From unknown Mon Aug 18 14:20:23 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#9401 <9401@debbugs.gnu.org> To: bug#9401 <9401@debbugs.gnu.org> Subject: Status: 24.0.50; Crash during fontification Reply-To: bug#9401 <9401@debbugs.gnu.org> Date: Mon, 18 Aug 2025 21:20:23 +0000 retitle 9401 24.0.50; Crash during fontification reassign 9401 emacs submitter 9401 Chong Yidong severity 9401 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 29 12:13:28 2011 Received: (at submit) by debbugs.gnu.org; 29 Aug 2011 16:13:28 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Qy4Sl-0003sj-VD for submit@debbugs.gnu.org; Mon, 29 Aug 2011 12:13:28 -0400 Received: from eggs.gnu.org ([140.186.70.92]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Qy4Sj-0003sb-6U for submit@debbugs.gnu.org; Mon, 29 Aug 2011 12:13:26 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Qy4Pk-0000SK-Oo for submit@debbugs.gnu.org; Mon, 29 Aug 2011 12:10:22 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable version=3.3.1 Received: from lists.gnu.org ([140.186.70.17]:38915) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Qy4Pk-0000S3-N3 for submit@debbugs.gnu.org; Mon, 29 Aug 2011 12:10:20 -0400 Received: from eggs.gnu.org ([140.186.70.92]:39537) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Qy4Pj-00050s-FE for bug-gnu-emacs@gnu.org; Mon, 29 Aug 2011 12:10:20 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Qy4Ph-0000Rd-Fp for bug-gnu-emacs@gnu.org; Mon, 29 Aug 2011 12:10:19 -0400 Received: from vm-emlprdomr-02.its.yale.edu ([130.132.50.143]:53591) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Qy4Ph-0000RO-Dq for bug-gnu-emacs@gnu.org; Mon, 29 Aug 2011 12:10:17 -0400 Received: from furball (dhcp-128-36-14-41.central.yale.edu [128.36.14.41]) (authenticated bits=0) by vm-emlprdomr-02.its.yale.edu (8.14.4/8.14.4) with ESMTP id p7TGADXm004599 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Mon, 29 Aug 2011 12:10:16 -0400 From: Chong Yidong To: bug-gnu-emacs@gnu.org Subject: 24.0.50; Crash during fontification Date: Mon, 29 Aug 2011 12:10:12 -0400 Message-ID: <87obz8i4gr.fsf@stupidchicken.com> MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.71 on 130.132.50.143 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 140.186.70.17 X-Spam-Score: -4.7 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -4.7 (----) I can trigger this crash about 50 percent of the time by doing emacs -q trunk/src/buffer.h C-s defvar Emacs then crashes with a segfault. The problem involves a call to scan_sexps_forward (frame#4) with from_byte larger than the byte size of the buffer. In GNU Emacs 24.0.50.6 (x86_64-unknown-linux-gnu, GTK+ Version 2.20.1) of 2011-08-28 on furball Windowing system distributor `The X.Org Foundation', version 11.0.10706000 configured using `configure 'CC=gcc' 'CFLAGS=-g'' #0 0x00000000004d339e in sub_char_table_ref (table=12557029, c=7077888, is_uniprop=0) at chartab.c:214 #1 0x00000000004d3583 in char_table_ref (table=12555781, c=7077888) at chartab.c:238 #2 0x00000000004d3603 in char_table_ref (table=13980037, c=7077888) at chartab.c:244 #3 0x00000000004d3603 in char_table_ref (table=20726293, c=7077888) at chartab.c:244 #4 0x00000000006300a5 in scan_sexps_forward (stateptr=0x7fffffff30b0, from=26298, from_byte=48082, end=38471, targetdepth=-10000, stopbefore=0, oldstate=12552834, commentstop=0) at