GNU bug report logs - #50571
28.0.50; Redisplay segfaults with empty face cache

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 50571 in the body.
You can then email your comments to 50571 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: "Basil L. Contovounesios" <contovob <at> tcd.ie>
To: bug-gnu-emacs <at> gnu.org
Subject: 28.0.50; Redisplay segfaults with empty face cache
Date: Mon, 13 Sep 2021 15:59:29 +0100

[Message part 1 (text/plain, inline)]

I can reliably cause Emacs to segfault with my current config and
installed packages with the following steps specific to my system:

0. C-x p p (project-switch-project)
1. Select a checkout of https://github.com/kyleam/bog,
   using Ivy completion.
2. m (magit-project-status)

This tries to pop up a new frame (I have pop-up-frames non-nil) with
some recently introduced warning about bug-reference-bug-regexp.  I know
this is what it tries to do only because Emacs didn't segfault the first
time it happened, whereas now the segfault happens every time, before I
get a chance to read the warning.

I think there was some work on Magit recently relating to
bug-reference-mode, but I haven't updated my packages in a few days, so
it is possible that the warning has already been fixed upstream.  I will
therefore hold off on updating my packages until this segfault is fixed.

The attached GDB log for this session shows that the assertion that the
face cache (of the frame displaying Magit) is nonempty is tripped.

I have to run now, but I'll keep GDB running, and I'd be grateful for
help debugging this.

Thanks,

-- 
Basil

[gdb-face-cache.txt.gz (application/gzip, attachment)]

[Message part 3 (text/plain, inline)]

In GNU Emacs 28.0.50 (build 1, x86_64-pc-linux-gnu, X toolkit, cairo version 1.16.0, Xaw3d scroll bars)
 of 2021-09-13 built on tia
Repository revision: 7fe88446c30279285e3171091189b3d1af697c05
Repository branch: HEAD
Windowing system distributor 'The X.Org Foundation', version 11.0.12011000
System Description: Debian GNU/Linux bookworm/sid

Configured using:
 'configure 'CC=ccache gcc' 'CFLAGS=-O0 -ggdb3' --config-cache
 --prefix=/home/blc/.local --program-suffix=-dbg
 --enable-checking=yes,glyphs --enable-check-lisp-object-type
 --with-x-toolkit=lucid --with-file-notification=yes --with-x'

Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES NOTIFY
INOTIFY PDUMPER PNG RSVG SECCOMP SOUND THREADS TIFF TOOLKIT_SCROLL_BARS
X11 XAW3D XDBE XIM XPM LUCID ZLIB

Important settings:
  value of $LANG: en_IE.UTF-8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8-unix

Major mode: Lisp Interaction

Minor modes in effect:
  minibuffer-depth-indicate-mode: t
  bug-reference-prog-mode: t
  global-whitespace-mode: t
  display-time-mode: t
  global-subword-mode: t
  subword-mode: t
  global-so-long-mode: t
  global-paren-face-mode: t
  paren-face-mode: t
  show-paren-mode: t
  delete-selection-mode: t
  display-battery-mode: t
  blc-rainbow-mode: t
  tooltip-mode: t
  global-eldoc-mode: t
  eldoc-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  window-divider-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  column-number-mode: t
  line-number-mode: t
  transient-mark-mode: t
  auto-save-visited-mode: t

