Stefan Kangas <stefankangas@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.
Received: (at 71694-done) by debbugs.gnu.org; 1 Mar 2025 01:59:46 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Feb 28 20:59:46 2025
Received: from localhost ([127.0.0.1]:55825 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1toC8n-0006mW-3X
for submit <at> debbugs.gnu.org; Fri, 28 Feb 2025 20:59:46 -0500
Received: from mail-ed1-x52c.google.com ([2a00:1450:4864:20::52c]:51495)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <stefankangas@HIDDEN>)
id 1toC8k-0006ln-EG
for 71694-done <at> debbugs.gnu.org; Fri, 28 Feb 2025 20:59:42 -0500
Received: by mail-ed1-x52c.google.com with SMTP id
4fb4d7f45d1cf-5dc89df7eccso4343412a12.3
for <71694-done <at> debbugs.gnu.org>; Fri, 28 Feb 2025 17:59:42 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1740794376; x=1741399176; darn=debbugs.gnu.org;
h=content-transfer-encoding:cc:to:subject:message-id:date
:mime-version:references:in-reply-to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=0AMKG/yyibCo0RyJtgwtoUG+n1H1TpsPLESa7NjL254=;
b=WCIqQjeIpspVW7cQFCVyDoSraEYIREgSfAfHVROlRS2rEK472G/MSkgEx1LTf6X26+
pg1JDbci/66bTXpyxYxdylBpGyC7Q3eJyzhSkvnerT1SZrDUE45rs5zcEuKK5VyoPVPx
dhu27HzcFr/1rZp3RMKmCD1/aqt089DU+GnTRFzKacuIB08BKrk0M4qrGupnBeJeMqY+
D72V+dc2UNaTfJMHTsyHidoAo9BljEeEpZXVJGZZQA7j6XYmk6yKbTogmv3ydHqwKqXR
VQzI7od3I4gIFNrZybk20xjkWecATanXvjX9BtjO9PRdiePhZGHyQ304fi4jiwxorRIW
/VqA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1740794376; x=1741399176;
h=content-transfer-encoding:cc:to:subject:message-id:date
:mime-version:references:in-reply-to:from:x-gm-message-state:from:to
:cc:subject:date:message-id:reply-to;
bh=0AMKG/yyibCo0RyJtgwtoUG+n1H1TpsPLESa7NjL254=;
b=itFokXaIFlFjILgpTGDRUNmJ3Q4PgkxDYeD/+UeykUN+uSxyLH6Qm60Anjg80+fmiE
w/5wdCgENZIsVVbGBkPVuzWIx9qpBicL2LFAzPdfTRYA/8i/6R1zFZBtnhFjNhALy7+t
KPPjVAGdSGrk9aVolWPIpMm0Ms+I8tDXkgQnyFQEkXa7DABsYzAF1291cJ0+yARypxvL
Yng5JUM6Azi3nZAE6Z/O4TSx0IF5Pne8NFlvHP+EdVGsGuGod5LZ21V8kHymG8Tng4z7
qfB2s6uHBzL75yL/Hw9JmJuUkTOqFdUlYxXpUpufJcb2XoQnPVqlpwMYXulejhdIIC0S
9E0g==
X-Forwarded-Encrypted: i=1;
AJvYcCXaezAvdxv4U4GN5Tt1bLJMwluP5FeOQMa4VmGAvhV2UTdK4cnKw0ueb15TecR4ykO3BwgvL3rGeLbA <at> debbugs.gnu.org
X-Gm-Message-State: AOJu0YwM31NmeKJ32j8jZFW2HgtIkxOnu+Lw+Ii2wGRN+iZNl0WnsJvC
3uuMcYq2hRkNldDVAuWh9yGKlH8V1STi3Xv9wFYvNA8taFBWGvrF4IUjK2gcn8Y0XptgBmTIrWF
ZON6h48kP0JGBrqAkJ9V1p8S0Pq4=
X-Gm-Gg: ASbGncsY//e61y6KPFXKc2KiRNolwliL0dxDcUSFR9oj8YTCz7QbPNqsrsBFDzwnEI+
XVWYI6HH71GnbJyoUlYJEx+LUnchjGje3hiMi87zEyXT9vlN81G7B774cBv9Qjmw8zMNDtTvwWI
qzNKP4rSl1SF87tw/NoBH8yZySq4c=
X-Google-Smtp-Source: AGHT+IFxQaGeyfluJ9GzNGZsRXtx3jQHgXrG/3vytOOe2LmxxuU/lNhmqVYaiisHXbUz05bD1P0HgKFoQpwlyhaHpVM=
X-Received: by 2002:a05:6402:5190:b0:5db:f26d:fff1 with SMTP id
4fb4d7f45d1cf-5e4d6b62c36mr4472334a12.21.1740794376068; Fri, 28 Feb 2025
17:59:36 -0800 (PST)
