GNU bug report logs - #40661
Crash in regex search during redisplay

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: emacs; Reported by: Richard Copley <rcopley@HIDDEN>; dated Thu, 16 Apr 2020 14:36:02 UTC; Maintainer for emacs is bug-gnu-emacs@HIDDEN.

Message received at 40661 <at> debbugs.gnu.org:


Received: (at 40661) by debbugs.gnu.org; 17 Apr 2020 16:00:37 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 17 12:00:37 2020
Received: from localhost ([127.0.0.1]:41542 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jPTPx-0001iN-If
	for submit <at> debbugs.gnu.org; Fri, 17 Apr 2020 12:00:37 -0400
Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:54982)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <monnier@HIDDEN>) id 1jPTPv-0001i9-VW
 for 40661 <at> debbugs.gnu.org; Fri, 17 Apr 2020 12:00:36 -0400
Received: from pmg1.iro.umontreal.ca (localhost.localdomain [127.0.0.1])
 by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id 6CC8810032F;
 Fri, 17 Apr 2020 12:00:30 -0400 (EDT)
Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1])
 by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id B00ED10024E;
 Fri, 17 Apr 2020 12:00:28 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca;
 s=mail; t=1587139228;
 bh=gmePp3/Nu40PKutTuyAFLxCE9/8Dh47FxxCdVHfvQbQ=;
 h=From:To:Cc:Subject:References:Date:In-Reply-To:From;
 b=Bf+USi3WuK9OGpQJh2b/ZT2MuUwrY9nNsM/zCavbjMYTcqTH9IwcU+0fBsRcdboBj
 JemcCb+/NYYkPCYL9H/pnG58hwdtAr6aPltTRDfJvuzmCDqnS+OUAKkA9IbCkrleJh
 7X38hXpKjwuuNeBgPC5fEdL4MZe6KYZ4HSsu0MVC3q/7DCBlVnqT7jY1r7J0tbq0GD
 vKdXTzqF2mXK5T/TzWa5RL9mQIDKOC6ylH8HzWJRlq3fwyqLw5i+L6ajzmaTFXrGtk
 P5gt+gPPY0Qx6GWm2XIJpZt3oa7ep7BciShePG24kT9hnlmHWnKLGUhZHDN9jy9r0y
 NjpZ6peZK8Pug==
Received: from alfajor (unknown [104.247.241.114])
 by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id 53C36120871;
 Fri, 17 Apr 2020 12:00:28 -0400 (EDT)
From: Stefan Monnier <monnier@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#40661: Crash in regex search during redisplay
Message-ID: <jwvr1wm9ke8.fsf-monnier+emacs@HIDDEN>
References: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
 <83ftd3e92z.fsf@HIDDEN> <83d087e6gj.fsf@HIDDEN>
 <421071D0-6D75-4442-AC4B-D091B573B49C@HIDDEN>
 <CAPM58ohQC52=inqe3L=7jQDgoyATaCm+0RUw_t3W3WYe3=p0FQ@HIDDEN>
 <a9d50d4a-67fe-ad6f-2657-09b1eca55839@HIDDEN>
 <CAPM58ohH_QVDskmVmqV_LSKqtcAmWReL-5T=b3T2ng5QbabSrg@HIDDEN>
 <838siucq7b.fsf@HIDDEN> <jwvwo6e9lv7.fsf-monnier+emacs@HIDDEN>
 <83tv1iaz7g.fsf@HIDDEN>
Date: Fri, 17 Apr 2020 12:00:27 -0400
In-Reply-To: <83tv1iaz7g.fsf@HIDDEN> (Eli Zaretskii's message of "Fri, 17 Apr
 2020 18:50:27 +0300")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-SPAM-INFO: Spam detection results:  0
 ALL_TRUSTED                -1 Passed through trusted hosts only via SMTP
 AWL 0.153 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
 domain
X-SPAM-LEVEL: 
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 40661
Cc: rcopley@HIDDEN, dancol@HIDDEN, 40661 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

>> > Obviously, we cannot allow GC to run while regex routines do their
>> > work, because they are passed C pointers to buffer text.  The question
>> > is, where to disable GC?  We could do it inside
>> > update_syntax_table_forward, but UPDATE_SYNTAX_TABLE_FORWARD is called
>> > from many places that evidently have no problems with GC.  So my
>> > suggestion would be to disable GC inside re_match_2_internal instead.
>> > Comments?
>> Looks fine to me.
> So you prefer disabling GC to setting the inhibit_shrinking flag?
> I tend to agree with Daniel here, FWIW.

No, what I meant was that I'm fine with doing it "inside
re_match_2_internal" instead of "inside update_syntax_table_forward".
But I prefer if the "it" is setting `inhibit_shrinking` instead of
inhibiting the GC altogether.

> That's a project for another pandemic ;-)  I want a simple enough
> solution for now that we could install on the release branch.

Oh, for `emacs-27` that's clearly out, indeed.  But for `master` it
should not be that hard.  I think we can reuse `pending_funcalls`
for that.


        Stefan





Information forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.

Message received at 40661 <at> debbugs.gnu.org:


Received: (at 40661) by debbugs.gnu.org; 17 Apr 2020 15:50:46 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 17 11:50:46 2020
Received: from localhost ([127.0.0.1]:41523 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jPTGP-0001Qz-SM
	for submit <at> debbugs.gnu.org; Fri, 17 Apr 2020 11:50:46 -0400
Received: from eggs.gnu.org ([209.51.188.92]:40496)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jPTGO-0001Qo-PA
 for 40661 <at> debbugs.gnu.org; Fri, 17 Apr 2020 11:50:45 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:38924)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@HIDDEN>)
 id 1jPTGJ-0001CN-H8; Fri, 17 Apr 2020 11:50:39 -0400
Received: from [176.228.60.248] (port=1121 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jPTGI-0004Hu-Gq; Fri, 17 Apr 2020 11:50:39 -0400
Date: Fri, 17 Apr 2020 18:50:27 +0300
Message-Id: <83tv1iaz7g.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Stefan Monnier <monnier@HIDDEN>
In-Reply-To: <jwvwo6e9lv7.fsf-monnier+emacs@HIDDEN> (message from Stefan
 Monnier on Fri, 17 Apr 2020 11:28:49 -0400)
Subject: Re: bug#40661: Crash in regex search during redisplay
References: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
 <83ftd3e92z.fsf@HIDDEN> <83d087e6gj.fsf@HIDDEN>
 <421071D0-6D75-4442-AC4B-D091B573B49C@HIDDEN>
 <CAPM58ohQC52=inqe3L=7jQDgoyATaCm+0RUw_t3W3WYe3=p0FQ@HIDDEN>
 <a9d50d4a-67fe-ad6f-2657-09b1eca55839@HIDDEN>
 <CAPM58ohH_QVDskmVmqV_LSKqtcAmWReL-5T=b3T2ng5QbabSrg@HIDDEN>
 <838siucq7b.fsf@HIDDEN> <jwvwo6e9lv7.fsf-monnier+emacs@HIDDEN>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -1.5 (-)
X-Debbugs-Envelope-To: 40661
Cc: rcopley@HIDDEN, dancol@HIDDEN, 40661 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.5 (--)

> From: Stefan Monnier <monnier@HIDDEN>
> Cc: Richard Copley <rcopley@HIDDEN>,  dancol@HIDDEN,
>   40661 <at> debbugs.gnu.org
> Date: Fri, 17 Apr 2020 11:28:49 -0400
> 
> > Obviously, we cannot allow GC to run while regex routines do their
> > work, because they are passed C pointers to buffer text.  The question
> > is, where to disable GC?  We could do it inside
> > update_syntax_table_forward, but UPDATE_SYNTAX_TABLE_FORWARD is called
> > from many places that evidently have no problems with GC.  So my
> > suggestion would be to disable GC inside re_match_2_internal instead.
> >
> > Comments?
> 
> Looks fine to me.

So you prefer disabling GC to setting the inhibit_shrinking flag?
I tend to agree with Daniel here, FWIW.

> I think a better fix is to move the execution of compact_buffer:
> there's no reason it has to be done during GC, we just need to do it
> "every once in a while" and the GC was a convenient point for that.
> But we could avoid several such problems if we were to run such
> background tasks elsewhere.  It could still be linked to GC, e.g. we
> could start a timer during the GC so its run at the next
> opportunity.

That's a project for another pandemic ;-)  I want a simple enough
solution for now that we could install on the release branch.




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.

Message received at 40661 <at> debbugs.gnu.org:


Received: (at 40661) by debbugs.gnu.org; 17 Apr 2020 15:28:59 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 17 11:28:59 2020
Received: from localhost ([127.0.0.1]:41500 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jPSvL-0000u4-Gb
	for submit <at> debbugs.gnu.org; Fri, 17 Apr 2020 11:28:59 -0400
Received: from mailscanner.iro.umontreal.ca ([132.204.25.50]:58339)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <monnier@HIDDEN>) id 1jPSvK-0000to-8U
 for 40661 <at> debbugs.gnu.org; Fri, 17 Apr 2020 11:28:58 -0400
Received: from pmg1.iro.umontreal.ca (localhost.localdomain [127.0.0.1])
 by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id E9DDA100958;
 Fri, 17 Apr 2020 11:28:52 -0400 (EDT)
Received: from mail01.iro.umontreal.ca (unknown [172.31.2.1])
 by pmg1.iro.umontreal.ca (Proxmox) with ESMTP id 33E2810031F;
 Fri, 17 Apr 2020 11:28:51 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=iro.umontreal.ca;
 s=mail; t=1587137331;
 bh=WvZsg5INsd5KSCo+31NbotMs3s26BhB1pTuiXImF5Sg=;
 h=From:To:Cc:Subject:References:Date:In-Reply-To:From;
 b=BCKBOq/369VHzoAG4O4KSJ+TfQUhsLX0W9jN+j3DUoVx83tdkYil9vuh8i3v9A0YE
 9/qZy1U7Py/dZXNftYwOg5i2CPpSTfNG9qvTey/yu3V42GvTTlBgaU7Zttaio88iGD
 nAm+KeMTb3mAp/H07KcGfiS0B3I1fNeAV8owtC+L5uw64ovilM8Jkxk3TKXk3EjSxl
 PqebyxNES7RDtOjJxsMC2SvAcok0HViX3S+jHIrYzBVG/5GGcuSrHydpQklda6LS2Y
 T0eNuLETpQZ2WKoO0yLBFb6VuuHqgEjyNy//wdq1BisEv0axG36GUt84g3mzBf/R40
 AyoMQQx+C/1AA==
Received: from alfajor (unknown [104.247.241.114])
 by mail01.iro.umontreal.ca (Postfix) with ESMTPSA id DF262120873;
 Fri, 17 Apr 2020 11:28:50 -0400 (EDT)
From: Stefan Monnier <monnier@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>
Subject: Re: bug#40661: Crash in regex search during redisplay
Message-ID: <jwvwo6e9lv7.fsf-monnier+emacs@HIDDEN>
References: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
 <83ftd3e92z.fsf@HIDDEN> <83d087e6gj.fsf@HIDDEN>
 <421071D0-6D75-4442-AC4B-D091B573B49C@HIDDEN>
 <CAPM58ohQC52=inqe3L=7jQDgoyATaCm+0RUw_t3W3WYe3=p0FQ@HIDDEN>
 <a9d50d4a-67fe-ad6f-2657-09b1eca55839@HIDDEN>
 <CAPM58ohH_QVDskmVmqV_LSKqtcAmWReL-5T=b3T2ng5QbabSrg@HIDDEN>
 <838siucq7b.fsf@HIDDEN>
Date: Fri, 17 Apr 2020 11:28:49 -0400
In-Reply-To: <838siucq7b.fsf@HIDDEN> (Eli Zaretskii's message of "Fri, 17 Apr
 2020 14:22:00 +0300")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-SPAM-INFO: Spam detection results:  0
 ALL_TRUSTED                -1 Passed through trusted hosts only via SMTP
 AWL 0.154 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DKIM_VALID_AU -0.1 Message has a valid DKIM or DK signature from author's
 domain
X-SPAM-LEVEL: 
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 40661
Cc: Richard Copley <rcopley@HIDDEN>, dancol@HIDDEN,
 40661 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

> I finally succeeded to build a sophisticated enough trap to catch the
> culprit.  It's GC allright.  Which is not surprising: the commit
> pointed out by Richard changed re_match_2_internal to call
> UPDATE_SYNTAX_TABLE_FORWARD, which calls Lisp, and thus can trigger
> GC.  As seen from the backtrace, GC then calls compact_buffer, which
> calls enlarge_buffer_text (to shrink buffer text), and on MS-Windows
> -- and this is the w32-specific part -- we return some memory to the
> OS and relocate buffer text.
>
> Obviously, we cannot allow GC to run while regex routines do their
> work, because they are passed C pointers to buffer text.  The question
> is, where to disable GC?  We could do it inside
> update_syntax_table_forward, but UPDATE_SYNTAX_TABLE_FORWARD is called
> from many places that evidently have no problems with GC.  So my
> suggestion would be to disable GC inside re_match_2_internal instead.
>
> Comments?

