GNU bug report logs - #31362
stack overflow in GC when creating large nested object

Previous Next

Package: emacs;

Reported by: Tino Calancha <tino.calancha <at> gmail.com>

Date: Fri, 4 May 2018 07:53:02 UTC

Severity: wishlist

Tags: confirmed

Merged with 2099

Found in version 24.5

Done: Mattias Engdegård <mattiase <at> acm.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 31362 in the body.
You can then email your comments to 31362 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to eggert <at> cs.ucla.edu, monnier <at> iro.umontreal.ca, bug-gnu-emacs <at> gnu.org:
bug#31362; Package emacs. (Fri, 04 May 2018 07:53:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Tino Calancha <tino.calancha <at> gmail.com>:
New bug report received and forwarded. Copy sent to eggert <at> cs.ucla.edu, monnier <at> iro.umontreal.ca, bug-gnu-emacs <at> gnu.org. (Fri, 04 May 2018 07:53:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Tino Calancha <tino.calancha <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: 24.5; Crash after eval a form
Date: Fri, 04 May 2018 16:51:56 +0900

X-Debbugs-CC: Paul Eggert <eggert <at> cs.ucla.edu>, Stefan Monnier <monnier <at> iro.umontreal.ca>

emacs -Q
;; Emacs crash after evaluate the following form:
(let* ((lst (list 'x))
       (form (cons 'die
                   (list 'w '(pop lst)))))
  (while lst
    (setq form
          (cons 'die
                (cons form
                      (list '(pop lst))))))
  form)

;; Same behavior in Emacs 25, 26 and master.
;; The crash seems to happen because of the following assert (lisp.h:1468) fails:
INLINE ptrdiff_t
SCHARS (Lisp_Object string)
{
  ptrdiff_t nchars = XSTRING (string)->u.s.size;
  eassume (0 <= nchars);
  return nchars;
}

In GNU Emacs 24.5.1 (x86_64-pc-linux-gnu, GTK+ Version 3.22.11)
 of 2017-09-12 on hullmann, modified by Debian
Windowing system distributor `The X.Org Foundation', version 11.0.11902000
System Description:	Debian GNU/Linux 9.4 (stretch)

Configured using:
 `configure --build x86_64-linux-gnu --prefix=/usr
 --sharedstatedir=/var/lib --libexecdir=/usr/lib
 --localstatedir=/var/lib --infodir=/usr/share/info
 --mandir=/usr/share/man --with-pop=yes
 --enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-lisp:/usr/share/emacs/site-lisp
 --without-gnutls --build x86_64-linux-gnu --prefix=/usr
 --sharedstatedir=/var/lib --libexecdir=/usr/lib
 --localstatedir=/var/lib --infodir=/usr/share/info
 --mandir=/usr/share/man --with-pop=yes
 --enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.5/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.5/site-lisp:/usr/share/emacs/site-lisp
 --without-gnutls --with-x=yes --with-x-toolkit=gtk3
 --with-toolkit-scroll-bars 'CFLAGS=-g -O2
 -fdebug-prefix-map=/build/emacs24-24.5+1=. -fstack-protector-strong
 -Wformat -Werror=format-security -Wall -fno-PIE' 'CPPFLAGS=-Wdate-time
 -D_FORTIFY_SOURCE=2' 'LDFLAGS=-Wl,-z,relro -no-pie''

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix

Major mode: Emacs-Lisp

Minor modes in effect:
  tooltip-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.

Load-path shadows:
None found.

Features:
(shadow sort gnus-util mail-extr emacsbug message format-spec rfc822 mml
easymenu mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231
mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums
mm-util help-fns mail-prsvr mail-utils time-date tooltip electric
uniquify ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd tool-bar
dnd fontset image regexp-opt fringe tabulated-list newcomment lisp-mode
prog-mode register page menu-bar rfn-eshadow timer select scroll-bar
mouse jit-lock font-lock syntax facemenu font-core frame cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev
minibuffer nadvice loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote make-network-process
dbusbind gfilenotify dynamic-setting system-font-setting
font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs)

Memory information:
((conses 16 71508 4550)
 (symbols 48 17556 0)
 (miscs 40 38 88)
 (strings 32 9162 4602)
 (string-bytes 1 250704)
 (vectors 16 8910)
 (vector-slots 8 383182 18774)
 (floats 8 63 238)
 (intervals 56 244 4)
 (buffers 960 12))
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#31362; Package emacs. (Fri, 04 May 2018 09:14:02 GMT) Full text and rfc822 format available.

