GNU bug report logs - #10696
24.0.93; crash by null string display property

Previous Next

Package: emacs;

Reported by: Kenichi Handa <handa <at> m17n.org>

Date: Thu, 2 Feb 2012 13:20:02 UTC

Severity: normal

Found in version 24.0.93

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 10696 in the body.
You can then email your comments to 10696 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#10696; Package emacs. (Thu, 02 Feb 2012 13:20:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Kenichi Handa <handa <at> m17n.org>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Thu, 02 Feb 2012 13:20:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Kenichi Handa <handa <at> m17n.org>
To: bug-gnu-emacs <at> gnu.org
Subject: 24.0.93; crash by null string display property
Date: Thu, 02 Feb 2012 22:17:58 +0900

Emacs crashes by this scenario.

Start Emacs under gdb as this

% cd .../emacs/src
% gdb emacs
(gdb) run -Q

Then type this in *scratch* buffer.

(put-text-property 1 3 'display "")C-j
ESC < C-f C-b

Then Emacs abort as this.

Breakpoint 1, abort () at emacs.c:394
(gdb) bt full
#0  abort () at emacs.c:394
No locals.
#1  0x0817b0f6 in buf_charpos_to_bytepos (b=0x8486dd0, charpos=0)
    at marker.c:130
        tail = 0x822923a
        best_above = -1073745816
        best_above_byte = -1073744400
        best_below = 2
        best_below_byte = 2
#2  0x082286b8 in set_point (charpos=0) at intervals.c:1896
No locals.
#3  0x0814de2d in adjust_point_for_property (last_pt=3, modified=0)
    at keyboard.c:1751
        beg = 1
        end = 3
        val = 136909489
        overlay = 138944682
        tmp = 1
        check_composition = 0
        check_display = 1
        check_invisible = 1
        orig_pt = 2
#4  0x0814db44 in command_loop_1 () at keyboard.c:1692
        cmd = 138969498
        keybuf = {8, 240, -1073745576, 136124231, 139015362, 138944682, 
          139015360, 0, -1208056008, -1073807358, 1172880, 139015362, 
          138944682, 0, 0, 138944682, 139489658, 139152966, 137188261, 
          1346920704, 0, 0, 138944682, 138944682, -1073744400, -1073744684, 
          -1073745528, 136114429, 2, 139152966}
        i = 1
        prev_modiff = 179
        prev_buffer = 0x8486dd0
        already_adjusted = 0
#5  0x081cdf93 in internal_condition_case (bfun=0x814d0a6 <command_loop_1>, 
    handlers=138975690, hfun=0x814ca67 <cmd_error>) at eval.c:1500
        val = 139152966
        c = {
          tag = 138944682, 
          val = 138944682, 
          next = 0xbffff2e8, 
          gcpro = 0x0, 
          jmp = {{
              __jmpbuf = {-1073743984, -1073744400, -1073744684, -1073745240, 
                -2117001572, 1200358899}, 
              __mask_was_saved = 0, 
              __saved_mask = {
                __val = {0, 0, 32, 7263168, 7258100, 7263168, 5906208, 0, 
                  3221222048, 3221221976, 3221221988, 134537396, 1231096, 0, 
                  3086911288, 3221159938, 134536417, 134535701, 3086919744, 
                  1228788, 5872076, 24, 3221221756, 1150886, 7757812, 
                  138898240, 3221222292, 5889536, 3086919832, 2, 4294967295, 
                  1228788}
              }
            }}, 
          backlist = 0x0, 
          handlerlist = 0x0, 
          lisp_eval_depth = 0, 
          pdlcount = 2, 
          poll_suppress_count = 1, 
          interrupt_input_blocked = 0, 
          byte_stack = 0x0
        }
        h = {
          handler = 138975690, 
          var = 138944682, 
          chosen_clause = 1, 
          tag = 0xbffff1c0, 
          next = 0x0
        }
#6  0x0814cdf7 in command_loop_2 (ignore=138944682) at keyboard.c:1159
        val = -1073743984
#7  0x081cda8f in internal_catch (tag=138973666, 
    func=0x814cdd3 <command_loop_2>, arg=138944682) at eval.c:1257
        c = {
          tag = 138973666, 
          val = 138944682, 
          next = 0x0, 
          gcpro = 0x0, 
          jmp = {{
              __jmpbuf = {-1073743984, -1073744400, -1073744684, -1073744968, 
                -2116559204, 1200062451}, 
              __mask_was_saved = 0, 
              __saved_mask = {
                __val = {0 <repeats 16 times>, 6306222, 0, 0, 0, 138944682, 
                  3221222328, 136021028, 138561896, 138944682, 138964432, 
                  136450857, 142408960, 3221223312, 138561896, 138964432, 
                  138561896}
              }
            }}, 
          backlist = 0x0, 
          handlerlist = 0x0, 
          lisp_eval_depth = 0, 
          pdlcount = 2, 
          poll_suppress_count = 1, 
          interrupt_input_blocked = 0, 
          byte_stack = 0x0
        }
#8  0x0814cdb3 in command_loop () at keyboard.c:1138
No locals.
#9  0x0814c6a0 in recursive_edit_1 () at keyboard.c:758
        count = 1
        val = -1073744824
#10 0x0814c7f1 in Frecursive_edit () at keyboard.c:822
        count = 0
        buffer = 138944682
#11 0x0814acf6 in main (argc=2, argv=0xbffff834) at emacs.c:1715
        dummy = -1073743992
        stack_bottom_variable = 8 '\b'
        do_initial_setlocale = 1
        skip_args = 0
        rlim = {
          rlim_cur = 8388608, 
          rlim_max = 18446744073709551615
        }
        no_loadup = 0
        junk = 0x0
        dname_arg = 0x0
        ch_to_dir = 0x6ebff4 "|]\025"
(gdb) xbacktrace
(gdb) 