Looks fine to me.  I think a better fix is to move the execution of
compact_buffer: there's no reason it has to be done during GC, we just
need to do it "every once in a while" and the GC was a convenient point
for that.  But we could avoid several such problems if we were to run
such background tasks elsewhere.  It could still be linked to GC,
e.g. we could start a timer during the GC so its run at the next
opportunity.


        Stefan





Information forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.

Message received at 40661 <at> debbugs.gnu.org:


Received: (at 40661) by debbugs.gnu.org; 17 Apr 2020 14:01:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 17 10:01:12 2020
Received: from localhost ([127.0.0.1]:41400 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jPRYO-0007DB-3G
	for submit <at> debbugs.gnu.org; Fri, 17 Apr 2020 10:01:12 -0400
Received: from dancol.org ([96.126.100.184]:36466)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dancol@HIDDEN>) id 1jPRYM-0007D2-2C
 for 40661 <at> debbugs.gnu.org; Fri, 17 Apr 2020 10:01:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; 
 s=x;
 h=Message-Id:Content-Transfer-Encoding:Content-Type:MIME-Version:
 Subject:References:In-Reply-To:Date:CC:To:From:Sender:Reply-To:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=OKpH/RfPgn4cyvogknLD2Q0JkjnbH1dMJLPthmLvA1Y=; b=mLufx+EVDgmMZTYBZgP+8QjanO
 wLYln8wCz4NBuqxe5Lts+pOCYi8C9/Z3JQYHdvVEMt7FHtA++Ykc+k+5v3DFWQEfFBwSsdpE/j+pk
 /QJttguGOe0jrqDIXOuXwQkAgAE4M9InjhaAhb7NL/Pl0iDGM5zCabKiE3uyWIfJw8oHkK6tbYj8u
 2Wugm7SHrJdSLRbYt3xZa5Vdi6z/LVAdi77cjXilduNSq1gx9S6/MOAkbLhRv/oY+fzhXWJ9joT00
 shy5Yk1GClKSqX3tab+52F/HiTA7WxILV9BUk3OIQYA5ioi+UWtEgDYxfPyzZ8uywLhkLhOI5f+dD
 x/FN1qcg==;
Received: from [172.92.145.124] (helo=[192.168.86.155])
 by dancol.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.89) (envelope-from <dancol@HIDDEN>)
 id 1jPRYH-0006s5-KP; Fri, 17 Apr 2020 07:01:05 -0700
From: Daniel Colascione <dancol@HIDDEN>
To: Eli Zaretskii <eliz@HIDDEN>, <rcopley@HIDDEN>
Date: Fri, 17 Apr 2020 07:01:04 -0700
In-Reply-To: <834kticj33.fsf@HIDDEN>
References: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
 <83ftd3e92z.fsf@HIDDEN> <83d087e6gj.fsf@HIDDEN>
 <421071D0-6D75-4442-AC4B-D091B573B49C@HIDDEN>
 <CAPM58ohQC52=inqe3L=7jQDgoyATaCm+0RUw_t3W3WYe3=p0FQ@HIDDEN>
 <a9d50d4a-67fe-ad6f-2657-09b1eca55839@HIDDEN>
 <CAPM58ohH_QVDskmVmqV_LSKqtcAmWReL-5T=b3T2ng5QbabSrg@HIDDEN>
 <838siucq7b.fsf@HIDDEN> <834kticj33.fsf@HIDDEN>
User-Agent: AquaMail/1.23.0-1556 (build: 102300002)
Subject: Re: bug#40661: Crash in regex search during redisplay
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Message-Id: <E1jPRYH-0006s5-KP@HIDDEN>
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 40661
Cc: monnier@HIDDEN, 40661 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On April 17, 2020 6:56:00 AM Eli Zaretskii <eliz@HIDDEN> wrote:

>> Date: Fri, 17 Apr 2020 14:22:00 +0300
>> From: Eli Zaretskii <eliz@HIDDEN>
>> Cc: 40661 <at> debbugs.gnu.org
>>
>> Obviously, we cannot allow GC to run while regex routines do their
>> work, because they are passed C pointers to buffer text.  The question
>> is, where to disable GC?  We could do it inside
>> update_syntax_table_forward, but UPDATE_SYNTAX_TABLE_FORWARD is called
>> from many places that evidently have no problems with GC.  So my
>> suggestion would be to disable GC inside re_match_2_internal instead.
>
> Alternatively, we could set the buffer's inhibit_shrinking flag while
> in re_match_2_internal.  Although that flag was introduced for a
> different purpose: for when we have stuff inside the gap that we don't
> want to lose.  The name of the flag notwithstanding, I'm not sure we
> want to conflate these two purposes.  But maybe it's better than
> preventing the GC entirely.

I think I'd prefer this approach to inhibiting GC entirely. I can imagine 
code allocating enough garbage that we really want to get rid of it, and 
inhibiting shrinking is more conservative.







Information forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.

Message received at 40661 <at> debbugs.gnu.org:


Received: (at 40661) by debbugs.gnu.org; 17 Apr 2020 13:56:06 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 17 09:56:06 2020
Received: from localhost ([127.0.0.1]:41386 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jPRTR-00074J-S2
	for submit <at> debbugs.gnu.org; Fri, 17 Apr 2020 09:56:06 -0400
Received: from eggs.gnu.org ([209.51.188.92]:53006)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jPRTP-00073s-E6
 for 40661 <at> debbugs.gnu.org; Fri, 17 Apr 2020 09:56:04 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:36853)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@HIDDEN>)
 id 1jPRTJ-0002u9-Lx; Fri, 17 Apr 2020 09:55:57 -0400
Received: from [176.228.60.248] (port=1419 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jPRTI-0002kT-IA; Fri, 17 Apr 2020 09:55:57 -0400
Date: Fri, 17 Apr 2020 16:55:44 +0300
Message-Id: <834kticj33.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: rcopley@HIDDEN
In-Reply-To: <838siucq7b.fsf@HIDDEN> (message from Eli Zaretskii on Fri, 17
 Apr 2020 14:22:00 +0300)
Subject: Re: bug#40661: Crash in regex search during redisplay
References: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
 <83ftd3e92z.fsf@HIDDEN> <83d087e6gj.fsf@HIDDEN>
 <421071D0-6D75-4442-AC4B-D091B573B49C@HIDDEN>
 <CAPM58ohQC52=inqe3L=7jQDgoyATaCm+0RUw_t3W3WYe3=p0FQ@HIDDEN>
 <a9d50d4a-67fe-ad6f-2657-09b1eca55839@HIDDEN>
 <CAPM58ohH_QVDskmVmqV_LSKqtcAmWReL-5T=b3T2ng5QbabSrg@HIDDEN>
 <838siucq7b.fsf@HIDDEN>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -1.5 (-)
X-Debbugs-Envelope-To: 40661
Cc: dancol@HIDDEN, monnier@HIDDEN, 40661 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.5 (--)

> Date: Fri, 17 Apr 2020 14:22:00 +0300
> From: Eli Zaretskii <eliz@HIDDEN>
> Cc: 40661 <at> debbugs.gnu.org
> 
> Obviously, we cannot allow GC to run while regex routines do their
> work, because they are passed C pointers to buffer text.  The question
> is, where to disable GC?  We could do it inside
> update_syntax_table_forward, but UPDATE_SYNTAX_TABLE_FORWARD is called
> from many places that evidently have no problems with GC.  So my
> suggestion would be to disable GC inside re_match_2_internal instead.

Alternatively, we could set the buffer's inhibit_shrinking flag while
in re_match_2_internal.  Although that flag was introduced for a
different purpose: for when we have stuff inside the gap that we don't
want to lose.  The name of the flag notwithstanding, I'm not sure we
want to conflate these two purposes.  But maybe it's better than
preventing the GC entirely.




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.

Message received at 40661 <at> debbugs.gnu.org:


Received: (at 40661) by debbugs.gnu.org; 17 Apr 2020 11:22:23 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 17 07:22:23 2020
Received: from localhost ([127.0.0.1]:40078 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jPP4g-0005O7-Ck
	for submit <at> debbugs.gnu.org; Fri, 17 Apr 2020 07:22:23 -0400
Received: from eggs.gnu.org ([209.51.188.92]:58170)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jPP4e-0005Nh-7k
 for 40661 <at> debbugs.gnu.org; Fri, 17 Apr 2020 07:22:20 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:58617)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@HIDDEN>)
 id 1jPP4Y-0003Km-J9; Fri, 17 Apr 2020 07:22:14 -0400
Received: from [176.228.60.248] (port=4010 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jPP4X-0006MN-P6; Fri, 17 Apr 2020 07:22:14 -0400
Date: Fri, 17 Apr 2020 14:22:00 +0300
Message-Id: <838siucq7b.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Richard Copley <rcopley@HIDDEN>,
 Stefan Monnier <monnier@HIDDEN> 
In-Reply-To: <CAPM58ohH_QVDskmVmqV_LSKqtcAmWReL-5T=b3T2ng5QbabSrg@HIDDEN>
 (message from Richard Copley on Thu, 16 Apr 2020 20:35:19 +0100)
Subject: Re: bug#40661: Crash in regex search during redisplay
References: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
 <83ftd3e92z.fsf@HIDDEN> <83d087e6gj.fsf@HIDDEN>
 <421071D0-6D75-4442-AC4B-D091B573B49C@HIDDEN>
 <CAPM58ohQC52=inqe3L=7jQDgoyATaCm+0RUw_t3W3WYe3=p0FQ@HIDDEN>
 <a9d50d4a-67fe-ad6f-2657-09b1eca55839@HIDDEN>
 <CAPM58ohH_QVDskmVmqV_LSKqtcAmWReL-5T=b3T2ng5QbabSrg@HIDDEN>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -1.5 (-)
X-Debbugs-Envelope-To: 40661
Cc: dancol@HIDDEN, 40661 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.5 (--)