Message #8 received at 31362 <at> debbugs.gnu.org (full text, mbox):

From: Andreas Schwab <schwab <at> linux-m68k.org>
To: Tino Calancha <tino.calancha <at> gmail.com>
Cc: 31362 <at> debbugs.gnu.org, paul eggert <eggert <at> cs.ucla.edu>,
 stefan monnier <monnier <at> iro.umontreal.ca>
Subject: Re: bug#31362: 24.5; Crash after eval a form
Date: Fri, 04 May 2018 11:13:39 +0200

On Mai 04 2018, Tino Calancha <tino.calancha <at> gmail.com> wrote:

> ;; Emacs crash after evaluate the following form:
> (let* ((lst (list 'x))
>        (form (cons 'die
>                    (list 'w '(pop lst)))))
>   (while lst
>     (setq form
>           (cons 'die
>                 (cons form
>                       (list '(pop lst))))))
>   form)

This creates a degenerate list, causing stack overflow during GC.

Andreas.

-- 
Andreas Schwab, schwab <at> linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."
Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#31362; Package emacs. (Fri, 04 May 2018 09:53:01 GMT) Full text and rfc822 format available.

Message #11 received at 31362 <at> debbugs.gnu.org (full text, mbox):

From: Noam Postavsky <npostavs <at> gmail.com>
To: Andreas Schwab <schwab <at> linux-m68k.org>
Cc: 31362 <at> debbugs.gnu.org, paul eggert <eggert <at> cs.ucla.edu>,
 stefan monnier <monnier <at> iro.umontreal.ca>,
 Tino Calancha <tino.calancha <at> gmail.com>
Subject: Re: bug#31362: 24.5; Crash after eval a form
Date: Fri, 04 May 2018 05:51:56 -0400

forcemerge 2099 31362
retitle 2099 stack overflow in GC when creating large nested object
quit

Andreas Schwab <schwab <at> linux-m68k.org> writes:

> On Mai 04 2018, Tino Calancha <tino.calancha <at> gmail.com> wrote:
>
>> ;; Emacs crash after evaluate the following form:
>> (let* ((lst (list 'x))
>>        (form (cons 'die
>>                    (list 'w '(pop lst)))))
>>   (while lst
>>     (setq form
>>           (cons 'die
>>                 (cons form
>>                       (list '(pop lst))))))
>>   form)
>
> This creates a degenerate list, causing stack overflow during GC.

Right, this is just a more complicated version of #2099.
Forcibly Merged 2099 31362. Request was from Noam Postavsky <npostavs <at> gmail.com> to control <at> debbugs.gnu.org. (Fri, 04 May 2018 09:53:02 GMT) Full text and rfc822 format available.
Changed bug title to 'stack overflow in GC when creating large nested object' from '24.5; Crash after eval a form' Request was from Noam Postavsky <npostavs <at> gmail.com> to control <at> debbugs.gnu.org. (Fri, 04 May 2018 09:53:02 GMT) Full text and rfc822 format available.
Reply sent to Mattias Engdegård <mattiase <at> acm.org>:
You have taken responsibility. (Mon, 04 Apr 2022 17:25:01 GMT) Full text and rfc822 format available.
Notification sent to Tino Calancha <tino.calancha <at> gmail.com>:
bug acknowledged by developer. (Mon, 04 Apr 2022 17:25:01 GMT) Full text and rfc822 format available.

Message #20 received at 31362-done <at> debbugs.gnu.org (full text, mbox):

From: Mattias Engdegård <mattiase <at> acm.org>
To: 31362-done <at> debbugs.gnu.org, 46900-done <at> debbugs.gnu.org
Cc: Noam Postavsky <npostavs <at> gmail.com>, Pip Cet <pipcet <at> gmail.com>,
 Tino Calancha <tino.calancha <at> gmail.com>
Subject: GC stack overflow fixed
Date: Mon, 4 Apr 2022 19:24:06 +0200

Now that bug#54698 is resolved, we can close bug#31362 and bug#46900 which seem to have been about that, essentially.

If that didn't do it for you, please let us know.
Reply sent to Mattias Engdegård <mattiase <at> acm.org>:
You have taken responsibility. (Mon, 04 Apr 2022 17:25:01 GMT) Full text and rfc822 format available.
Notification sent to Markus Triska <markus.triska <at> gmx.at>:
bug acknowledged by developer. (Mon, 04 Apr 2022 17:25:02 GMT) Full text and rfc822 format available.
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Tue, 03 May 2022 11:24:06 GMT) Full text and rfc822 format available.
This bug report was last modified 1 year and 356 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.