Received: from 753933720722 named unknown by gmailapi.google.com with
HTTPREST; Fri, 28 Feb 2025 17:59:35 -0800
From: Stefan Kangas <stefankangas@HIDDEN>
In-Reply-To: <CAJKAhPDz5ze6EzPXXjszg+1XmZ_666ksuZBNSfob5dH427fGkQ@HIDDEN>
References: <CAJKAhPDU_6ktqysucaT=DB3HSSzAYwpAjEP=kcBKOW9qVkSc2A@HIDDEN>
<864j9ml6j1.fsf@HIDDEN>
<CAJKAhPDz5ze6EzPXXjszg+1XmZ_666ksuZBNSfob5dH427fGkQ@HIDDEN>
MIME-Version: 1.0
Date: Fri, 28 Feb 2025 17:59:35 -0800
X-Gm-Features: AQ5f1JpeceVTIzX-NORjycheBXbF7f8KYzbXknZJYbBkZUK3XO6Rq3b8ni7gkDI
Message-ID: <CADwFkmnv+mW4MtO1N2j-jJiDM65WxjvFW7uP7JrK6LPerBiZAw@HIDDEN>
Subject: Re: bug#71694: 30.0.50; heap-use-after-free in tty_defined_color
To: Daniel Clemente <n142857@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 71694-done
Cc: Eli Zaretskii <eliz@HIDDEN>, 71694-done <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Daniel Clemente <n142857@HIDDEN> writes:
> On Fri, 21 Jun 2024 at 14:22, Eli Zaretskii <eliz@HIDDEN> wrote:
>>
>> > From: Daniel Clemente <n142857@HIDDEN>
>> > Date: Fri, 21 Jun 2024 10:47:01 +0000
>> >
>> > I enabled -fsanitize. I'm using an X terminal to run TTY Emacs inside.
>> > I opened the daemon inside gdb with emacs --fg-daemon -Q
>> >
>> > I don't remember what exactly I was doing here, but it only involved
>> > slowly opening 2 or 3 terminals like this
>> > urxvt -e "emacsclient" "-c" "-e" '(dired "~")'
>> > and then I might have opened 2 or 3 with this (in the same session)
>> > xterm -e "emacsclient" "-c" "-e" '(dired "~")'
>> > Plus switching between them and closing them.
>> > However that's not a reproduction formula, it's just what I was doing
>> > when this crash randomly happened. I don't know how to reproduce this
>> > yet.
>> >
>> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>> > =3D=3D9677=3D=3DERROR: AddressSanitizer: heap-use-after-free on addres=
s
>> > 0x625000123b30 at pc 0x55555695b2c9 bp 0x7fffffff9900 sp
>> > 0x7fffffff98f8
>> > READ of size 1 at 0x625000123b30 thread T0
>> > #0 0x55555695b2c8 in tty_defined_color /w/emacs/src/xfaces.c:1115
>>
>> I think this is bogus: -fsanitize doesn't understand the Emacs memory
>> management, in particular what's going in GC when we relocate strings.
>>
>
> I also used -fsanitize=3Dundefined,address,bounds-strict,float-cast-overf=
low
> without realizing that undefined+address seem to be incompatible;
> sorry.
>
> This -fsanitize =E2=80=9Enot understanding=E2=80=9C memory management cou=
ld be
> explained in etc/DEBUG. But this seems advanced so I guess developers
> should just get more experience in Emacs memory management before
> enabling this.
>
> (You can close it you want).
It seems like the outstanding questions here were resolved.
I'm therefore closing this bug report.
>
>> In any case, the line numbers seem off: line 1115 of xfaces.c is a
>> comment. Are your sources in sync with the Git repository?