Load-path shadows:
/home/blc/.emacs.d/lisp/counsel hides /home/blc/.emacs.d/elpa/counsel-0.13.4.0.20210819.150009/counsel
/home/blc/.emacs.d/lisp/ivy-hydra hides /home/blc/.emacs.d/elpa/ivy-hydra-0.13.5.0.20210311.102431/ivy-hydra
/home/blc/.local/src/emacs-dbg/lisp/org/org-num hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-num
/home/blc/.local/src/emacs-dbg/lisp/org/ob-plantuml hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-plantuml
/home/blc/.local/src/emacs-dbg/lisp/org/ol-rmail hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ol-rmail
/home/blc/.local/src/emacs-dbg/lisp/org/ol-bibtex hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ol-bibtex
/home/blc/.local/src/emacs-dbg/lisp/org/ob-python hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-python
/home/blc/.local/src/emacs-dbg/lisp/org/org-table hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-table
/home/blc/.local/src/emacs-dbg/lisp/org/ol-info hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ol-info
/home/blc/.local/src/emacs-dbg/lisp/org/ob-stan hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-stan
/home/blc/.local/src/emacs-dbg/lisp/org/ob-scheme hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-scheme
/home/blc/.local/src/emacs-dbg/lisp/org/org-macro hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-macro
/home/blc/.local/src/emacs-dbg/lisp/org/org-habit hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-habit
/home/blc/.local/src/emacs-dbg/lisp/org/ob-coq hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-coq
/home/blc/.local/src/emacs-dbg/lisp/org/ob-ocaml hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-ocaml
/home/blc/.local/src/emacs-dbg/lisp/org/ob-org hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-org
/home/blc/.local/src/emacs-dbg/lisp/org/org-capture hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-capture
/home/blc/.local/src/emacs-dbg/lisp/org/ob-emacs-lisp hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-emacs-lisp
/home/blc/.local/src/emacs-dbg/lisp/org/org-attach-git hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-attach-git
/home/blc/.local/src/emacs-dbg/lisp/org/org-plot hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-plot
/home/blc/.local/src/emacs-dbg/lisp/org/ob-exp hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-exp
/home/blc/.local/src/emacs-dbg/lisp/org/org-crypt hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-crypt
/home/blc/.local/src/emacs-dbg/lisp/org/ob hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob
/home/blc/.local/src/emacs-dbg/lisp/org/ob-gnuplot hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-gnuplot
/home/blc/.local/src/emacs-dbg/lisp/org/ob-tangle hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-tangle
/home/blc/.local/src/emacs-dbg/lisp/org/ob-io hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-io
/home/blc/.local/src/emacs-dbg/lisp/org/ob-ebnf hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-ebnf
/home/blc/.local/src/emacs-dbg/lisp/org/ob-haskell hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-haskell
/home/blc/.local/src/emacs-dbg/lisp/org/ox-icalendar hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ox-icalendar
/home/blc/.local/src/emacs-dbg/lisp/org/ob-dot hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-dot
/home/blc/.local/src/emacs-dbg/lisp/org/org-element hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-element
/home/blc/.local/src/emacs-dbg/lisp/org/ox-org hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ox-org
/home/blc/.local/src/emacs-dbg/lisp/org/ob-makefile hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-makefile
/home/blc/.local/src/emacs-dbg/lisp/org/ob-shell hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-shell
/home/blc/.local/src/emacs-dbg/lisp/org/ob-mscgen hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-mscgen
/home/blc/.local/src/emacs-dbg/lisp/org/ob-clojure hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-clojure
/home/blc/.local/src/emacs-dbg/lisp/org/org-protocol hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-protocol
/home/blc/.local/src/emacs-dbg/lisp/org/org-clock hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-clock
/home/blc/.local/src/emacs-dbg/lisp/org/ob-R hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-R
/home/blc/.local/src/emacs-dbg/lisp/org/ob-J hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-J
/home/blc/.local/src/emacs-dbg/lisp/org/org-compat hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-compat
/home/blc/.local/src/emacs-dbg/lisp/org/org-keys hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-keys
/home/blc/.local/src/emacs-dbg/lisp/org/org-inlinetask hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-inlinetask
/home/blc/.local/src/emacs-dbg/lisp/org/ol-w3m hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ol-w3m
/home/blc/.local/src/emacs-dbg/lisp/org/org-datetree hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-datetree
/home/blc/.local/src/emacs-dbg/lisp/org/ob-abc hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-abc
/home/blc/.local/src/emacs-dbg/lisp/org/ob-eval hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-eval
/home/blc/.local/src/emacs-dbg/lisp/org/org-version hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-version
/home/blc/.local/src/emacs-dbg/lisp/org/org-src hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-src
/home/blc/.local/src/emacs-dbg/lisp/org/org-agenda hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-agenda
/home/blc/.local/src/emacs-dbg/lisp/org/org-footnote hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-footnote
/home/blc/.local/src/emacs-dbg/lisp/org/ob-shen hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-shen
/home/blc/.local/src/emacs-dbg/lisp/org/ob-groovy hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-groovy
/home/blc/.local/src/emacs-dbg/lisp/org/ob-eshell hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-eshell
/home/blc/.local/src/emacs-dbg/lisp/org/ox-md hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ox-md
/home/blc/.local/src/emacs-dbg/lisp/org/ol-bbdb hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ol-bbdb
/home/blc/.local/src/emacs-dbg/lisp/org/ob-fortran hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-fortran
/home/blc/.local/src/emacs-dbg/lisp/org/ob-matlab hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-matlab
/home/blc/.local/src/emacs-dbg/lisp/org/ol-mhe hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ol-mhe
/home/blc/.local/src/emacs-dbg/lisp/org/ob-hledger hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-hledger
/home/blc/.local/src/emacs-dbg/lisp/org/ox-texinfo hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ox-texinfo
/home/blc/.local/src/emacs-dbg/lisp/org/ox-man hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ox-man
/home/blc/.local/src/emacs-dbg/lisp/org/ob-ditaa hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-ditaa
/home/blc/.local/src/emacs-dbg/lisp/org/ob-ruby hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-ruby
/home/blc/.local/src/emacs-dbg/lisp/org/ob-asymptote hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-asymptote
/home/blc/.local/src/emacs-dbg/lisp/org/ob-ledger hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-ledger
/home/blc/.local/src/emacs-dbg/lisp/org/ox-html hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ox-html
/home/blc/.local/src/emacs-dbg/lisp/org/org-archive hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-archive
/home/blc/.local/src/emacs-dbg/lisp/org/ox-odt hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ox-odt
/home/blc/.local/src/emacs-dbg/lisp/org/org-pcomplete hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-pcomplete
/home/blc/.local/src/emacs-dbg/lisp/org/ob-sed hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-sed
/home/blc/.local/src/emacs-dbg/lisp/org/ol-gnus hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ol-gnus
/home/blc/.local/src/emacs-dbg/lisp/org/org-macs hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-macs
/home/blc/.local/src/emacs-dbg/lisp/org/ob-screen hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-screen
/home/blc/.local/src/emacs-dbg/lisp/org/org-ctags hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-ctags
/home/blc/.local/src/emacs-dbg/lisp/org/org-entities hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-entities
/home/blc/.local/src/emacs-dbg/lisp/org/org-indent hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-indent
/home/blc/.local/src/emacs-dbg/lisp/org/ob-js hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-js
/home/blc/.local/src/emacs-dbg/lisp/org/ox-latex hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ox-latex
/home/blc/.local/src/emacs-dbg/lisp/org/ol-eshell hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ol-eshell
/home/blc/.local/src/emacs-dbg/lisp/org/ox hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ox
/home/blc/.local/src/emacs-dbg/lisp/org/ob-table hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-table
/home/blc/.local/src/emacs-dbg/lisp/org/ob-java hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-java
/home/blc/.local/src/emacs-dbg/lisp/org/org-colview hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-colview
/home/blc/.local/src/emacs-dbg/lisp/org/ob-calc hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-calc
/home/blc/.local/src/emacs-dbg/lisp/org/ob-sass hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-sass
/home/blc/.local/src/emacs-dbg/lisp/org/org-mouse hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-mouse
/home/blc/.local/src/emacs-dbg/lisp/org/ol-docview hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ol-docview
/home/blc/.local/src/emacs-dbg/lisp/org/org-lint hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-lint
/home/blc/.local/src/emacs-dbg/lisp/org/org-goto hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-goto
/home/blc/.local/src/emacs-dbg/lisp/org/ob-lisp hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-lisp
/home/blc/.local/src/emacs-dbg/lisp/org/ol hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ol
/home/blc/.local/src/emacs-dbg/lisp/org/ol-eww hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ol-eww
/home/blc/.local/src/emacs-dbg/lisp/org/ob-lua hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-lua
/home/blc/.local/src/emacs-dbg/lisp/org/org-id hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-id
/home/blc/.local/src/emacs-dbg/lisp/org/ox-beamer hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ox-beamer
/home/blc/.local/src/emacs-dbg/lisp/org/org-attach hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-attach
/home/blc/.local/src/emacs-dbg/lisp/org/ol-irc hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ol-irc
/home/blc/.local/src/emacs-dbg/lisp/org/ob-lilypond hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-lilypond
/home/blc/.local/src/emacs-dbg/lisp/org/ob-core hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-core
/home/blc/.local/src/emacs-dbg/lisp/org/ob-ref hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-ref
/home/blc/.local/src/emacs-dbg/lisp/org/ox-ascii hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ox-ascii
/home/blc/.local/src/emacs-dbg/lisp/org/org-list hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-list
/home/blc/.local/src/emacs-dbg/lisp/org/org-mobile hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-mobile
/home/blc/.local/src/emacs-dbg/lisp/org/ob-perl hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-perl
/home/blc/.local/src/emacs-dbg/lisp/org/org-refile hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-refile
/home/blc/.local/src/emacs-dbg/lisp/org/org-faces hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-faces
/home/blc/.local/src/emacs-dbg/lisp/org/ob-processing hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-processing
/home/blc/.local/src/emacs-dbg/lisp/org/ob-picolisp hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-picolisp
/home/blc/.local/src/emacs-dbg/lisp/org/ob-awk hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-awk
/home/blc/.local/src/emacs-dbg/lisp/org/ob-vala hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-vala
/home/blc/.local/src/emacs-dbg/lisp/org/ob-octave hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-octave
/home/blc/.local/src/emacs-dbg/lisp/org/ob-maxima hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-maxima
/home/blc/.local/src/emacs-dbg/lisp/org/org-duration hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-duration
/home/blc/.local/src/emacs-dbg/lisp/org/ob-forth hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-forth
/home/blc/.local/src/emacs-dbg/lisp/org/org hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org
/home/blc/.local/src/emacs-dbg/lisp/org/org-tempo hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-tempo
/home/blc/.local/src/emacs-dbg/lisp/org/ox-publish hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ox-publish
/home/blc/.local/src/emacs-dbg/lisp/org/ob-sql hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-sql
/home/blc/.local/src/emacs-dbg/lisp/org/ob-latex hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-latex
/home/blc/.local/src/emacs-dbg/lisp/org/org-feed hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-feed
/home/blc/.local/src/emacs-dbg/lisp/org/org-loaddefs hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-loaddefs
/home/blc/.local/src/emacs-dbg/lisp/org/ob-sqlite hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-sqlite
/home/blc/.local/src/emacs-dbg/lisp/org/ob-lob hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-lob
/home/blc/.local/src/emacs-dbg/lisp/org/ob-C hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-C
/home/blc/.local/src/emacs-dbg/lisp/org/org-timer hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/org-timer
/home/blc/.local/src/emacs-dbg/lisp/org/ob-comint hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-comint
/home/blc/.emacs.d/elpa/org-contrib-0.1.0.20210610.153732/ox-koma-letter hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ox-koma-letter
/home/blc/.local/src/emacs-dbg/lisp/org/ob-css hides /home/blc/.emacs.d/elpa/org-9.5snapshot0.20210901.144307/ob-css
/home/blc/.emacs.d/lisp/swiper hides /home/blc/.emacs.d/elpa/swiper-0.13.4.0.20210521.132146/swiper
/home/blc/.emacs.d/lisp/colir hides /home/blc/.emacs.d/elpa/ivy-0.13.4.0.20210903.181938/colir
/home/blc/.emacs.d/lisp/ivy-faces hides /home/blc/.emacs.d/elpa/ivy-0.13.4.0.20210903.181938/ivy-faces
/home/blc/.emacs.d/lisp/ivy-overlay hides /home/blc/.emacs.d/elpa/ivy-0.13.4.0.20210903.181938/ivy-overlay
/home/blc/.emacs.d/lisp/ivy hides /home/blc/.emacs.d/elpa/ivy-0.13.4.0.20210903.181938/ivy
/home/blc/.emacs.d/lisp/dash hides /home/blc/.emacs.d/elpa/dash-2.19.1.0.20210826.114923/dash
/home/blc/.emacs.d/elpa/transient-0.3.6.0.20210819.211812/transient hides /home/blc/.local/src/emacs-dbg/lisp/transient

