Package: emacs;
Reported by: Eshel Yaron <me <at> eshelyaron.com>
Date: Thu, 23 Mar 2023 08:44:02 UTC
Severity: normal
Found in version 30.0.50
To reply to this bug, email your comments to 62402 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
bug-gnu-emacs <at> gnu.org:bug#62402; Package emacs.
(Thu, 23 Mar 2023 08:44:02 GMT) Full text and rfc822 format available.Eshel Yaron <me <at> eshelyaron.com>:bug-gnu-emacs <at> gnu.org.
(Thu, 23 Mar 2023 08:44:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Eshel Yaron <me <at> eshelyaron.com> To: bug-gnu-emacs <at> gnu.org Subject: 30.0.50; Emacs crashes on popup menu selection Date: Thu, 23 Mar 2023 10:43:39 +0200
Hi,
For some time now Emacs crashes whenever I try to select from a popup
menu in EWW. This happens deterministically, and Emacs always crashes
in the same way in a call to `x-popup-menu` from `eww-change-select`.
Trying to isolate the issue, I came up with the following minimal
example:
1. emacs -Q
2. evaluate the following form to create a popup menu:
(x-popup-menu `((0 0) ,(get-buffer-window))
'(keymap (Bar menu-item "Bar" ignore :key-sequence nil)
(Baz menu-item "Baz" ignore :key-sequence nil)))
3. select an option from the menu
4. Emacs crashes with the following backtrace:
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGABRT)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000003
Exception Codes: 0x0000000000000001, 0x0000000000000003
VM Region Info: 0x3 is not in any region. Bytes before following region: 140737486401533
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
UNUSED SPACE AT START
--->
shared memory 7fffffe23000-7fffffe24000 [ 4K] r-x/r-x SM=SHM
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libsystem_kernel.dylib 0x7ff8050b422a __pthread_kill + 10
1 libsystem_pthread.dylib 0x7ff8050ebf7b pthread_kill + 263
2 libsystem_c.dylib 0x7ff804ff8480 raise + 26
3 Emacs 0x10908b5f7 terminate_due_to_signal + 167 (emacs.c:464)
4 Emacs 0x10908bf8b emacs_abort + 15 (sysdep.c:2313)
5 Emacs 0x1090498a2 ns_term_shutdown + 162 (nsterm.m:5765)
6 Emacs 0x108ef32c8 shut_down_emacs + 344 (emacs.c:3017)
7 Emacs 0x10908b5c5 terminate_due_to_signal + 117 (emacs.c:447)
8 Emacs 0x108f1af9e handle_fatal_signal + 14 (sysdep.c:1783)
9 Emacs 0x108f1b021 deliver_thread_signal + 129 (sysdep.c:1775)
10 Emacs 0x108f19359 deliver_fatal_thread_signal + 9 (sysdep.c:1795)
11 Emacs 0x108f1b069 handle_sigsegv + 57 (sysdep.c:1888)
12 libsystem_platform.dylib 0x7ff805116c1d _sigtramp + 29
13 ??? 0x0 ???
14 Emacs 0x10906c2be -[EmacsMenu runMenuAt:forFrame:keymaps:] + 318 (nsmenu.m:767)
15 Emacs 0x10906cb1b ns_menu_show + 1883 (nsmenu.m:1067)
16 Emacs 0x108e78c45 x_popup_menu_1 + 2325 (menu.c:1410)
17 Emacs 0x108f8e8af eval_sub + 2575 (eval.c:2503)
18 Emacs 0x108f8eadd Fprogn + 45 (eval.c:436)
19 Emacs 0x108f8e670 eval_sub + 2000 (eval.c:2451)
20 Emacs 0x108f933cd Feval + 77 (eval.c:2363)
21 elisp-mode-90dbfe40-cf3545f3.eln 0x10d39efef F656c6973702d2d6576616c2d6c6173742d73657870_elisp__eval_last_sexp_0 + 351
As a less contrived example, Emacs crashes (with a similar backtrace)
when browsing https://search.marginalia.nu with EWW and trying to change
one of the selections such as "Popular Sites" to another choice,
e.g. "Academia".
Thanks,
Eshel
In GNU Emacs 30.0.50 (build 25, x86_64-apple-darwin22.3.0, NS
appkit-2299.40 Version 13.2.1 (Build 22D68)) of 2023-03-21 built on
esmac.local
Repository revision: 42fba8f36b19536964d6deb6a34f3fd1c02b43dd
Repository branch: master
Windowing system distributor 'Apple', version 10.3.2299
System Description: macOS 13.2.1
Configured using:
'configure --with-native-compilation --with-json --with-tree-sitter'
Configured features:
ACL DBUS GIF GLIB GMP GNUTLS JPEG JSON LCMS2 LIBXML2 MODULES NATIVE_COMP
NOTIFY KQUEUE NS PDUMPER PNG RSVG SQLITE3 THREADS TIFF
TOOLKIT_SCROLL_BARS TREE_SITTER WEBP XIM ZLIB
Important settings:
value of $LC_CTYPE: UTF-8
locale-coding-system: utf-8-unix
Major mode: Lisp Interaction
Minor modes in effect:
tooltip-mode: t
global-eldoc-mode: t
eldoc-mode: t
show-paren-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
line-number-mode: t
indent-tabs-mode: t
transient-mark-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
Load-path shadows:
None found.
Features:
(shadow sort mail-extr emacsbug message mailcap yank-media puny dired
dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068
epg-config gnus-util text-property-search time-date mm-decode mm-bodies
mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader cl-loaddefs
comp comp-cstr warnings icons subr-x rx cl-seq cl-macs gv cl-extra
help-mode bytecomp byte-compile cl-lib sendmail rfc2047 rfc2045
ietf-drums mm-util mail-prsvr mail-utils rmc iso-transl tooltip cconv
eldoc paren electric uniquify ediff-hook vc-hooks lisp-float-type
elisp-mode mwheel term/ns-win ns-win ucs-normalize mule-util
term/common-win tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode lisp-mode prog-mode register
page tab-bar menu-bar rfn-eshadow isearch easymenu timer select
scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors
frame minibuffer nadvice seq simple cl-generic indonesian philippine
cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao
korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech
european ethiopic indian cyrillic chinese composite emoji-zwj charscript
charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure
cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp
files window text-properties overlay sha1 md5 base64 format env
code-pages mule custom widget keymap hashtable-print-readable backquote
threads dbusbind kqueue cocoa ns lcms2 multi-tty make-network-process
native-compile emacs)
Memory information:
((conses 16 77657 8466)
(symbols 48 7093 0)
(strings 32 18959 1997)
(string-bytes 1 581298)
(vectors 16 16146)
(vector-slots 8 286623 12027)
(floats 8 27 52)
(intervals 56 219 0)
(buffers 984 11))
bug-gnu-emacs <at> gnu.org:bug#62402; Package emacs.
(Thu, 23 Mar 2023 09:01:02 GMT) Full text and rfc822 format available.Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Ruijie Yu <ruijie <at> netyu.xyz> To: Eshel Yaron <me <at> eshelyaron.com> Cc: 62402 <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org Subject: Re: bug#62402: 30.0.50; Emacs crashes on popup menu selection Date: Thu, 23 Mar 2023 16:56:20 +0800
Eshel Yaron via "Bug reports for GNU Emacs, the Swiss army knife of text editors" <bug-gnu-emacs <at> gnu.org> writes: > [...] > Trying to isolate the issue, I came up with the following minimal > example: > > 1. emacs -Q > 2. evaluate the following form to create a popup menu: > (x-popup-menu `((0 0) ,(get-buffer-window)) > '(keymap (Bar menu-item "Bar" ignore :key-sequence nil) > (Baz menu-item "Baz" ignore :key-sequence nil))) > 3. select an option from the menu > 4. Emacs crashes with the following backtrace: > > [...] > > Thanks, > Eshel > > In GNU Emacs 30.0.50 (build 25, x86_64-apple-darwin22.3.0, NS > appkit-2299.40 Version 13.2.1 (Build 22D68)) of 2023-03-21 built on > esmac.local > Repository revision: 42fba8f36b19536964d6deb6a34f3fd1c02b43dd > Repository branch: master > Windowing system distributor 'Apple', version 10.3.2299 > System Description: macOS 13.2.1 > > Configured using: > 'configure --with-native-compilation --with-json --with-tree-sitter' > > Configured features: > ACL DBUS GIF GLIB GMP GNUTLS JPEG JSON LCMS2 LIBXML2 MODULES NATIVE_COMP > NOTIFY KQUEUE NS PDUMPER PNG RSVG SQLITE3 THREADS TIFF > TOOLKIT_SCROLL_BARS TREE_SITTER WEBP XIM ZLIB > FTR, I cannot reproduce this issue on PGTK GNU/Linux with 30.0.50 (c6bfffa9fe1af7f4f806e5533ba5f3c33476cf9a), so this issue might be OS- or WM-specific. -- Best, RY
bug-gnu-emacs <at> gnu.org:bug#62402; Package emacs.