> From: Richard Copley <rcopley@HIDDEN>
> Date: Thu, 16 Apr 2020 20:35:19 +0100
> Cc: Eli Zaretskii <eliz@HIDDEN>, 40661 <at> debbugs.gnu.org
> 
> On Thu, 16 Apr 2020 at 18:24, Daniel Colascione <dancol@HIDDEN> wrote:
> >
> > On 4/16/20 9:56 AM, Richard Copley wrote:
> > > On Thu, 16 Apr 2020 at 17:42, Daniel Colascione <dancol@HIDDEN> wrote:
> > >>
> > >> On April 16, 2020 9:33:16 AM PDT, Eli Zaretskii <eliz@HIDDEN> wrote:
> > >>>> Date: Thu, 16 Apr 2020 18:36:36 +0300
> > >>>> From: Eli Zaretskii <eliz@HIDDEN>
> > >>>> Cc: 40661 <at> debbugs.gnu.org
> > >>>>
> > >>>> Looks like GC sometimes kicks in while we are inside re_search_2
> > >>>
> > >>> Or not.  I cannot get a breakpoint inside GC to fire while we are in
> > >>> search_buffer_re, so maybe my hypothesis was wrong.  Although the
> > >>> symptoms are all there: when the segfault hits, the pointers passed to
> > >>> re_search_2 are invalid, but BEGV_ADDR and GAP_END_ADDR, from which
> > >>> they are supposed to be computed, are valid (and different).  And the
> > >>> patch does seem to avoid the segfaults.  But maybe it's just a
> > >>> coincidence or a side effect...
> > >>
> > >> Try using rr and see where those pointers came from
> > >
> > > It seems clear from "str1=str1@entry=0xc607fd", etc., that they come
> > > from the caller, search_buffer_re. The question is, why are they no
> > > longer valid after updating syntax?
> >
> > Right. So let's see what updated the valid pointers and invalidated the
> > invalid ones.
> 
> Right, I see. Anyway, I wasn't able to reproduce the bug under
> GNU/Linux (in order to use rr), or make much progress with GDB on
> Windows.

I finally succeeded to build a sophisticated enough trap to catch the
culprit.  It's GC allright.  Which is not surprising: the commit
pointed out by Richard changed re_match_2_internal to call
UPDATE_SYNTAX_TABLE_FORWARD, which calls Lisp, and thus can trigger
GC.  As seen from the backtrace, GC then calls compact_buffer, which
calls enlarge_buffer_text (to shrink buffer text), and on MS-Windows
-- and this is the w32-specific part -- we return some memory to the
OS and relocate buffer text.

Obviously, we cannot allow GC to run while regex routines do their
work, because they are passed C pointers to buffer text.  The question
is, where to disable GC?  We could do it inside
update_syntax_table_forward, but UPDATE_SYNTAX_TABLE_FORWARD is called
from many places that evidently have no problems with GC.  So my
suggestion would be to disable GC inside re_match_2_internal instead.

Comments?

Here's the full backtrace I caught:

  mmap_alloc (var=0x6843168, nbytes=2257) at w32heap.c:676
  676           if (*var == NULL)
  #0  mmap_alloc (var=0x6843168, nbytes=2257) at w32heap.c:676
  #1  0x015a7934 in mmap_realloc (var=0x6843168, nbytes=2257) at w32heap.c:784
  #2  0x0124d431 in enlarge_buffer_text (b=0x6842f10, delta=-1840)
      at buffer.c:5049
  #3  0x01262107 in make_gap_smaller (nbytes_removed=1840) at insdel.c:549
  #4  0x0126221c in make_gap (nbytes_added=-1840) at insdel.c:589
  #5  0x01262246 in make_gap_1 (b=0x6842f10, nbytes=-1840) at insdel.c:602
  #6  0x012427e8 in compact_buffer (buffer=0x6842f10) at buffer.c:1672
  #7  0x01314c2e in garbage_collect () at alloc.c:5877
  #8  0x01314b9a in maybe_garbage_collect () at alloc.c:5853
  #9  0x0137696d in maybe_gc () at lisp.h:5065
  #10 0x013848c2 in Ffuncall (nargs=4, args=0x824360) at eval.c:2778
  #11 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000006865a98),
      vector=XIL(0xa000000006889d58), maxdepth=make_fixnum(7),
      args_template=make_fixnum(257), nargs=1, args=0x824918) at bytecode.c:633
  #12 0x01385af1 in funcall_lambda (fun=XIL(0xa0000000071f2c90), nargs=1,
      arg_vector=0x824910) at eval.c:2989
  #13 0x01384a33 in Ffuncall (nargs=2, args=0x824908) at eval.c:2796
  #14 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000006865ad8),
      vector=XIL(0xa0000000072005a0), maxdepth=make_fixnum(17),
      args_template=make_fixnum(257), nargs=1, args=0x825058) at bytecode.c:633
  #15 0x01385af1 in funcall_lambda (fun=XIL(0xa0000000071e4b40), nargs=1,
      arg_vector=0x825050) at eval.c:2989
  #16 0x01384a33 in Ffuncall (nargs=2, args=0x825048) at eval.c:2796
  #17 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000006865a18),
      vector=XIL(0xa000000006828648), maxdepth=make_fixnum(15),
      args_template=make_fixnum(514), nargs=2, args=0x825868) at bytecode.c:633
  #18 0x01385af1 in funcall_lambda (fun=XIL(0xa000000007167768), nargs=2,
      arg_vector=0x825858) at eval.c:2989
  #19 0x01384a33 in Ffuncall (nargs=3, args=0x825850) at eval.c:2796
  #20 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000005e847e0),
      vector=XIL(0xa000000005e84438), maxdepth=make_fixnum(12),
      args_template=make_fixnum(257), nargs=1, args=0x825e98) at bytecode.c:633
  #21 0x01385af1 in funcall_lambda (fun=XIL(0xa000000005e84408), nargs=1,
      arg_vector=0x825e90) at eval.c:2989
  #22 0x01384a33 in Ffuncall (nargs=2, args=0x825e88) at eval.c:2796
  #23 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000005ecf1d8),
      vector=XIL(0xa000000005ecf0e0), maxdepth=make_fixnum(8),
      args_template=make_fixnum(257), nargs=1, args=0x826460) at bytecode.c:633
  #24 0x01385af1 in funcall_lambda (fun=XIL(0xa000000005ecf0b0), nargs=1,
      arg_vector=0x826458) at eval.c:2989
  #25 0x01384a33 in Ffuncall (nargs=2, args=0x826450) at eval.c:2796
  #26 0x0137f3e7 in internal_condition_case_n (bfun=0x13847ec <Ffuncall>,
      nargs=2, args=0x826450, handlers=XIL(0x30),
      hfun=0x105a91d <safe_eval_handler>) at eval.c:1435
  #27 0x0105ab54 in safe__call (inhibit_quit=false, nargs=2, func=XIL(0x7fb0),
      ap=0x826514 "") at xdisp.c:2807
  #28 0x0105abcd in safe_call (nargs=2, func=XIL(0x7fb0)) at xdisp.c:2822
  #29 0x0105ac21 in safe_call1 (fn=XIL(0x7fb0), arg=make_fixnum(505))
      at xdisp.c:2833
  #30 0x014128bb in parse_sexp_propertize (charpos=504) at syntax.c:480
  #31 0x01412aa3 in update_syntax_table_forward (charpos=504, init=false,
      object=XIL(0)) at syntax.c:513
  #32 0x012e9cb5 in UPDATE_SYNTAX_TABLE_FORWARD (charpos=504) at syntax.h:185
  #33 0x012e9d39 in UPDATE_SYNTAX_TABLE (charpos=504) at syntax.h:205
  #34 0x012f81f9 in re_match_2_internal (bufp=0x1bb43a0 <searchbufs+4064>,
      string1=0x75a07fd '0' <repeats 59 times>, ";\n", '0' <repeats 60 times>, ";\
  n", '0' <repeats 60 times>, ";\n", '0' <repeats 21 times>, ";\n};\n",
      size1=0,
      string2=0x75a07fd '0' <repeats 59 times>, ";\n", '0' <repeats 60 times>, ";\
  n", '0' <repeats 60 times>, ";\n", '0' <repeats 21 times>, ";\n};\n",
      size2=2051, pos=502, regs=0x1958074 <main_thread+116>, stop=503)
      at regex-emacs.c:4780
  #35 0x012f39f3 in rpl_re_search_2 (bufp=0x1bb43a0 <searchbufs+4064>,
      str1=0x75a07fd '0' <repeats 59 times>, ";\n", '0' <repeats 60 times>, ";\n",
   '0' <repeats 60 times>, ";\n", '0' <repeats 21 times>, ";\n};\n", size1=0,
      str2=0x75a07fd '0' <repeats 59 times>, ";\n", '0' <repeats 60 times>, ";\n",
   '0' <repeats 60 times>, ";\n", '0' <repeats 21 times>, ";\n};\n",
      size2=2051, startpos=502, range=1, regs=0x1958074 <main_thread+116>,
      stop=503) at regex-emacs.c:3373
  #36 0x012dc6e0 in search_buffer_re (string=XIL(0x8000000006865028), pos=11,
      pos_byte=11, lim=504, lim_byte=504, n=1, trt=XIL(0), inverse_trt=XIL(0),
      posix=false) at search.c:1244
  #37 0x012dd74d in search_buffer (string=XIL(0x8000000006865028), pos=11,
      pos_byte=11, lim=504, lim_byte=504, n=1, RE=1, trt=XIL(0),
      inverse_trt=XIL(0), posix=false) at search.c:1506
  #38 0x012dbefa in search_command (string=XIL(0x8000000006865028),
      bound=make_fixnum(504), noerror=XIL(0x30), count=XIL(0), direction=1,
      RE=1, posix=false) at search.c:1048
  #39 0x012df7bc in Fre_search_forward (regexp=XIL(0x8000000006865028),
      bound=make_fixnum(504), noerror=XIL(0x30), count=XIL(0)) at search.c:2277