Features:
(shadow sort footnote mail-extr gnus-msg gnus-art mm-uu mml2015 mm-view
mml-smime smime dig gnus-sum shr kinsoku svg dom gnus-group gnus-undo
gnus-start gnus-dbus gnus-cloud nnimap nnmail mail-source utf7 netrc
nnoo parse-time iso8601 gnus-spec gnus-int gnus-range gnus-win gnus
nnheader wid-edit emacsbug message rmc puny rfc822 mml mml-sec epa
derived epg rfc6068 epg-config gnus-util rmail rmail-loaddefs time-date
mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils
mailheader sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr
mail-utils thingatpt counsel xref project git-annex advice rx dired-x
deb-view dired dired-loaddefs compile text-property-search comint
ansi-color swiper cl-extra help-mode mb-depth ivy ring ivy-faces
ivy-overlay colir color vc-git diff-mode easy-mmode vc vc-dispatcher
bug-reference edmacro kmacro whitespace time cap-words superword subword
so-long paren-face paren highlight-escape-sequences delsel delight
modus-operandi-theme modus-themes pcase format-spec battery dbus xml xdg
blc-pkg finder-inf info tex-site debian-el sly-autoloads package
browse-url url url-proxy url-privacy url-expand url-methods url-history
url-cookie url-domsuf url-util mailcap url-handlers url-parse
auth-source cl-seq eieio eieio-core cl-macs eieio-loaddefs
password-cache json subr-x url-vars cl-loaddefs cl-lib blc-lib map seq
byte-opt gv bytecomp byte-compile cconv iso-transl tooltip eldoc
electric uniquify ediff-hook vc-hooks lisp-float-type mwheel term/x-win
x-win term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode elisp-mode lisp-mode
prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu
timer select scroll-bar mouse jit-lock font-lock syntax font-core
term/tty-colors frame minibuffer cl-generic cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms
cp51932 hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese composite charscript charprop case-table epa-hook
jka-cmpr-hook help simple abbrev obarray cl-preloaded nadvice button
loaddefs faces cus-face macroexp files window text-properties overlay
sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote threads dbusbind inotify lcms2
dynamic-setting system-font-setting font-render-setting cairo x-toolkit
x multi-tty make-network-process emacs)

