GNU bug report logs - #46426
28.0.50; Emacs crashes when call-process destination argument is a cons cell

Previous Next

Package: emacs;

Reported by: Stephen Perry <stevoooo <at> gmail.com>

Date: Wed, 10 Feb 2021 17:13:02 UTC

Severity: normal

Found in version 28.0.50

Fixed in version 27.2

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 46426 in the body.
You can then email your comments to 46426 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-gnu-emacs <at> gnu.org:
bug#46426; Package emacs. (Wed, 10 Feb 2021 17:13:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Stephen Perry <stevoooo <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-gnu-emacs <at> gnu.org. (Wed, 10 Feb 2021 17:13:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Stephen Perry <stevoooo <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: 28.0.50; Emacs crashes when call-process destination argument is a
 cons cell
Date: Wed, 10 Feb 2021 17:09:38 +0000
Hi - got my destination argument to call-process wrong by using a 
cons
cell instead of a list and managed to kill my Emacs.  Have also
reproduced it using the following in Emacs 26.1 on Debian and 
Emacs 27.1
on macOS:

 emacs -Q --eval '(call-process "wc" nil (cons :file 
 "/tmp/foo"))'

Backtrace from 28.0.50 on macOS:

Process 41314 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason = 
 EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
   frame #0: 0x000000010017e01f 
   /Users/stp/src/emacs/src/emacs`print_object [inlined] 
   SYMBOL_NAME(sym=0xff00000000000000) at 
   /Users/stp/src/emacs/src/lisp.h:2196:29 [opt]
  2193	INLINE Lisp_Object
  2194	SYMBOL_NAME (Lisp_Object sym)
  2195	{
-> 2196	  return XSYMBOL (sym)->u.s.name;
   	                            ^
  2197	}
  2198	
  2199	/* Value is true if SYM is an interned symbol.  */
Target 0: (emacs) stopped.
(lldb) p sym
p sym
(Lisp_Object) $0 = 0xff00000000000000
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason = 
 EXC_BAD_ACCESS (code=EXC_I386_GPFLT)
 * frame #0: 0x000000010017e01f 
 /Users/stp/src/emacs/src/emacs`print_object [inlined] 
 SYMBOL_NAME(sym=0xff00000000000000) at 
 /Users/stp/src/emacs/src/lisp.h:2196:29 [opt]
   frame #1: 0x000000010017e018 
   /Users/stp/src/emacs/src/emacs`print_object(obj=0xff00000000000000, 
   printcharfun=0x0000000000000030, escapeflag=true) at 
   /Users/stp/src/emacs/src/print.c:2061 [opt]
   frame #2: 0x000000010017b179 
   /Users/stp/src/emacs/src/emacs`print(obj=<unavailable>, 
   printcharfun=<unavailable>, escapeflag=<unavailable>) at 
   /Users/stp/src/emacs/src/print.c:1145:3 [opt] [artificial]
   frame #3: 0x000000010017ad41 
   /Users/stp/src/emacs/src/emacs`Fprin1(object=0xff00000000000000, 
   printcharfun=0x0000000000000030) at 
   /Users/stp/src/emacs/src/print.c:651:3 [opt]
   frame #4: 0x000000010017cbbf 
   /Users/stp/src/emacs/src/emacs`print_error_message(data=<unavailable>, 
   stream=<unavailable>, context=<unavailable>, 
   caller=<unavailable>) at 
   /Users/stp/src/emacs/src/print.c:977:4 [opt]
   frame #5: 0x00000001000d4b07 
   /Users/stp/src/emacs/src/emacs`Fcommand_error_default_function(data=0x000000010c8a6db3, 
   context=0x00000001070236ac, signal=0x0000000000005700) at 
   /Users/stp/src/emacs/src/keyboard.c:1032:7 [opt]
   frame #6: 0x000000010015cb71 
   /Users/stp/src/emacs/src/emacs`funcall_subr(subr=0x0000000100280870, 
   numargs=3, args=<unavailable>) at 
   /Users/stp/src/emacs/src/eval.c:2987:19 [opt]
   frame #7: 0x000000010015c131 
   /Users/stp/src/emacs/src/emacs`Ffuncall(nargs=<unavailable>, 
   args=<unavailable>) at /Users/stp/src/emacs/src/eval.c:2909:11 
   [opt]
   frame #8: 0x000000010015bc80 
   /Users/stp/src/emacs/src/emacs`Fapply(nargs=2, 
   args=0x00007ffeefbff0d8) at 
