GNU bug report logs - #17539
24.3.91; SIGSEGV due to move_it_in_display_line_to

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 17539 in the body.
You can then email your comments to 17539 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Nicolas Richard <theonewiththeevillook <at> yahoo.fr>
To: bug-gnu-emacs <at> gnu.org
Subject: 24.3.91; SIGSEGV due to move_it_in_display_line_to
Date: Wed, 21 May 2014 11:57:18 +0200

Hello,

This is a crash using csv-mode.el which is available from elpa. Here's
how I reproduce (assuming csv-mode is installed) :

$ emacs -Q -f package-initialize ~/tmp/test.csv

At this point the file visiting buffer is in csv-mode. 

I then hit C-c C-a to align fields, then C-v a few times, M-v a few more
times, and I promptly get a crash.

The file test.csv weighs 11k, so I make it available online at
http://pastie.org/pastes/9195319/text

The crash seems to not happen if the frame is too big (i.e. when I
maximize the frame in gnome before testing), but it happens using -nw.

Here's the gdb backtrace :

Starting program: /mnt/gentoo-home/youngfrog/sourcetrees/emacs-git/src/emacs -Q -f package-initialize ~/tmp/test.csv
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
[New Thread 0xb611ab40 (LWP 19541)]
[New Thread 0xb558cb40 (LWP 19542)]
[New Thread 0xb4bffb40 (LWP 19543)]

Program received signal SIGSEGV, Segmentation fault.
move_it_in_display_line_to (it=it <at> entry=0xbfffe038, to_charpos=to_charpos <at> entry=1980, to_x=to_x <at> entry=-1, op=op <at> entry=MOVE_TO_POS) at xdisp.c:8401
8401	{

#0  move_it_in_display_line_to (it=it <at> entry=0xbfffe038, to_charpos=to_charpos <at> entry=1980, to_x=to_x <at> entry=-1, op=op <at> entry=MOVE_TO_POS) at xdisp.c:8401
#1  0x0807ca89 in move_it_in_display_line_to (it=it <at> entry=0xbfffe038, to_charpos=to_charpos <at> entry=1980, to_x=to_x <at> entry=-1, op=op <at> entry=MOVE_TO_POS) at xdisp.c:8896
[snip the duplicate lines]
#940 0x0807ca89 in move_it_in_display_line_to (it=it <at> entry=0xbfffe038, to_charpos=to_charpos <at> entry=1980, to_x=to_x <at> entry=-1, op=op <at> entry=MOVE_TO_POS) at xdisp.c:8896
#941 0x0807ca89 in move_it_in_display_line_to (it=it <at> entry=0xbfffe038, to_charpos=to_charpos <at> entry=1, to_x=to_x <at> entry=-1, op=op <at> entry=MOVE_TO_POS) at xdisp.c:8896
#942 0x08083276 in move_it_to (it=it <at> entry=0xbfffe038, to_charpos=1, to_x=to_x <at> entry=-1, to_y=to_y <at> entry=-1, to_vpos=to_vpos <at> entry=-1, op=op <at> entry=8) at xdisp.c:9156
#943 0x080a9e6e in window_scroll_pixel_based (window=window <at> entry=141492053, n=n <at> entry=1, whole=whole <at> entry=true, noerror=noerror <at> entry=0) at window.c:5119
#944 0x080adacd in window_scroll (window=141492053, n=<optimized out>, n <at> entry=1, whole=whole <at> entry=true, noerror=noerror <at> entry=0) at window.c:4839
#945 0x080adde8 in scroll_command (n=n <at> entry=138869698, direction=direction <at> entry=1) at window.c:5390
#946 0x080ade01 in Fscroll_up (arg=138869698) at window.c:5411
#947 0x0818bcf0 in Ffuncall (nargs=2, args=0xbfffe9f4) at eval.c:2815
#948 0x081be81b in exec_byte_code (bytestr=1980, vector=1980, maxdepth=-1073747472, args_template=138869698, nargs=nargs <at> entry=0, args=0x2) at bytecode.c:916
#949 0x0818b78d in funcall_lambda (fun=136952765, nargs=nargs <at> entry=1, arg_vector=arg_vector <at> entry=0xbfffebc4) at eval.c:3049
#950 0x0818bac3 in Ffuncall (nargs=nargs <at> entry=2, args=args <at> entry=0xbfffebc0) at eval.c:2876
#951 0x08188271 in Fcall_interactively (function=139030170, record_flag=138869698, keys=138878541) at callint.c:836
#952 0x0818bcc9 in Ffuncall (nargs=4, args=0xbfffed0c) at eval.c:2822
#953 0x081be81b in exec_byte_code (bytestr=1980, vector=1980, maxdepth=-1073746692, args_template=args_template <at> entry=4100, nargs=nargs <at> entry=1, args=0x4) at bytecode.c:916
#954 0x0818b80e in funcall_lambda (fun=137226917, nargs=nargs <at> entry=1, arg_vector=arg_vector <at> entry=0xbfffeeac) at eval.c:2983
#955 0x0818bac3 in Ffuncall (nargs=nargs <at> entry=2, args=args <at> entry=0xbfffeea8) at eval.c:2876
#956 0x0818be57 in call1 (fn=138896218, arg1=139030170) at eval.c:2614
#957 0x0812b3d7 in command_loop_1 () at keyboard.c:1559
#958 0x0818a283 in internal_condition_case (bfun=bfun <at> entry=0x812b0b0 <command_loop_1>, handlers=138902842, hfun=hfun <at> entry=0x8122970 <cmd_error>) at eval.c:1354
#959 0x0811e3e5 in command_loop_2 (ignore=138869698) at keyboard.c:1177
#960 0x0818a1b3 in internal_catch (tag=138900890, func=func <at> entry=0x811e3c0 <command_loop_2>, arg=138869698) at eval.c:1118
#961 0x081225e2 in command_loop () at keyboard.c:1156
#962 recursive_edit_1 () at keyboard.c:777
#963 0x081228c1 in Frecursive_edit () at keyboard.c:848
#964 0x08058038 in main (argc=<optimized out>, argv=0xbffff154) at emacs.c:1646
Cannot access memory at address 0xbf7ff88f
Kill the program being debugged? (y or n) quit