Memory information:
((conses 16 403751 62245)
 (symbols 48 27937 12)
 (strings 32 116179 9154)
 (string-bytes 1 3506695)
 (vectors 16 39922)
 (vector-slots 8 469718 40842)
 (floats 8 333 153)
 (intervals 56 313 72)
 (buffers 992 10))

Message #8 received at 50571 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: "Basil L. Contovounesios" <contovob <at> tcd.ie>
Cc: 50571 <at> debbugs.gnu.org
Subject: Re: bug#50571: 28.0.50; Redisplay segfaults with empty face cache
Date: Mon, 13 Sep 2021 19:03:21 +0300

> Date: Mon, 13 Sep 2021 15:59:29 +0100
> From:  "Basil L. Contovounesios" via "Bug reports for GNU Emacs,
>  the Swiss army knife of text editors" <bug-gnu-emacs <at> gnu.org>
> 
> I can reliably cause Emacs to segfault with my current config and
> installed packages with the following steps specific to my system:
> 
> 0. C-x p p (project-switch-project)
> 1. Select a checkout of https://github.com/kyleam/bog,
>    using Ivy completion.
> 2. m (magit-project-status)

Thanks.  I'd prefer not to install two huge packages, so would you
please help me understand better what's going on in this recipe?

Here's what puzzles me:

> #0  terminate_due_to_signal (sig=6, backtrace_limit=2147483647) at emacs.c:400
> #1  0x00005555557d4f5f in die
>     (msg=0x55555592d2e8 "0 <= id && id < FRAME_FACE_CACHE (f)->used", file=0x55555592d2da "frame.h", line=1433) at alloc.c:7479
> #2  0x00005555556c89f1 in FACE_FROM_ID (f=0x5555562070b0, id=0) at frame.h:1433
> #3  0x00005555556d9e57 in face_at_buffer_position
>     (w=0x555556207318, pos=1, endptr=0x7fffffff7f70, limit=101, mouse=false, base_face_id=0, attr_filter=0) at xfaces.c:6425
> #4  0x00005555555d41d0 in face_at_pos (it=0x7fffffff8170, attr_filter=0) at xdisp.c:4379
> #5  0x00005555555d44cd in handle_face_prop (it=0x7fffffff8170) at xdisp.c:4480
> #6  0x00005555555d2977 in handle_stop (it=0x7fffffff8170) at xdisp.c:3854
> #7  0x00005555555dd96a in reseat (it=0x7fffffff8170, pos=..., force_p=true) at xdisp.c:7112
> #8  0x00005555555d1abb in init_iterator
>     (it=0x7fffffff8170, w=0x555556207318, charpos=1, bytepos=1, row=0x555557419f80, base_face_id=DEFAULT_FACE_ID) at xdisp.c:3455

init_iterator makes sure the frame's face cache includes all the basic
faces, around line 3220 of xdisp.c:

  /* If realized faces have been removed, e.g. because of face
     attribute changes of named faces, recompute them.  When running
     in batch mode, the face cache of the initial frame is null.  If
     we happen to get called, make a dummy face cache.  */
  if (FRAME_FACE_CACHE (it->f) == NULL)
    init_frame_faces (it->f);
  if (FRAME_FACE_CACHE (it->f)->used == 0)
    recompute_basic_faces (it->f);

The backtrace you sent starts at line 3455 of xdisp.c.  So somewhere
between these two places, or maybe inside reseat and the functions it
calls, the frame's face cache gets cleared.  Can you please put a
watchpoint on it->f->face_cache->used, after the above snippet makes
sure the cache is valid and the basic faces are cached in it, and see
where the cache gets cleared?  Be sure to use the -l (ell) switch of
the "watch" command in GDB, so it's valid even when you are not in the
lexical scope of init_iterator.

When the watchpoint breaks, please show both the C backtrace and the
Lisp backtrace (using the "xbacktrace" command if needed).

I hope this will tell us enough to understand whodunit.

Thanks.

Message #11 received at 50571 <at> debbugs.gnu.org (full text, mbox):

From: "Basil L. Contovounesios" <contovob <at> tcd.ie>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 50571 <at> debbugs.gnu.org
Subject: Re: bug#50571: 28.0.50; Redisplay segfaults with empty face cache
Date: Tue, 14 Sep 2021 00:21:17 +0100

[Message part 1 (text/plain, inline)]

Eli Zaretskii [2021-09-13 19:03 +0300] wrote:

>> #0  terminate_due_to_signal (sig=6, backtrace_limit=2147483647) at emacs.c:400
>> #1  0x00005555557d4f5f in die
>>     (msg=0x55555592d2e8 "0 <= id && id < FRAME_FACE_CACHE (f)->used",
>> file=0x55555592d2da "frame.h", line=1433) at alloc.c:7479
>> #2  0x00005555556c89f1 in FACE_FROM_ID (f=0x5555562070b0, id=0) at frame.h:1433
>> #3  0x00005555556d9e57 in face_at_buffer_position
>>     (w=0x555556207318, pos=1, endptr=0x7fffffff7f70, limit=101, mouse=false,
>> base_face_id=0, attr_filter=0) at xfaces.c:6425
>> #4  0x00005555555d41d0 in face_at_pos (it=0x7fffffff8170, attr_filter=0) at xdisp.c:4379
>> #5  0x00005555555d44cd in handle_face_prop (it=0x7fffffff8170) at xdisp.c:4480
>> #6  0x00005555555d2977 in handle_stop (it=0x7fffffff8170) at xdisp.c:3854
>> #7  0x00005555555dd96a in reseat (it=0x7fffffff8170, pos=..., force_p=true) at xdisp.c:7112
>> #8  0x00005555555d1abb in init_iterator
>>     (it=0x7fffffff8170, w=0x555556207318, charpos=1, bytepos=1,
>> row=0x555557419f80, base_face_id=DEFAULT_FACE_ID) at xdisp.c:3455
>
> init_iterator makes sure the frame's face cache includes all the basic
> faces, around line 3220 of xdisp.c:
>
>   /* If realized faces have been removed, e.g. because of face
>      attribute changes of named faces, recompute them.  When running
>      in batch mode, the face cache of the initial frame is null.  If
>      we happen to get called, make a dummy face cache.  */
>   if (FRAME_FACE_CACHE (it->f) == NULL)
>     init_frame_faces (it->f);
>   if (FRAME_FACE_CACHE (it->f)->used == 0)
>     recompute_basic_faces (it->f);
>
> The backtrace you sent starts at line 3455 of xdisp.c.  So somewhere
> between these two places, or maybe inside reseat and the functions it
> calls, the frame's face cache gets cleared.  Can you please put a
> watchpoint on it->f->face_cache->used, after the above snippet makes
> sure the cache is valid and the basic faces are cached in it, and see
> where the cache gets cleared?  Be sure to use the -l (ell) switch of
> the "watch" command in GDB, so it's valid even when you are not in the
> lexical scope of init_iterator.
>
> When the watchpoint breaks, please show both the C backtrace and the
> Lisp backtrace (using the "xbacktrace" command if needed).

For some reason, if I set a watch- or break-point with a condition that
involves untagging a structure, e.g. XFRAME or XSTRING, GDB gives me
something like the following:

  Error in testing breakpoint condition:                                                                                            
  Couldn't get registers: No such process.                                                                                          
  An error occurred while in a function called from GDB.                                                                            
  Evaluation of the expression containing the function                                                                              
  (SDATA) will be abandoned.                                                                                                        
  When the function is done executing, GDB will silently stop.                                                                      
  Selected thread is running.

Where SDATA may also be XFRAME/XSTRING depending on the condition.  Not
sure what that's about.

In any case, I was able to manually continue execution until
init_iterator was dealing with the desired frame.  If you know of a way
to streamline this, please let me know.

Note that, at the time that I issue 'bt full' in the attached log, the
single visible *scratch* frame has the following in the echo area:

  Error during bug-reference-auto-setup: (no-catch sucess t)

So there's an uncaught signal (presumably due to a typo) in the mix too.

Thanks,

-- 
Basil

[gdb-watch.txt.gz (application/gzip, attachment)]

Message #14 received at 50571 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: "Basil L. Contovounesios" <contovob <at> tcd.ie>
Cc: 50571 <at> debbugs.gnu.org
Subject: Re: bug#50571: 28.0.50; Redisplay segfaults with empty face cache
Date: Tue, 14 Sep 2021 16:03:02 +0300

> From: "Basil L. Contovounesios" <contovob <at> tcd.ie>
> Cc: 50571 <at> debbugs.gnu.org
> Date: Tue, 14 Sep 2021 00:21:17 +0100
> 
> In any case, I was able to manually continue execution until
> init_iterator was dealing with the desired frame.  If you know of a way
> to streamline this, please let me know.

I usually define the watchpoint only when I'm in the right
frame/window.

> Note that, at the time that I issue 'bt full' in the attached log, the
> single visible *scratch* frame has the following in the echo area:
> 
>   Error during bug-reference-auto-setup: (no-catch sucess t)
> 
> So there's an uncaught signal (presumably due to a typo) in the mix too.

Thanks, I see the reason now.  It's because we allow to have arbitrary
Lisp to be registered in jit-lock-functions, and then that arbitrary
Lisp is called in the middle of redisplay, and in this case creates a
whole new frame with faces.  As luck would have it, we decide right
there and then perform routine maintenance and release all the faces
on all the frames...

I'm thinking about the best solution for this.

Message #17 received at 50571 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: contovob <at> tcd.ie
Cc: 50571 <at> debbugs.gnu.org
Subject: Re: bug#50571: 28.0.50; Redisplay segfaults with empty face cache
Date: Tue, 14 Sep 2021 16:33:43 +0300

> Date: Tue, 14 Sep 2021 16:03:02 +0300
> From: Eli Zaretskii <eliz <at> gnu.org>
> Cc: 50571 <at> debbugs.gnu.org
> 
> Thanks, I see the reason now.  It's because we allow to have arbitrary
> Lisp to be registered in jit-lock-functions, and then that arbitrary
> Lisp is called in the middle of redisplay, and in this case creates a
> whole new frame with faces.  As luck would have it, we decide right
> there and then perform routine maintenance and release all the faces
> on all the frames...
> 
> I'm thinking about the best solution for this.

Does the patch below give good results?

diff --git a/src/frame.h b/src/frame.h
index a8ad011..3dd7680 100644
--- a/src/frame.h
+++ b/src/frame.h
@@ -449,8 +449,8 @@ #define EMACS_FRAME_H
   /* Non-zero if this frame's faces need to be recomputed.  */
   bool_bf face_change : 1;
 
-  /* Non-zero if this frame's image cache cannot be freed because the
-     frame is in the process of being redisplayed.  */
+  /* Non-zero if this frame's image cache and face cache cannot be
+     freed because the frame is in the process of being redisplayed.  */
   bool_bf inhibit_clear_image_cache : 1;
 
   /* True when new_width or new_height were set by change_frame_size,
diff --git a/src/xdisp.c b/src/xdisp.c
index d30a685..2e72f6b 100644
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -16061,12 +16061,13 @@ #define AINC(a,i)							\
 	      if (FRAME_VISIBLE_P (f) && !FRAME_OBSCURED_P (f))
 		{
 
-		  /* Don't allow freeing images for this frame as long
-		     as the frame's update wasn't completed.  This
-		     prevents crashes when some Lisp that runs from
-		     the various hooks or font-lock decides to clear
-		     the frame's image cache, when the images in that
-		     cache are referenced by the desired matrix.  */
+		  /* Don't allow freeing images and faces for this
+		     frame as long as the frame's update wasn't
+		     completed.  This prevents crashes when some Lisp
+		     that runs from the various hooks or font-lock
+		     decides to clear the frame's image cache and face
+		     cache, when the images and faces in those caches
+		     are referenced by the desired matrix.  */
 		  f->inhibit_clear_image_cache = true;
 		  redisplay_windows (FRAME_ROOT_WINDOW (f));
 		}
diff --git a/src/xfaces.c b/src/xfaces.c
index 2273fb4..aefed54 100644
--- a/src/xfaces.c
+++ b/src/xfaces.c
@@ -674,7 +674,8 @@ clear_face_cache (bool clear_fonts_p)
 	{
 	  struct frame *f = XFRAME (frame);
 	  if (FRAME_WINDOW_P (f)
-	      && FRAME_DISPLAY_INFO (f)->n_fonts > CLEAR_FONT_TABLE_NFONTS)
+	      && FRAME_DISPLAY_INFO (f)->n_fonts > CLEAR_FONT_TABLE_NFONTS
+	      && !f->inhibit_clear_image_cache)
 	    {
 	      clear_font_cache (f);
 	      free_all_realized_faces (frame);

Message #20 received at 50571 <at> debbugs.gnu.org (full text, mbox):

From: "Basil L. Contovounesios" <contovob <at> tcd.ie>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 50571 <at> debbugs.gnu.org
Subject: Re: bug#50571: 28.0.50; Redisplay segfaults with empty face cache
Date: Tue, 14 Sep 2021 20:45:18 +0100

Eli Zaretskii [2021-09-14 16:33 +0300] wrote:

>> Date: Tue, 14 Sep 2021 16:03:02 +0300
>> From: Eli Zaretskii <eliz <at> gnu.org>
>> Cc: 50571 <at> debbugs.gnu.org
>> 
>> Thanks, I see the reason now.  It's because we allow to have arbitrary
>> Lisp to be registered in jit-lock-functions, and then that arbitrary
>> Lisp is called in the middle of redisplay, and in this case creates a
>> whole new frame with faces.  As luck would have it, we decide right
>> there and then perform routine maintenance and release all the faces
>> on all the frames...
>> 
>> I'm thinking about the best solution for this.
>
> Does the patch below give good results?

Yes, applying it makes the issue go away, and reverting it reintroduces
the segfault.  I didn't notice any other issues.  Thanks!

-- 
Basil

Message #25 received at 50571-done <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: "Basil L. Contovounesios" <contovob <at> tcd.ie>
Cc: 50571-done <at> debbugs.gnu.org
Subject: Re: bug#50571: 28.0.50; Redisplay segfaults with empty face cache
Date: Wed, 15 Sep 2021 16:16:41 +0300

> From: "Basil L. Contovounesios" <contovob <at> tcd.ie>
> Cc: 50571 <at> debbugs.gnu.org
> Date: Tue, 14 Sep 2021 20:45:18 +0100
> 
> >> Thanks, I see the reason now.  It's because we allow to have arbitrary
> >> Lisp to be registered in jit-lock-functions, and then that arbitrary
> >> Lisp is called in the middle of redisplay, and in this case creates a
> >> whole new frame with faces.  As luck would have it, we decide right
> >> there and then perform routine maintenance and release all the faces
> >> on all the frames...
> >> 
> >> I'm thinking about the best solution for this.
> >
> > Does the patch below give good results?
> 
> Yes, applying it makes the issue go away, and reverting it reintroduces
> the segfault.  I didn't notice any other issues.  Thanks!

Thanks, I've now installed these changes, and I'm therefore closing
the bug.

Message #28 received at 50571 <at> debbugs.gnu.org (full text, mbox):

From: "Basil L. Contovounesios" <contovob <at> tcd.ie>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 50571 <at> debbugs.gnu.org
Subject: Re: bug#50571: 28.0.50; Redisplay segfaults with empty face cache
Date: Sun, 19 Sep 2021 14:57:02 +0100

[Message part 1 (text/plain, inline)]

reopen 50571
quit

Basil L. Contovounesios [2021-09-14 20:45 +0100] wrote:

> Eli Zaretskii [2021-09-14 16:33 +0300] wrote:
>
>>> Date: Tue, 14 Sep 2021 16:03:02 +0300
>>> From: Eli Zaretskii <eliz <at> gnu.org>
>>> Cc: 50571 <at> debbugs.gnu.org
>>> 
>>> Thanks, I see the reason now.  It's because we allow to have arbitrary
>>> Lisp to be registered in jit-lock-functions, and then that arbitrary
>>> Lisp is called in the middle of redisplay, and in this case creates a
>>> whole new frame with faces.  As luck would have it, we decide right
>>> there and then perform routine maintenance and release all the faces
>>> on all the frames...
>>> 
>>> I'm thinking about the best solution for this.
>>
>> Does the patch below give good results?
>
> Yes, applying it makes the issue go away, and reverting it reintroduces
> the segfault.  I didn't notice any other issues.  Thanks!

Unfortunately I found another hole that needs plugging, but fortunately
I can reliably reproduce it with the following site-specific steps:

0. emacs
1. C-x p p (project-switch-project)
2. Select a checkout of https://github.com/abo-abo/swiper,
   using Ivy completion.
3. f (project-find-file)
4. ivy.el RET
5. C-s (isearch-forward)
6. C-g
7. M-s s (counsel-grep-or-swiper)
8. #[[:digit:]]

This brings a bug-reference-bug-regexp match onto screen, which again
triggers a frame creation via bug-reference's call to display-warning.

The attached GDB log shows where the relevant frame's face cache is
cleared right before the crash (search for 'New value = 0'), at which
point f->inhibit_clear_image_cache is false.

-- 
Basil

[20210919-gdb-watch.txt.gz (application/gzip, attachment)]

Message #33 received at 50571 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: "Basil L. Contovounesios" <contovob <at> tcd.ie>
Cc: 50571 <at> debbugs.gnu.org
Subject: Re: bug#50571: 28.0.50; Redisplay segfaults with empty face cache
Date: Sun, 19 Sep 2021 18:47:32 +0300

> From: "Basil L. Contovounesios" <contovob <at> tcd.ie>
> Cc: 50571 <at> debbugs.gnu.org
> Date: Sun, 19 Sep 2021 14:57:02 +0100
> 
> Unfortunately I found another hole that needs plugging, but fortunately
> I can reliably reproduce it with the following site-specific steps:
> 
> 0. emacs
> 1. C-x p p (project-switch-project)
> 2. Select a checkout of https://github.com/abo-abo/swiper,
>    using Ivy completion.
> 3. f (project-find-file)
> 4. ivy.el RET
> 5. C-s (isearch-forward)
> 6. C-g
> 7. M-s s (counsel-grep-or-swiper)
> 8. #[[:digit:]]
> 
> This brings a bug-reference-bug-regexp match onto screen, which again
> triggers a frame creation via bug-reference's call to display-warning.
> 
> The attached GDB log shows where the relevant frame's face cache is
> cleared right before the crash (search for 'New value = 0'), at which
> point f->inhibit_clear_image_cache is false.

Thanks for the data.  I guess this is a preview of how allowing
arbitrary Lisp that affects the display in fontification-functions
will keep shooting in the foot, time and again.

Please try the patch below.

diff --git a/src/xdisp.c b/src/xdisp.c
index 2e72f6b..8b56fee 100644
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -4288,12 +4288,17 @@ handle_fontified_prop (struct it *it)
       struct buffer *obuf = current_buffer;
       ptrdiff_t begv = BEGV, zv = ZV;
       bool old_clip_changed = current_buffer->clip_changed;
+      bool saved_inhibit_flag = it->f->inhibit_clear_image_cache;
 
       val = Vfontification_functions;
       specbind (Qfontification_functions, Qnil);
 
       eassert (it->end_charpos == ZV);
 
+      /* Don't allow Lisp that runs from 'fontification-functions'
+	 clear our face and image caches behind our backs.  */
+      it->f->inhibit_clear_image_cache = true;
+
       if (!CONSP (val) || EQ (XCAR (val), Qlambda))
 	safe_call1 (val, pos);
       else
@@ -4327,6 +4332,7 @@ handle_fontified_prop (struct it *it)
 	    }
 	}
 
+      it->f->inhibit_clear_image_cache = saved_inhibit_flag;
       unbind_to (count, Qnil);
 
       /* Fontification functions routinely call `save-restriction'.

Message #36 received at 50571 <at> debbugs.gnu.org (full text, mbox):

From: "Basil L. Contovounesios" <contovob <at> tcd.ie>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: 50571 <at> debbugs.gnu.org
Subject: Re: bug#50571: 28.0.50; Redisplay segfaults with empty face cache
Date: Sun, 19 Sep 2021 19:21:12 +0100

Eli Zaretskii [2021-09-19 18:47 +0300] wrote:

>> From: "Basil L. Contovounesios" <contovob <at> tcd.ie>
>> Cc: 50571 <at> debbugs.gnu.org
>> Date: Sun, 19 Sep 2021 14:57:02 +0100
>> 
>> Unfortunately I found another hole that needs plugging, but fortunately
>> I can reliably reproduce it with the following site-specific steps:
>> 
>> 0. emacs
>> 1. C-x p p (project-switch-project)
>> 2. Select a checkout of https://github.com/abo-abo/swiper,
>>    using Ivy completion.
>> 3. f (project-find-file)
>> 4. ivy.el RET
>> 5. C-s (isearch-forward)
>> 6. C-g
>> 7. M-s s (counsel-grep-or-swiper)
>> 8. #[[:digit:]]
>> 
>> This brings a bug-reference-bug-regexp match onto screen, which again
>> triggers a frame creation via bug-reference's call to display-warning.
>> 
>> The attached GDB log shows where the relevant frame's face cache is
>> cleared right before the crash (search for 'New value = 0'), at which
>> point f->inhibit_clear_image_cache is false.
>
> Thanks for the data.  I guess this is a preview of how allowing
> arbitrary Lisp that affects the display in fontification-functions
> will keep shooting in the foot, time and again.

For that there's M-x kevlar-feet-mode of course, though I'm not sure
it's GPL-compatible.

> Please try the patch below.

It seems to relieve the pain in my feet, thank you very much!

-- 
Basil

Message #41 received at 50571-done <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: "Basil L. Contovounesios" <contovob <at> tcd.ie>
Cc: 50571-done <at> debbugs.gnu.org
Subject: Re: bug#50571: 28.0.50; Redisplay segfaults with empty face cache
Date: Sun, 19 Sep 2021 21:41:25 +0300

> From: "Basil L. Contovounesios" <contovob <at> tcd.ie>
> Cc: 50571 <at> debbugs.gnu.org
> Date: Sun, 19 Sep 2021 19:21:12 +0100
> 
> > Thanks for the data.  I guess this is a preview of how allowing
> > arbitrary Lisp that affects the display in fontification-functions
> > will keep shooting in the foot, time and again.
> 
> For that there's M-x kevlar-feet-mode of course, though I'm not sure
> it's GPL-compatible.

Emacs Lisp is way more powerful than any Kevlar.

> > Please try the patch below.
> 
> It seems to relieve the pain in my feet, thank you very much!

Thanks, installed.  And closing the bug (again).

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.