   /Users/stp/src/emacs/src/eval.c:2539:24 [opt]
   frame #9: 0x000000010015c131 
   /Users/stp/src/emacs/src/emacs`Ffuncall(nargs=<unavailable>, 
   args=<unavailable>) at /Users/stp/src/emacs/src/eval.c:2909:11 
   [opt]
   frame #10: 0x00000001001a03a0 
   /Users/stp/src/emacs/src/emacs`exec_byte_code(bytestr=<unavailable>, 
   vector=0x0000000107a105bd, maxdepth=<unavailable>, 
   args_template=<unavailable>, nargs=<unavailable>, 
   args=<unavailable>) at 
   /Users/stp/src/emacs/src/bytecode.c:632:12 [opt]
   frame #11: 0x000000010015d0b4 
   /Users/stp/src/emacs/src/emacs`funcall_lambda [inlined] 
   fetch_and_exec_byte_code(fun=<unavailable>, 
   syms_left=<unavailable>, nargs=<unavailable>, 
   args=<unavailable>) at /Users/stp/src/emacs/src/eval.c:3031:10 
   [opt] [artificial]
   frame #12: 0x000000010015c0cf 
   /Users/stp/src/emacs/src/emacs`Ffuncall(nargs=<unavailable>, 
   args=<unavailable>) at /Users/stp/src/emacs/src/eval.c:0:4 
   [opt]
   frame #13: 0x000000010015c804 
   /Users/stp/src/emacs/src/emacs`call3(fn=0x0000000107a1058d, 
   arg1=0x000000010c8a6db3, arg2=<unavailable>, 
   arg3=<unavailable>) at /Users/stp/src/emacs/src/eval.c:2783:10 
   [opt]
   frame #14: 0x00000001000e53c0 
   /Users/stp/src/emacs/src/emacs`cmd_error [inlined] 
   cmd_error_internal(data=0x000000010c8a6db3, context="") at 
   /Users/stp/src/emacs/src/keyboard.c:987:5 [opt]
   frame #15: 0x00000001000e5350 
   /Users/stp/src/emacs/src/emacs`cmd_error(data=0x000000010c8a6db3) 
   at /Users/stp/src/emacs/src/keyboard.c:956 [opt]
   frame #16: 0x000000010015a5b2 
   /Users/stp/src/emacs/src/emacs`internal_condition_case(bfun=(emacs`top_level_2 
   at keyboard.c:1102), handlers=0x0000000000000090, 
   hfun=(emacs`cmd_error at keyboard.c:922)) at 
   /Users/stp/src/emacs/src/eval.c:1437:14 [opt]
   frame #17: 0x00000001000e51cd 
   /Users/stp/src/emacs/src/emacs`top_level_1(ignore=<unavailable>) 
   at /Users/stp/src/emacs/src/keyboard.c:1111:5 [opt]
   frame #18: 0x0000000100159d82 
   /Users/stp/src/emacs/src/emacs`internal_catch(tag=0x000000000000d0b0, 
   func=(emacs`top_level_1 at keyboard.c:1108), 
   arg=0x0000000000000000) at 
   /Users/stp/src/emacs/src/eval.c:1185:25 [opt]
   frame #19: 0x00000001002245e6 
   /Users/stp/src/emacs/src/emacs`recursive_edit_1.cold.1 at 
   /Users/stp/src/emacs/src/keyboard.c:1072:2 [opt]
   frame #20: 0x00000001000d44b9 
   /Users/stp/src/emacs/src/emacs`recursive_edit_1 [inlined] 
   command_loop at /Users/stp/src/emacs/src/keyboard.c:1070:5 
   [opt]
   frame #21: 0x00000001000d44b4 
   /Users/stp/src/emacs/src/emacs`recursive_edit_1 at 
   /Users/stp/src/emacs/src/keyboard.c:720 [opt]
   frame #22: 0x00000001000d464b 
   /Users/stp/src/emacs/src/emacs`Frecursive_edit at 
   /Users/stp/src/emacs/src/keyboard.c:789:3 [opt]
   frame #23: 0x00000001000d36d2 
   /Users/stp/src/emacs/src/emacs`main(argc=<unavailable>, 
   argv=<unavailable>) at /Users/stp/src/emacs/src/emacs.c:2049:3 
   [opt]
   frame #24: 0x00007fff2037c621 
   /usr/lib/system/libdyld.dylib`start + 1
   frame #25: 0x00007fff2037c621 
   /usr/lib/system/libdyld.dylib`start + 1


Cheers!


In GNU Emacs 28.0.50 (build 1, x86_64-apple-darwin20.2.0, NS 
appkit-2022.20 Version 11.1 (Build 20C69))
of 2021-01-23 built on stephens-mbp.lan
Repository revision: 6a6fde0375d499a418f81a0dafe803d6cb0d4c97
Repository branch: master
Windowing system distributor 'Apple', version 10.3.2022
System Description:  macOS 11.1

Configured using:
'configure LDFLAGS=-L/opt/local/lib CPPFLAGS=-I/opt/local/include
--with-imagemagick --with-x-toolkit=gtk3 --with-xwidgets'

Configured features:
ACL DBUS GIF GLIB GMP GNUTLS IMAGEMAGICK JPEG JSON LCMS2 LIBXML2 
MODULES
NOTIFY KQUEUE NS PDUMPER PNG RSVG THREADS TIFF TOOLKIT_SCROLL_BARS 
XIM
XWIDGETS ZLIB