>
> My sources were synchronized but my build was a few weeks old:
> d9512da49514623ef3e35524dc894c06f2c0ce20
>
> Line 1115 of xfaces.c was:
> if (color_def->pixel =3D=3D FACE_TTY_DEFAULT_COLOR && *color_name)
> in this context:
>
> /* Defaults. */
> color_def->pixel =3D FACE_TTY_DEFAULT_COLOR;
> color_def->red =3D 0;
> color_def->blue =3D 0;
> color_def->green =3D 0;
>
> if (*color_name)
> status =3D tty_lookup_color (f, build_string (color_name), color_def,=
NULL);
>
> if (color_def->pixel =3D=3D FACE_TTY_DEFAULT_COLOR && *color_name)
> {
> if (strcmp (color_name, "unspecified-fg") =3D=3D 0)
> color_def->pixel =3D FACE_TTY_DEFAULT_FG_COLOR;
> else if (strcmp (color_name, "unspecified-bg") =3D=3D 0)
> color_def->pixel =3D FACE_TTY_DEFAULT_BG_COLOR;
> }
Daniel Clemente <n142857@HIDDEN>:Stefan Kangas <stefankangas@HIDDEN>:
Received: (at 71694) by debbugs.gnu.org; 26 Jun 2024 13:30:51 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Jun 26 09:30:50 2024
Received: from localhost ([127.0.0.1]:38815 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sMSja-0000M9-CO
for submit <at> debbugs.gnu.org; Wed, 26 Jun 2024 09:30:50 -0400
Received: from mail-ej1-f49.google.com ([209.85.218.49]:53570)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <n142857@HIDDEN>) id 1sMSjX-0000Lp-JE
for 71694 <at> debbugs.gnu.org; Wed, 26 Jun 2024 09:30:48 -0400
Received: by mail-ej1-f49.google.com with SMTP id
a640c23a62f3a-a725041ad74so212794566b.3
for <71694 <at> debbugs.gnu.org>; Wed, 26 Jun 2024 06:30:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1719408579; x=1720013379; darn=debbugs.gnu.org;
h=content-transfer-encoding:cc:to:subject:message-id:date:from
:in-reply-to:references:mime-version:from:to:cc:subject:date
:message-id:reply-to;
bh=Wr1BNOSjfMRUlyuvqm2IKkE5ElyBMMutjCm+UTtD0gw=;
b=Sc9chpxBYo32aXC0kGLyL27RQ3m7FaNfIny40GCgaqdbLnFiPFcrPrXCutKrY1ZVuM
qkKT+yMk4ua3fxJ1FsX6VI6NZxcS9bQw/So8jqga7nK+QDc7igLjGhfLU9qUx28t9Tlh
CtHX+bYUFt+tWT2HHR4BcsCGAQ4/ZaIDC28m2nIiSKpeKJj+hzpNnnjYPr5kfT4iULYb
y4rl+weFdcW/5MA7PuPiUhO9YcIJbt4Hu0WT1IQKf39YX1GcXDMRvT14cOysR9FDpLuk
Rj0wnVVg2ExBMHwye9kvyakGSdQdwPrFKwmd8MQ/lUQOD8eiEGbWswjBr1uaDiZnnSoZ
qiDQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1719408579; x=1720013379;
h=content-transfer-encoding:cc:to:subject:message-id:date:from
:in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
:subject:date:message-id:reply-to;
bh=Wr1BNOSjfMRUlyuvqm2IKkE5ElyBMMutjCm+UTtD0gw=;
b=TjUANyxc3M/eeAW0jJjKs7IJh0vGY3jYnfSEV2v4kUA4lLcof+5gelzCzKBvCjm2pl
zRVz2p4aDULVs8yoVGu1IXKsRZwNYoXuMlmUaTTZ4/E/xT3JdCo2+4n+jwLnZQu00hbN
809Mkjbs7XFWnn9xeNOtXhSzubB4eq+wtYWwf/o6+UhqldgISVwt85K71kBWnV7voFF7
wopBv1U3t1NkRcbS5n96JE2jjN8CQ4igjXXnQXl0TU6pHsmGe92bC83bh0EcI2Wlxidi
f6+tdluWTlI8KoGxSkI/I7CGnl5Njde34CUxulwgmkJgl0JSo3oqZqyfBWkXZ8WwKR/m
wnAQ==
X-Gm-Message-State: AOJu0Yw1McJRteBh0L+Wt4Fo3zNGlBAPN9FyMRhdFFzTKN91Nsyq7LKh
ZLZZNzwgoo6QHw482QqRwmht5kO+mzlK4rArCfXcHL/qrLh8qF5Ul5twnkLCAkFkwd1X/vv2Jlw
bE9BIb6bao0SNUWqVYKfSgijnDCrZNKOz
X-Google-Smtp-Source: AGHT+IGZPTkoujUWPHm99JBAsi4eIpZol7dy6esM3gEuPpW9OIBTJJv7zVmiiVW226ZusdReDWGX8oXK8YDJh9i+QZc=
X-Received: by 2002:a50:9546:0:b0:579:d673:4e67 with SMTP id
4fb4d7f45d1cf-57d70069b8bmr5580334a12.26.1719408579364; Wed, 26 Jun 2024
06:29:39 -0700 (PDT)
MIME-Version: 1.0
References: <CAJKAhPDU_6ktqysucaT=DB3HSSzAYwpAjEP=kcBKOW9qVkSc2A@HIDDEN>
<864j9ml6j1.fsf@HIDDEN>
In-Reply-To: <864j9ml6j1.fsf@HIDDEN>
From: Daniel Clemente <n142857@HIDDEN>
Date: Wed, 26 Jun 2024 13:29:08 +0000
Message-ID: <CAJKAhPDz5ze6EzPXXjszg+1XmZ_666ksuZBNSfob5dH427fGkQ@HIDDEN>
Subject: Re: bug#71694: 30.0.50; heap-use-after-free in tty_defined_color
To: Eli Zaretskii <eliz@HIDDEN>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.2 (/)
X-Debbugs-Envelope-To: 71694
Cc: 71694 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.8 (/)
On Fri, 21 Jun 2024 at 14:22, Eli Zaretskii <eliz@HIDDEN> wrote:
>
> > From: Daniel Clemente <n142857@HIDDEN>
> > Date: Fri, 21 Jun 2024 10:47:01 +0000
> >
> > I enabled -fsanitize. I'm using an X terminal to run TTY Emacs inside.
> > I opened the daemon inside gdb with emacs --fg-daemon -Q
> >
> > I don't remember what exactly I was doing here, but it only involved
> > slowly opening 2 or 3 terminals like this
> > urxvt -e "emacsclient" "-c" "-e" '(dired "~")'
> > and then I might have opened 2 or 3 with this (in the same session)
> > xterm -e "emacsclient" "-c" "-e" '(dired "~")'
> > Plus switching between them and closing them.
> > However that's not a reproduction formula, it's just what I was doing
> > when this crash randomly happened. I don't know how to reproduce this
> > yet.
> >
> > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
> > =3D=3D9677=3D=3DERROR: AddressSanitizer: heap-use-after-free on address
> > 0x625000123b30 at pc 0x55555695b2c9 bp 0x7fffffff9900 sp
> > 0x7fffffff98f8
> > READ of size 1 at 0x625000123b30 thread T0
> > #0 0x55555695b2c8 in tty_defined_color /w/emacs/src/xfaces.c:1115
>
> I think this is bogus: -fsanitize doesn't understand the Emacs memory
> management, in particular what's going in GC when we relocate strings.
>
I also used -fsanitize=3Dundefined,address,bounds-strict,float-cast-overflo=
w
without realizing that undefined+address seem to be incompatible;
sorry.
This -fsanitize =E2=80=9Enot understanding=E2=80=9C memory management could=
be
explained in etc/DEBUG. But this seems advanced so I guess developers
should just get more experience in Emacs memory management before
enabling this.
(You can close it you want).
> In any case, the line numbers seem off: line 1115 of xfaces.c is a
> comment. Are your sources in sync with the Git repository?
My sources were synchronized but my build was a few weeks old:
d9512da49514623ef3e35524dc894c06f2c0ce20
Line 1115 of xfaces.c was:
if (color_def->pixel =3D=3D FACE_TTY_DEFAULT_COLOR && *color_name)
in this context:
/* Defaults. */
color_def->pixel =3D FACE_TTY_DEFAULT_COLOR;
color_def->red =3D 0;
color_def->blue =3D 0;
color_def->green =3D 0;
if (*color_name)
status =3D tty_lookup_color (f, build_string (color_name), color_def, N=
ULL);
if (color_def->pixel =3D=3D FACE_TTY_DEFAULT_COLOR && *color_name)
{
if (strcmp (color_name, "unspecified-fg") =3D=3D 0)
color_def->pixel =3D FACE_TTY_DEFAULT_FG_COLOR;
else if (strcmp (color_name, "unspecified-bg") =3D=3D 0)
color_def->pixel =3D FACE_TTY_DEFAULT_BG_COLOR;
}
bug-gnu-emacs@HIDDEN:bug#71694; Package emacs.
Full text available.Received: (at 71694) by debbugs.gnu.org; 21 Jun 2024 16:25:00 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jun 21 12:25:00 2024 Received: from localhost ([127.0.0.1]:43121 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sKh4O-0000Zs-FE for submit <at> debbugs.gnu.org; Fri, 21 Jun 2024 12:25:00 -0400 Received: from eggs.gnu.org ([209.51.188.92]:58460) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <eliz@HIDDEN>) id 1sKh4M-0000ZY-Mr for 71694 <at> debbugs.gnu.org; Fri, 21 Jun 2024 12:24:59 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <eliz@HIDDEN>) id 1sKfA5-0003w6-LI; Fri, 21 Jun 2024 10:22:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=References:Subject:In-Reply-To:To:From:Date: mime-version; bh=3j1aw9xqeCZ3QHGkKKLZcPWcIwL4MFPalz7aipZ9SNw=; b=eShYoeu8yUQ1 KVirWxoy7bAg5MHn+W9t7ebOx9Emlxc/rER9oAmUrrPkkqka6bQHP9GKxlNtZ2gKSANqJsPEdCHL/ DIRuo2izGbCQlSR4qkN28zbszSR88SuWAc/fx5HaEebSgdJgys3hhCC839YaFxUfXkXtsYmkKuCVh k/mMNwjWS6QR71UhFvpMtz8bMgiQNLQkI++as1TBFBnsKfofib+XB90jgcOtcjR6YJp2DGavJFDVe eQ5Gs0IC0CmlQaRk86Ilg4WsR/IcYf/B86AecCVgsFG0pU5Ff2zMR5DUfzqrEkExIwr9BlhpPLmZB HxlO19ks41PTdlHBw0mhNw==; Date: Fri, 21 Jun 2024 17:22:42 +0300 Message-Id: <864j9ml6j1.fsf@HIDDEN> From: Eli Zaretskii <eliz@HIDDEN> To: Daniel Clemente <n142857@HIDDEN> In-Reply-To: <CAJKAhPDU_6ktqysucaT=DB3HSSzAYwpAjEP=kcBKOW9qVkSc2A@HIDDEN> (message from Daniel Clemente on Fri, 21 Jun 2024 10:47:01 +0000) Subject: Re: bug#71694: 30.0.50; heap-use-after-free in tty_defined_color References: <CAJKAhPDU_6ktqysucaT=DB3HSSzAYwpAjEP=kcBKOW9qVkSc2A@HIDDEN> X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 71694 Cc: 71694 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) > From: Daniel Clemente <n142857@HIDDEN> > Date: Fri, 21 Jun 2024 10:47:01 +0000 > > I enabled -fsanitize. I'm using an X terminal to run TTY Emacs inside. > I opened the daemon inside gdb with emacs --fg-daemon -Q > > I don't remember what exactly I was doing here, but it only involved > slowly opening 2 or 3 terminals like this > urxvt -e "emacsclient" "-c" "-e" '(dired "~")' > and then I might have opened 2 or 3 with this (in the same session) > xterm -e "emacsclient" "-c" "-e" '(dired "~")' > Plus switching between them and closing them. > However that's not a reproduction formula, it's just what I was doing > when this crash randomly happened. I don't know how to reproduce this > yet. > > ================================================================= > ==9677==ERROR: AddressSanitizer: heap-use-after-free on address > 0x625000123b30 at pc 0x55555695b2c9 bp 0x7fffffff9900 sp > 0x7fffffff98f8 > READ of size 1 at 0x625000123b30 thread T0 > #0 0x55555695b2c8 in tty_defined_color /w/emacs/src/xfaces.c:1115 I think this is bogus: -fsanitize doesn't understand the Emacs memory management, in particular what's going in GC when we relocate strings. In any case, the line numbers seem off: line 1115 of xfaces.c is a comment. Are your sources in sync with the Git repository?
bug-gnu-emacs@HIDDEN:bug#71694; Package emacs.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.