1...done.
Loaded symbols for /usr/lib/libXrender.so.1
Reading symbols from /usr/lib/libfontconfig.so.1...done.
Loaded symbols for /usr/lib/libfontconfig.so.1
Reading symbols from /usr/lib/libfreetype.so.6...done.
Loaded symbols for /usr/lib/libfreetype.so.6
Reading symbols from /usr/lib/libasound.so.2...done.
Loaded symbols for /usr/lib/libasound.so.2
Reading symbols from /lib/libncurses.so.5...done.
Loaded symbols for /lib/libncurses.so.5
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/libuuid.so.1...done.
Loaded symbols for /lib/libuuid.so.1
Reading symbols from /usr/lib/libXrandr.so.2...done.
Loaded symbols for /usr/lib/libXrandr.so.2
Reading symbols from /usr/lib/libXcursor.so.1...done.
Loaded symbols for /usr/lib/libXcursor.so.1
Reading symbols from /usr/lib/libpangoft2-1.0.so.0...done.
Loaded symbols for /usr/lib/libpangoft2-1.0.so.0
Reading symbols from /usr/lib/libXcomposite.so.1...done.
Loaded symbols for /usr/lib/libXcomposite.so.1
Reading symbols from /usr/lib/libXdamage.so.1...done.
Loaded symbols for /usr/lib/libXdamage.so.1
Reading symbols from /usr/lib/libXfixes.so.3...done.
Loaded symbols for /usr/lib/libXfixes.so.3
Reading symbols from /usr/lib/libexpat.so.1...done.
Loaded symbols for /usr/lib/libexpat.so.1
Reading symbols from /usr/lib/libdirectfb-1.2.so.0...done.
Loaded symbols for /usr/lib/libdirectfb-1.2.so.0
Reading symbols from /usr/lib/libfusion-1.2.so.0...done.
Loaded symbols for /usr/lib/libfusion-1.2.so.0
Reading symbols from /usr/lib/libdirect-1.2.so.0...done.
Loaded symbols for /usr/lib/libdirect-1.2.so.0
Reading symbols from /usr/lib/libglitz-glx.so.1...done.
Loaded symbols for /usr/lib/libglitz-glx.so.1
Reading symbols from /usr/lib/libglitz.so.1...done.
Loaded symbols for /usr/lib/libglitz.so.1
Reading symbols from /usr/lib/opengl/xorg-x11/lib/libGL.so.1...done.
Loaded symbols for //usr//lib/opengl/xorg-x11/lib/libGL.so.1
Reading symbols from /usr/lib/libXmu.so.6...done.
Loaded symbols for /usr/lib/libXmu.so.6
Reading symbols from /usr/lib/libXt.so.6...done.
Loaded symbols for /usr/lib/libXt.so.6
Reading symbols from /usr/lib/libXext.so.6...done.
Loaded symbols for /usr/lib/libXext.so.6
Reading symbols from /usr/lib/libXi.so.6...done.
Loaded symbols for /usr/lib/libXi.so.6
Reading symbols from /usr/lib/libXau.so.6...done.
Loaded symbols for /usr/lib/libXau.so.6
Reading symbols from /usr/lib/libXdmcp.so.6...done.
Loaded symbols for /usr/lib/libXdmcp.so.6
Reading symbols from /usr/lib/libpixman-1.so.0...done.
Loaded symbols for /usr/lib/libpixman-1.so.0
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /usr/lib/libjbig.so...done.
Loaded symbols for /usr/lib/libjbig.so
Reading symbols from /lib/librt.so.1...done.
Loaded symbols for /lib/librt.so.1
Reading symbols from /usr/lib/libXxf86vm.so.1...done.
Loaded symbols for /usr/lib/libXxf86vm.so.1
Reading symbols from /usr/lib/libdrm.so.2...done.
Loaded symbols for /usr/lib/libdrm.so.2
Core was generated by `./temacs -batch -l loadup dump'.
Program terminated with signal 11, Segmentation fault.
[New process 30599]
#0 0x081957ef in unexec (new_name=0x8681178 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/emacs", old_name=0x86811c0 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/temacs", data_start=0x82eb6b8, bss_start=0x0, entry_address=0x0) at unexelf.c:951
951 memcpy (NEW_SECTION_H (nn).sh_offset + new_base,
DISPLAY = :0.0
TERM = xterm
Breakpoint 1 at 0x80fcb26: file emacs.c, line 432.
Breakpoint 2 at 0x8117246: file sysdep.c, line 1386.
gdb> bt full
#0 0x081957ef in unexec (new_name=0x8681178 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/emacs", old_name=0x86811c0 "/var/tmp/portage/app-editors/emacs-22.3/work/emacs-22.3/src/temacs", data_start=0x82eb6b8, bss_start=0x0, entry_address=0x0) at unexelf.c:951
src = <value optimized out>
new_file = 0x5
old_file = 0x4
old_base = 0x2b890000 "\177ELF\001\001\001"
new_base = 0x2be8c000 "\177ELF\001\001\001"
old_file_h = <value optimized out>
new_file_h = <value optimized out>
new_program_h = (Elf32_Phdr *) 0x2be8c034
old_section_h = (Elf32_Shdr *) 0x2be51c10
new_section_h = (Elf32_Shdr *) 0x2c7eb530
old_section_names = 0x2be51adb ""
old_bss_addr = 0x82eb6e0
new_bss_addr = <value optimized out>
old_bss_size = <value optimized out>
new_data2_size = 0x39d920
new_data2_offset = 0x2a26e0
n = 0x15
nn = 0x15
old_bss_index = 0x15
old_sbss_index = 0xffffffff
old_plt_index = 0xffffffff
old_data_index = 0x14
new_data2_index = 0x15
stat_buf = {
st_dev = 0x307,
__pad1 = 0x0,
__st_ino = 0x4264,
st_mode = 0x81ed,
st_nlink = 0x1,
st_uid = 0x1357,
st_gid = 0x119e,
st_rdev = 0x0,
__pad2 = 0x0,
st_size = 0x5fb6c6,
st_blksize = 0x1000,
st_blocks = 0x2ff8,
st_atim = {
tv_sec = 0x48c1ef81,
tv_nsec = 0x0
},
st_mtim = {
tv_sec = 0x48c1ef82,
tv_nsec = 0x0
},
st_ctim = {
tv_sec = 0x48c1ef82,
tv_nsec = 0x0
},
st_ino = 0x4264
}
#1 0x080fc5bd in Fdump_emacs (filename=0x8680308, symfile=0x868048b) at emacs.c:2286
tem = 0x842d8f9
symbol = <value optimized out>
#2 0x0816b541 in Feval (form=0x846a175) at eval.c:2327
numargs = <value optimized out>
argvals = {0x868049b, 0x868048b, 0x0, 0x842dcb8, 0x7f84ed70, 0x7f84ecf8, 0x7f84ecc0, 0x2}
args_left = 0x842d8c9
i = 0x2
fun = <value optimized out>
val = <value optimized out>
original_fun = <value optimized out>
original_args = 0x846a15d
funcar = <value optimized out>
backtrace = {
next = 0x7f84ed80,
function = 0x7f84ed08,
args = 0x7f84ecd0,
nargs = 0x2,
evalargs = 0x1,
debug_on_exit = 0x0
}
#3 0x0816b7ff in Fprogn (args=0x348) at eval.c:449
val = 0xd8000
#4 0x0816b5ff in Feval (form=0x846b765) at eval.c:2271
numargs = 0x348
argvals = {0x42d8f9, 0x842bb15, 0x0, 0x7f84ee18, 0x7f84ee00, 0x7f84ed88, 0x7f84ed84, 0xffffffff}
args_left = 0x846b60d
i = <value optimized out>
fun = <value optimized out>
val = <value optimized out>
original_fun = <value optimized out>