I'll be able to work on this problem next week, but
anyone who can fix this bug earlier are welcome.

---
Kenichi Handa
handa <at> m17n.org



In GNU Emacs 24.0.93.13 (i686-pc-linux-gnu, X toolkit, Xaw scroll bars)
 of 2012-02-02 on ubuntu
Windowing system distributor `The X.Org Foundation', version 11.0.10706000
Configured using:
 `configure 'CFLAGS=-g''

Important settings:
  value of $LC_ALL: nil
  value of $LC_COLLATE: nil
  value of $LC_CTYPE: nil
  value of $LC_MESSAGES: nil
  value of $LC_MONETARY: nil
  value of $LC_NUMERIC: nil
  value of $LC_TIME: nil
  value of $LANG: ja_JP.utf8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Lisp Interaction

Minor modes in effect:
  display-time-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t

Recent input:
M-x r e p o r t <tab> <return>

Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.

Load-path shadows:
None found.

Features:
(shadow sort gnus-util mail-extr message format-spec rfc822
mml mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231
mailabbrev gmm-utils mailheader emacsbug time sendmail
regexp-opt rmail-spam-filter easymenu rmailsum rmail rfc2047
rfc2045 ietf-drums mm-util mail-prsvr mail-utils time-date
japan-util tooltip ediff-hook vc-hooks lisp-float-type
mwheel x-win x-dnd tool-bar dnd fontset image fringe
lisp-mode register page menu-bar rfn-eshadow timer select
scroll-bar mouse jit-lock font-lock syntax facemenu
font-core frame cham georgian utf-8-lang misc-lang
vietnamese tibetan thai tai-viet lao korean japanese hebrew
greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help
simple abbrev minibuffer loaddefs button faces cus-face
files text-properties overlay sha1 md5 base64 format env
code-pages mule custom widget hashtable-print-readable
backquote make-network-process dynamic-setting
font-render-setting x-toolkit x multi-tty emacs)
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#10696; Package emacs. (Thu, 02 Feb 2012 15:20:01 GMT) Full text and rfc822 format available.

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Leo <sdl.web <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: Re: bug#10696: 24.0.93; crash by null string display property
Date: Thu, 02 Feb 2012 23:18:09 +0800

On 2012-02-02 21:17 +0800, Kenichi Handa wrote:
> % cd .../emacs/src
> % gdb emacs
> (gdb) run -Q
>
> Then type this in *scratch* buffer.
>
> (put-text-property 1 3 'display "")C-j
> ESC < C-f C-b
>
> Then Emacs abort as this.

Crash Emacs 23.4 too.

Leo
Reply sent to Eli Zaretskii <eliz <at> gnu.org>:
You have taken responsibility. (Sat, 04 Feb 2012 09:30:02 GMT) Full text and rfc822 format available.
Notification sent to Kenichi Handa <handa <at> m17n.org>:
bug acknowledged by developer. (Sat, 04 Feb 2012 09:30:03 GMT) Full text and rfc822 format available.

Message #13 received at 10696-done <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Kenichi Handa <handa <at> m17n.org>
Cc: 10696-done <at> debbugs.gnu.org
Subject: Re: bug#10696: 24.0.93; crash by null string display property
Date: Sat, 04 Feb 2012 11:28:55 +0200

> From: Kenichi Handa <handa <at> m17n.org>
> Date: Thu, 02 Feb 2012 22:17:58 +0900
> 
> Emacs crashes by this scenario.
> 
> Start Emacs under gdb as this
> 
> % cd .../emacs/src
> % gdb emacs
> (gdb) run -Q
> 
> Then type this in *scratch* buffer.
> 
> (put-text-property 1 3 'display "")C-j
> ESC < C-f C-b
> 
> Then Emacs abort as this.
> 
> Breakpoint 1, abort () at emacs.c:394
> (gdb) bt full
> #0  abort () at emacs.c:394
> No locals.
> #1  0x0817b0f6 in buf_charpos_to_bytepos (b=0x8486dd0, charpos=0)
>     at marker.c:130

Fixed in revision 107088 on the trunk.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 03 Mar 2012 12:24:03 GMT) Full text and rfc822 format available.
This bug report was last modified 12 years and 79 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.