  #40 0x01385067 in funcall_subr (subr=0x195ebc0 <Sre_search_forward>,
      numargs=3, args=0x8274d8) at eval.c:2875
  #41 0x013849d9 in Ffuncall (nargs=4, args=0x8274d0) at eval.c:2794
  #42 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000005eed790),
      vector=XIL(0xa000000005e25f58), maxdepth=make_fixnum(25),
      args_template=make_fixnum(770), nargs=3, args=0x827c38) at bytecode.c:633
  #43 0x01385af1 in funcall_lambda (fun=XIL(0xa000000005e25f28), nargs=3,
      arg_vector=0x827c20) at eval.c:2989
  #44 0x01384a33 in Ffuncall (nargs=4, args=0x827c18) at eval.c:2796
  #45 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000005eee538),
      vector=XIL(0xa000000005e25ac0), maxdepth=make_fixnum(14),
      args_template=make_fixnum(771), nargs=3, args=0x828280) at bytecode.c:633
  #46 0x01385af1 in funcall_lambda (fun=XIL(0xa000000005e25a90), nargs=3,
      arg_vector=0x828268) at eval.c:2989
  #47 0x01384a33 in Ffuncall (nargs=4, args=0x828260) at eval.c:2796
  #48 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000005eee748),
      vector=XIL(0xa000000005e259f0), maxdepth=make_fixnum(7),
      args_template=make_fixnum(770), nargs=2, args=0x8287e8) at bytecode.c:633
  #49 0x01385af1 in funcall_lambda (fun=XIL(0xa000000005e259c0), nargs=2,
      arg_vector=0x8287d8) at eval.c:2989
  #50 0x01384a33 in Ffuncall (nargs=3, args=0x8287d0) at eval.c:2796
  #51 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000005e8ab40),
      vector=XIL(0xa000000007255b70), maxdepth=make_fixnum(10),
      args_template=make_fixnum(257), nargs=1, args=0x829060) at bytecode.c:633
  #52 0x01385af1 in funcall_lambda (fun=XIL(0xa000000007255bc0), nargs=1,
      arg_vector=0x829058) at eval.c:2989
  #53 0x01384a33 in Ffuncall (nargs=2, args=0x829050) at eval.c:2796
  #54 0x013837c6 in run_hook_wrapped_funcall (nargs=2, args=0x829050)
      at eval.c:2531
  #55 0x01383ca9 in run_hook_with_args (nargs=2, args=0x829050,
      funcall=0x138377e <run_hook_wrapped_funcall>) at eval.c:2612
  #56 0x01383815 in Frun_hook_wrapped (nargs=2, args=0x829050) at eval.c:2546
  #57 0x01384e99 in funcall_subr (subr=0x1960bc0 <Srun_hook_wrapped>,
      numargs=2, args=0x829050) at eval.c:2847
  #58 0x013849d9 in Ffuncall (nargs=3, args=0x829048) at eval.c:2794
  #59 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000005e8abf0),
      vector=XIL(0xa000000005e8aac8), maxdepth=make_fixnum(19),
      args_template=make_fixnum(514), nargs=2, args=0x829670) at bytecode.c:633
  #60 0x01385af1 in funcall_lambda (fun=XIL(0xa000000005e8aa98), nargs=2,
      arg_vector=0x829660) at eval.c:2989
  #61 0x01384a33 in Ffuncall (nargs=3, args=0x829658) at eval.c:2796
  #62 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000005e8b048),
      vector=XIL(0xa000000005e8a818), maxdepth=make_fixnum(27),
      args_template=make_fixnum(512), nargs=2, args=0x829d58) at bytecode.c:633
  #63 0x01385af1 in funcall_lambda (fun=XIL(0xa000000005e8a7e8), nargs=2,
      arg_vector=0x829d48) at eval.c:2989
  #64 0x01384a33 in Ffuncall (nargs=3, args=0x829d40) at eval.c:2796
  #65 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000005e8d5d0),
      vector=XIL(0xa000000005e8d040), maxdepth=make_fixnum(12),
      args_template=make_fixnum(257), nargs=1, args=0x82a380) at bytecode.c:633
  #66 0x01385af1 in funcall_lambda (fun=XIL(0xa000000005e8d010), nargs=1,
      arg_vector=0x82a378) at eval.c:2989
  #67 0x01384a33 in Ffuncall (nargs=2, args=0x82a370) at eval.c:2796
  #68 0x0137f3e7 in internal_condition_case_n (bfun=0x13847ec <Ffuncall>,
      nargs=2, args=0x82a370, handlers=XIL(0x30),
      hfun=0x105a91d <safe_eval_handler>) at eval.c:1435
  #69 0x0105ab54 in safe__call (inhibit_quit=false, nargs=2,
      func=XIL(0x42cb120), ap=0x82a434 "") at xdisp.c:2807
  #70 0x0105abcd in safe_call (nargs=2, func=XIL(0x42cb120)) at xdisp.c:2822
  #71 0x0105ac21 in safe_call1 (fn=XIL(0x42cb120), arg=make_fixnum(1))
      at xdisp.c:2833
  #72 0x0105e9c7 in handle_fontified_prop (it=0x82a6c0) at xdisp.c:4136
  #73 0x0105d271 in handle_stop (it=0x82a6c0) at xdisp.c:3664
  #74 0x01069335 in reseat (it=0x82a6c0, pos=..., force_p=true) at xdisp.c:6900
  #75 0x0105c4c3 in init_iterator (it=0x82a6c0, w=0x70c0b88, charpos=1,
      bytepos=1, row=0x68432b0, base_face_id=DEFAULT_FACE_ID) at xdisp.c:3265
  #76 0x0105c55b in start_display (it=0x82a6c0, w=0x70c0b88, pos=...)
      at xdisp.c:3281
  #77 0x01091a71 in try_window (window=XIL(0xa0000000070c0b88), pos=...,
      flags=1) at xdisp.c:19056
  #78 0x0108e687 in redisplay_window (window=XIL(0xa0000000070c0b88),
      just_this_one_p=false) at xdisp.c:18480
  #79 0x01086178 in redisplay_window_0 (window=XIL(0xa0000000070c0b88))
      at xdisp.c:16194
  #80 0x0137f1f7 in internal_condition_case_1 (
      bfun=0x108611d <redisplay_window_0>, arg=XIL(0xa0000000070c0b88),
      handlers=XIL(0xc000000005fd6d40), hfun=0x10860da <redisplay_window_error>)
      at eval.c:1379
  #81 0x0108609d in redisplay_windows (window=XIL(0xa0000000070c0b88))
      at xdisp.c:16174
  #82 0x010848b0 in redisplay_internal () at xdisp.c:15642
  #83 0x0108577c in redisplay_preserve_echo_area (from_where=2) at xdisp.c:15995
  #84 0x01019565 in Fredisplay (force=XIL(0)) at dispnew.c:6085
  #85 0x01384f7d in funcall_subr (subr=0x195a0e0 <Sredisplay>, numargs=0,
      args=0x82e128) at eval.c:2867
  #86 0x013849d9 in Ffuncall (nargs=1, args=0x82e120) at eval.c:2794
  #87 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000005d746e0),
      vector=XIL(0xa000000005d744f0), maxdepth=make_fixnum(7),
      args_template=make_fixnum(769), nargs=1, args=0x82e638) at bytecode.c:633
  #88 0x01385af1 in funcall_lambda (fun=XIL(0xa000000005d744c0), nargs=1,
      arg_vector=0x82e630) at eval.c:2989
  #89 0x013855f9 in apply_lambda (fun=XIL(0xa000000005d744c0),
      args=XIL(0xc000000000fc65e0), count=10) at eval.c:2926
  #90 0x01382c31 in eval_sub (form=XIL(0xc000000000fc65f0)) at eval.c:2318
  #91 0x0137afa2 in Fprogn (body=XIL(0xc000000000fc6580)) at eval.c:462
  #92 0x013860de in funcall_lambda (fun=XIL(0xc000000000fc55b0), nargs=0,
      arg_vector=0x82ecd8) at eval.c:3060
  #93 0x01384bef in Ffuncall (nargs=1, args=0x82ecd0) at eval.c:2808
  #94 0x0136e970 in Ffuncall_interactively (nargs=1, args=0x82ecd0)
      at callint.c:254
  #95 0x01384e99 in funcall_subr (subr=0x1960720 <Sfuncall_interactively>,
      numargs=1, args=0x82ecd0) at eval.c:2847
  #96 0x013849d9 in Ffuncall (nargs=2, args=0x82ecc8) at eval.c:2794
  #97 0x013830ff in Fapply (nargs=3, args=0x82ecc8) at eval.c:2377
  #98 0x0136f077 in Fcall_interactively (function=XIL(0x4cc4f70),
      record_flag=XIL(0), keys=XIL(0xa000000006803768)) at callint.c:342
  #99 0x01384ff4 in funcall_subr (subr=0x1960740 <Scall_interactively>,
      numargs=3, args=0x82f010) at eval.c:2872
  #100 0x013849d9 in Ffuncall (nargs=4, args=0x82f008) at eval.c:2794
  #101 0x01427eb3 in exec_byte_code (bytestr=XIL(0x8000000005ecd2a8),
      vector=XIL(0xa000000005ecd050), maxdepth=make_fixnum(13),
      args_template=make_fixnum(1025), nargs=1, args=0x82f610) at bytecode.c:633
  #102 0x01385af1 in funcall_lambda (fun=XIL(0xa000000005ecd020), nargs=1,
      arg_vector=0x82f608) at eval.c:2989
  #103 0x01384a33 in Ffuncall (nargs=2, args=0x82f600) at eval.c:2796
  #104 0x01383eec in call1 (fn=XIL(0x3f30), arg1=XIL(0x4cc4f70)) at eval.c:2654
  #105 0x011e09da in command_loop_1 () at keyboard.c:1463
  #106 0x0137f10d in internal_condition_case (bfun=0x11dfd8f <command_loop_1>,
      handlers=XIL(0x90), hfun=0x11df003 <cmd_error>) at eval.c:1355
  #107 0x011df806 in command_loop_2 (ignore=XIL(0)) at keyboard.c:1091
  #108 0x0137e2d8 in internal_catch (tag=XIL(0xdfb0),
      func=0x11df7ca <command_loop_2>, arg=XIL(0)) at eval.c:1116
  #109 0x011df785 in command_loop () at keyboard.c:1070
  #110 0x011dea8b in recursive_edit_1 () at keyboard.c:714
  #111 0x011ded01 in Frecursive_edit () at keyboard.c:786
  #112 0x011d361b in main (argc=2, argv=0xa42848) at emacs.c:2054