(Thu, 23 Mar 2023 09:01:02 GMT) Full text and rfc822 format available.bug-gnu-emacs <at> gnu.org:bug#62402; Package emacs.
(Thu, 23 Mar 2023 09:37:02 GMT) Full text and rfc822 format available.Message #14 received at 62402 <at> debbugs.gnu.org (full text, mbox):
From: Eli Zaretskii <eliz <at> gnu.org> To: Ruijie Yu <ruijie <at> netyu.xyz> Cc: 62402 <at> debbugs.gnu.org, me <at> eshelyaron.com Subject: Re: bug#62402: 30.0.50; Emacs crashes on popup menu selection Date: Thu, 23 Mar 2023 11:36:38 +0200
> Cc: 62402 <at> debbugs.gnu.org > Date: Thu, 23 Mar 2023 16:56:20 +0800 > From: Ruijie Yu via "Bug reports for GNU Emacs, > the Swiss army knife of text editors" <bug-gnu-emacs <at> gnu.org> > > FTR, I cannot reproduce this issue on PGTK GNU/Linux with 30.0.50 > (c6bfffa9fe1af7f4f806e5533ba5f3c33476cf9a), so this issue might be OS- > or WM-specific. And I cannot reproduce on MS-Windows, so I think this is indeed macOS specific.
bug-gnu-emacs <at> gnu.org:bug#62402; Package emacs.
(Thu, 23 Mar 2023 13:19:02 GMT) Full text and rfc822 format available.Message #17 received at 62402 <at> debbugs.gnu.org (full text, mbox):
From: Eshel Yaron <me <at> eshelyaron.com> To: Eli Zaretskii <eliz <at> gnu.org> Cc: Ruijie Yu <ruijie <at> netyu.xyz>, 62402 <at> debbugs.gnu.org Subject: Re: bug#62402: 30.0.50; Emacs crashes on popup menu selection Date: Thu, 23 Mar 2023 15:18:41 +0200
Eli Zaretskii <eliz <at> gnu.org> writes:
>> Cc: 62402 <at> debbugs.gnu.org
>> Date: Thu, 23 Mar 2023 16:56:20 +0800
>> From: Ruijie Yu via "Bug reports for GNU Emacs,
>> the Swiss army knife of text editors" <bug-gnu-emacs <at> gnu.org>
>>
>> FTR, I cannot reproduce this issue on PGTK GNU/Linux with 30.0.50
>> (c6bfffa9fe1af7f4f806e5533ba5f3c33476cf9a), so this issue might be OS-
>> or WM-specific.
>
> And I cannot reproduce on MS-Windows, so I think this is indeed macOS
> specific.
Thanks for looking into it. Indeed it seems to be a problem specific to
MacOS. To shed some more light I've rebuilt Emacs with CFLAGS="-g3 -O0"
and ran it under lldb, which shows the following backtrace:
* thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x3)
* frame #0: 0x00000001000aebad emacs`AREF(array=0x0000000000000000, idx=0) at lisp.h:1947:10
frame #1: 0x00000001000af660 emacs`find_and_return_menu_selection(f=0x00000001100dee30, keymaps=true, client_data=0x000000011089b888) at menu.c:985:11
frame #2: 0x0000000100380f2b emacs`-[EmacsMenu runMenuAt:forFrame:keymaps:](self=0x00006000017007c0, _cmd="runMenuAt:forFrame:keymaps:", p=(x = 2, y = 506), f=0x00000001100dee30, keymaps=true) at nsmenu.m:767:9
frame #3: 0x0000000100381f00 emacs`ns_menu_show(f=0x00000001100dee30, x=2, y=2, menuflags=1, title=0x0000000000000000, error=0x00007ff7bfefce80) at nsmenu.m:1067:9
frame #4: 0x00000001000b1203 emacs`x_popup_menu_1(position=0x000000011804dcb3, menu=0x000000011804e003) at menu.c:1410:17
frame #5: 0x00000001000b15a2 emacs`Fx_popup_menu(position=0x000000011804dcb3, menu=0x000000011804e003) at menu.c:1474:10
frame #6: 0x0000000100247c58 emacs`eval_sub(form=0x000000011804dd23) at eval.c:2503:15
...
It seems that the (MacOS-specific) function
`find_and_return_menu_selection` in menu.c tries to access the global
variable `menu_items` before it's initialized. I'm not sure when or
where it should be initialized though :(
--
Eshel
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.