syntax.c:3133 #5 0x000000000061e721 in back_comment (from=38165, from_byte=38165, stop=1, comnested=0, comstyle=0, charpos_ptr=0x7fffffff3418, bytepos_ptr=0x7fffffff3420) at syntax.c:733 #6 0x000000000062c7ec in scan_lists (from=38471, count=-1, depth=0, sexpflag=1) at syntax.c:2768 #7 0x000000000062d78c in Fscan_sexps (from=153900, count=-4) at syntax.c:2879 #8 0x00000000005e9321 in Ffuncall (nargs=3, args=0x7fffffff35a0) at eval.c:2993 #9 0x000000000063632a in exec_byte_code (bytestr=16912593, vector=16668517, maxdepth=12, args_template=12552834, nargs=0, args=0x0) at bytecode.c:785 #10 0x00000000006358e7 in Fbyte_code (bytestr=16912593, vector=16668517, maxdepth=12) at bytecode.c:423 #11 0x00000000005e7c59 in eval_sub (form=13302582) at eval.c:2344 #12 0x00000000005e5ce9 in internal_lisp_condition_case (var=12552834, bodyform=13302582, handlers=13301958) at eval.c:1445 #13 0x0000000000636ff1 in exec_byte_code (bytestr=14879841, vector=16442533, maxdepth=36, args_template=12552834, nargs=0, args=0x0) at bytecode.c:981 #14 0x00000000006358e7 in Fbyte_code (bytestr=14879841, vector=16442533, maxdepth=36) at bytecode.c:423 #15 0x00000000005e7c59 in eval_sub (form=13181174) at eval.c:2344 #16 0x00000000005e57f3 in internal_catch (tag=13108082, func=0x5e7559 , arg=13181174) at eval.c:1248 #17 0x0000000000636f81 in exec_byte_code (bytestr=16475201, vector=16727461, maxdepth=108, args_template=12552834, nargs=0, args=0x0) at bytecode.c:966 #18 0x00000000005e9d9f in funcall_lambda (fun=16837253, nargs=3, arg_vector=0xff3da5) at eval.c:3221 #19 0x00000000005e950c in Ffuncall (nargs=4, args=0x7fffffff4900) at eval.c:3039 #20 0x000000000063632a in exec_byte_code (bytestr=20878529, vector=17068181, maxdepth=24, args_template=12552834, nargs=0, args=0x0) at bytecode.c:785 #21 0x00000000006358e7 in Fbyte_code (bytestr=20878529, vector=17068181, maxdepth=24) at bytecode.c:423 #22 0x00000000005e7c59 in eval_sub (form=14631046) at eval.c:2344 #23 0x00000000005e57f3 in internal_catch (tag=13339906, func=0x5e7559 , arg=14631046) at eval.c:1248 #24 0x0000000000636f81 in exec_byte_code (bytestr=20878657, vector=17068613, maxdepth=8, args_template=12552834, nargs=0, args=0x0) at bytecode.c:966 #25 0x00000000005e9d9f in funcall_lambda (fun=17068853, nargs=0, arg_vector=0x1047245) at eval.c:3221 .... #55 0x0000000000432aae in safe_call1 (fn=15752850, arg=158376) at xdisp.c:2218 #56 0x00000000004352b0 in handle_fontified_prop (it=0x7fffffff8b50) at xdisp.c:3332 #57 0x00000000004344ab in handle_stop (it=0x7fffffff8b50) at xdisp.c:2923 #58 0x000000000043c10e in reseat (it=0x7fffffff8b50, pos=..., force_p=1) at xdisp.c:5828 #59 0x0000000000433af8 in init_iterator (it=0x7fffffff8b50, w=0x1296430, charpos=39594, bytepos=39594, row=0x0, base_face_id=DEFAULT_FACE_ID) at xdisp.c:2633 #60 0x0000000000454c5b in redisplay_window (window=19489845, just_this_one_p=0) at xdisp.c:15265 #61 0x000000000044f05a in redisplay_window_0 (window=19489845) at xdisp.c:13320 #62 0x00000000005e5fa3 in internal_condition_case_1 ( bfun=0x44f01b , arg=19489845, handlers=12523142, hfun=0x44efec ) at eval.c:1529 #63 0x000000000044efcd in redisplay_windows (window=19489845) at xdisp.c:13300 #64 0x000000000044dfa5 in redisplay_internal () at xdisp.c:12877 #65 0x000000000044e7f7 in redisplay_preserve_echo_area (from_where=2) at xdisp.c:13128 #66 0x000000000041ffdb in Fredisplay (force=12552834) at dispnew.c:5991 #67 0x00000000005e92fa in Ffuncall (nargs=1, args=0x7fffffffb7b0) at eval.c:2990 #68 0x000000000063632a in exec_byte_code (bytestr=9404985, vector=9405021, maxdepth=20, args_template=12552834, nargs=0, args=0x0) at bytecode.c:785 #69 0x00000000005e9d9f in funcall_lambda (fun=9404869, nargs=1, arg_vector=0x8f825d) at eval.c:3221 ... #93 0x000000000055b370 in Fcommand_execute (cmd=15676706, record_flag=12552834, keys=12552834, special=12552834) at keyboard.c:10271 #94 0x00000000005497a8 in command_loop_1 () at keyboard.c:1572 #95 0x00000000005e5e3c in internal_condition_case ( bfun=0x548f00 , handlers=12604850, hfun=0x5487db ) at eval.c:1491 #96 0x0000000000548bf7 in command_loop_2 (ignore=12552834) at keyboard.c:1156 #97 0x00000000005e57f3 in internal_catch (tag=12600642, func=0x548bd1 , arg=12552834) at eval.c:1248 #98 0x0000000000548baa in command_loop () at keyboard.c:1135 #99 0x0000000000548329 in recursive_edit_1 () at keyboard.c:756 #100 0x00000000005484c5 in Frecursive_edit () at keyboard.c:820 #101 0x000000000054666b in main (argc=2, argv=0x7fffffffe708) at emacs.c:1698 Lisp Backtrace: "scan-sexps" (0xffff35a8) "byte-code" (0xffff39a0) "byte-code" (0xffff40c0) "c-beginning-of-statement-1" (0xffff4908) "byte-code" (0xffff4d10) "c-beginning-of-decl-1" (0xffff5488) "c-font-lock-enclosing-decls" (0xffff5968) "font-lock-fontify-keywords-region" (0xffff5e68) "font-lock-default-fontify-region" (0xffff6348) "font-lock-fontify-region" (0xffff69c0) "run-hook-with-args" (0xffff69b8) "byte-code" (0xffff6db0) "jit-lock-fontify-now" (0xffff7598) "jit-lock-function" (0xffff7c78) "redisplay" (0xffffb7b8) "sit-for" (0xffffbc98) "isearch-lazy-highlight-new-loop" (0xffffc168) "isearch-update" (0xffffc648) "isearch-search-and-update" (0xffffcb18) "isearch-process-search-string" (0xffffcfd8) "isearch-process-search-char" (0xffffd4a8) "isearch-printing-char" (0xffffd980) "call-interactively" (0xffffdd38) (gdb) f 4 #4 0x00000000006300a5 in scan_sexps_forward (stateptr=0x7fffffff30b0, from=26298, from_byte=48082, end=38471, targetdepth=-10000, stopbefore=0, oldstate=12552834, commentstop=0) at syntax.c:3133 3133 temp = SYNTAX (temp); (gdb) p temp $1 = 7077888 (gdb) p from_byte $2 = 48082 (gdb) p current_buffer->zv $3 = 41396 (gdb) p current_buffer->zv_byte $4 = 41396 (gdb) f 5 #5 0x000000000061e721 in back_comment (from=38165, from_byte=38165, stop=1, comnested=0, comstyle=0, charpos_ptr=0x7fffffff3418, bytepos_ptr=0x7fffffff3420) at syntax.c:733 733 scan_sexps_forward (&state, (gdb) p &state $5 = (struct lisp_parse_state *) 0x7fffffff30b0 (gdb) p defun_start $6 = 17891 (gdb) p defun_start_byte $7 = 38163 From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 29 15:02:44 2011 Received: (at 9401) by debbugs.gnu.org; 29 Aug 2011 19:02:44 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Qy76Z-0007Qr-DU for submit@debbugs.gnu.org; Mon, 29 Aug 2011 15:02:44 -0400 Received: from relais.videotron.ca ([24.201.245.36]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Qy76X-0007Qj-93 for 9401@debbugs.gnu.org; Mon, 29 Aug 2011 15:02:42 -0400 MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII Received: from ceviche.home ([96.22.109.87]) by vl-mo-mrz24.ip.videotron.ca (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTP id <0LQP00CISE1JTP20@vl-mo-mrz24.ip.videotron.ca> for 9401@debbugs.gnu.org; Mon, 29 Aug 2011 14:58:31 -0400 (EDT) Received: by ceviche.home (Postfix, from userid 20848) id 8EAF5660B6; Mon, 29 Aug 2011 14:59:36 -0400 (EDT) From: Stefan Monnier To: Chong Yidong Subject: Re: bug#9401: 24.0.50; Crash during fontification Message-id: References: <87obz8i4gr.fsf@stupidchicken.com> Date: Mon, 29 Aug 2011 14:59:36 -0400 In-reply-to: <87obz8i4gr.fsf@stupidchicken.