  Lisp Backtrace:
  "Automatic GC" (0x0)
  "modify-syntax-entry" (0x824368)
  "perl-quote-syntax-table" (0x824910)
  "perl-syntax-propertize-special-constructs" (0x825050)
  "perl-syntax-propertize-function" (0x825858)
  "syntax-propertize" (0x825e90)
  "internal--syntax-propertize" (0x826458)
  "re-search-forward" (0x8274d8)
  "font-lock-fontify-keywords-region" (0x827c20)
  "font-lock-default-fontify-region" (0x828268)
  "font-lock-fontify-region" (0x8287d8)
  0x7255bc0 PVEC_COMPILED
  "run-hook-wrapped" (0x829050)
  "jit-lock--run-functions" (0x829660)
  "jit-lock-fontify-now" (0x829d48)
  "jit-lock-function" (0x82a378)
  "redisplay_internal (C function)" (0x0)
  "redisplay" (0x82e128)
  "sit-for" (0x82e630)
  "foo" (0x82ecd8)
  "funcall-interactively" (0x82ecd0)
  "call-interactively" (0x82f010)
  "command-execute" (0x82f608)




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.

Message received at 40661 <at> debbugs.gnu.org:


Received: (at 40661) by debbugs.gnu.org; 16 Apr 2020 19:35:52 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 16 15:35:52 2020
Received: from localhost ([127.0.0.1]:39428 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jPAIi-0004rN-Kr
	for submit <at> debbugs.gnu.org; Thu, 16 Apr 2020 15:35:52 -0400
Received: from mail-oi1-f193.google.com ([209.85.167.193]:34532)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rcopley@HIDDEN>) id 1jPAIg-0004r8-TV
 for 40661 <at> debbugs.gnu.org; Thu, 16 Apr 2020 15:35:51 -0400
Received: by mail-oi1-f193.google.com with SMTP id x10so23936oie.1
 for <40661 <at> debbugs.gnu.org>; Thu, 16 Apr 2020 12:35:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=c+6787OMaMmV1+oePNzcG+WPYX6myZMbnMdmApKy944=;
 b=Jp5kHEa8C/0WEpinfBOZyHc++3fDgklmsAvNIcOSGJvzv8cpGnvUdoNEfapDHwkdKH
 wAhNcICN2WC9lCrImC6ao3B4bzLqLInDMKo5IDAcOTHI7fRRZnUEFaatm9U2nKaHHfBO
 tn+Yz8xNPOKhmk1mvHww/GYUDO+/uIgJGnMaOFS/y/aFU2xR5n8dUp2wbjaniYDYVT/c
 ZOrtQ5sPBmVHjLblHBgUIQWvkRCuap6ub4+XkYIfNMvX+cg0eIrzBdJN+azjQcUy1E9e
 vgAyS8s95p3NBCPXBiF7ak82RXDnBQOU8GG5Hf7N6k8ZKXm+2kC7qSaO1IB6m2VWPedv
 AldA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=c+6787OMaMmV1+oePNzcG+WPYX6myZMbnMdmApKy944=;
 b=ZHAkxiUpXap0QBq9WeAGUK1Z19IJucDz0c7llj2n4i8asdQmdHQJGK2FooPkiVrE1R
 rtvfAyAscUMorRMMEJ0N3z79Tc+cuT5GoQYOsMT5eI0/9AXwE6RUfo94OEno/OiAMRyj
 5ni6uh/p4lLQoAo0Za4yU10HPdTyWwv/IcnSil5E/oLCrXu58Hqp6xjeZV9c/TshmElu
 lZHzEroAaBvM6P7PpfA6SO5HKTIAiTSgtzk+E4qj9z7DpSv4iacAEi/16lQEzudSw7Fl
 jkxAxDhdd8eLtqN9iAGZx4rpA2UUNjrTS05oAZ3BiMdndFCmbqpxVWTnSoOdbpYtiHhd
 i8Cg==
X-Gm-Message-State: AGi0PuaYQJAYE15B89GIOdAMIfkGTuajokRVNqhhZmgPEIKSOr+jFkBj
 k52uQG6M2d4EiQ9kCeArbzGytr+eVTL2tsDQGVoCAQ==
X-Google-Smtp-Source: APiQypIVUfhtCUJGuJZsmstOv9W5On+mDxJPAaKetanqk13g70Sg1QSNYGhVh9MGlu8Di7j+An3wsNl6kRFPEHnjI1k=
X-Received: by 2002:a05:6808:64e:: with SMTP id
 z14mr4037306oih.117.1587065745211; 
 Thu, 16 Apr 2020 12:35:45 -0700 (PDT)
MIME-Version: 1.0
References: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
 <83ftd3e92z.fsf@HIDDEN> <83d087e6gj.fsf@HIDDEN>
 <421071D0-6D75-4442-AC4B-D091B573B49C@HIDDEN>
 <CAPM58ohQC52=inqe3L=7jQDgoyATaCm+0RUw_t3W3WYe3=p0FQ@HIDDEN>
 <a9d50d4a-67fe-ad6f-2657-09b1eca55839@HIDDEN>
In-Reply-To: <a9d50d4a-67fe-ad6f-2657-09b1eca55839@HIDDEN>
From: Richard Copley <rcopley@HIDDEN>
Date: Thu, 16 Apr 2020 20:35:19 +0100
Message-ID: <CAPM58ohH_QVDskmVmqV_LSKqtcAmWReL-5T=b3T2ng5QbabSrg@HIDDEN>
Subject: Re: bug#40661: Crash in regex search during redisplay
To: Daniel Colascione <dancol@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: -0.8 (/)
X-Debbugs-Envelope-To: 40661
Cc: Eli Zaretskii <eliz@HIDDEN>, 40661 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.8 (-)

On Thu, 16 Apr 2020 at 18:24, Daniel Colascione <dancol@HIDDEN> wrote:
>
> On 4/16/20 9:56 AM, Richard Copley wrote:
> > On Thu, 16 Apr 2020 at 17:42, Daniel Colascione <dancol@HIDDEN> wrote:
> >>
> >> On April 16, 2020 9:33:16 AM PDT, Eli Zaretskii <eliz@HIDDEN> wrote:
> >>>> Date: Thu, 16 Apr 2020 18:36:36 +0300
> >>>> From: Eli Zaretskii <eliz@HIDDEN>
> >>>> Cc: 40661 <at> debbugs.gnu.org
> >>>>
> >>>> Looks like GC sometimes kicks in while we are inside re_search_2
> >>>
> >>> Or not.  I cannot get a breakpoint inside GC to fire while we are in
> >>> search_buffer_re, so maybe my hypothesis was wrong.  Although the
> >>> symptoms are all there: when the segfault hits, the pointers passed to
> >>> re_search_2 are invalid, but BEGV_ADDR and GAP_END_ADDR, from which
> >>> they are supposed to be computed, are valid (and different).  And the
> >>> patch does seem to avoid the segfaults.  But maybe it's just a
> >>> coincidence or a side effect...
> >>
> >> Try using rr and see where those pointers came from
> >
> > It seems clear from "str1=str1@entry=0xc607fd", etc., that they come
> > from the caller, search_buffer_re. The question is, why are they no
> > longer valid after updating syntax?
>
> Right. So let's see what updated the valid pointers and invalidated the
> invalid ones.

Right, I see. Anyway, I wasn't able to reproduce the bug under
GNU/Linux (in order to use rr), or make much progress with GDB on
Windows.




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.

Message received at 40661 <at> debbugs.gnu.org:


Received: (at 40661) by debbugs.gnu.org; 16 Apr 2020 17:24:43 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 16 13:24:43 2020
Received: from localhost ([127.0.0.1]:39302 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jP8Fn-0007wR-LI
	for submit <at> debbugs.gnu.org; Thu, 16 Apr 2020 13:24:43 -0400
Received: from dancol.org ([96.126.100.184]:44270)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dancol@HIDDEN>) id 1jP8Fi-0007wF-33
 for 40661 <at> debbugs.gnu.org; Thu, 16 Apr 2020 13:24:42 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; 
 s=x;
 h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date:
 Message-ID:From:References:Cc:To:Subject:Sender:Reply-To:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=R2IUBHGn3Xo5pFPRFChCALpVPMl8yqY56/7ip70JFSU=; b=qmO/KfcHaKM6JoW/DbELGtWm5U
 ql1Z23Ty/RLYJirEfs4dN5pPo2lSb/bS/O4xFPIVUZJJOXf+vnROpMA/bmZfnNXROQ5xb775QSUcV
 RhEBEixr+CM3MJZ56dhcoWYLOlJtszwBpo2KCIJhextBVQ7aUWdcWqs3lq/+0aFNXCSyFIkIkNVoD
 0mcBmTh95qWaUPV8889jotd1ZY7lzK7Y2EDhiW5s2zXyWYTUpcIysqHKR3NCe9bjM2ALvmq2VQHSt
 RwMrU2UY1B+9U/M+oFfev1fiZdH7NDQwkt5wymJoD8BAfEHVLJHq1GyzpAh6sHRqepO8cVMoE8SEB
 kngqA+pA==;
Received: from [2604:4080:1321:9a00:7d81:7dd5:971d:ee46]
 by dancol.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.89) (envelope-from <dancol@HIDDEN>)
 id 1jP8Fg-0002Z2-Vg; Thu, 16 Apr 2020 10:24:37 -0700
Subject: Re: bug#40661: Crash in regex search during redisplay
To: Richard Copley <rcopley@HIDDEN>
References: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
 <83ftd3e92z.fsf@HIDDEN> <83d087e6gj.fsf@HIDDEN>
 <421071D0-6D75-4442-AC4B-D091B573B49C@HIDDEN>
 <CAPM58ohQC52=inqe3L=7jQDgoyATaCm+0RUw_t3W3WYe3=p0FQ@HIDDEN>
From: Daniel Colascione <dancol@HIDDEN>
Message-ID: <a9d50d4a-67fe-ad6f-2657-09b1eca55839@HIDDEN>
Date: Thu, 16 Apr 2020 10:24:36 -0700
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.4.1
MIME-Version: 1.0
In-Reply-To: <CAPM58ohQC52=inqe3L=7jQDgoyATaCm+0RUw_t3W3WYe3=p0FQ@HIDDEN>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 40661
Cc: Eli Zaretskii <eliz@HIDDEN>, 40661 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On 4/16/20 9:56 AM, Richard Copley wrote:
> On Thu, 16 Apr 2020 at 17:42, Daniel Colascione <dancol@HIDDEN> wrote:
>>
>> On April 16, 2020 9:33:16 AM PDT, Eli Zaretskii <eliz@HIDDEN> wrote:
>>>> Date: Thu, 16 Apr 2020 18:36:36 +0300
>>>> From: Eli Zaretskii <eliz@HIDDEN>
>>>> Cc: 40661 <at> debbugs.gnu.org
>>>>
>>>> Looks like GC sometimes kicks in while we are inside re_search_2
>>>
>>> Or not.  I cannot get a breakpoint inside GC to fire while we are in
>>> search_buffer_re, so maybe my hypothesis was wrong.  Although the
>>> symptoms are all there: when the segfault hits, the pointers passed to
>>> re_search_2 are invalid, but BEGV_ADDR and GAP_END_ADDR, from which
>>> they are supposed to be computed, are valid (and different).  And the
>>> patch does seem to avoid the segfaults.  But maybe it's just a
>>> coincidence or a side effect...
>>
>> Try using rr and see where those pointers came from
> 
> It seems clear from "str1=str1@entry=0xc607fd", etc., that they come
> from the caller, search_buffer_re. The question is, why are they no
> longer valid after updating syntax?

Right. So let's see what updated the valid pointers and invalidated the 
invalid ones.




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.

Message received at 40661 <at> debbugs.gnu.org:


Received: (at 40661) by debbugs.gnu.org; 16 Apr 2020 16:57:24 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 16 12:57:24 2020
Received: from localhost ([127.0.0.1]:39281 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jP7pL-0005Br-QK
	for submit <at> debbugs.gnu.org; Thu, 16 Apr 2020 12:57:23 -0400
Received: from mail-oi1-f196.google.com ([209.85.167.196]:38585)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rcopley@HIDDEN>) id 1jP7pK-0005BX-JB
 for 40661 <at> debbugs.gnu.org; Thu, 16 Apr 2020 12:57:22 -0400
Received: by mail-oi1-f196.google.com with SMTP id r66so2992523oie.5
 for <40661 <at> debbugs.gnu.org>; Thu, 16 Apr 2020 09:57:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=r2bH+FbkNInWIrBb7eeebg01yNeiT0s7GF2qME6sYEo=;
 b=B5HsjyroVD/Q+bfEASXHIeZvgwgyLkL18VnfzCg4FVlal5d+NyfQS8Rw21HriiyPYf
 6TA8CC6u7w8SogEhIAxXADd6vuCnNBLMrCUN8iVrmu+04eWAeyXyCGy6y9eFNzI36HpI
 xT4KZxIp7hJgViBr3K07QedtO95yZpfn0+sBwtqbAFqK6J/E+yEkR7WX0Os/BdeB+zUl
 NLDNaqAemXxNZD4IEifGxffPUPiHrht+vAjSuXgiOi5YJji7i1jYfCKYCGLWDr4BeUpE
 LHcf+Tt4ZW1TqD7CguKI5N0tTVM/x2EKvAb6+qwb2lf5G6S5gpcvzz3v3Y5fHwLJeA83
 Ba6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=r2bH+FbkNInWIrBb7eeebg01yNeiT0s7GF2qME6sYEo=;
 b=nvyxppIDM9OsuzNQp+b+Fiy34IpQKmALkqbxfLuu6fFRtnEhenbJXL2FVfbm3egF5Y
 QE1NDPq5sgCN6fMlWr3Ola6pQmV5rCYo0sH8N9Uj+69GxVOsDBr5/IMHW6jzMsLVWq5o
 22QFi6TyyoKpZd8kSC7yeTlC4ZGRJq1MCuks9IbAa/tkOF1cpmisdqiHEWjm8yHGLxIP
 vlWItIa0YQOSJxYD7X79DKnqMpkBEb1FGpwt9TOyJ56r+2fbfLAehaPGMwuavDnK3FHF
 7IsOqR7pOq34C5MS4UM75RIgZsFJII2ZHB6uOhVcnrKd+GnQRL5aRwQOZVvjE9IsNZRN
 omew==
X-Gm-Message-State: AGi0Pua4Y8tQpumnjRWiEKmhY86eAH/XKQWF8mZwILZKeyF5NukLQQCD
 ckATMYdf03wv8PweKc+nnX4J7qr8xB3BlV7TvA8=
X-Google-Smtp-Source: APiQypIchbcihKT6gpZ6lxL17XsK09BlcIKQI9UkxVxPQKir3NX8yhpj4ZqE9fQq/AOOiXyJKOiaLxGIH6pLF46P+8A=
X-Received: by 2002:aca:3745:: with SMTP id e66mr3345633oia.153.1587056236923; 
 Thu, 16 Apr 2020 09:57:16 -0700 (PDT)
MIME-Version: 1.0
References: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
 <83ftd3e92z.fsf@HIDDEN> <83d087e6gj.fsf@HIDDEN>
 <421071D0-6D75-4442-AC4B-D091B573B49C@HIDDEN>
In-Reply-To: <421071D0-6D75-4442-AC4B-D091B573B49C@HIDDEN>
From: Richard Copley <rcopley@HIDDEN>
Date: Thu, 16 Apr 2020 17:56:51 +0100
Message-ID: <CAPM58ohQC52=inqe3L=7jQDgoyATaCm+0RUw_t3W3WYe3=p0FQ@HIDDEN>
Subject: Re: bug#40661: Crash in regex search during redisplay
To: Daniel Colascione <dancol@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Score: -0.8 (/)
X-Debbugs-Envelope-To: 40661
Cc: Eli Zaretskii <eliz@HIDDEN>, 40661 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.8 (-)

