[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#71693: 30.0.50, SIGSEGV in FRAME_TTY (sf) in redisplay_internal
|
From: |
Daniel Clemente |
|
Subject: |
bug#71693: 30.0.50, SIGSEGV in FRAME_TTY (sf) in redisplay_internal |
|
Date: |
Fri, 21 Jun 2024 10:46:58 +0000 |
I enabled -fsanitize. I'm using an X terminal to run TTY Emacs inside.
I opened the daemon inside gdb with emacs --fg-daemon -Q
I saw this crash just by opening a few frames like
xterm -e "emacsclient" "-c" "-e" '(dired "~")'
And closing them.
But I don't have an exact reproduction formula.
It seems that sf contains bad data, i.e. it doesn't represent frame data.
The 2 times I randomly saw this crash, I tried to dump the core with
gdb, and it started creating a huge file of many Gb until I stopped
it.
[Detaching after fork from child process 5364]
xdisp.c:16932:10: runtime error: member access within null pointer of
type 'struct terminal'
Program received signal SIGSEGV, Segmentation fault.
0x0000555556610d93 in redisplay_internal () at xdisp.c:16932
16932 && FRAME_TTY (sf)->previous_frame != sf)
(gdb) bt
#0 0x0000555556610d93 in redisplay_internal () at xdisp.c:16932
#1 0x000055555660d9e1 in redisplay () at xdisp.c:16562
#2 0x00005555569aab1e in read_char (commandflag=1,
map=XIL(0x7ffff1882cb3), prev_event=XIL(0),
used_mouse_menu=0x7fffffffd4b0, end_time=0x0)
at keyboard.c:2678
#3 0x00005555569e9ca2 in read_key_sequence (
keybuf=0x7fffffffd7a0, prompt=XIL(0),
dont_downcase_last=false, can_return_switch_frame=true,
fix_current_buffer=true, prevent_redisplay=false,
disable_text_conversion_p=false) at keyboard.c:10728
#4 0x000055555699b122 in command_loop_1 () at keyboard.c:1429
#5 0x0000555556cbb678 in internal_condition_case (
bfun=0x55555699a22d <command_loop_1>, handlers=XIL(0x90),
hfun=0x555556998204 <cmd_error>) at eval.c:1613
#6 0x0000555556999797 in command_loop_2 (handlers=XIL(0x90))
at keyboard.c:1168
#7 0x0000555556cb84d8 in internal_catch (tag=XIL(0xfb40),
func=0x555556999767 <command_loop_2>, arg=XIL(0x90))
at eval.c:1292
#8 0x000055555699969a in command_loop () at keyboard.c:1146
#9 0x0000555556996e7a in recursive_edit_1 () at keyboard.c:754
#10 0x0000555556997531 in Frecursive_edit () at keyboard.c:837
#11 0x0000555556989057 in main (argc=5, argv=0x7fffffffdea8)
at emacs.c:2629
Lisp Backtrace:
"redisplay_internal (C function)" (0x0)
(gdb) list
16927 can't reuse current matrices in this case. */
16928 if (face_change)
16929 windows_or_buffers_changed = 47;
16930
16931 if ((FRAME_TERMCAP_P (sf) || FRAME_MSDOS_P (sf))
16932 && FRAME_TTY (sf)->previous_frame != sf)
16933 {
16934 /* Since frames on a single ASCII terminal share the same
16935 display area, displaying a different frame means redisplay
16936 the whole thing. */
(gdb) p sf
$1 = (struct frame *) 0x6210000ef9b0
(gdb) p FRAME_TTY(sf)
Cannot access memory at address 0x50
(gdb) p *sf
$2 = {
header = {
size = 4611686018595348501
},
name = XIL(0x6190000ecba4),
icon_name = XIL(0),
title = XIL(0),
last_mouse_device = XIL(0),
focus_frame = XIL(0),
root_window = XIL(0),
selected_window = XIL(0x62100033936d),
old_selected_window = XIL(0x62100033936d),
minibuffer_window = XIL(0x621000122e1d),
param_alist = XIL(0x7fffeaa65a13),
scroll_bars = XIL(0),
condemned_scroll_bars = XIL(0),
menu_bar_items = XIL(0x621000344895),