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) X-Spam-Score: -2.9 (--) X-Debbugs-Envelope-To: 9401 Cc: 9401@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.9 (--) > I can trigger this crash about 50 percent of the time by doing > emacs -q trunk/src/buffer.h > C-s defvar > Emacs then crashes with a segfault. > The problem involves a call to scan_sexps_forward (frame#4) with > from_byte larger than the byte size of the buffer. [...] > #4 0x00000000006300a5 in scan_sexps_forward (stateptr=0x7fffffff30b0, > from=26298, from_byte=48082, end=38471, targetdepth=-10000, stopbefore=0, > oldstate=12552834, commentstop=0) at syntax.c:3133 > #5 0x000000000061e721 in back_comment (from=38165, from_byte=38165, stop=1, > comnested=0, comstyle=0, charpos_ptr=0x7fffffff3418, > bytepos_ptr=0x7fffffff3420) at syntax.c:733 There's something pretty fishy going on, indeed, since we end going "back" from 38165/38165 to 26298/38471, i.e. the char position is smaller but the byte position is larger. Stefan From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 29 17:20:01 2011 Received: (at 9401) by debbugs.gnu.org; 29 Aug 2011 21:20:01 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Qy9FR-0008NR-5D for submit@debbugs.gnu.org; Mon, 29 Aug 2011 17:20:01 -0400 Received: from vm-emlprdomr-06.its.yale.edu ([130.132.50.147]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1Qy9FO-0008NJ-GI for 9401@debbugs.gnu.org; Mon, 29 Aug 2011 17:19:59 -0400 Received: from furball (dhcp-128-36-14-41.central.yale.edu [128.36.14.41]) (authenticated bits=0) by vm-emlprdomr-06.its.yale.edu (8.14.4/8.14.4) with ESMTP id p7TLGrP8027750 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 29 Aug 2011 17:16:54 -0400 From: Chong Yidong To: Stefan Monnier Subject: Re: bug#9401: 24.0.50; Crash during fontification References: <87obz8i4gr.fsf@stupidchicken.com> Date: Mon, 29 Aug 2011 17:16:53 -0400 In-Reply-To: (Stefan Monnier's message of "Mon, 29 Aug 2011 14:59:36 -0400") Message-ID: <874o0z6hq2.fsf@stupidchicken.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.71 on 130.132.50.147 X-Spam-Score: -2.7 (--) X-Debbugs-Envelope-To: 9401 Cc: 9401@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.7 (--) Here's an additional data point. Bisection shows that the segfault (with the given recipe) first shows up with a change to CC mode in July: revno: 105278 committer: Alan Mackenzie branch nick: trunk timestamp: Mon 2011-07-18 17:15:24 +0000 message: CC Mode: Fontify declarators properly when, e.g., a jit-lock chunk begins inside a declaration. Changed cc-engine.el, cc-langs.el, cc-fonts.el. It seems likely that there is a longer-standing bug in the syntax handling code which was exposed by this change. From debbugs-submit-bounces@debbugs.gnu.org Mon Aug 29 23:58:05 2011 Received: (at 9401) by debbugs.gnu.org; 30 Aug 2011 03:58:05 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QyFSe-0001Ef-N1 for submit@debbugs.gnu.org; Mon, 29 Aug 2011 23:58:05 -0400 