Important settings:
 value of $LANG: en_GB.UTF-8
 locale-coding-system: utf-8-unix

Major mode: Lisp Interaction

Minor modes in effect:
 text-scale-mode: t
 tooltip-mode: t
 global-eldoc-mode: t
 eldoc-mode: t
 electric-indent-mode: t
 mouse-wheel-mode: t
 tool-bar-mode: t
 menu-bar-mode: t
 file-name-shadow-mode: t
 global-font-lock-mode: t
 font-lock-mode: t
 blink-cursor-mode: t
 auto-composition-mode: t
 auto-encryption-mode: t
 auto-compression-mode: t
 line-number-mode: t
 transient-mark-mode: t

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug message rmc puny dired 
dired-loaddefs
rfc822 mml easymenu mml-sec epa derived epg epg-config gnus-util 
rmail
rmail-loaddefs auth-source cl-seq eieio eieio-core cl-macs
eieio-loaddefs password-cache json map text-property-search 
time-date
subr-x seq byte-opt gv bytecomp byte-compile cconv mm-decode 
mm-bodies
mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader 
cl-loaddefs
cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr 
mail-utils
face-remap iso-transl tooltip eldoc electric uniquify ediff-hook
vc-hooks lisp-float-type mwheel term/ns-win ns-win ucs-normalize
mule-util term/common-win tool-bar dnd fontset image regexp-opt 
fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch timer
select scroll-bar mouse jit-lock font-lock syntax facemenu 
font-core
term/tty-colors frame minibuffer cl-generic cham georgian 
utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese 
eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic 
indian
cyrillic chinese composite charscript charprop case-table epa-hook
jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice 
button
loaddefs faces cus-face macroexp files window text-properties 
overlay
sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote threads xwidget-internal 
dbusbind
kqueue cocoa ns lcms2 multi-tty make-network-process emacs)

Memory information:
((conses 16 51323 6299)
(symbols 48 6869 1)
(strings 32 18623 2178)
(string-bytes 1 612643)
(vectors 16 11639)
(vector-slots 8 171397 10089)
(floats 8 24 36)
(intervals 56 195 0)
(buffers 984 10))





Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#46426; Package emacs. (Wed, 10 Feb 2021 18:09:01 GMT) Full text and rfc822 format available.

Message #8 received at 46426 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Stephen Perry <stevoooo <at> gmail.com>
Cc: 46426 <at> debbugs.gnu.org
Subject: Re: bug#46426: 28.0.50;
 Emacs crashes when call-process destination argument is a cons cell
Date: Wed, 10 Feb 2021 20:08:05 +0200
> From: Stephen Perry <stevoooo <at> gmail.com>
> Date: Wed, 10 Feb 2021 17:09:38 +0000
> 
> Hi - got my destination argument to call-process wrong by using a 
> cons
> cell instead of a list and managed to kill my Emacs.  Have also
> reproduced it using the following in Emacs 26.1 on Debian and 
> Emacs 27.1
> on macOS:
> 
>   emacs -Q --eval '(call-process "wc" nil (cons :file 
>   "/tmp/foo"))'

Thanks, this should now be fixed on the emacs-27 branch.




Information forwarded to bug-gnu-emacs <at> gnu.org:
bug#46426; Package emacs. (Fri, 17 Jun 2022 12:30:02 GMT) Full text and rfc822 format available.

Message #11 received at 46426 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: Stephen Perry <stevoooo <at> gmail.com>, 46426 <at> debbugs.gnu.org
Subject: Re: bug#46426: 28.0.50; Emacs crashes when call-process destination
 argument is a cons cell
Date: Fri, 17 Jun 2022 14:29:13 +0200
Eli Zaretskii <eliz <at> gnu.org> writes:

>> Hi - got my destination argument to call-process wrong by using a 
>> cons
>> cell instead of a list and managed to kill my Emacs.  Have also
>> reproduced it using the following in Emacs 26.1 on Debian and 
>> Emacs 27.1
>> on macOS:
>> 
>>   emacs -Q --eval '(call-process "wc" nil (cons :file 
>>   "/tmp/foo"))'
>
> Thanks, this should now be fixed on the emacs-27 branch.

This bug report was left open, so I'm closing it now.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no




bug marked as fixed in version 27.2, send any further explanations to 46426 <at> debbugs.gnu.org and Stephen Perry <stevoooo <at> gmail.com> Request was from Lars Ingebrigtsen <larsi <at> gnus.org> to control <at> debbugs.gnu.org. (Fri, 17 Jun 2022 12:30:03 GMT) Full text and rfc822 format available.

bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 16 Jul 2022 11:24:06 GMT) Full text and rfc822 format available.

This bug report was last modified 1 year and 256 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.