face_hash_table = XIL(0x6210002470ad),
menu_bar_vector = XIL(0),
buffer_predicate = XIL(0),
buffer_list = XIL(0),
buried_buffer_list = XIL(0),
tool_bar_position = XIL(0xfab0),
tab_bar_items = XIL(0),
tool_bar_items = XIL(0),
face_cache = 0x0,
last_tab_bar_item = 0,
menu_bar_items_used = 0,
current_pool = 0x0,
--Type <RET> for more, q to quit, c to continue without paging--
desired_pool = 0x0,
desired_matrix = 0x0,
current_matrix = 0x0,
glyphs_initialized_p = false,
resized_p = false,
default_face_done_p = false,
already_hscrolled_p = true,
updated_p = true,
fonts_changed = false,
cursor_type_changed = false,
redisplay = false,
visible = 0,
iconified = false,
garbaged = false,
wants_modeline = true,
auto_raise = false,
auto_lower = false,
no_split = false,
explicit_name = false,
window_change = false,
window_state_change = false,
mouse_moved = false,
pointer_invisible = false,
frozen_window_starts = false,
output_method = output_termcap,
can_set_window_size = true,
after_make_frame = true,
tab_bar_redisplayed = false,
tab_bar_resized = false,
--Type <RET> for more, q to quit, c to continue without paging--
tool_bar_redisplayed = false,
tool_bar_resized = false,
inhibit_horizontal_resize = false,
inhibit_vertical_resize = false,
face_change = false,
inhibit_clear_image_cache = false,
new_size_p = false,
was_invisible = false,
select_mini_window_flag = false,
change_stamp = 18,
number_of_windows = 3,
tab_bar_lines = 0,
tab_bar_height = 0,
n_tab_bar_rows = 0,
n_tab_bar_items = 0,
tool_bar_lines = 0,
tool_bar_height = 0,
n_tool_bar_rows = 0,
n_tool_bar_items = 0,
decode_mode_spec_buffer = 0x615000034600 "\0328",
insert_line_cost = 0x6120002593c0,
delete_line_cost = 0x612000259840,
insert_n_lines_cost = 0x6120002596c0,
delete_n_lines_cost = 0x612000259540,
text_cols = 118,
text_lines = 64,
text_width = 118,
text_height = 64,
total_cols = 118,
--Type <RET> for more, q to quit, c to continue without paging--
total_lines = 65,
pixel_width = 118,
pixel_height = 65,
new_width = -1,
new_height = -1,
left_pos = 0,
top_pos = 0,
win_gravity = 0,
size_hint_flags = 0,
border_width = 0,
child_frame_border_width = 0,
internal_border_width = 0,
right_divider_width = 0,
bottom_divider_width = 0,
left_fringe_width = 0,
right_fringe_width = 0,
fringe_cols = 0,
menu_bar_lines = 1,
menu_bar_height = 1,
column_width = 1,
line_height = 1,
terminal = 0x0,
output_data = {
tty = 0x602000062770,
x = 0x602000062770,
w32 = 0x602000062770,
ns = 0x602000062770,
pgtk = 0x602000062770,
haiku = 0x602000062770,
--Type <RET> for more, q to quit, c to continue without paging--
android = 0x602000062770
},
font_driver_list = 0x0,
desired_cursor = FILLED_BOX_CURSOR,
cursor_width = 0,
blink_off_cursor = FILLED_BOX_CURSOR,
blink_off_cursor_width = 0,
config_scroll_bar_width = 0,
config_scroll_bar_cols = 0,
config_scroll_bar_height = 0,
config_scroll_bar_lines = 0,
cost_calculation_baud_rate = 38400,
alpha = {0, 0},
alpha_background = 0,
gamma = 0,
extra_line_spacing = 0,
background_pixel = 18446744073709551613,
foreground_pixel = 18446744073709551614
}
(gdb)
(gdb) pp sf
#<SOME_LISP_OBJECT 0x6210000ef9b0>
(gdb)
(gdb) p sf->output_data
$3 = {
tty = 0x602000062770,
x = 0x602000062770,
w32 = 0x602000062770,
ns = 0x602000062770,
pgtk = 0x602000062770,
haiku = 0x602000062770,
android = 0x602000062770
}
(gdb) p sf->output_data->tty