Received: from mail-pz0-f47.google.com ([209.85.210.47]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QyFSb-0001EI-SF for 9401@debbugs.gnu.org; Mon, 29 Aug 2011 23:58:02 -0400 Received: by pzk2 with SMTP id 2so9289619pzk.20 for <9401@debbugs.gnu.org>; Mon, 29 Aug 2011 20:54:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:to:subject:references:reply-to:date:in-reply-to:message-id :user-agent:mime-version:content-type; bh=JeakR0AJKPrBxv9AzkSmKqjWwaOC3YFH8nUkwlphFi0=; b=tW2N2ij/2yfNq4SmFFWI/F3kN7CrJaPwMn4TGfr7C+8I/qCutlRFuP0rDcAeVmBoh0 HdnGR+S8+qysd1EEVS6z/rB+0gLj41FZt0QdsHxCa0tacc0YQxiPGkjYovdJmbIqZmDn A6/9RR6CEFeXXzxpNIsAg9uaEJjqKS69d20sA= Received: by 10.142.149.6 with SMTP id w6mr2890954wfd.290.1314676495720; Mon, 29 Aug 2011 20:54:55 -0700 (PDT) Received: from Victoria.local ([114.247.10.66]) by mx.google.com with ESMTPS id y5sm21746514pbq.12.2011.08.29.20.54.50 (version=TLSv1/SSLv3 cipher=OTHER); Mon, 29 Aug 2011 20:54:53 -0700 (PDT) From: Leo To: 9401@debbugs.gnu.org Subject: Re: bug#9401: 24.0.50; Crash during fontification References: <87obz8i4gr.fsf@stupidchicken.com> <874o0z6hq2.fsf@stupidchicken.com> Date: Tue, 30 Aug 2011 11:54:40 +0800 In-Reply-To: <874o0z6hq2.fsf@stupidchicken.com> (Chong Yidong's message of "Mon, 29 Aug 2011 17:16:53 -0400") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.3.50 (Mac OS X 10.6.8) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -3.9 (---) X-Debbugs-Envelope-To: 9401 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Reply-To: 9401@debbugs.gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -3.9 (---) FWIW, this crash happens on 23.3.50 too. Leo From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 30 18:48:48 2011 Received: (at 9401) by debbugs.gnu.org; 30 Aug 2011 22:48:48 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QyX6t-0002qm-RL for submit@debbugs.gnu.org; Tue, 30 Aug 2011 18:48:48 -0400 Received: from vm-emlprdomr-02.its.yale.edu ([130.132.50.143]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QyX6r-0002qe-JM for 9401@debbugs.gnu.org; Tue, 30 Aug 2011 18:48:46 -0400 Received: from furball ([128.36.14.41]) (authenticated bits=0) by vm-emlprdomr-02.its.yale.edu (8.14.4/8.14.4) with ESMTP id p7UMjY5e021282 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <9401@debbugs.gnu.org>; Tue, 30 Aug 2011 18:45:35 -0400 From: Chong Yidong To: 9401@debbugs.gnu.org Subject: Re: bug#9401: 24.0.50; Crash during fontification References: <87obz8i4gr.fsf@stupidchicken.com> Date: Tue, 30 Aug 2011 18:45:34 -0400 In-Reply-To: <87obz8i4gr.fsf@stupidchicken.com> (Chong Yidong's message of "Mon, 29 Aug 2011 12:10:12 -0400") Message-ID: <87mxeq8qnl.fsf@stupidchicken.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.71 on 130.132.50.143 X-Spam-Score: -2.7 (--) X-Debbugs-Envelope-To: 9401 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.7 (--) Chong Yidong writes: > I can trigger this crash about 50 percent of the time by doing > > emacs -q trunk/src/buffer.h > C-s defvar > > Emacs then crashes with a segfault. > > The problem involves a call to scan_sexps_forward (frame#4) with > from_byte larger than the byte size of the buffer. I've found the bug, and committed a fix. It was a problem with find_defun_start not updating its cache variables consistently. (Is that optimization really necessary? I guess we can re-examine it some other