original_args = 0x846b60d
funcar = <value optimized out>
backtrace = {
next = 0x7f84ee00,
function = 0x7f84ed98,
args = 0x7f84ed94,
nargs = 0xffffffff,
evalargs = 0x0,
debug_on_exit = 0x0
}
#5 0x0816b5ff in Feval (form=0x842b97d) at eval.c:2271
numargs = 0x348
argvals = {0x846b765, 0x842d8c9, 0x7f84ee28, 0x8180a18, 0x8465c58, 0x843dc19, 0x7f84ee28, 0x816844f}
args_left = 0x846b76d
i = <value optimized out>
fun = <value optimized out>
val = <value optimized out>
original_fun = <value optimized out>
original_args = 0x846b76d
funcar = <value optimized out>
backtrace = {
next = 0x7f84f220,
function = 0x7f84ee18,
args = 0x7f84ee14,
nargs = 0xffffffff,
evalargs = 0x0,
debug_on_exit = 0x0
}
#6 0x0818364c in readevalloop (readcharfun=0x843dc19, stream=0x8465c58, sourcename=0x84658ab, evalfun=0x816b040 <Feval>, printflag=0x0, unibyte=0x842d8c9, readfun=0x842d8c9, start=0x842d8c9, end=0x842d8c9) at lread.c:1559
c = <value optimized out>
val = 0x842b97d
b = (struct buffer *) 0x0
continue_reading_p = 0x1
whole_buffer = 0x0
first_sexp = 0x0
#7 0x08184947 in Fload (file=0x846582b, noerror=0x842d8c9, nomessage=0x842d8c9, nosuffix=0x842d8c9, must_suffix=0x842d8c9) at lread.c:1027
stream = <value optimized out>
fd = 0x3
found = <value optimized out>
efound = <value optimized out>
hist_file_name = 0x84658ab
newer = 0x0
compiled = 0x0
handler = <value optimized out>
safe_p = 0x1
tmp = {0x842d8c9, 0x846589b}
#8 0x0816b4e7 in Feval (form=0x842a385) at eval.c:2338
numargs = <value optimized out>
argvals = {0x846582b, 0x842d8c9, 0x842d8c9, 0x842d8c9, 0x842d8c9, 0xb, 0x0, 0x0}
args_left = 0x842d8c9
i = 0x5
fun = <value optimized out>
val = <value optimized out>
original_fun = <value optimized out>
original_args = 0x842a37d
funcar = <value optimized out>
backtrace = {
next = 0x0,
function = 0x7f84f238,
args = 0x7f84f200,
nargs = 0x1,
evalargs = 0x1,
debug_on_exit = 0x0
}
#9 0x08104403 in top_level_2 () at keyboard.c:1339
No locals.
#10 0x08168fa2 in internal_condition_case (bfun=0x81043f0 <top_level_2>, handlers=0x8438a89, hfun=0x8107f80 <cmd_error>) at eval.c:1484
val = <value optimized out>
c = {
tag = 0x842d8c9,
val = 0x842d8c9,
next = 0x7f84f380,
gcpro = 0x0,
jmp = {{
__jmpbuf = {0x0, 0x8431940, 0x8431930, 0x7f84f348, 0x884af267, 0xacb0f488},
__mask_was_saved = 0x0,
__saved_mask = {
__val = {0x7f84f340, 0x2aac7658, 0x804f59a, 0xa8428197, 0x0, 0x0, 0xb <repeats 18 times>, 0x2b4d4c2c, 0x2b318a90, 0xb, 0x69cb120, 0x2aac6fc4, 0x2aac7658, 0x1, 0x7f84f350}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0x0,
pdlcount = 0x2,
poll_suppress_count = 0x1,
interrupt_input_blocked = 0x0,
byte_stack = 0x0
}
h = {
handler = 0x8438a89,
var = 0x842d8c9,
chosen_clause = 0x1,
tag = 0x7f84f26c,
next = 0x0
}
#11 0x0810737e in top_level_1 () at keyboard.c:1347
No locals.
#12 0x0816907c in internal_catch (tag=0x8437ba1, func=0x8107330 <top_level_1>, arg=0x842d8c9) at eval.c:1224
c = {
tag = 0x8437ba1,
val = 0x842d8c9,
next = 0x0,
gcpro = 0x0,
jmp = {{
__jmpbuf = {0x0, 0x8431940, 0x8431930, 0x7f84f448, 0x8848d267, 0xac8eec88},
__mask_was_saved = 0x0,
__saved_mask = {
__val = {0xb, 0xb, 0xb, 0xb, 0x81d92e0, 0xa, 0x7d0, 0x7f84f3e8, 0x8151e5b, 0x84627cc, 0x82defc1, 0xa, 0x845ada0, 0x8435540, 0x845ada1, 0x7f84f428, 0x815a9a6, 0x845ada1, 0x845a37a, 0x842d8c9, 0x8435540, 0x9, 0x9, 0x842d8e1, 0x2, 0x845a378, 0x845a37a, 0x9, 0x0, 0x845ada1, 0x1, 0x7f84f468}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0x0,
pdlcount = 0x2,
poll_suppress_count = 0x1,
interrupt_input_blocked = 0x0,
byte_stack = 0x0
}
#13 0x08107dba in command_loop () at keyboard.c:1304
No locals.
#14 0x08108157 in recursive_edit_1 () at keyboard.c:1007
val = <value optimized out>
#15 0x08108249 in Frecursive_edit () at keyboard.c:1068
buffer = <value optimized out>
#16 0x080fd96f in main (argc=0x5, argv=0x7f84f864) at emacs.c:1770
dummy = 0x7f84f7b8
stack_bottom_variable = 0x8
do_initial_setlocale = <value optimized out>
skip_args = 0x3
rlim = {
rlim_cur = 0xffffffffffffffff,
rlim_max = 0xffffffffffffffff
}
no_loadup = 0x0
junk = 0x0
Lisp Backtrace:
"dump-emacs" (0x868049b)
"if" (0x846b60d)
"if" (0x846b76d)
"load" (0x846582b)
gdb>
Sven Joachim <svenjoac <at> gmx.de>
to control <at> emacsbugs.donarmstrong.com.
(Sat, 06 Sep 2008 12:40:04 GMT) Full text and rfc822 format available.bug-submit-list <at> lists.donarmstrong.com, Emacs Bugs <bug-gnu-emacs <at> gnu.org>:bug#900; Package emacs.
Full text and rfc822 format available.Ulrich Mueller <ulm <at> gentoo.org>:Emacs Bugs <bug-gnu-emacs <at> gnu.org>.
Full text and rfc822 format available.Message #12 received at 900 <at> emacsbugs.donarmstrong.com (full text, mbox):
From: Ulrich Mueller <ulm <at> gentoo.org> To: 900 <at> debbugs.gnu.org Cc: emacs <at> gentoo.org Subject: Re: temacs segmentation fault in unexec under Linux 2.6.26 Date: Tue, 9 Sep 2008 17:02:04 +0200
Tags: patch
I guess the issue boils down to the fact that testing for
(heap_bss_diff > MAX_HEAP_BSS_DIFF) is not a reliable method to
determine if heap randomisation is switched on. "heap_bss_diff" is
random in nature, and will therefore be smaller than MAX_HEAP_BSS_DIFF
in some cases. These lead to the observed segmentation faults.
Here is an attempt of a patch, asking the kernel (via /proc fs) for
the presence of the feature. I've also made the definition of
ADDR_NO_RANDOMIZE conditional, since it is already defined in newer
versions of personality.h.
Patch was tested with 22.3, but also applies cleanly to the CVS trunk
of today.