$4 = (struct tty_output *) 0x602000062770
(gdb) xpr
Lisp_Symbol
$5 = (struct Lisp_Symbol *) 0xb57558f9a470
Cannot access memory at address 0xb57558f9a478
(gdb)
In GNU Emacs 30.0.50 (build 14, x86_64-pc-linux-gnu) of 2024-06-14 built
on sonn
Repository revision: 5ecff95993d5edbffb27e14c2815d2b23003bcb4
Repository branch: master
System Description: Devuan GNU/Linux 5 (daedalus)
Configured using:
'configure --prefix=/opt/dc/emacs/ --without-dbus --with-tiff=no
--without-tiff --without-libsystemd --without-dbus --with-mailutils
--without-modules --with-native-compilation --with-x-toolkit=no
--without-imagemagick --without-xft --without-harfbuzz
--without-freetype --without-libotf --without-xwidgets --without-xpm
--without-jpeg --without-gif --without-png --without-webp
--without-rsvg --without-cairo --without-x --without-sound
--enable-checking=yes,glyphs --enable-profiling 'CFLAGS=-g3 -O0
-static-libasan
-fsanitize=undefined,address,bounds-strict,float-cast-overflow ''
Configured features:
GMP GNUTLS LCMS2 LIBSELINUX LIBXML2 NATIVE_COMP NOTIFY INOTIFY PDUMPER
SECCOMP SQLITE3 THREADS XIM ZLIB
Important settings:
value of $LANG: en_US.UTF-8
value of $XMODIFIERS: @im=SCIM
locale-coding-system: utf-8-unix
Major mode: Dired by name
Minor modes in effect:
server-mode: t
tooltip-mode: t
global-eldoc-mode: t
show-paren-mode: t
electric-indent-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
minibuffer-regexp-mode: t
buffer-read-only: t
line-number-mode: t
indent-tabs-mode: t
transient-mark-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
Load-path shadows:
None found.
Features:
(shadow sort hashcash mail-extr compile comint ansi-osc ansi-color ring
tool-bar comp-run comp-common rx emacsbug message mailcap yank-media
puny rfc822 mml mml-sec password-cache epa derived epg rfc6068
epg-config gnus-util text-property-search time-date subr-x mm-decode
mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader
sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils pp
dired-aux cl-loaddefs cl-lib regexp-opt dired dnd dired-loaddefs
term/rxvt term/xterm xterm byte-opt gv bytecomp byte-compile server rmc
iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook
vc-hooks lisp-float-type elisp-mode tabulated-list replace newcomment
text-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow
isearch easymenu timer select mouse jit-lock font-lock syntax font-core
term/tty-colors frame minibuffer nadvice seq simple cl-generic
indonesian philippine cham georgian utf-8-lang misc-lang vietnamese
tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek
romanian slovak czech european ethiopic indian cyrillic chinese
composite emoji-zwj charscript charprop case-table epa-hook
jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs
theme-loaddefs faces cus-face macroexp files window text-properties
overlay sha1 md5 base64 format env code-pages mule custom widget keymap
hashtable-print-readable backquote threads inotify lcms2 multi-tty
make-network-process native-compile emacs)
Memory information:
((conses 16 79584 11221) (symbols 48 7260 1) (strings 32 19579 4136)
(string-bytes 1 555627) (vectors 16 9521)
(vector-slots 8 101397 9175) (floats 8 33 8255)
(intervals 56 2255 14) (buffers 984 14))
- bug#71693: 30.0.50, SIGSEGV in FRAME_TTY (sf) in redisplay_internal,
Daniel Clemente <=