On Thu, 16 Apr 2020 at 17:42, Daniel Colascione <dancol@HIDDEN> wrote:
>
> On April 16, 2020 9:33:16 AM PDT, Eli Zaretskii <eliz@HIDDEN> wrote:
> >> Date: Thu, 16 Apr 2020 18:36:36 +0300
> >> From: Eli Zaretskii <eliz@HIDDEN>
> >> Cc: 40661 <at> debbugs.gnu.org
> >>
> >> Looks like GC sometimes kicks in while we are inside re_search_2
> >
> >Or not.  I cannot get a breakpoint inside GC to fire while we are in
> >search_buffer_re, so maybe my hypothesis was wrong.  Although the
> >symptoms are all there: when the segfault hits, the pointers passed to
> >re_search_2 are invalid, but BEGV_ADDR and GAP_END_ADDR, from which
> >they are supposed to be computed, are valid (and different).  And the
> >patch does seem to avoid the segfaults.  But maybe it's just a
> >coincidence or a side effect...
>
> Try using rr and see where those pointers came from

It seems clear from "str1=str1@entry=0xc607fd", etc., that they come
from the caller, search_buffer_re. The question is, why are they no
longer valid after updating syntax?




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.

Message received at 40661 <at> debbugs.gnu.org:


Received: (at 40661) by debbugs.gnu.org; 16 Apr 2020 16:57:23 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 16 12:57:23 2020
Received: from localhost ([127.0.0.1]:39279 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jP7pL-0005Bp-J6
	for submit <at> debbugs.gnu.org; Thu, 16 Apr 2020 12:57:23 -0400
Received: from eggs.gnu.org ([209.51.188.92]:47070)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jP7pK-0005BY-EC
 for 40661 <at> debbugs.gnu.org; Thu, 16 Apr 2020 12:57:22 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:36856)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@HIDDEN>)
 id 1jP7pE-00062D-SG; Thu, 16 Apr 2020 12:57:16 -0400
Received: from [176.228.60.248] (port=4393 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jP7pD-0005jR-5S; Thu, 16 Apr 2020 12:57:16 -0400
Date: Thu, 16 Apr 2020 19:57:00 +0300
Message-Id: <838sive5cz.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Daniel Colascione <dancol@HIDDEN>
In-Reply-To: <421071D0-6D75-4442-AC4B-D091B573B49C@HIDDEN> (message from
 Daniel Colascione on Thu, 16 Apr 2020 09:42:10 -0700)
Subject: Re: bug#40661: Crash in regex search during redisplay
References: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
 <83ftd3e92z.fsf@HIDDEN> <83d087e6gj.fsf@HIDDEN>
 <421071D0-6D75-4442-AC4B-D091B573B49C@HIDDEN>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -1.5 (-)
X-Debbugs-Envelope-To: 40661
Cc: rcopley@HIDDEN, 40661 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.5 (--)

> Date: Thu, 16 Apr 2020 09:42:10 -0700
> CC: 40661 <at> debbugs.gnu.org
> From: Daniel Colascione <dancol@HIDDEN>
> 
> On April 16, 2020 9:33:16 AM PDT, Eli Zaretskii <eliz@HIDDEN> wrote:
> Try using rr and see where those pointers came from

rr doesn't work on MS-Windows.




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.

Message received at 40661 <at> debbugs.gnu.org:


Received: (at 40661) by debbugs.gnu.org; 16 Apr 2020 16:42:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 16 12:42:17 2020
Received: from localhost ([127.0.0.1]:39263 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jP7aj-0004pQ-M1
	for submit <at> debbugs.gnu.org; Thu, 16 Apr 2020 12:42:17 -0400
Received: from dancol.org ([96.126.100.184]:43502)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <dancol@HIDDEN>) id 1jP7ah-0004pF-6j
 for 40661 <at> debbugs.gnu.org; Thu, 16 Apr 2020 12:42:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dancol.org; 
 s=x;
 h=Message-ID:From:CC:To:Subject:Content-Transfer-Encoding:Content-Type:
 MIME-Version:References:In-Reply-To:Date:Sender:Reply-To:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=kFVfFTZwHKrJgLCGQodVf/+akzQcwmwN8QB548ni6JA=; b=gwcfDv9DDXdjCYIs4AKdLoTFvT
 mjeOOMx7rRXgHMZXh0URM9JKyxD8ys7GCPmW/DqVhtip6vbd6HSwRrSpMSEYsD7HJ0UiMJgatKQPY
 M0NrQMhmDyukQjou6qvIs+9EUBrjT5NmMQkG95LtDfkEtehrpaGxyaT1Wvv6UorOKaxKmh/eQQ4w0
 ryZXASNQAHTKIFC+IwHayArNCg2Mgn5ywRsN1xHUYPZHGdwNqAqaOGJW1J6aD7tXKEwGzvbF+vDrc
 f3arHwh2sB/SkRx1KzVP9C4L7ABZ0wAVJlCSFRLAU9nIkzxEXdyRe2MzL8hVdp+m9MVNTlJEMZ5CO
 C7VptPwg==;
Received: from [2604:4080:1321:9a00:95c4:9027:5982:8ba8]
 by dancol.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.89) (envelope-from <dancol@HIDDEN>)
 id 1jP7ae-0001py-5N; Thu, 16 Apr 2020 09:42:12 -0700
Date: Thu, 16 Apr 2020 09:42:10 -0700
User-Agent: K-9 Mail for Android
In-Reply-To: <83d087e6gj.fsf@HIDDEN>
References: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
 <83ftd3e92z.fsf@HIDDEN> <83d087e6gj.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain;
 charset=utf-8
Content-Transfer-Encoding: quoted-printable
Subject: Re: bug#40661: Crash in regex search during redisplay
To: Eli Zaretskii <eliz@HIDDEN>,rcopley@HIDDEN
From: Daniel Colascione <dancol@HIDDEN>
Message-ID: <421071D0-6D75-4442-AC4B-D091B573B49C@HIDDEN>
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: 40661
Cc: 40661 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

On April 16, 2020 9:33:16 AM PDT, Eli Zaretskii <eliz@gnu=2Eorg> wrote:
>> Date: Thu, 16 Apr 2020 18:36:36 +0300
>> From: Eli Zaretskii <eliz@gnu=2Eorg>
>> Cc: 40661@debbugs=2Egnu=2Eorg
>>=20
>> Looks like GC sometimes kicks in while we are inside re_search_2
>
>Or not=2E  I cannot get a breakpoint inside GC to fire while we are in
>search_buffer_re, so maybe my hypothesis was wrong=2E  Although the
>symptoms are all there: when the segfault hits, the pointers passed to
>re_search_2 are invalid, but BEGV_ADDR and GAP_END_ADDR, from which
>they are supposed to be computed, are valid (and different)=2E  And the
>patch does seem to avoid the segfaults=2E  But maybe it's just a
>coincidence or a side effect=2E=2E=2E

Try using rr and see where those pointers came from




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.

Message received at 40661 <at> debbugs.gnu.org:


Received: (at 40661) by debbugs.gnu.org; 16 Apr 2020 16:33:46 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 16 12:33:46 2020
Received: from localhost ([127.0.0.1]:39236 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jP7SU-0004bW-IV
	for submit <at> debbugs.gnu.org; Thu, 16 Apr 2020 12:33:46 -0400
Received: from eggs.gnu.org ([209.51.188.92]:43748)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jP7SS-0004bH-Ac
 for 40661 <at> debbugs.gnu.org; Thu, 16 Apr 2020 12:33:45 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:36193)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@HIDDEN>)
 id 1jP7SM-0006OS-So; Thu, 16 Apr 2020 12:33:38 -0400
Received: from [176.228.60.248] (port=2951 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jP7SG-0004Fe-1E; Thu, 16 Apr 2020 12:33:35 -0400
Date: Thu, 16 Apr 2020 19:33:16 +0300
Message-Id: <83d087e6gj.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: rcopley@HIDDEN
In-Reply-To: <83ftd3e92z.fsf@HIDDEN> (message from Eli Zaretskii on Thu, 16
 Apr 2020 18:36:36 +0300)
Subject: Re: bug#40661: Crash in regex search during redisplay
References: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
 <83ftd3e92z.fsf@HIDDEN>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -1.5 (-)
X-Debbugs-Envelope-To: 40661
Cc: dancol@HIDDEN, 40661 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.5 (--)

> Date: Thu, 16 Apr 2020 18:36:36 +0300
> From: Eli Zaretskii <eliz@HIDDEN>
> Cc: 40661 <at> debbugs.gnu.org
> 
> Looks like GC sometimes kicks in while we are inside re_search_2

Or not.  I cannot get a breakpoint inside GC to fire while we are in
search_buffer_re, so maybe my hypothesis was wrong.  Although the
symptoms are all there: when the segfault hits, the pointers passed to
re_search_2 are invalid, but BEGV_ADDR and GAP_END_ADDR, from which
they are supposed to be computed, are valid (and different).  And the
patch does seem to avoid the segfaults.  But maybe it's just a
coincidence or a side effect...





Information forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.

Message received at 40661 <at> debbugs.gnu.org:


Received: (at 40661) by debbugs.gnu.org; 16 Apr 2020 15:37:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 16 11:37:00 2020
Received: from localhost ([127.0.0.1]:39146 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jP6ZX-00036x-O1
	for submit <at> debbugs.gnu.org; Thu, 16 Apr 2020 11:36:59 -0400
Received: from eggs.gnu.org ([209.51.188.92]:36041)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <eliz@HIDDEN>) id 1jP6ZW-00036l-WA
 for 40661 <at> debbugs.gnu.org; Thu, 16 Apr 2020 11:36:59 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:34252)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <eliz@HIDDEN>)
 id 1jP6ZR-0002En-Ou; Thu, 16 Apr 2020 11:36:53 -0400
Received: from [176.228.60.248] (port=3496 helo=home-c4e4a596f7)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <eliz@HIDDEN>)
 id 1jP6ZP-0002Ja-T9; Thu, 16 Apr 2020 11:36:53 -0400
Date: Thu, 16 Apr 2020 18:36:36 +0300
Message-Id: <83ftd3e92z.fsf@HIDDEN>
From: Eli Zaretskii <eliz@HIDDEN>
To: Richard Copley <rcopley@HIDDEN>
In-Reply-To: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
 (message from Richard Copley on Thu, 16 Apr 2020 15:35:20 +0100)
Subject: Re: bug#40661: Crash in regex search during redisplay
References: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -1.5 (-)
X-Debbugs-Envelope-To: 40661
Cc: dancol@HIDDEN, 40661 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.5 (--)

> From: Richard Copley <rcopley@HIDDEN>
> Date: Thu, 16 Apr 2020 15:35:20 +0100
> 
> Recipe from emacs -Q:
> 
>     Save the text below in a file with extension ".pl".
>     Repeatedly: kill the buffer and visit the file again. (You can use
> C-x C-v for this.)
> 
> Emacs eventually encounters a segfault. Backtrace below.
> 
> The text is reduced from a real program that exhibited the problem.
> Repeating up to about 20 times is usually enough. You can use a
> keyboard macro, [C-x ( C-x C-v RET C-x e e e e e], holding down the
> 'e' key until you get the crash.