time.) From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 30 18:48:59 2011 Received: (at control) by debbugs.gnu.org; 30 Aug 2011 22:48:59 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QyX75-0002r8-6e for submit@debbugs.gnu.org; Tue, 30 Aug 2011 18:48:59 -0400 Received: from vm-emlprdomr-03.its.yale.edu ([130.132.50.144]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QyX73-0002r2-U7 for control@debbugs.gnu.org; Tue, 30 Aug 2011 18:48:58 -0400 Received: from furball ([128.36.14.41]) (authenticated bits=0) by vm-emlprdomr-03.its.yale.edu (8.14.4/8.14.4) with ESMTP id p7UMjlPS002250 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for ; Tue, 30 Aug 2011 18:45:48 -0400 From: Chong Yidong To: control@debbugs.gnu.org Subject: close 9401 Date: Tue, 30 Aug 2011 18:45:47 -0400 Message-ID: <87obz6ldr8.fsf@stupidchicken.com> MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.71 on 130.132.50.144 X-Spam-Score: -2.7 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.7 (--) close 9401 thanks From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 31 08:45:20 2011 Received: (at 9401) by debbugs.gnu.org; 31 Aug 2011 12:45:20 +0000 Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QykAR-0006k8-VT for submit@debbugs.gnu.org; Wed, 31 Aug 2011 08:45:20 -0400 Received: from ironport2-out.teksavvy.com ([206.248.154.183] helo=ironport2-out.pppoe.ca) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QykAM-0006gT-Q2 for 9401@debbugs.gnu.org; Wed, 31 Aug 2011 08:45:15 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Av0EAP8qXk64rwMJ/2dsb2JhbABCqEd4gUABAQQBViMFCwsOJhIUGA0kiAW5SYZVBKAKhD4 X-IronPort-AV: E=Sophos;i="4.68,307,1312171200"; d="scan'208";a="133663974" Received: from 184-175-3-9.dsl.teksavvy.com (HELO ceviche.home) ([184.175.3.9]) by ironport2-out.pppoe.ca with ESMTP/TLS/ADH-AES256-SHA; 31 Aug 2011 08:42:01 -0400 Received: by ceviche.home (Postfix, from userid 20848) id B415B66108; Wed, 31 Aug 2011 08:42:00 -0400 (EDT) From: Stefan Monnier To: Chong Yidong Subject: Re: bug#9401: 24.0.50; Crash during fontification Message-ID: References: <87obz8i4gr.fsf@stupidchicken.com> <87mxeq8qnl.fsf@stupidchicken.com> Date: Wed, 31 Aug 2011 08:42:00 -0400 In-Reply-To: <87mxeq8qnl.fsf@stupidchicken.com> (Chong Yidong's message of "Tue, 30 Aug 2011 18:45:34 -0400") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: -2.0 (--) X-Debbugs-Envelope-To: 9401 Cc: 9401@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: debbugs-submit-bounces@debbugs.gnu.org Errors-To: debbugs-submit-bounces@debbugs.gnu.org X-Spam-Score: -2.0 (--) > I've found the bug, and committed a fix. It was a problem with > find_defun_start not updating its cache variables consistently. (Is > that optimization really necessary? I guess we can re-examine it some > other time.) IIRC this optimization is sometimes important, but it's re-implemented (in a more sophisticated way) in syntax.el for syntax-ppss, so it would be good to make the C code somehow use the syntax.el cache. Maybe the best way is to change back_comment so that in `lossage' it just calls a Lisp function (that we'd put in syntax.el), so we can throw away find_defun_start (and even open_paren_in_column_0_is_defun_start). Stefan From unknown Mon Aug 18 14:20:23 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 29 Sep 2011 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator