bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs 21.1.1 segmentation fault (!)

From: Bob Halley
Subject: Re: Emacs 21.1.1 segmentation fault (!)
Date: 17 Dec 2001 13:48:08 -0800
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.1 
Richard Stallman <rms@gnu.org> writes:

> Since this was a seg fault, can you see anything in the data referenced
> in this code
> 
>   /* Increment positions in glyphs.  */
>   for (area = 0; area < LAST_AREA; ++area)
>     for (i = 0; i < row->used[area]; ++i)
>       if (BUFFERP (row->glyphs[area][i].object)
>         && row->glyphs[area][i].charpos > 0)
>       row->glyphs[area][i].charpos += delta;

> Can you find the invalid address that caused the seg fault?
> Studying the code at the assembler level might help.

Hmm... I'm not getting completely consistent output from gdb; it may
be that the code optimization confused things.  E.g. the value of
row->glyphs[area][i].object is 0x3849F31C.  The type of this value is
0x03, which is not Lisp_Vectorlike, and yet the assembly code appears
to indicate that we're dying inside of an evalation of code generated
by

#define BUFFERP(x) PSEUDOVECTORP (x, PVEC_BUFFER)

which is:

/* True if object X is a pseudovector whose code is CODE.  */
#define PSEUDOVECTORP(x, code)                                  \
  (VECTORLIKEP (x)                                              \
   && (((XVECTOR (x)->size & (PSEUDOVECTOR_FLAG | (code))))     \
       == (PSEUDOVECTOR_FLAG | (code))))

*after* we've passed the VECTORLIKEP() test.

It looks to me like we're dying at (x)->size:

     0x80504e0 <increment_row_positions+68>: mov    %edx,%eax
     0x80504e2 <increment_row_positions+70>: sar    $0x1c,%eax
     0x80504e5 <increment_row_positions+73>: cmp    $0x4,%eax
     0x80504e8 <increment_row_positions+76>: jne    0x805050b 
<increment_row_positions+111>
     0x80504ea <increment_row_positions+78>: and    $0xfffffff,%edx
PC-> 0x80504f0 <increment_row_positions+84>: mov    (%edx),%eax
     0x80504f2 <increment_row_positions+86>: and    $0x20020000,%eax
     0x80504f7 <increment_row_positions+91>: cmp    $0x20020000,%eax
     0x80504fc <increment_row_positions+96>: jne    0x805050b 
<increment_row_positions+111>

According to gdb, the value of %edx here is 0xbfffe7cc, which is not
an invalid address, but I don't believe this is the correct value of
%edx at the time of the fault since gdb's "info reg" reports the same
value for all frames; I think that's actually the frame 0 value and
that the value at the time of the fault is not available.  Bummer!

So, all I can say is that it looks like something is trashing

        row->glyphs[area][i].object

Let me know if I can help more.  If I knew a way to reproduce the bug,
I'd rebuild without optimization and see what happened, but I don't
know how to trigger the bug.

Regards,

/Bob
reply via email to
[Prev in Thread] Current Thread [Next in Thread]