Looks like GC sometimes kicks in while we are inside re_search_2 and
have pointers to buffer text lying around.  This seems to fix the
crash for me:

diff --git a/src/search.c b/src/search.c
index 818bb4a..79423be 100644
--- a/src/search.c
+++ b/src/search.c
@@ -1188,6 +1188,7 @@ search_buffer_re (Lisp_Object string, ptrdiff_t pos, ptrdiff_t pos_byte,
   ptrdiff_t count = SPECPDL_INDEX ();
   freeze_buffer_relocation ();
   freeze_pattern (cache_entry);
+  inhibit_garbage_collection ();
 
   while (n < 0)
     {




Information forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 16 Apr 2020 14:35:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 16 10:35:56 2020
Received: from localhost ([127.0.0.1]:39065 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1jP5cR-0001da-QA
	for submit <at> debbugs.gnu.org; Thu, 16 Apr 2020 10:35:56 -0400
Received: from lists.gnu.org ([209.51.188.17]:51071)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rcopley@HIDDEN>) id 1jP5cQ-0001dT-3t
 for submit <at> debbugs.gnu.org; Thu, 16 Apr 2020 10:35:54 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:42734)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <rcopley@HIDDEN>) id 1jP5cN-0000sY-SP
 for bug-gnu-emacs@HIDDEN; Thu, 16 Apr 2020 10:35:53 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
 URIBL_BLOCKED autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <rcopley@HIDDEN>) id 1jP5cL-0005Vv-MY
 for bug-gnu-emacs@HIDDEN; Thu, 16 Apr 2020 10:35:51 -0400
Received: from mail-ot1-x32f.google.com ([2607:f8b0:4864:20::32f]:35800)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <rcopley@HIDDEN>) id 1jP5cL-0005V1-E7
 for bug-gnu-emacs@HIDDEN; Thu, 16 Apr 2020 10:35:49 -0400
Received: by mail-ot1-x32f.google.com with SMTP id e20so3257776otl.2
 for <bug-gnu-emacs@HIDDEN>; Thu, 16 Apr 2020 07:35:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:from:date:message-id:subject:to;
 bh=236FV39J3xU53DQTYKLHF+0rFxwf1zyzIaXPMDcagC0=;
 b=vE2m5+Gwjgf8pLsMM7psiEO7e7wIxIYUiv1FAB4OsHan3dMhFBc2S73G25Usdi+ekh
 SX2JFV30deanE0ds3JWn10sxGDEanvuFtxSJSLmw18ymhFF++lAi4n0xf8Ep3JibjqyV
 JJH+ce9jii1NejJi5ih5ypW8BBuUn23K6B6Q6Q+7uBhjuOmHNdhSNOOFyZMLcwyHCG2f
 7Er9HCBiGP4l7CVhzFhgeRtPXYSYnY/2S9OfGrG+1/tzca0xJZj5VDvlOVzV1J/F6uMg
 iyyDuNMPv8SXnnjESoWAgv1QhVAzxubavu9OZ3mK+t6FVEjgd6AvTop4rbk/KuHFUx/b
 kz/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=236FV39J3xU53DQTYKLHF+0rFxwf1zyzIaXPMDcagC0=;
 b=s0k/HWAxCyNFRL9pxf+/uqpxbZ2XJ5wCpJXPlg80H5FQNwCJYWZWb1xaI4XlYrKvHV
 +S1O2NESsPv6YLzulrsqisXDAk7ivjzlFAlnEUQjYp+AsTSa7GbO8hsWTaEjYRNPGhp6
 KTrqZxqAEkwCfQ0zvJNDXmtzPBk8AsUYOk79BMZGx1av2Pygy+vaMpNBBlvw/EWx4FjH
 uhkUYZRjNC6O1EZLcrGl1XWa6HXmpSOniX+2Lg5uDlfBaCKWc0Uac1w65T4RPMpFMT0R
 PuYcwkBe7yv2YEKMvgfGW6To4yVmIiyUQfhWpYacp/68YQyaL6OGvuy7BGA99H/fMIOZ
 krlQ==
X-Gm-Message-State: AGi0PuYjEvum8kMwit46tfLIThEICa7Mp3gxQ2uM0mgOP8EvaagDGenZ
 YUhVPS3FVQoRD+1TOnofN2gYqOphs/JLGrXlFOpEQw==
X-Google-Smtp-Source: APiQypKuG4GjUe4oRSO6nWIHtNB7lt3mJlS43/RSKogSTqWEi/CLs2ZefkYdVIX0IVCOP1JrkZIrRdwlXdBJzzV5QLk=
X-Received: by 2002:a05:6830:1641:: with SMTP id
 h1mr2719029otr.192.1587047746624; 
 Thu, 16 Apr 2020 07:35:46 -0700 (PDT)
MIME-Version: 1.0
From: Richard Copley <rcopley@HIDDEN>
Date: Thu, 16 Apr 2020 15:35:20 +0100
Message-ID: <CAPM58og2SBLJ=NiDhm=TbE5WFzr6b3VTfSJXesSEd_VQ_u80PQ@HIDDEN>
Subject: Crash in regex search during redisplay
To: bug-gnu-emacs@HIDDEN, Daniel Colascione <dancol@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2607:f8b0:4864:20::32f
X-Spam-Score: 2.3 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 Content preview: Recipe from emacs -Q: Save the text below in a file with
 extension
 ".pl". Repeatedly: kill the buffer and visit the file again. (You can use
 C-x C-v for this.) Emacs eventually encounters a segfault. Backtrace below.
 Content analysis details:   (2.3 points, 10.0 required)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was
 blocked.  See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
 for more information. [URIs: dancol.org]
 1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail
 provider (rcopley[at]gmail.com)
 0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record
 -0.7 RCVD_IN_DNSWL_LOW      RBL: Sender listed at https://www.dnswl.org/,
 low trust [209.51.188.17 listed in list.dnswl.org]
 2.0 SPOOFED_FREEMAIL       No description available.
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

Recipe from emacs -Q:

    Save the text below in a file with extension ".pl".
    Repeatedly: kill the buffer and visit the file again. (You can use
C-x C-v for this.)

Emacs eventually encounters a segfault. Backtrace below.

The text is reduced from a real program that exhibited the problem.
Repeating up to about 20 times is usually enough. You can use a
keyboard macro, [C-x ( C-x C-v RET C-x e e e e e], holding down the
'e' key until you get the crash.

This affects both the master branch and the release branch. Bisected
to this commit:

    938d252d1c6c5e2027aa250c649deb024154f936
    Commit:     Daniel Colascione <dancol@HIDDEN>
    CommitDate: Sat Jun 16 13:46:38 2018 -0700

    Make regex matching reentrant; update syntax during match

BEGIN TEXT
use strict;

000000000000000000000000000000000000000000000000000000; # x

sub x { }

000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
0000000000000000000000000000000;

"", @x;
"";

eval {
    use autodie qw(:all);
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000000000000000000000000000000000000000000;
000000000000000000000;
};
END TEXT

Thread 1 received signal SIGSEGV, Segmentation fault.
rpl_re_search_2 (bufp=<optimized out>, bufp@entry=0x4005f3238
<searchbufs+5432>, str1=str1@entry=0x90307fd <error: Cannot access
memory at address 0x90307fd>, size1=<optimized out>, size1@entry=0,
str2=str2@entry=0x90307fd <error: Cannot access memory at address
0x90307fd>, size2=size2@entry=2051, startpos=502, startpos@entry=10,
range=1, regs=0x400534598 <main_thread+152>, stop=503) at
regex-emacs.c:3394
3394                  int len = BYTES_BY_CHAR_HEAD (*p);