In GNU Emacs 24.3.91.1 (i686-pc-linux-gnu, GTK+ Version 2.24.20)
 of 2014-05-13 on LDLC-portable
Windowing system distributor `The X.Org Foundation', version 11.0.11406000
System Description:	Ubuntu 13.10

Important settings:
  value of $LANG: fr_BE.UTF-8
  locale-coding-system: utf-8-unix

-- 
Nico.

Message #8 received at 17539 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Nicolas Richard <theonewiththeevillook <at> yahoo.fr>
Cc: 17539 <at> debbugs.gnu.org
Subject: Re: bug#17539: 24.3.91; SIGSEGV due to move_it_in_display_line_to
Date: Wed, 21 May 2014 18:09:29 +0300

> From: Nicolas Richard <theonewiththeevillook <at> yahoo.fr>
> Date: Wed, 21 May 2014 11:57:18 +0200
> 
> $ emacs -Q -f package-initialize ~/tmp/test.csv
> 
> At this point the file visiting buffer is in csv-mode. 
> 
> I then hit C-c C-a to align fields, then C-v a few times, M-v a few more
> times, and I promptly get a crash.
> 
> The file test.csv weighs 11k, so I make it available online at
> http://pastie.org/pastes/9195319/text
> 
> The crash seems to not happen if the frame is too big (i.e. when I
> maximize the frame in gnome before testing), but it happens using -nw.
> 
> Here's the gdb backtrace :
> 
> Starting program: /mnt/gentoo-home/youngfrog/sourcetrees/emacs-git/src/emacs -Q -f package-initialize ~/tmp/test.csv
> [Thread debugging using libthread_db enabled]
> Using host libthread_db library "/lib/i386-linux-gnu/libthread_db.so.1".
> [New Thread 0xb611ab40 (LWP 19541)]
> [New Thread 0xb558cb40 (LWP 19542)]
> [New Thread 0xb4bffb40 (LWP 19543)]
> 
> Program received signal SIGSEGV, Segmentation fault.
> move_it_in_display_line_to (it=it <at> entry=0xbfffe038, to_charpos=to_charpos <at> entry=1980, to_x=to_x <at> entry=-1, op=op <at> entry=MOVE_TO_POS) at xdisp.c:8401
> 8401	{
> 
> #0  move_it_in_display_line_to (it=it <at> entry=0xbfffe038, to_charpos=to_charpos <at> entry=1980, to_x=to_x <at> entry=-1, op=op <at> entry=MOVE_TO_POS) at xdisp.c:8401
> #1  0x0807ca89 in move_it_in_display_line_to (it=it <at> entry=0xbfffe038, to_charpos=to_charpos <at> entry=1980, to_x=to_x <at> entry=-1, op=op <at> entry=MOVE_TO_POS) at xdisp.c:8896
> [snip the duplicate lines]
> #940 0x0807ca89 in move_it_in_display_line_to (it=it <at> entry=0xbfffe038, to_charpos=to_charpos <at> entry=1980, to_x=to_x <at> entry=-1, op=op <at> entry=MOVE_TO_POS) at xdisp.c:8896

