bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#71694: 30.0.50; heap-use-after-free in tty_defined_color

From: Eli Zaretskii
Subject: bug#71694: 30.0.50; heap-use-after-free in tty_defined_color
Date: Fri, 21 Jun 2024 17:22:42 +0300 
> From: Daniel Clemente <n142857@gmail.com>
> Date: Fri, 21 Jun 2024 10:47:01 +0000
> 
> I enabled -fsanitize. I'm using an X terminal to run TTY Emacs inside.
> I opened the daemon inside gdb with emacs --fg-daemon -Q
> 
> I don't remember what exactly I was doing here, but it only involved
> slowly opening 2 or 3 terminals like this
> urxvt -e "emacsclient" "-c" "-e" '(dired "~")'
> and then I might have opened 2 or 3 with this (in the same session)
> xterm -e "emacsclient" "-c" "-e" '(dired "~")'
> Plus switching between them and closing them.
> However that's not a reproduction formula, it's just what I was doing
> when this crash randomly happened. I don't know how to reproduce this
> yet.
> 
> =================================================================
> ==9677==ERROR: AddressSanitizer: heap-use-after-free on address
> 0x625000123b30 at pc 0x55555695b2c9 bp 0x7fffffff9900 sp
> 0x7fffffff98f8
> READ of size 1 at 0x625000123b30 thread T0
>     #0 0x55555695b2c8 in tty_defined_color /w/emacs/src/xfaces.c:1115

I think this is bogus: -fsanitize doesn't understand the Emacs memory
management, in particular what's going in GC when we relocate strings.

In any case, the line numbers seem off: line 1115 of xfaces.c is a
comment.  Are your sources in sync with the Git repository?
reply via email to
[Prev in Thread] Current Thread [Next in Thread]