(gdb) bt
#0  rpl_re_search_2 (bufp=<optimized out>, bufp@entry=0x4005f3238
<searchbufs+5432>, str1=str1@entry=0x90307fd <error: Cannot access
memory at address 0x90307fd>, size1=<optimized out>, size1@entry=0,
str2=str2@entry=0x90307fd <error: Cannot access memory at address
0x90307fd>, size2=size2@entry=2051, startpos=502, startpos@entry=10,
range=1, regs=0x400534598 <main_thread+152>, stop=503) at
regex-emacs.c:3394
#1  0x00000004000ea2c2 in search_buffer_re
(string=string@entry=XIL(0x48dc3e4), pos=pos@entry=11,
pos_byte=<optimized out>, pos_byte@entry=11, lim=lim@entry=504,
lim_byte=lim_byte@entry=504, n=n@entry=1, trt=trt@entry=XIL(0),
inverse_trt=inverse_trt@entry=XIL(0), posix=posix@entry=false) at
search.c:1233
#2  0x00000004000ee0b1 in search_buffer
(string=string@entry=XIL(0x48dc3e4), pos=11, pos_byte=11,
lim=lim@entry=504, lim_byte=lim_byte@entry=504, n=n@entry=1,
RE=RE@entry=1, trt=XIL(0), inverse_trt=XIL(0),
posix=posix@entry=false) at search.c:1505
#3  0x00000004000ee2a8 in search_command (string=XIL(0x48dc3e4),
bound=<optimized out>, noerror=XIL(0x30), count=<optimized out>,
direction=direction@entry=1, RE=RE@entry=1, posix=posix@entry=false)
at lisp.h:1409
#4  0x00000004000ee425 in Fre_search_forward (regexp=<optimized out>,
bound=<optimized out>, noerror=<optimized out>, count=<optimized out>)
at search.c:2276
#5  0x0000000400120277 in funcall_subr (subr=0x400540540
<Sre_search_forward>, numargs=numargs@entry=3,
args=args@entry=0xbf8938) at eval.c:2875
#6  0x000000040011f052 in Ffuncall (nargs=4, args=args@entry=0xbf8930)
at lisp.h:2113
#7  0x0000000400157ccc in exec_byte_code (bytestr=<optimized out>,
vector=<optimized out>, maxdepth=<optimized out>,
args_template=args_template@entry=make_fixnum(770),
nargs=nargs@entry=3, args=<optimized out>, args@entry=0xbf8d00) at
bytecode.c:633
#8  0x00000004001214f3 in funcall_lambda (fun=XIL(0x3f61f25),
nargs=nargs@entry=3, arg_vector=arg_vector@entry=0xbf8d00) at
lisp.h:1862
#9  0x000000040011f062 in Ffuncall (nargs=4, args=args@entry=0xbf8cf8)
at eval.c:2796
#10 0x0000000400157ccc in exec_byte_code (bytestr=<optimized out>,
vector=<optimized out>, maxdepth=<optimized out>,
args_template=args_template@entry=make_fixnum(771),
nargs=nargs@entry=3, args=<optimized out>, args@entry=0xbf8fc8) at
bytecode.c:633
#11 0x00000004001214f3 in funcall_lambda (fun=XIL(0x3f61a65),
nargs=nargs@entry=3, arg_vector=arg_vector@entry=0xbf8fc8) at
lisp.h:1862
#12 0x000000040011f062 in Ffuncall (nargs=4, args=args@entry=0xbf8fc0)
at eval.c:2796
#13 0x0000000400157ccc in exec_byte_code (bytestr=<optimized out>,
vector=<optimized out>, maxdepth=<optimized out>,
args_template=args_template@entry=make_fixnum(770),
nargs=nargs@entry=2, args=<optimized out>, args@entry=0xbf91c8) at
bytecode.c:633
#14 0x00000004001214f3 in funcall_lambda (fun=XIL(0x3f61995),
nargs=nargs@entry=2, arg_vector=arg_vector@entry=0xbf91c8) at
lisp.h:1862
#15 0x000000040011f062 in Ffuncall (nargs=3, args=args@entry=0xbf91c0)
at eval.c:2796
#16 0x0000000400157ccc in exec_byte_code (bytestr=<optimized out>,
vector=<optimized out>, maxdepth=<optimized out>,
args_template=args_template@entry=make_fixnum(257),
nargs=nargs@entry=1, args=<optimized out>, args@entry=0xbf9618) at
bytecode.c:633
#17 0x00000004001214f3 in funcall_lambda (fun=XIL(0x8c7d7d5),
nargs=nargs@entry=1, arg_vector=arg_vector@entry=0xbf9618) at
lisp.h:1862
#18 0x000000040011f062 in Ffuncall (nargs=2, args=args@entry=0xbf9610)
at eval.c:2796
#19 0x000000040011f16a in run_hook_wrapped_funcall (nargs=<optimized
out>, args=0xbf9610) at eval.c:2531
#20 0x000000040011e89c in run_hook_with_args (nargs=2, args=0xbf9610,
funcall=funcall@entry=0x40011f14e <run_hook_wrapped_funcall>) at
eval.c:2612
#21 0x000000040011e9d6 in Frun_hook_wrapped (nargs=<optimized out>,
args=<optimized out>) at eval.c:2546
#22 0x00000004001201f2 in funcall_subr (subr=0x400543f00
<Srun_hook_wrapped>, numargs=numargs@entry=2,
args=args@entry=0xbf9610) at eval.c:2847
#23 0x000000040011f052 in Ffuncall (nargs=3, args=args@entry=0xbf9608)
at lisp.h:2113
#24 0x0000000400157ccc in exec_byte_code (bytestr=<optimized out>,
vector=<optimized out>, maxdepth=<optimized out>,
args_template=args_template@entry=make_fixnum(514),
nargs=nargs@entry=2, args=<optimized out>, args@entry=0xbf98a0) at
bytecode.c:633
#25 0x00000004001214f3 in funcall_lambda (fun=XIL(0x400ce1d),
nargs=nargs@entry=2, arg_vector=arg_vector@entry=0xbf98a0) at
lisp.h:1862
#26 0x000000040011f062 in Ffuncall (nargs=3, args=args@entry=0xbf9898)
at eval.c:2796
#27 0x0000000400157ccc in exec_byte_code (bytestr=<optimized out>,
vector=<optimized out>, maxdepth=<optimized out>,
args_template=args_template@entry=make_fixnum(512),
nargs=nargs@entry=2, args=<optimized out>, args@entry=0xbf9c08) at
bytecode.c:633
#28 0x00000004001214f3 in funcall_lambda (fun=XIL(0x400cb2d),
nargs=nargs@entry=2, arg_vector=arg_vector@entry=0xbf9c08) at
lisp.h:1862
#29 0x000000040011f062 in Ffuncall (nargs=3, args=args@entry=0xbf9c00)
at eval.c:2796
#30 0x0000000400157ccc in exec_byte_code (bytestr=<optimized out>,
vector=<optimized out>, maxdepth=<optimized out>,
args_template=args_template@entry=make_fixnum(257),
nargs=nargs@entry=1, args=<optimized out>, args@entry=0xbf9eb8) at
bytecode.c:633
#31 0x00000004001214f3 in funcall_lambda (fun=XIL(0x400c775),
nargs=nargs@entry=1, arg_vector=arg_vector@entry=0xbf9eb8) at
lisp.h:1862
#32 0x000000040011f062 in Ffuncall (nargs=2, args=0xbf9eb0) at eval.c:2796
#33 0x000000040011e5eb in internal_condition_case_n (bfun=0x40011ee70
<Ffuncall>, nargs=nargs@entry=2, args=args@entry=0xbf9eb0,
handlers=handlers@entry=XIL(0x30), hfun=hfun@entry=0x40002c8ba
<safe_eval_handler>) at eval.c:1435
#34 0x000000040001a09b in safe__call
(inhibit_quit=inhibit_quit@entry=false, nargs=nargs@entry=2,
func=XIL(0xfffffffc03a118a0), ap=<optimized out>, ap@entry=0xbf9f50
"\006") at lisp.h:1042
#35 0x0000000400028a8a in safe_call (nargs=nargs@entry=2,
func=<optimized out>) at xdisp.c:2841
#36 0x0000000400028aa3 in safe_call1 (fn=<optimized out>,
arg=arg@entry=make_fixnum(1)) at xdisp.c:2852
#37 0x0000000400028ccf in handle_fontified_prop (it=0xbfa1b0) at xdisp.c:4158
#38 0x000000040002e4d5 in handle_stop (it=0xbfa1b0) at xdisp.c:3686
#39 0x000000040002e5b5 in reseat (it=0xbfa1b0, pos=...,
force_p=<optimized out>) at xdisp.c:6934
#40 0x000000040002efff in init_iterator (it=it@entry=0xbfa1b0,
w=w@entry=0x56eddd0, charpos=1, bytepos=1, row=<optimized out>,
base_face_id=<optimized out>, base_face_id@entry=DEFAULT_FACE_ID) at
xdisp.c:3287
#41 0x000000040003606c in start_display (it=it@entry=0xbfa1b0,
w=w@entry=0x56eddd0, pos=...) at xdisp.c:3303
#42 0x000000040003ea6f in try_window
(window=window@entry=XIL(0x56eddd5), pos=..., flags=flags@entry=1) at
xdisp.c:19077
#43 0x0000000400051dea in redisplay_window (window=XIL(0x56eddd5),
just_this_one_p=just_this_one_p@entry=false) at xdisp.c:18501
#44 0x00000004000538f9 in redisplay_window_0 (window=<optimized out>)
at xdisp.c:16215
#45 0x000000040011e4ed in internal_condition_case_1
(bfun=bfun@entry=0x4000538c6 <redisplay_window_0>,
arg=arg@entry=XIL(0x56eddd5), handlers=<optimized out>,
hfun=hfun@entry=0x400015902 <redisplay_window_error>) at eval.c:1379
#46 0x000000040001c945 in redisplay_windows (window=XIL(0x56eddd5)) at
xdisp.c:16195
#47 0x0000000400044416 in redisplay_internal () at xdisp.c:15663
#48 0x00000004000454a3 in redisplay () at xdisp.c:14891
#49 0x00000004000b49aa in read_char (commandflag=0, map=XIL(0),
map@entry=XIL(0x8cbfda3), prev_event=XIL(0), used_mouse_menu=0x0,
used_mouse_menu@entry=0xbff4cb, end_time=end_time@entry=0x0) at
keyboard.c:2493
#50 0x00000004000b644b in read_key_sequence
(keybuf=keybuf@entry=0xbff5d0, prompt=prompt@entry=XIL(0),
dont_downcase_last=dont_downcase_last@entry=false,
can_return_switch_frame=can_return_switch_frame@entry=true,
fix_current_buffer=fix_current_buffer@entry=true,
prevent_redisplay=prevent_redisplay@entry=false) at keyboard.c:9534
#51 0x00000004000b7785 in command_loop_1 () at lisp.h:1042
#52 0x000000040011e476 in internal_condition_case
(bfun=bfun@entry=0x4000b7552 <command_loop_1>,
handlers=handlers@entry=XIL(0x90), hfun=hfun@entry=0x4000ae1e4
<cmd_error>) at eval.c:1355
#53 0x00000004000a95d4 in command_loop_2 (ignore=<optimized out>) at lisp.h:1042
#54 0x000000040011e3e7 in internal_catch (tag=tag@entry=XIL(0xe070),
func=func@entry=0x4000a95b8 <command_loop_2>, arg=arg@entry=XIL(0)) at
eval.c:1116
#55 0x00000004000a9571 in command_loop () at lisp.h:1042
#56 0x0000000000000000 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Lisp Backtrace:
"re-search-forward" (0xbf8938)
"font-lock-fontify-keywords-region" (0xbf8d00)
"font-lock-default-fontify-region" (0xbf8fc8)
"font-lock-fontify-region" (0xbf91c8)
0x8c7d7d0 PVEC_COMPILED
"run-hook-wrapped" (0xbf9610)
"jit-lock--run-functions" (0xbf98a0)
"jit-lock-fontify-now" (0xbf9c08)
"jit-lock-function" (0xbf9eb8)
"redisplay_internal (C function)" (0x0)

In GNU Emacs 28.0.50 (build 1, x86_64-w64-mingw32)
 of 2020-04-16 built on MACHINE
Repository revision: d5a7df8c02f04102d50a5cd2290262f59f2b1415
Repository branch: master
Windowing system distributor 'Microsoft Corp.', version 10.0.19041
System Description: Microsoft Windows 10 Pro (v10.0.2004.19041.153)

Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.

Configured using:
 'configure --config-cache --with-modules --without-pop
 --without-compress-install --without-dbus --without-gconf
 --without-gsettings 'CFLAGS=-Og -g -ggdb -g3''

Configured features:
XPM JPEG TIFF GIF PNG RSVG SOUND NOTIFY W32NOTIFY ACL GNUTLS LIBXML2
HARFBUZZ ZLIB TOOLKIT_SCROLL_BARS MODULES THREADS JSON PDUMPER LCMS2 GMP

Important settings:
  value of $LANG: ENG
  locale-coding-system: cp1252

Major mode: Perl

Minor modes in effect:
  tooltip-mode: t
  global-eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug message rmc puny dired dired-loaddefs
format-spec rfc822 mml easymenu mml-sec password-cache epa derived epg
epg-config gnus-util rmail rmail-loaddefs text-property-search time-date
subr-x seq byte-opt gv bytecomp byte-compile cconv mm-decode mm-bodies
mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader cl-loaddefs
cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils
perl-mode tooltip eldoc electric uniquify ediff-hook vc-hooks
lisp-float-type mwheel dos-w32 ls-lisp disp-table term/w32-win w32-win
w32-vars term/common-win tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch timer
select scroll-bar mouse jit-lock font-lock syntax facemenu font-core
term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese composite charscript charprop case-table epa-hook
jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice loaddefs
button faces cus-face macroexp files text-properties overlay sha1 md5
base64 format env code-pages mule custom widget hashtable-print-readable
backquote threads w32notify w32 lcms2 multi-tty make-network-process
emacs)

Memory information:
((conses 16 47504 14219)
 (symbols 48 6132 1)
 (strings 32 17070 1654)
 (string-bytes 1 523301)
 (vectors 16 9436)
 (vector-slots 8 132460 12454)
 (floats 8 21 229)
 (intervals 56 238 0)
 (buffers 992 11))




Acknowledgement sent to Richard Copley <rcopley@HIDDEN>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs@HIDDEN. Full text available.
Report forwarded to bug-gnu-emacs@HIDDEN:
bug#40661; Package emacs. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Fri, 17 Apr 2020 16:15:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.