Thanks, I think I fixed that (emacs-24 branch, revision 117137).  The
patch is below if you want to try that.

=== modified file 'src/ChangeLog'
--- src/ChangeLog	2014-05-20 16:28:39 +0000
+++ src/ChangeLog	2014-05-21 15:03:18 +0000
@@ -1,3 +1,9 @@
+2014-05-21  Eli Zaretskii  <eliz <at> gnu.org>
+
+	* xdisp.c (move_it_in_display_line_to): Avoid infinite recursion:
+	when closest_pos is identical to to_charpos, don't recurse, since
+	we already tried that, and failed.  (Bug#17539)
+
 2014-05-20  Eli Zaretskii  <eliz <at> gnu.org>
 
 	* w32fns.c (unwind_create_frame) [GLYPH_DEBUG]: If we are

=== modified file 'src/xdisp.c'
--- src/xdisp.c	2014-04-18 08:35:09 +0000
+++ src/xdisp.c	2014-05-21 15:03:18 +0000
@@ -8812,8 +8812,11 @@ move_it_in_display_line_to (struct it *i
 		  if (closest_pos < ZV)
 		    {
 		      RESTORE_IT (it, &ppos_it, ppos_data);
-		      move_it_in_display_line_to (it, closest_pos, -1,
-						  MOVE_TO_POS);
+		      /* Don't recurse if closest_pos is equal to
+			 to_charpos, since we have just tried that.  */
+		      if (closest_pos != to_charpos)
+			move_it_in_display_line_to (it, closest_pos, -1,
+						    MOVE_TO_POS);
 		      result = MOVE_POS_MATCH_OR_ZV;
 		    }
 		  else
@@ -8874,8 +8877,9 @@ move_it_in_display_line_to (struct it *i
 		      && !at_eob_p && closest_pos < ZV)
 		    {
 		      RESTORE_IT (it, &ppos_it, ppos_data);
-		      move_it_in_display_line_to (it, closest_pos, -1,
-						  MOVE_TO_POS);
+		      if (closest_pos != to_charpos)
+			move_it_in_display_line_to (it, closest_pos, -1,
+						    MOVE_TO_POS);
 		    }
 		  result = MOVE_POS_MATCH_OR_ZV;
 		  break;
@@ -8893,7 +8897,9 @@ move_it_in_display_line_to (struct it *i
 	      if (closest_pos < ZV)
 		{
 		  RESTORE_IT (it, &ppos_it, ppos_data);
-		  move_it_in_display_line_to (it, closest_pos, -1, MOVE_TO_POS);
+		  if (closest_pos != to_charpos)
+		    move_it_in_display_line_to (it, closest_pos, -1,
+						MOVE_TO_POS);
 		}
 	      result = MOVE_POS_MATCH_OR_ZV;
 	      break;

Message #15 received at 17539-done <at> debbugs.gnu.org (full text, mbox):

From: Nicolas Richard <theonewiththeevillook <at> yahoo.fr>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: Nicolas Richard <theonewiththeevillook <at> yahoo.fr>,
 17539-done <at> debbugs.gnu.org
Subject: Re: bug#17539: 24.3.91; SIGSEGV due to move_it_in_display_line_to
Date: Fri, 23 May 2014 10:36:56 +0200

[cc: 17539-done]

Eli Zaretskii <eliz <at> gnu.org> writes:
> Thanks, I think I fixed that (emacs-24 branch, revision 117137).  The
> patch is below if you want to try that.

It seems to work fine, thanks !

-- 
Nico.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.