Package: emacs;
Reported by: Carl Worth <cworth <at> cworth.org>
Date: Tue, 18 May 2010 16:36:01 UTC
Severity: normal
Found in version 23.1
Done: Chong Yidong <cyd <at> stupidchicken.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 6214 in the body.
You can then email your comments to 6214 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Tue, 18 May 2010 16:36:01 GMT) Full text and rfc822 format available.Carl Worth <cworth <at> cworth.org>:bug-gnu-emacs <at> gnu.org.
(Tue, 18 May 2010 16:36:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Carl Worth <cworth <at> cworth.org> To: bug-gnu-emacs <at> gnu.org Cc: Notmuch mailing list <notmuch <at> notmuchmail.org>, Carl Worth <cworth <at> cworth.org>, Dirk Hohndel <hohndel <at> infradead.org> Subject: 23.1; json-read-string crashes emacs with long string Date: Tue, 18 May 2010 09:08:17 -0700
> Please describe exactly what actions triggered the bug
> and the precise symptoms of the bug:
A user of the emacs-based mail client, Notmuch [*], found that
attempting to display a particular message would consistently
causes a segmentation fault in emacs.
I tracked this down to calling `json-read-string' with a very long
string, (roughly 1 million characters). Rather than including that
enormous string in this message, here's a little snippet of emacs lisp
that creates and reads such a string. So, if evaluated, this code should
trigger the segmentation fault, (assuming a copy of GPLv3 exists at
/usr/share/emacs/23.1/etc/COPYING---adjust the filename if necessary).
;; Caution: Evaluating the block below has been known to crash emacs
(with-temp-buffer
(require 'json)
;; First we just need a lot of text. 32 copies of GPLv3 seems to do it
(dotimes (i 32)
(insert-file "/usr/share/emacs/23.1/etc/COPYING"))
;; Now create a buffer with a json-encoded version of the text
(let ((json-string (json-encode-string (buffer-string))))
(with-temp-buffer
(insert json-string)
(goto-char (point-min))
;; And try to read the string. This triggers the segfault.
(json-read-string))))
> If Emacs crashed, and you have the Emacs process in the gdb debugger,
> please include the output from the following gdb commands:
> `bt full' and `xbacktrace'.
I haven't attempted to debug this within gdb yet, (I'll have to get my
hands on a build of emacs with debugging symbols first). But I wanted to
share things right away, so that perhaps someone else could do further
debugging and follow up.
In the meantime, notmuch folks, if you've got a good idea for modifying
notmuch to avoid this bug I'd be glad to hear it. Adjust followups to
include the notmuch list and not the gnu.org bug address as appropriate.
-Carl
[*] http://notmuchmail.org
PS. Here are some of the details provided by `report-emacs-bug':
In GNU Emacs 23.1.1 (i486-pc-linux-gnu, GTK+ Version 2.18.2)
of 2010-01-26 on raven, modified by Debian
Windowing system distributor `The X.Org Foundation', version 11.0.10799001
configured using `configure '--build=i486-linux-gnu' '--host=i486-linux-gnu' '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib' '--localstatedir=/var/lib' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-pop=yes' '--enable-locallisppath=/etc/emacs23:/etc/emacs:/usr/local/share/emacs/23.1/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/23.1/site-lisp:/usr/share/emacs/site-lisp:/usr/share/emacs/23.1/leim' '--with-x=yes' '--with-x-toolkit=gtk' '--with-toolkit-scroll-bars' 'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu' 'CFLAGS=-DDEBIAN -g -O2' 'LDFLAGS=-g' 'CPPFLAGS=''
Important settings:
value of $LC_ALL: nil
value of $LC_COLLATE: nil
value of $LC_CTYPE: nil
value of $LC_MESSAGES: nil
value of $LC_MONETARY: nil
value of $LC_NUMERIC: nil
value of $LC_TIME: nil
value of $LANG: en_US.UTF-8
value of $XMODIFIERS: nil
locale-coding-system: utf-8-unix
default-enable-multibyte-characters: t
--
carl.d.worth <at> intel.com
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Tue, 18 May 2010 17:18:02 GMT) Full text and rfc822 format available.Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Leo <sdl.web <at> gmail.com> To: bug-gnu-emacs <at> gnu.org Cc: notmuch <at> notmuchmail.org Subject: Re: 23.1; json-read-string crashes emacs with long string Date: Tue, 18 May 2010 18:16:43 +0100
On 2010-05-18 17:08 +0100, Carl Worth wrote: > ;; Caution: Evaluating the block below has been known to crash emacs > (with-temp-buffer > (require 'json) > ;; First we just need a lot of text. 32 copies of GPLv3 seems to do it > (dotimes (i 32) > (insert-file "/usr/share/emacs/23.1/etc/COPYING")) > ;; Now create a buffer with a json-encoded version of the text > (let ((json-string (json-encode-string (buffer-string)))) > (with-temp-buffer > (insert json-string) > (goto-char (point-min)) > ;; And try to read the string. This triggers the segfault. > (json-read-string)))) Crash emacs 23.2 too. Leo
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Tue, 18 May 2010 17:47:02 GMT) Full text and rfc822 format available.Message #11 received at 6214 <at> debbugs.gnu.org (full text, mbox):
From: Nelson Elhage <nelhage <at> MIT.EDU> To: 6214 <at> debbugs.gnu.org Subject: `bt full' output Date: Tue, 18 May 2010 13:43:49 -0400
[Message part 1 (text/plain, inline)]
I can reproduce the bug, and got it in gdb with debug symbols. I'm running: GNU Emacs 23.1.1 (x86_64-pc-linux-gnu, X toolkit, Xaw3d scroll bars) of 2010-03-26 on crested, modified by Debian Attached is the 'bt full' output from the SEGV after 'emacs --batch -l json-crash.el'
[bt (text/plain, inline)]
(gdb) bt full
#0 Fstring (n=1122176, args=0x7fffff76c348) at character.c:973
i = 0
p = 0x7fffff2124d0 <Address 0x7fffff2124d0 out of bounds>
c = 10
#1 0x000000000054aee1 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3026
fun = <value optimized out>
original_fun = 11102209
funcar = <value optimized out>
numargs = 1122176
val = <value optimized out>
backtrace = {
next = 0x7fffffffbfe0,
function = 0x7fffff76c340,
args = 0x7fffff76c348,
nargs = 1122176,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffff76c348
i = <value optimized out>
#2 0x000000000054c37e in Fapply (nargs=1, args=0x7fffffffc058) at eval.c:2533
ret_ungc_val = 10
i = <value optimized out>
numargs = <value optimized out>
spread_arg = 11008721
funcall_args = 0x7fffff76c340
fun = <value optimized out>
#3 0x000000000054aee1 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3026
fun = <value optimized out>
original_fun = 11233665
funcar = <value optimized out>
numargs = 2
val = <value optimized out>
backtrace = {
next = 0x7fffffffc270,
function = 0x7fffffffc050,
args = 0x7fffffffc058,
nargs = 2,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffc058
i = <value optimized out>
#4 0x0000000000582c12 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:678
count = 48
op = <value optimized out>
stack = {
pc = 0xf8abd8 "\202|",
top = 0x7fffffffc060,
bottom = 0x7fffffffc050,
byte_string = 17510211,
byte_string_start = 0xf8ab60 "\303`f\211\030\206\t",
constants = 16724260,
next = 0x7fffffffd2b0
}
top = 0x7fffffffc050
result = <value optimized out>
#5 0x000000000054cf4f in funcall_lambda (fun=13220372, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3232
val = <value optimized out>
syms_left = 11008721
next = 0
i = 0
optional = 0
rest = 16208176
#6 0x000000000054d0c4 in apply_lambda (fun=13220372, args=11008721, eval_flag=<value optimized out>) at eval.c:3156
args_left = 11008721
i = <value optimized out>
tem = <value optimized out>
#7 0x000000000054c773 in Feval (form=13220368) at eval.c:2436
fun = 10
val = <value optimized out>
original_fun = 17493889
original_args = 11008721
funcar = 10
backtrace = {
next = 0x7fffffffc360,
function = 0x7fffffffc2a0,
args = 0x7fffffffc190,
nargs = 0,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#8 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450
val = 10
#9 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323
numargs = <value optimized out>
args_left = 10997029
i = <value optimized out>
argvals = {17369779, 8607304371, 11008721, 17564564, 17369747, 11008721, 1, 140737488340040}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11231505
original_args = 10997029
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc460,
function = 0x7fffffffc390,
args = 0x7fffffffc388,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#10 0x000000000054d195 in Funwind_protect (args=11362421) at eval.c:1354
val = <value optimized out>
#11 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323
numargs = <value optimized out>
args_left = 11362421
i = <value optimized out>
argvals = {17564564, 5558095, 140737488340208, 5778450, 140737488340280, 17197238963, 16208176, 16209648}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11232225
original_args = 11362421
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc570,
function = 0x7fffffffc490,
args = 0x7fffffffc488,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#12 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450
val = 10
#13 0x000000000053f71d in Fsave_current_buffer (args=11359957) at editfns.c:1024
val = <value optimized out>
#14 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323
numargs = <value optimized out>
args_left = 11359957
i = <value optimized out>
argvals = {8526340, 15303857, 11361429, 11360789, 140737488340400, 5554887, 1, 2}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11306689
original_args = 11359957
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc650,
function = 0x7fffffffc5a0,
args = 0x7fffffffc598,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#15 0x000000000054c91c in Feval (form=<value optimized out>) at eval.c:2434
fun = <value optimized out>
val = <value optimized out>
original_fun = 11834817
original_args = 11360789
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc7c0,
function = 0x7fffffffc680,
args = 0x7fffffffc678,
nargs = -1,
evalargs = 1 '\001',
debug_on_exit = 0 '\000'
}
#16 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450
val = 10
#17 0x000000000054d998 in Flet (args=11360453) at eval.c:1090
tem = 17564564
elt = <value optimized out>
varlist = <value optimized out>
#18 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323
numargs = <value optimized out>
args_left = 11360453
i = <value optimized out>
argvals = {8529660, 16856389, 16856341, 16856277, 140737488340992, 5554887, 2327040, 2}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11231937
original_args = 11360453
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc8a0,
function = 0x7fffffffc7f0,
args = 0x7fffffffc7e8,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#19 0x000000000054c91c in Feval (form=<value optimized out>) at eval.c:2434
fun = <value optimized out>
val = <value optimized out>
original_fun = 11835489
original_args = 16856357
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffca10,
function = 0x7fffffffc8d0,
args = 0x7fffffffc8c8,
nargs = -1,
evalargs = 1 '\001',
debug_on_exit = 0 '\000'
}
#20 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450
val = 10
#21 0x000000000054d998 in Flet (args=16856421) at eval.c:1090
tem = 76522627
elt = <value optimized out>
varlist = <value optimized out>
#22 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323
numargs = <value optimized out>
args_left = 16856421
i = <value optimized out>
argvals = {17493745, 11008721, 11008721, 11008721, 8529968, 5601525, 11008721, 5455855}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11231937
original_args = 16856421
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffcb00,
function = 0x7fffffffca40,
args = 0x7fffffffca38,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#23 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450
val = 10
#24 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323
numargs = <value optimized out>
args_left = 16856085
i = <value optimized out>
argvals = {8529971, 8598464563, 11008721, 15652116, 17343363, 11866248, 11373969, 16758469}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11231505
original_args = 16856085
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffcc00,
function = 0x7fffffffcb30,
args = 0x7fffffffcb28,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#25 0x000000000054d195 in Funwind_protect (args=16886565) at eval.c:1354
val = <value optimized out>
#26 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323
numargs = <value optimized out>
args_left = 16886565
i = <value optimized out>
argvals = {15652116, 5558095, 140737488342160, 5778450, 140737488342232, 17188399155, 16208176, 16209520}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11232225
original_args = 16886565
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffcd10,
function = 0x7fffffffcc30,
args = 0x7fffffffcc28,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#27 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450
val = 10
#28 0x000000000053f71d in Fsave_current_buffer (args=16886357) at editfns.c:1024
val = <value optimized out>
#29 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323
numargs = <value optimized out>
args_left = 16886357
i = <value optimized out>
argvals = {8526340, 17493937, 16886549, 16886517, 140737488342352, 5554887, 1, 2}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11306689
original_args = 16886357
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffcdf0,
function = 0x7fffffffcd40,
args = 0x7fffffffcd38,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#30 0x000000000054c91c in Feval (form=<value optimized out>) at eval.c:2434
fun = <value optimized out>
val = <value optimized out>
original_fun = 11834817
original_args = 16886517
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffcf60,
function = 0x7fffffffce20,
args = 0x7fffffffce18,
nargs = -1,
evalargs = 1 '\001',
debug_on_exit = 0 '\000'
}
#31 0x000000000054cd27 in Fprogn (args=<value optimized out>) at eval.c:450
val = 10
#32 0x000000000054d998 in Flet (args=16886469) at eval.c:1090
tem = 15652116
elt = <value optimized out>
varlist = <value optimized out>
#33 0x000000000054cb1f in Feval (form=<value optimized out>) at eval.c:2323
numargs = <value optimized out>
args_left = 16886469
i = <value optimized out>
argvals = {8529660, 16856741, 16856661, 16856533, 140737488342944, 5554887, 140737488343728, 2}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11231937
original_args = 16886469
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffd040,
function = 0x7fffffffcf90,
args = 0x7fffffffcf88,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#34 0x000000000054c91c in Feval (form=<value optimized out>) at eval.c:2434
fun = <value optimized out>
val = <value optimized out>
original_fun = 11835489
original_args = 16856677
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffd1f0,
function = 0x7fffffffd070,
args = 0x7fffffffd068,
nargs = -1,
evalargs = 1 '\001',
debug_on_exit = 0 '\000'
}
#35 0x000000000056fa56 in readevalloop (readcharfun=14353796, stream=0x0, sourcename=17342723, evalfun=<value optimized out>, printflag=<value optimized out>, unibyte=<value optimized out>, readfun=11008721, start=11008721, end=11008721) at lread.c:1785
count1 = 41
c = <value optimized out>
val = 0
b = 0xdb0580
continue_reading_p = 1
whole_buffer = 1
first_sexp = <value optimized out>
#36 0x000000000056fd4e in Feval_buffer (buffer=<value optimized out>, printflag=11008721, filename=17508755, unibyte=11008721, do_allow_print=<value optimized out>) at lread.c:1846
tem = <value optimized out>
buf = 14353796
#37 0x000000000054ae17 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3059
fun = <value optimized out>
original_fun = <value optimized out>
funcar = <value optimized out>
numargs = 5
val = <value optimized out>
backtrace = {
next = 0x7fffffffd3c0,
function = 0x7fffffffd260,
args = 0x7fffffffd268,
nargs = 5,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffd268
i = 5
#38 0x0000000000582c12 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:678
count = 28
op = <value optimized out>
stack = {
pc = 0x9f3e46 "\210,\016$\204\231",
top = 0x7fffffffd288,
bottom = 0x7fffffffd260,
byte_string = 8579483,
byte_string_start = 0x9f3db8 "\306\b!\204\022",
constants = 8579516,
next = 0x7fffffffd780
}
top = 0x7fffffffd260
result = <value optimized out>
#39 0x000000000054cf4f in funcall_lambda (fun=8579348, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3232
val = <value optimized out>
syms_left = 11008721
next = 11905841
i = 4
optional = 1
rest = 0
#40 0x000000000054ac83 in Ffuncall (nargs=<value optimized out>, args=0x82e910) at eval.c:3102
fun = 10
original_fun = 11905697
funcar = 10
numargs = 4
val = <value optimized out>
backtrace = {
next = 0x7fffffffd6a0,
function = 0x7fffffffd430,
args = 0x7fffffffd438,
nargs = 4,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffd438
i = <value optimized out>
#41 0x000000000054b049 in call4 (fn=<value optimized out>, arg1=<value optimized out>, arg2=0, arg3=4611686018427404288, arg4=0) at eval.c:2895
ret_ungc_val = 10
args = {11905697, 17508755, 17508755, 11008721, 11008817}
#42 0x0000000000570c81 in Fload (file=17459939, noerror=4611686018427404288, nomessage=0, nosuffix=<value optimized out>, must_suffix=<value optimized out>) at lread.c:1208
val = <value optimized out>
stream = <value optimized out>
fd = 5
count = 21
found = 17508755
efound = <value optimized out>
hist_file_name = 17508755
newer = 0
compiled = 0
handler = <value optimized out>
safe_p = 16208848
tmp = {16859509, 12070965}
version = 0
#43 0x000000000054ae17 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:3059
fun = <value optimized out>
original_fun = <value optimized out>
funcar = <value optimized out>
numargs = 5
val = <value optimized out>
backtrace = {
next = 0x7fffffffd890,
function = 0x7fffffffd710,
args = 0x7fffffffd718,
nargs = 3,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffd650
i = 5
#44 0x0000000000582c12 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:678
count = 6
op = <value optimized out>
stack = {
pc = 0x9d8d0d "\210*\202\276\003\016K\ub743#\002\347\016M\206\016\002\f\211A\024@!\036R\346\016R!\036S\352\016S\314\u0649$\210*\202\276\003\016K\uc683L\002\331\026P\016M\206\067\002\f\211A\024@\211\026F;\204B\002\333\355!\210\356\347\016F!!\210\202\276\003\016K\uf683Z\002\360\331!\210\202\276\003\016K\361\232\203h\002\362\363!\210\202\276\003\321\364\016K\"\203y\002\365\016K!\026B\202\276\003\321\366\016K\"\203\226\002\365\325\326\016K\"!\026B\365\325\367\016K\"!\026A\202\276\003\332\016K\016H\"\211\026F\203\254\002\016FA@\f\233\024\202\276\003\332\016K\016J\"\211\026F\203\302\002\016FA@\f\233\024"...,
top = 0x7fffffffd728,
bottom = 0x7fffffffd710,
byte_string = 8939563,
byte_string_start = 0x9d8b16 "\306 \210\b\203\021",
constants = 8939596,
next = 0x7fffffffd960
}
top = 0x7fffffffd710
result = <value optimized out>
#45 0x000000000054cf4f in funcall_lambda (fun=8939500, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3232
val = <value optimized out>
syms_left = 11008721
next = 12273265
i = 1
optional = 0
rest = 0
#46 0x000000000054ac83 in Ffuncall (nargs=<value optimized out>, args=0x8867e8) at eval.c:3102
fun = 10
original_fun = 12489681
funcar = 10
numargs = 1
val = <value optimized out>
backtrace = {
next = 0x7fffffffda70,
function = 0x7fffffffd900,
args = 0x7fffffffd908,
nargs = 1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffd908
i = <value optimized out>
#47 0x0000000000582c12 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:678
count = 5
op = <value optimized out>
stack = {
pc = 0x9db48d "\210\016L\203\060\006\201", <incomplete sequence \337>,
top = 0x7fffffffd908,
bottom = 0x7fffffffd900,
byte_string = 8912619,
byte_string_start = 0x9dae69 "\306 \020\307\021\n\023\310\311!\210\310\312!\210\310\313!\210\314\315!\211\034\307=\204;",
constants = 8912652,
next = 0x7fffffffdb30
}
top = 0x7fffffffd900
result = <value optimized out>
#48 0x000000000054cf4f in funcall_lambda (fun=8912572, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3232
val = <value optimized out>
syms_left = 11008721
next = 12600881
i = 0
optional = 0
rest = 1
#49 0x000000000054ac83 in Ffuncall (nargs=<value optimized out>, args=0x87feb8) at eval.c:3102
fun = 10
original_fun = 12600881
funcar = 10
numargs = 0
val = <value optimized out>
backtrace = {
next = 0x7fffffffdd00,
function = 0x7fffffffdae0,
args = 0x7fffffffdae8,
nargs = 0,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffdae8
i = <value optimized out>
#50 0x0000000000582c12 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:678
count = 2
op = <value optimized out>
stack = {
pc = 0x9dbd46 "\210+\340\341\342\"\210\343\321\344\"\211\036$;\203\254",
top = 0x7fffffffdae0,
bottom = 0x7fffffffdae0,
byte_string = 8905939,
byte_string_start = 0x9dbcb5 "\b\203\b",
constants = 8905972,
next = 0x0
}
top = 0x7fffffffdae0
result = <value optimized out>
#51 0x000000000054cf4f in funcall_lambda (fun=8905892, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3232
val = <value optimized out>
syms_left = 11008721
next = 0
i = 0
optional = 0
rest = 1
#52 0x000000000054d0c4 in apply_lambda (fun=8905892, args=11008721, eval_flag=<value optimized out>) at eval.c:3156
args_left = 11008721
i = <value optimized out>
tem = <value optimized out>
#53 0x000000000054c773 in Feval (form=8905888) at eval.c:2436
fun = 10
val = <value optimized out>
original_fun = 12596913
original_args = 11008721
funcar = 10
backtrace = {
next = 0x0,
function = 0x7fffffffdd30,
args = 0x7fffffffdc20,
nargs = 0,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#54 0x000000000054a17f in internal_condition_case (bfun=<value optimized out>, handlers=<value optimized out>, hfun=<value optimized out>) at eval.c:1512
val = 10
c = {
tag = 11008721,
val = 11008721,
next = 0x7fffffffdf10,
gcpro = 0x0,
jmp = {{
__jmpbuf = {11863808, 7856162650753843797, 11863840, 140737488347976, 1, 1, -7856163570770263467, 7856164021722006101},
__mask_was_saved = 0,
__saved_mask = {
__val = {4294967295, 140737274889536, 140737353947568, 17, 4294967295, 17, 0, 11863840, 140737488347976, 1, 1, 8355624, 140737351963084, 1, 0, 0}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
h = {
handler = 11095681,
var = 11008721,
chosen_clause = 11008721,
tag = 0x7fffffffdda0,
next = 0x0
}
#55 0x00000000004df736 in top_level_1 () at keyboard.c:1376
No locals.
#56 0x000000000054a2aa in internal_catch (tag=<value optimized out>, func=<value optimized out>, arg=<value optimized out>) at eval.c:1248
c = {
tag = 11077073,
val = 11008721,
next = 0x0,
gcpro = 0x0,
jmp = {{
__jmpbuf = {11863808, 7856162650753843797, 11863840, 140737488347976, 1, 1, -7856163570686377387, 7856164021742453333},
__mask_was_saved = 0,
__saved_mask = {
__val = {0, 0, 0, 0, 0, 0, 0, 0, 11008721, 11429745, 11048784, 11008769, 11421568, 1, 5485754, 11429745}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
#57 0x00000000004df7b9 in command_loop () at keyboard.c:1331
No locals.
#58 0x00000000004dfbcc in recursive_edit_1 () at keyboard.c:953
val = <value optimized out>
#59 0x00000000004dfd07 in Frecursive_edit () at keyboard.c:1015
buffer = 11008721
#60 0x00000000004d5777 in main (argc=0, argv=0x7fffffffe488) at emacs.c:1852
dummy = 0
stack_bottom_variable = 0 '\000'
do_initial_setlocale = <value optimized out>
skip_args = 1
rlim = {
rlim_cur = 8720000,
rlim_max = 18446744073709551615
}
no_loadup = 0
junk = 0x0
dname_arg = 0x0
Lisp Backtrace:
"string" (0xff76c348)
"apply" (0xffffc058)
"json-read-string" (0xffffc190)
"progn" (0xffffc388)
"unwind-protect" (0xffffc488)
"save-current-buffer" (0xffffc598)
"with-current-buffer" (0xffffc678)
"let" (0xffffc7e8)
"with-temp-buffer" (0xffffc8c8)
"let" (0xffffca38)
"progn" (0xffffcb28)
"unwind-protect" (0xffffcc28)
"save-current-buffer" (0xffffcd38)
"with-current-buffer" (0xffffce18)
"let" (0xffffcf88)
"with-temp-buffer" (0xffffd068)
"eval-buffer" (0xffffd268)
"load-with-code-conversion" (0xffffd438)
"load" (0xffffd718)
"command-line-1" (0xffffd908)
"command-line" (0xffffdae8)
"normal-top-level" (0xffffdc20)
Chong Yidong <cyd <at> stupidchicken.com>:Carl Worth <cworth <at> cworth.org>:Message #16 received at 6214-done <at> debbugs.gnu.org (full text, mbox):
From: Chong Yidong <cyd <at> stupidchicken.com> To: Carl Worth <cworth <at> cworth.org> Cc: Notmuch mailing list <notmuch <at> notmuchmail.org>, 6214-done <at> debbugs.gnu.org, Dirk Hohndel <hohndel <at> infradead.org> Subject: Re: bug#6214: 23.1; json-read-string crashes emacs with long string Date: Tue, 18 May 2010 14:07:10 -0400
Carl Worth <cworth <at> cworth.org> writes: > A user of the emacs-based mail client, Notmuch [*], found that > attempting to display a particular message would consistently > causes a segmentation fault in emacs. > > I haven't attempted to debug this within gdb yet, (I'll have to get my > hands on a build of emacs with debugging symbols first). But I wanted to > share things right away, so that perhaps someone else could do further > debugging and follow up. Looks like a stack overflow in the `string' function. I've checked in a fix, thanks for the bug report.
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Tue, 18 May 2010 19:16:02 GMT) Full text and rfc822 format available.Message #19 received at 6214 <at> debbugs.gnu.org (full text, mbox):
From: Carl Worth <cworth <at> cworth.org> To: 6214 <at> debbugs.gnu.org Subject: Re: bug#6214: closed (Re: bug#6214: 23.1; json-read-string crashes emacs with long string) Date: Tue, 18 May 2010 12:15:43 -0700
[Message part 1 (text/plain, inline)]
On Tue, 18 May 2010 18:08:02 +0000, help-debbugs <at> gnu.org (GNU bug Tracking System) wrote: > The explanation is attached below, along with your original report. > If you require more details, please reply to 6214 <at> debbugs.gnu.org. ... > Looks like a stack overflow in the `string' function. I've checked in a > fix, thanks for the bug report. Thanks for the quick fix! I'd be interested in seeing the actual patch here. So let me know if/when you can email it to me or point me to a publicly-visible repository that contains it. Thanks again, -Carl
[Message part 2 (application/pgp-signature, inline)]
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Wed, 16 Jun 2010 11:24:04 GMT) Full text and rfc822 format available.Michal Sojka <sojkam1 <at> fel.cvut.cz>
to control <at> debbugs.gnu.org.
(Thu, 12 Aug 2010 21:53:02 GMT) Full text and rfc822 format available.owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Thu, 12 Aug 2010 21:59:01 GMT) Full text and rfc822 format available.Message #26 received at 6214 <at> debbugs.gnu.org (full text, mbox):
From: Michal Sojka <sojkam1 <at> fel.cvut.cz> To: Chong Yidong <cyd <at> stupidchicken.com>, Carl Worth <cworth <at> cworth.org> Cc: 6214 <at> debbugs.gnu.org, Notmuch mailing list <notmuch <at> notmuchmail.org> Subject: Re: bug#6214: 23.1; json-read-string crashes emacs with long string Date: Thu, 12 Aug 2010 23:58:45 +0200
[Message part 1 (text/plain, inline)]
On Tue, 18 May 2010, Chong Yidong wrote: > Looks like a stack overflow in the `string' function. I've checked in a > fix, thanks for the bug report. It seems the bug is still in the current Emacs HEAD (http://repo.or.cz/w/emacs.git/commit/08d1bfbda3ef4a7038556f6c56bec1a37b4721f0). I can reproduce it with the lisp code sent by Carl, but the backtrace is different. My backtrace is attached. Thanks Michal
[gdb.txt (text/plain, inline)]
#0 0x0000000000566739 in Fapply (nargs=2, args=0x7fffffffbcf8) at eval.c:2492
i = 8997664
numargs = <value optimized out>
spread_arg = 12020694
funcall_args = 0x7fffff767100
fun = <value optimized out>
#1 0x0000000000565135 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:2964
fun = <value optimized out>
original_fun = 11891218
funcar = <value optimized out>
numargs = 2
val = <value optimized out>
backtrace = {
next = 0x7fffffffbf00,
function = 0x7fffffffbcf0,
args = 0x7fffffffbcf8,
nargs = 2,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffbcf8
i = <value optimized out>
#2 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679
count = 47
op = <value optimized out>
stack = {
pc = 0xea5250 "\202|",
top = 0x7fffffffbd00,
bottom = 0x7fffffffbcf0,
byte_string = 18230033,
byte_string_start = 0xea51d8 "\303`f\211\030\206\t",
constants = 18231925,
next = 0x7fffffffce20
}
top = 0x7fffffffbcf0
result = <value optimized out>
#3 0x00000000005672ef in funcall_lambda (fun=18232277, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165
val = <value optimized out>
syms_left = 11721042
next = 0
i = 0
optional = 0
rest = 0
#4 0x0000000000567454 in apply_lambda (fun=18232277, args=11721042, eval_flag=<value optimized out>) at eval.c:3092
args_left = 11721042
i = <value optimized out>
tem = <value optimized out>
#5 0x0000000000566b53 in Feval (form=18232272) at eval.c:2408
fun = 140737479340288
val = <value optimized out>
original_fun = 17897138
original_args = 11721042
funcar = 8997664
backtrace = {
next = 0x7fffffffbfe0,
function = 0x7fffffffbf28,
args = 0x7fffffffbe30,
nargs = 0,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#6 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#7 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 11697014
i = <value optimized out>
argvals = {11721042, 74852149, 74124673, 11721042, 1, 140737488339112, 140737488338912, 5892710}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890130
original_args = 11697014
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc0d0,
function = 0x7fffffffc008,
args = 0x7fffffffc000,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#8 0x0000000000567505 in Funwind_protect (args=11695302) at eval.c:1304
val = <value optimized out>
#9 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 11695302
i = <value optimized out>
argvals = {74852149, 5665519, 74852149, 74124801, 140737488339352, 21480469067, 17767008, 17768448}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890930
original_args = 11695302
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc1d0,
function = 0x7fffffffc0f8,
args = 0x7fffffffc0f0,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#10 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#11 0x000000000055951d in Fsave_current_buffer (args=11693078) at editfns.c:1012
val = <value optimized out>
#12 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 11693078
i = <value optimized out>
argvals = {8633005, 18237426, 11695062, 11695030, 140737488339456, 5662408, 1, 2}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11928034
original_args = 11693078
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc2a0,
function = 0x7fffffffc1f8,
args = 0x7fffffffc1f0,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#13 0x0000000000566cec in Feval (form=<value optimized out>) at eval.c:2406
fun = <value optimized out>
val = <value optimized out>
original_fun = 12595842
original_args = 11695030
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc3f0,
function = 0x7fffffffc2c8,
args = 0x7fffffffc2c0,
nargs = -1,
evalargs = 1 '\001',
debug_on_exit = 0 '\000'
}
#14 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#15 0x0000000000567d08 in Flet (args=11694902) at eval.c:1051
tem = 74852149
elt = <value optimized out>
varlist = <value optimized out>
#16 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 11694902
i = <value optimized out>
argvals = {8635685, 18755398, 18755446, 18755510, 140737488340000, 5662408, 1, 2}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890562
original_args = 11694902
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc4c0,
function = 0x7fffffffc418,
args = 0x7fffffffc410,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#17 0x0000000000566cec in Feval (form=<value optimized out>) at eval.c:2406
fun = <value optimized out>
val = <value optimized out>
original_fun = 12606802
original_args = 18755430
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc610,
function = 0x7fffffffc4e8,
args = 0x7fffffffc4e0,
nargs = -1,
evalargs = 1 '\001',
debug_on_exit = 0 '\000'
}
#18 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#19 0x0000000000567d08 in Flet (args=18755366) at eval.c:1051
tem = 74125073
elt = <value optimized out>
varlist = <value optimized out>
#20 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 18755366
i = <value optimized out>
argvals = {17896994, 11721042, 11721042, 5561631, 140737488340688, 5708090, 41, 0}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890562
original_args = 18755366
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc6f0,
function = 0x7fffffffc638,
args = 0x7fffffffc630,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#21 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#22 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 18752566
i = <value optimized out>
argvals = {11721042, 15322325, 15321809, 11721042, 1, 140737488340920, 140737488340720, 17986768}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890130
original_args = 18752566
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc7e0,
function = 0x7fffffffc718,
args = 0x7fffffffc710,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#23 0x0000000000567505 in Funwind_protect (args=18752758) at eval.c:1304
val = <value optimized out>
#24 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 18752758
i = <value optimized out>
argvals = {15322325, 5665519, 15322325, 8618505, 140737488341160, 21474836480, 17767008, 17768320}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890930
original_args = 18752758
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc8e0,
function = 0x7fffffffc808,
args = 0x7fffffffc800,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#25 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#26 0x000000000055951d in Fsave_current_buffer (args=18752966) at editfns.c:1012
val = <value optimized out>
#27 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 18752966
i = <value optimized out>
argvals = {8633005, 17897186, 18752774, 18752806, 140737488341264, 5662408, 1, 2}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11928034
original_args = 18752966
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc9b0,
function = 0x7fffffffc908,
args = 0x7fffffffc900,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#28 0x0000000000566cec in Feval (form=<value optimized out>) at eval.c:2406
fun = <value optimized out>
val = <value optimized out>
original_fun = 12595842
original_args = 18752806
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffcb00,
function = 0x7fffffffc9d8,
args = 0x7fffffffc9d0,
nargs = -1,
evalargs = 1 '\001',
debug_on_exit = 0 '\000'
}
#29 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#30 0x0000000000567d08 in Flet (args=18752854) at eval.c:1051
tem = 15322325
elt = <value optimized out>
varlist = <value optimized out>
#31 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 18752854
i = <value optimized out>
argvals = {8635685, 18755046, 18755126, 18755254, 140737488341808, 5662408, 11739872, 2}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890562
original_args = 18752854
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffcbd0,
function = 0x7fffffffcb28,
args = 0x7fffffffcb20,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#32 0x0000000000566cec in Feval (form=<value optimized out>) at eval.c:2406
fun = <value optimized out>
val = <value optimized out>
original_fun = 12606802
original_args = 18755110
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffcd70,
function = 0x7fffffffcbf8,
args = 0x7fffffffcbf0,
nargs = -1,
evalargs = 1 '\001',
debug_on_exit = 0 '\000'
}
#33 0x000000000058ae4f in readevalloop (readcharfun=18093061, stream=0x0, sourcename=18361409, printflag=<value optimized out>, unibyte=<value optimized out>, readfun=<value optimized out>, start=11721042, end=11721042,
evalfun=<value optimized out>) at lread.c:1739
count1 = 40
c = <value optimized out>
val = <value optimized out>
b = 0x1141400
continue_reading_p = 1
whole_buffer = 1
first_sexp = <value optimized out>
#34 0x000000000058bb71 in Feval_buffer (buffer=<value optimized out>, printflag=11721042, filename=15002881, unibyte=11721042, do_allow_print=<value optimized out>) at lread.c:1799
tem = <value optimized out>
buf = 18093061
#35 0x0000000000565073 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:2997
fun = <value optimized out>
original_fun = <value optimized out>
funcar = <value optimized out>
numargs = 5
val = <value optimized out>
backtrace = {
next = 0x7fffffffcf30,
function = 0x7fffffffcdd0,
args = 0x7fffffffcdd8,
nargs = 5,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffcdd8
i = 5
#36 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679
count = 27
op = <value optimized out>
stack = {
pc = 0xaa6e3a "\210,\336\b!\210\016\"\204\256",
top = 0x7fffffffcdf8,
bottom = 0x7fffffffcdd0,
byte_string = 8682273,
byte_string_start = 0xaa6dae "\306\b!\204\022",
constants = 8682309,
next = 0x7fffffffd2c0
}
top = 0x7fffffffcdd0
result = <value optimized out>
#37 0x00000000005672ef in funcall_lambda (fun=8682141, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165
val = <value optimized out>
syms_left = 11721042
next = 12593154
i = 4
optional = 1
rest = 0
#38 0x0000000000564f03 in Ffuncall (nargs=<value optimized out>, args=0x847a98) at eval.c:3040
fun = 140737479340288
original_fun = 12593010
funcar = 8997664
numargs = 4
val = <value optimized out>
backtrace = {
next = 0x7fffffffd1f0,
function = 0x7fffffffcf90,
args = 0x7fffffffcf98,
nargs = 4,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffcf98
i = <value optimized out>
#39 0x00000000005652d9 in call4 (fn=<value optimized out>, arg1=<value optimized out>, arg2=16, arg3=8473480, arg4=0) at eval.c:2831
ret_ungc_val = 8997664
args = {12593010, 15002881, 15002881, 11721042, 11721090}
#40 0x000000000058b71d in Fload (file=18663777, noerror=8473480, nomessage=11721090, nosuffix=<value optimized out>, must_suffix=<value optimized out>) at lread.c:1183
val = <value optimized out>
stream = <value optimized out>
fd = 5
count = 20
found = 15002881
efound = <value optimized out>
hist_file_name = 15002881
newer = 0
compiled = 17487280
handler = <value optimized out>
safe_p = 17767648
tmp = {18737654, 13154870}
version = 0
#41 0x0000000000565073 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:2997
fun = <value optimized out>
original_fun = <value optimized out>
funcar = <value optimized out>
numargs = 5
val = <value optimized out>
backtrace = {
next = 0x7fffffffd3d0,
function = 0x7fffffffd250,
args = 0x7fffffffd258,
nargs = 3,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffd1a0
i = 5
#42 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679
count = 5
op = <value optimized out>
stack = {
pc = 0xa88814 "\210*\202\300\003\016L띃!\002\347\016N\206\f\002\f\211A\024@!\036S\346\016S!\036T\352\016T\314ى$\210*\202\300\003\016L욃J\002\331\026Q\016N\206\065\002\f\211A\024@\211\026F;\204@\002\332\355!\210\356\347\016F!!\210\202\300\003\016LX\002\360\331!\210\202\300\003\016L\361\232\203f\002\362\363!\210\202\300\003\321\364\016L\"\203w\002\365\016L!\026B\202\300\003\321\366\016L\"\203\224\002\365\325\326\016L\"!\026B\365\325\367\016L\"!\026A\202\300\003\334\016M\016H\"\211\026F\203\252\002\016FA@\f\233\024\202\300\003\334\016M\016K\"\211\026F\203\300\002\016FA@\f\233\024"...,
top = 0x7fffffffd268,
bottom = 0x7fffffffd250,
byte_string = 9032857,
byte_string_start = 0xa8861f "\306 \210\b\203\021",
constants = 9032893,
next = 0x7fffffffd490
}
top = 0x7fffffffd250
result = <value optimized out>
#43 0x00000000005672ef in funcall_lambda (fun=9032797, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165
val = <value optimized out>
syms_left = 11721042
next = 13750050
i = 1
optional = 0
rest = 0
#44 0x0000000000564f03 in Ffuncall (nargs=<value optimized out>, args=0x89d458) at eval.c:3040
fun = 140737479340288
original_fun = 13756226
funcar = 8997664
numargs = 1
val = <value optimized out>
backtrace = {
next = 0x7fffffffd5a0,
function = 0x7fffffffd430,
args = 0x7fffffffd438,
nargs = 1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffd438
i = <value optimized out>
#45 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679
count = 4
op = <value optimized out>
stack = {
pc = 0xa8b2dc "\210\016N\203s\006\201", <incomplete sequence \346>,
top = 0x7fffffffd438,
bottom = 0x7fffffffd430,
byte_string = 9005745,
byte_string_start = 0xa8ac75 "\306 \020\307\021\n\023\307\024\310\311!\211\035\307=\204\064",
constants = 9005781,
next = 0x7fffffffd650
}
top = 0x7fffffffd430
result = <value optimized out>
#46 0x00000000005672ef in funcall_lambda (fun=9005701, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165
val = <value optimized out>
syms_left = 11721042
next = 12575218
i = 0
optional = 0
rest = 2
#47 0x0000000000564f03 in Ffuncall (nargs=<value optimized out>, args=0x896a80) at eval.c:3040
fun = 140737479340288
original_fun = 12575218
funcar = 8997664
numargs = 0
val = <value optimized out>
backtrace = {
next = 0x7fffffffd810,
function = 0x7fffffffd600,
args = 0x7fffffffd608,
nargs = 0,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffd608
i = <value optimized out>
#48 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679
count = 2
op = <value optimized out>
stack = {
pc = 0xa8ba98 "\210*\340\341\342\"\210\343\321\344\"\211\036$;\203\251",
top = 0x7fffffffd600,
bottom = 0x7fffffffd600,
byte_string = 9000737,
byte_string_start = 0xa8ba0a "\b\203\b",
constants = 9000773,
next = 0x0
}
top = 0x7fffffffd600
result = <value optimized out>
#49 0x00000000005672ef in funcall_lambda (fun=9000693, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165
val = <value optimized out>
syms_left = 11721042
next = 0
i = 0
optional = 32767
rest = 0
#50 0x0000000000567454 in apply_lambda (fun=9000693, args=11721042, eval_flag=<value optimized out>) at eval.c:3092
args_left = 11721042
i = <value optimized out>
tem = <value optimized out>
#51 0x0000000000566b53 in Feval (form=9000688) at eval.c:2408
fun = 140737479340288
val = <value optimized out>
original_fun = 13749474
original_args = 11721042
funcar = 8997664
backtrace = {
next = 0x0,
function = 0x7fffffffd838,
args = 0x7fffffffd740,
nargs = 0,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#52 0x000000000056437d in internal_condition_case (bfun=<value optimized out>, handlers=<value optimized out>, hfun=<value optimized out>) at eval.c:1458
val = 8997664
c = {
tag = 11721042,
val = 11721042,
next = 0x7fffffffda10,
gcpro = 0x0,
jmp = {{
__jmpbuf = {13365184, 3949921905019383304, 13365216, 140737488346744, 1, 1, -3949921426383376888, 3949920965887585800},
__mask_was_saved = 0,
__saved_mask = {
__val = {140737353880784, 140737353835656, 4294967295, 4238812, 1, 8460504, 0, 1, 1, 0, 140737351959490, 140733193388033, 0, 140737488345816, 140737251616176, 226670640}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
h = {
handler = 11773138,
var = 11721042,
chosen_clause = 11721042,
tag = 0x7fffffffd8a0,
next = 0x0
}
#53 0x00000000004f9e06 in top_level_1 (ignore=<value optimized out>) at keyboard.c:1355
No locals.
#54 0x00000000005644a8 in internal_catch (tag=<value optimized out>, func=<value optimized out>, arg=<value optimized out>) at eval.c:1202
c = {
tag = 11769202,
val = 11721042,
next = 0x0,
gcpro = 0x0,
jmp = {{
__jmpbuf = {13365184, 3949921905019383304, 13365216, 140737488346744, 1, 1, -3949921426333045240, 3949920965646937608},
__mask_was_saved = 0,
__saved_mask = {
__val = {0, 0, 0, 0, 112, 140737255104152, 352, 140737255104152, 140737255104168, 30064771072, 344, 94489280656, 30064771072, 384, 94489280612, 11993394}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
#55 0x00000000004f9e7b in command_loop () at keyboard.c:1310
No locals.
#56 0x00000000004fa278 in recursive_edit_1 () at keyboard.c:940
val = <value optimized out>
#57 0x00000000004fa3b7 in Frecursive_edit () at keyboard.c:1002
buffer = 11721042
#58 0x00000000004ed995 in main (argc=0, argv=0x7fffffffdf98) at emacs.c:1764
dummy = 0
stack_bottom_variable = 0 '\000'
do_initial_setlocale = <value optimized out>
skip_args = 1
rlim = {
rlim_cur = 8720000,
rlim_max = 18446744073709551615
}
no_loadup = 0
junk = 0x0
dname_arg = 0x0
ch_to_dir = 0x0
Lisp Backtrace:
"apply" (0xffffbcf8)
"json-read-string" (0xffffbe30)
"progn" (0xffffc000)
"unwind-protect" (0xffffc0f0)
"save-current-buffer" (0xffffc1f0)
"with-current-buffer" (0xffffc2c0)
"let" (0xffffc410)
"with-temp-buffer" (0xffffc4e0)
"let" (0xffffc630)
"progn" (0xffffc710)
"unwind-protect" (0xffffc800)
"save-current-buffer" (0xffffc900)
"with-current-buffer" (0xffffc9d0)
"let" (0xffffcb20)
"with-temp-buffer" (0xffffcbf0)
"eval-buffer" (0xffffcdd8)
"load-with-code-conversion" (0xffffcf98)
"load" (0xffffd258)
"command-line-1" (0xffffd438)
"command-line" (0xffffd608)
"normal-top-level" (0xffffd740)
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Fri, 13 Aug 2010 16:37:01 GMT) Full text and rfc822 format available.Message #29 received at 6214 <at> debbugs.gnu.org (full text, mbox):
From: Chong Yidong <cyd <at> stupidchicken.com> To: Michal Sojka <sojkam1 <at> fel.cvut.cz> Cc: 6214 <at> debbugs.gnu.org, Notmuch mailing list <notmuch <at> notmuchmail.org>, Carl Worth <cworth <at> cworth.org> Subject: Re: bug#6214: 23.1; json-read-string crashes emacs with long string Date: Fri, 13 Aug 2010 12:37:07 -0400
Michal Sojka <sojkam1 <at> fel.cvut.cz> writes: > It seems the bug is still in the current Emacs HEAD > (http://repo.or.cz/w/emacs.git/commit/08d1bfbda3ef4a7038556f6c56bec1a37b4721f0). > I can reproduce it with the lisp code sent by Carl, but the backtrace is > different. My backtrace is attached. I can't reproduce it with the BZR repository. Maybe the git mirror you are using is not up to date. Without any further information from you about your Emacs build (information that would have been available if you had used `M-x report-emacs-bug'), it is impossible to say.
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Sat, 14 Aug 2010 07:39:01 GMT) Full text and rfc822 format available.Message #32 received at 6214 <at> debbugs.gnu.org (full text, mbox):
From: Michal Sojka <sojkam1 <at> fel.cvut.cz> To: Chong Yidong <cyd <at> stupidchicken.com> Cc: 6214 <at> debbugs.gnu.org, Notmuch mailing list <notmuch <at> notmuchmail.org>, Carl Worth <cworth <at> cworth.org> Subject: Re: bug#6214: 23.1; json-read-string crashes emacs with long string Date: Sat, 14 Aug 2010 09:39:03 +0200
On Fri, 13 Aug 2010, Chong Yidong wrote: > Michal Sojka <sojkam1 <at> fel.cvut.cz> writes: > > > It seems the bug is still in the current Emacs HEAD > > (http://repo.or.cz/w/emacs.git/commit/08d1bfbda3ef4a7038556f6c56bec1a37b4721f0). > > I can reproduce it with the lisp code sent by Carl, but the backtrace is > > different. My backtrace is attached. > > I can't reproduce it with the BZR repository. Maybe the git mirror you > are using is not up to date. Without any further information from you > about your Emacs build (information that would have been available if > you had used `M-x report-emacs-bug'), it is impossible to say. I cloned bzr repo (trunk:101071) and I can reproduce the bug (./emacs --batch -l ~/q/json-emacs-bug.el). Backtrace is the same as in my previous mail and report-emacs-bug information is bellow. Let me know if you need additional info. Thanks -Michal In GNU Emacs 24.0.50.1 (x86_64-unknown-linux-gnu, GTK+ Version 2.20.1) of 2010-08-14 on steelpick Windowing system distributor `The X.Org Foundation', version 11.0.10707000 Important settings: value of $LC_ALL: nil value of $LC_COLLATE: nil value of $LC_CTYPE: nil value of $LC_MESSAGES: en_US.UTF-8 value of $LC_MONETARY: nil value of $LC_NUMERIC: nil value of $LC_TIME: nil value of $LANG: en_US.utf8 value of $XMODIFIERS: nil locale-coding-system: utf-8-unix default enable-multibyte-characters: t Major mode: Fundamental Minor modes in effect: tooltip-mode: t mouse-wheel-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t blink-cursor-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t Recent input: M-x r e p o r t SPC e m a SPC SPC <return> Recent messages: For information about GNU Emacs and the GNU system, type C-h C-a. Load-path shadows: None found. Features: (shadow sort gnus-util mail-extr message sendmail regexp-opt rfc822 mml easymenu mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231 rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mailabbrev mail-utils gmm-utils mailheader emacsbug package warnings tooltip ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd tool-bar dnd fontset image fringe lisp-mode register page menu-bar rfn-eshadow timer select scroll-bar mldrag mouse jit-lock font-lock syntax facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev loaddefs button minibuffer faces cus-face files text-properties overlay md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote make-network-process dbusbind dynamic-setting system-font-setting font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs)
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Sat, 14 Aug 2010 21:30:03 GMT) Full text and rfc822 format available.Message #35 received at 6214 <at> debbugs.gnu.org (full text, mbox):
From: Chong Yidong <cyd <at> stupidchicken.com> To: Michal Sojka <sojkam1 <at> fel.cvut.cz> Cc: 6214 <at> debbugs.gnu.org, Notmuch mailing list <notmuch <at> notmuchmail.org>, Carl Worth <cworth <at> cworth.org> Subject: Re: bug#6214: 23.1; json-read-string crashes emacs with long string Date: Sat, 14 Aug 2010 17:30:32 -0400
Michal Sojka <sojkam1 <at> fel.cvut.cz> writes: > I cloned bzr repo (trunk:101071) and I can reproduce the bug (./emacs > --batch -l ~/q/json-emacs-bug.el). Backtrace is the same as in my > previous mail and report-emacs-bug information is bellow. Let me know if > you need additional info. First, please check if this equivalent and simpler recipe also reproduces the problem, to make sure this is the same bug: emacs --batch -q --eval "(apply 'string (make-list 1122176 ?a)))" If so, please recompile without optimizations: CFLAGS="-g" ./configure make and see if you can obtain a cleaner backtrace.
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Mon, 16 Aug 2010 07:12:02 GMT) Full text and rfc822 format available.Message #38 received at 6214 <at> debbugs.gnu.org (full text, mbox):
From: Michal Sojka <sojkam1 <at> fel.cvut.cz> To: Chong Yidong <cyd <at> stupidchicken.com> Cc: 6214 <at> debbugs.gnu.org, Notmuch mailing list <notmuch <at> notmuchmail.org>, Carl Worth <cworth <at> cworth.org> Subject: Re: bug#6214: 23.1; json-read-string crashes emacs with long string Date: Sun, 15 Aug 2010 09:37:28 +0200
On Sat, 14 Aug 2010, Chong Yidong wrote:
> First, please check if this equivalent and simpler recipe also
> reproduces the problem, to make sure this is the same bug:
>
> emacs --batch -q --eval "(apply 'string (make-list 1122176 ?a)))"
Yes, the problem is still here.
> If so, please recompile without optimizations:
>
> CFLAGS="-g" ./configure
> make
>
> and see if you can obtain a cleaner backtrace.
Program received signal SIGSEGV, Segmentation fault.
0x00000000005f81fc in Fapply (nargs=2, args=0x7fffffffc670) at eval.c:2492
2492 memcpy (funcall_args, args, nargs * sizeof (Lisp_Object));
#0 0x00000000005f81fc in Fapply (nargs=2, args=0x7fffffffc670) at eval.c:2492
i = 0
numargs = 1122176
spread_arg = 38164022
funcall_args = 0x7fffff76c9d0
fun = 9260085
gcpro1 = {
next = 0x2465636,
var = 0x95cb41,
nvars = 1122177
}
#1 0x00000000005f7ade in Feval (form=19244870) at eval.c:2321
vals = 0x7fffffffc670
argnum = 2
numargs = 8
args_left = 12507474
i = 2
maxargs = -14728
argvals = {19244854, 18642001, 0, 6, 6, 25769803776, 16350976, 12420200}
fun = 12011021
val = 24
original_fun = 12677650
original_args = 19244918
funcar = 19244870
backtrace = {
next = 0x7fffffffc800,
function = 0x7fffffffc770,
args = 0x7fffffffc670,
nargs = 2,
evalargs = 1 '\001',
debug_on_exit = 0 '\000'
}
gcpro1 = {
next = 0x0,
var = 0x11c7471,
nvars = 39
}
gcpro2 = {
next = 0x0,
var = 0x7fffffffd530,
nvars = -14512
}
gcpro3 = {
next = 0x125a416,
var = 0x7fffffffc670,
nvars = 2
}
#2 0x00000000005f8ead in Ffuncall (nargs=2, args=0x7fffffffc880) at eval.c:2983
fun = 12010973
original_fun = 12677602
funcar = 9817142
numargs = 1
lisp_numargs = 6302634
val = 19244870
backtrace = {
next = 0x7fffffffcc80,
function = 0x7fffffffc880,
args = 0x7fffffffc888,
nargs = 1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffc888
i = 0
#3 0x0000000000645887 in Fbyte_code (bytestr=9815377, vector=9815413, maxdepth=40) at bytecode.c:679
count = 5
op = 1
vectorp = 0x95c580
bytestr_length = 1187
stack = {
pc = 0xb48b63 "\210\202\300\003\016L坃\311\001\346\347\016N\206\241\001\f\211A\024@!!\026F\016E\203\274\001\016E\016F\016EAB\241\210\016EA\026E\202\300\003\016F\016RB\211\026R\026E\202\300\003\016L蝃\372\001\347\016N\206\333\001\f\211A\024@!\036S\346\016S!\036T\351\016T!\203\357\001\016T\026S\352\016S\314\331#\210*\202\300\003\016L띃!\002\347\016N\206\f\002\f\211A\024@!\036S\346\016S!\036T\352\016T\314ى$\210*\202\300\003\016L욃J\002\331\026Q\016N\206\065\002\f\211A\024@\211\026F;\204@\002\332\355!\210\356\347\016F!!\210\202\300\003\016LX\002", <incomplete sequence \360>...,
top = 0x7fffffffc888,
bottom = 0x7fffffffc880,
byte_string = 9815377,
byte_string_start = 0xb489d9 "\306 \210\b\203\021",
constants = 9815413,
next = 0x7fffffffcd70
}
top = 0x7fffffffc880
result = 140737488341184
#4 0x00000000005f9701 in funcall_lambda (fun=9815317, nargs=1, arg_vector=0x7fffffffcd08) at eval.c:3165
val = 12535520
syms_left = 12507474
next = 14517122
count = 4
i = 1
optional = 0
rest = 0
#5 0x00000000005f90bb in Ffuncall (nargs=2, args=0x7fffffffcd00) at eval.c:3029
fun = 9815317
original_fun = 14191698
funcar = 12535520
numargs = 1
lisp_numargs = 6152191
val = 19245862
backtrace = {
next = 0x7fffffffd0f0,
function = 0x7fffffffcd00,
args = 0x7fffffffcd08,
nargs = 1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x125ab36
i = 0
#6 0x0000000000645887 in Fbyte_code (bytestr=9788449, vector=9788485, maxdepth=28) at bytecode.c:679
count = 4
op = 1
vectorp = 0x955c50
bytestr_length = 1723
stack = {
pc = 0xb4b681 "\210\016N\203^\006\201", <incomplete sequence \343>,
top = 0x7fffffffcd08,
bottom = 0x7fffffffcd00,
byte_string = 9788449,
byte_string_start = 0xb4b02f "\306 \020\307\021\n\023\307\024\310\311!\211\035\307=\204\064",
constants = 9788485,
next = 0x7fffffffd1d0
}
top = 0x7fffffffcd00
result = 13467377
#7 0x00000000005f9701 in funcall_lambda (fun=9788405, nargs=0, arg_vector=0x7fffffffd178) at eval.c:3165
val = 12535520
syms_left = 12507474
next = 13258642
count = 4
i = 0
optional = 0
rest = 0
#8 0x00000000005f90bb in Ffuncall (nargs=1, args=0x7fffffffd170) at eval.c:3029
fun = 9788405
original_fun = 13569954
funcar = 13569906
numargs = 0
lisp_numargs = 6152191
val = 13467377
backtrace = {
next = 0x7fffffffd6c0,
function = 0x7fffffffd170,
args = 0x7fffffffd178,
nargs = 0,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0xcd7ef1
i = 0
#9 0x0000000000645887 in Fbyte_code (bytestr=9783473, vector=9783509, maxdepth=24) at bytecode.c:679
count = 2
op = 0
vectorp = 0x9548e0
bytestr_length = 220
stack = {
pc = 0xb4be2e "\210*\340\341\342\"\210\343\321\344\"\211\036$;\203\251",
top = 0x7fffffffd170,
bottom = 0x7fffffffd170,
byte_string = 9783473,
byte_string_start = 0xb4bda0 "\b\203\b",
constants = 9783509,
next = 0x0
}
top = 0x7fffffffd170
result = 4294967295
#10 0x00000000005f9701 in funcall_lambda (fun=9783429, nargs=0, arg_vector=0x7fffffffd530) at eval.c:3165
val = 1
syms_left = 12507474
next = 140733193388033
count = 2
i = 0
optional = 0
rest = 0
#11 0x00000000005f932f in apply_lambda (fun=9783429, args=12507474, eval_flag=1) at eval.c:3092
args_left = 12507474
numargs = 0
arg_vector = 0x7fffffffd530
gcpro1 = {
next = 0x7ffff1e40970,
var = 0x7ffff7fc14d0,
nvars = 0
}
gcpro2 = {
next = 0x83b,
var = 0x1000,
nvars = 8
}
gcpro3 = {
next = 0x1,
var = 0x81a4,
nvars = 0
}
i = 0
tem = 5
#12 0x00000000005f7dea in Feval (form=12978838) at eval.c:2390
fun = 9783429
val = 140737488345192
original_fun = 14516546
original_args = 12507474
funcar = 140737354130560
backtrace = {
next = 0x0,
function = 0x7fffffffd6f0,
args = 0x7fffffffd530,
nargs = 0,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
gcpro1 = {
next = 0x7ffff7fb6488,
var = 0x7ffff7fc14d0,
nvars = -134225624
}
gcpro2 = {
next = 0x7fffffffd810,
var = 0x7ffff1e34c28,
nvars = -236739152
}
gcpro3 = {
next = 0x0,
var = 0x7fff00000017,
nvars = 44108294
}
#13 0x00000000005599d1 in top_level_2 () at keyboard.c:1347
No locals.
#14 0x00000000005f5f8c in internal_condition_case (bfun=0x5599be <top_level_2>, handlers=12559570, hfun=0x5595a8 <cmd_error>) at eval.c:1458
val = 5609939
c = {
tag = 12507474,
val = 12507474,
next = 0x7fffffffd930,
gcpro = 0x0,
jmp = {{
__jmpbuf = {5, 7988929332933021680, 4279008, 140737488346960, 0, 0, 7988929332880592880, -7988928721167724560},
__mask_was_saved = 0,
__saved_mask = {
__val = {4294967295, 140737488345248, 1, 9246952, 0, 0, 0, 0, 140737351959490, 1, 0, 0, 140737251616176, 12936662, 5, 140737488345664}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
h = {
handler = 12559570,
var = 12507474,
chosen_clause = 140737488345104,
tag = 0x7fffffffd7c0,
next = 0x0
}
#15 0x0000000000559a0b in top_level_1 (ignore=12507474) at keyboard.c:1355
No locals.
#16 0x00000000005f592e in internal_catch (tag=12555634, func=0x5599d3 <top_level_1>, arg=12507474) at eval.c:1202
c = {
tag = 12555634,
val = 12507474,
next = 0x0,
gcpro = 0x0,
jmp = {{
__jmpbuf = {5, 7988929332987547632, 4279008, 140737488346960, 0, 0, 7988929332960284656, -7988928721370886160},
__mask_was_saved = 0,
__saved_mask = {
__val = {6153582, 140737255104152, 4301629832, 0, 12507474, 12779824, 140737488345720, 60129542288, 12535520, 12033184, 6152158, 140737488345680, 12507474, 4279008, 140737488346960, 140737488345696}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
#17 0x0000000000559939 in command_loop () at keyboard.c:1310
No locals.
#18 0x00000000005590df in recursive_edit_1 () at keyboard.c:940
count = 1
val = 5608104
#19 0x0000000000559292 in Frecursive_edit () at keyboard.c:1002
count = 0
buffer = 12507474
#20 0x00000000005575cc in main (argc=5, argv=0x7fffffffdf58) at emacs.c:1764
dummy = 140737251592752
stack_bottom_variable = 0 '\000'
do_initial_setlocale = 1
skip_args = 1
rlim = {
rlim_cur = 8720000,
rlim_max = 18446744073709551615
}
no_loadup = 0
junk = 0x0
dname_arg = 0x0
ch_to_dir = 0x45 <Address 0x45 out of bounds>
Lisp Backtrace:
"apply" (0xffffc670)
"eval" (0xffffc888)
"command-line-1" (0xffffcd08)
"command-line" (0xffffd178)
"normal-top-level" (0xffffd530)
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Mon, 16 Aug 2010 17:40:02 GMT) Full text and rfc822 format available.Message #41 received at 6214 <at> debbugs.gnu.org (full text, mbox):
From: Chong Yidong <cyd <at> stupidchicken.com> To: Michal Sojka <sojkam1 <at> fel.cvut.cz> Cc: 6214 <at> debbugs.gnu.org, Notmuch mailing list <notmuch <at> notmuchmail.org>, Carl Worth <cworth <at> cworth.org> Subject: Re: bug#6214: 23.1; json-read-string crashes emacs with long string Date: Mon, 16 Aug 2010 13:40:13 -0400
Thanks, that is a useful backtrace. Could you apply this patch and see
if it fixes the problem?
=== modified file 'src/eval.c'
*** src/eval.c 2010-08-06 19:07:16 +0000
--- src/eval.c 2010-08-16 17:37:22 +0000
***************
*** 2430,2437 ****
register int i, numargs;
register Lisp_Object spread_arg;
register Lisp_Object *funcall_args;
! Lisp_Object fun;
struct gcpro gcpro1;
fun = args [0];
funcall_args = 0;
--- 2430,2438 ----
register int i, numargs;
register Lisp_Object spread_arg;
register Lisp_Object *funcall_args;
! Lisp_Object fun, retval;
struct gcpro gcpro1;
+ USE_SAFE_ALLOCA;
fun = args [0];
funcall_args = 0;
***************
*** 2470,2477 ****
{
/* Avoid making funcall cons up a yet another new vector of arguments
by explicitly supplying nil's for optional values */
! funcall_args = (Lisp_Object *) alloca ((1 + XSUBR (fun)->max_args)
! * sizeof (Lisp_Object));
for (i = numargs; i < XSUBR (fun)->max_args;)
funcall_args[++i] = Qnil;
GCPRO1 (*funcall_args);
--- 2471,2478 ----
{
/* Avoid making funcall cons up a yet another new vector of arguments
by explicitly supplying nil's for optional values */
! SAFE_ALLOCA (funcall_args, Lisp_Object *, ((1 + XSUBR (fun)->max_args)
! * sizeof (Lisp_Object)));
for (i = numargs; i < XSUBR (fun)->max_args;)
funcall_args[++i] = Qnil;
GCPRO1 (*funcall_args);
***************
*** 2483,2490 ****
function itself as well as its arguments. */
if (!funcall_args)
{
! funcall_args = (Lisp_Object *) alloca ((1 + numargs)
! * sizeof (Lisp_Object));
GCPRO1 (*funcall_args);
gcpro1.nvars = 1 + numargs;
}
--- 2484,2491 ----
function itself as well as its arguments. */
if (!funcall_args)
{
! SAFE_ALLOCA (funcall_args, Lisp_Object *, ((1 + numargs)
! * sizeof (Lisp_Object)));
GCPRO1 (*funcall_args);
gcpro1.nvars = 1 + numargs;
}
***************
*** 2500,2506 ****
}
/* By convention, the caller needs to gcpro Ffuncall's args. */
! RETURN_UNGCPRO (Ffuncall (gcpro1.nvars, funcall_args));
}
/* Run hook variables in various ways. */
--- 2501,2511 ----
}
/* By convention, the caller needs to gcpro Ffuncall's args. */
! retval = Ffuncall (gcpro1.nvars, funcall_args);
! UNGCPRO;
! SAFE_FREE ();
!
! return retval;
}
/* Run hook variables in various ways. */
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Tue, 17 Aug 2010 09:33:02 GMT) Full text and rfc822 format available.Message #44 received at 6214 <at> debbugs.gnu.org (full text, mbox):
From: Michal Sojka <sojkam1 <at> fel.cvut.cz> To: Chong Yidong <cyd <at> stupidchicken.com> Cc: 6214 <at> debbugs.gnu.org, Notmuch mailing list <notmuch <at> notmuchmail.org>, Carl Worth <cworth <at> cworth.org> Subject: Re: bug#6214: 23.1; json-read-string crashes emacs with long string Date: Mon, 16 Aug 2010 22:39:26 +0200
On Mon, 16 Aug 2010, Chong Yidong wrote: > Thanks, that is a useful backtrace. Could you apply this patch and see > if it fixes the problem? Great! The patch fixes the problem. Now I can view 20 MB email in notmuch. Thanks, Michal
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Tue, 17 Aug 2010 15:10:03 GMT) Full text and rfc822 format available.Message #47 received at 6214 <at> debbugs.gnu.org (full text, mbox):
From: Chong Yidong <cyd <at> stupidchicken.com> To: Stefan Monnier <monnier <at> iro.umontreal.ca> Cc: 6214 <at> debbugs.gnu.org, Notmuch mailing list <notmuch <at> notmuchmail.org>, Carl Worth <cworth <at> cworth.org>, Michal Sojka <sojkam1 <at> fel.cvut.cz> Subject: Re: bug#6214: 23.1; json-read-string crashes emacs with long string Date: Tue, 17 Aug 2010 11:10:37 -0400
Michal Sojka <sojkam1 <at> fel.cvut.cz> writes: > On Mon, 16 Aug 2010, Chong Yidong wrote: >> Thanks, that is a useful backtrace. Could you apply this patch and see >> if it fixes the problem? > > Great! The patch fixes the problem. Now I can view 20 MB email in > notmuch. Hmm, there is a problem, though. If we attempt to avoid a stack overflow in `apply' by using the heap rather than the stack to store large numbers of arguments, those arguments are invisible to the stack-marking gargbage collector. One workaround is to temporarily disable garbage collection if using the heap. Stefan, any ideas?
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Tue, 17 Aug 2010 16:27:01 GMT) Full text and rfc822 format available.Message #50 received at 6214 <at> debbugs.gnu.org (full text, mbox):
From: Chong Yidong <cyd <at> stupidchicken.com> To: Stefan Monnier <monnier <at> iro.umontreal.ca> Cc: 6214 <at> debbugs.gnu.org, Notmuch mailing list <notmuch <at> notmuchmail.org>, Carl Worth <cworth <at> cworth.org>, Michal Sojka <sojkam1 <at> fel.cvut.cz> Subject: Re: bug#6214: 23.1; json-read-string crashes emacs with long string Date: Tue, 17 Aug 2010 12:27:25 -0400
Chong Yidong <cyd <at> stupidchicken.com> writes: > Hmm, there is a problem, though. If we attempt to avoid a stack > overflow in `apply' by using the heap rather than the stack to store > large numbers of arguments, those arguments are invisible to the > stack-marking gargbage collector. Never mind, I got confused. SAFE_ALLOCA uses record_unwind_protect, so it's gc safe.
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Tue, 17 Aug 2010 20:57:02 GMT) Full text and rfc822 format available.Message #53 received at 6214 <at> debbugs.gnu.org (full text, mbox):
From: Andreas Schwab <schwab <at> linux-m68k.org> To: Chong Yidong <cyd <at> stupidchicken.com> Cc: 6214 <at> debbugs.gnu.org, Notmuch mailing list <notmuch <at> notmuchmail.org>, Carl Worth <cworth <at> cworth.org>, Stefan Monnier <monnier <at> iro.umontreal.ca>, Michal Sojka <sojkam1 <at> fel.cvut.cz> Subject: Re: bug#6214: 23.1; json-read-string crashes emacs with long string Date: Tue, 17 Aug 2010 22:57:44 +0200
Chong Yidong <cyd <at> stupidchicken.com> writes: > Never mind, I got confused. SAFE_ALLOCA uses record_unwind_protect, so > it's gc safe. No, it isn't. SAFE_ALLOCA only protects the memory block, you need to use SAVE_ALLOCA_LISP to protect also its contents. Andreas. -- Andreas Schwab, schwab <at> linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#6214; Package emacs.
(Tue, 17 Aug 2010 21:47:01 GMT) Full text and rfc822 format available.Message #56 received at 6214 <at> debbugs.gnu.org (full text, mbox):
From: Chong Yidong <cyd <at> stupidchicken.com> To: Andreas Schwab <schwab <at> linux-m68k.org> Cc: 6214 <at> debbugs.gnu.org, Notmuch mailing list <notmuch <at> notmuchmail.org>, Carl Worth <cworth <at> cworth.org>, Stefan Monnier <monnier <at> iro.umontreal.ca>, Michal Sojka <sojkam1 <at> fel.cvut.cz> Subject: Re: bug#6214: 23.1; json-read-string crashes emacs with long string Date: Tue, 17 Aug 2010 17:46:57 -0400
Andreas Schwab <schwab <at> linux-m68k.org> writes: > Chong Yidong <cyd <at> stupidchicken.com> writes: > >> Never mind, I got confused. SAFE_ALLOCA uses record_unwind_protect, so >> it's gc safe. > > No, it isn't. SAFE_ALLOCA only protects the memory block, you need to > use SAVE_ALLOCA_LISP to protect also its contents. Ah, OK. Thanks.
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Wed, 15 Sep 2010 11:24:03 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.