*** emacs-orig/src/emacs.c 2008-05-12 21:55:52.000000000 +0200
--- emacs/src/emacs.c 2008-09-09 16:26:52.000000000 +0200
***************
*** 73,78 ****
--- 73,81 ----
#ifdef HAVE_PERSONALITY_LINUX32
#include <sys/personality.h>
+ #ifndef ADDR_NO_RANDOMIZE
+ #define ADDR_NO_RANDOMIZE 0x0040000
+ #endif
#endif
#ifndef O_RDWR
***************
*** 789,794 ****
--- 792,817 ----
return count >= 3 ? REPORT_EMACS_BUG_PRETEST_ADDRESS : REPORT_EMACS_BUG_ADDRESS;
}
+ #ifdef HAVE_PERSONALITY_LINUX32
+ /* Get the `randomize_va_space' parameter. A value of 2 (introduced
+ in Linux 2.6.25) indicates that brk() randomization is switched on,
+ which will break unexec. See <http://lkml.org/lkml/2007/10/23/435>. */
+ static int
+ linux_randomize_va_space ()
+ {
+ FILE *fp;
+ int rand, count;
+
+ fp = fopen ("/proc/sys/kernel/randomize_va_space", "r");
+ if (!fp)
+ return -1;
+ count = fscanf (fp, "%d", &rand);
+ (void) fclose (fp);
+ if (count != 1)
+ return -1;
+ return rand;
+ }
+ #endif /* HAVE_PERSONALITY_LINUX32 */
/* ARGSUSED */
int
***************
*** 883,906 ****
if (!initialized
&& (strcmp (argv[argc-1], "dump") == 0
|| strcmp (argv[argc-1], "bootstrap") == 0)
! && heap_bss_diff > MAX_HEAP_BSS_DIFF)
{
! if (! getenv ("EMACS_HEAP_EXEC"))
! {
! /* Set this so we only do this once. */
! putenv("EMACS_HEAP_EXEC=true");
!
! /* A flag to turn off address randomization which is introduced
! in linux kernel shipped with fedora core 4 */
! #define ADD_NO_RANDOMIZE 0x0040000
! personality (PER_LINUX32 | ADD_NO_RANDOMIZE);
! #undef ADD_NO_RANDOMIZE
!
! execvp (argv[0], argv);
!
! /* If the exec fails, try to dump anyway. */
! perror ("execvp");
! }
}
#endif /* HAVE_PERSONALITY_LINUX32 */
--- 906,925 ----
if (!initialized
&& (strcmp (argv[argc-1], "dump") == 0
|| strcmp (argv[argc-1], "bootstrap") == 0)
! && !getenv ("EMACS_HEAP_EXEC")
! && (heap_bss_diff > MAX_HEAP_BSS_DIFF
! || linux_randomize_va_space() >= 2))
{
! /* Set this so we only do this once. */
! putenv("EMACS_HEAP_EXEC=true");
!
! /* Set personality and disable randomization of VA space. */
! personality (PER_LINUX32 | ADDR_NO_RANDOMIZE);
!
! execvp (argv[0], argv);
!
! /* If the exec fails, try to dump anyway. */
! perror ("execvp");
}
#endif /* HAVE_PERSONALITY_LINUX32 */
Ulrich Mueller <ulm <at> kph.uni-mainz.de>
to control <at> emacsbugs.donarmstrong.com.
(Wed, 10 Sep 2008 15:30:04 GMT) Full text and rfc822 format available.Message #15 received at 900-done <at> emacsbugs.donarmstrong.com (full text, mbox):
From: Chong Yidong <cyd <at> stupidchicken.com> To: 443-done <at> debbugs.gnu.org, 900-done <at> debbugs.gnu.org Subject: Re: temacs segmentation fault in unexec under Linux 2.6.26 Date: Thu, 23 Oct 2008 18:18:59 -0400
Since Jan has fixed this in the trunk (2008-10-21 checkin), I'm closing this bug.
Debbugs Internal Request <don <at> donarmstrong.com>
to internal_control <at> emacsbugs.donarmstrong.com.
(Fri, 21 Nov 2008 15:24:04 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.