bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#16140: 24.3.50; GC tries to free invalid font objects

From: Eli Zaretskii
Subject: bug#16140: 24.3.50; GC tries to free invalid font objects
Date: Sat, 14 Dec 2013 11:51:24 +0200 
This program:

  (defun bloat-font ()
    (interactive)
    (let ((fonts (x-list-fonts "*")))
      (while fonts
        (condition-case nil (set-frame-font (car fonts)) (error nil))
        (setq fonts (cdr fonts))
        (redisplay))))

reveals some subtle problem in GC: we sometimes try to free font
objects that re not valid (already freed?).  Here's one such case:

  Program received signal SIGSEGV, Segmentation fault.
  0x01160e2c in cleanup_vector (vector=0x100ed2a0) at alloc.c:2884
  2884            fnt->driver->close (fnt);
  (gdb) p fnt
  $1 = (struct font *) 0x100ed2a0
  (gdb) p fnt->driver
  $2 = (struct font_driver *) 0x26

When I originally saw this, fnt->driver was NULL.  I added protection
against that, but then it crashed with non-NULL but still invalid
pointer.  Such pointers should never end up in font objects, so how
come they do?


In GNU Emacs 24.3.50.137 (i686-pc-mingw32)
 of 2013-12-14 on HOME-C4E4A596F7
Bzr revision: 115517 eliz@gnu.org-20131214091610-1glyl0400451irx0
Windowing system distributor `Microsoft Corp.', version 5.1.2600
Configured using:
 `configure --prefix=/d/usr --enable-checking=yes,glyphs 'CFLAGS=-O0
 -gdwarf-2 -g3''

Important settings:
  value of $LANG: ENU
  locale-coding-system: cp1255
  default enable-multibyte-characters: t

Major mode: Lisp Interaction

Minor modes in effect:
  tooltip-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t

Recent input:
M-x r e p o r t - e m <tab> <return>

Recent messages:
For information about GNU Emacs and the GNU system, type C-h C-a.

Load-path shadows:
None found.

Features:
(shadow sort gnus-util mail-extr emacsbug message format-spec rfc822 mml
easymenu mml-sec mm-decode mm-bodies mm-encode mail-parse rfc2231
mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045 ietf-drums
mm-util mail-prsvr mail-utils time-date tooltip electric uniquify
ediff-hook vc-hooks lisp-float-type mwheel dos-w32 ls-lisp
w32-common-fns disp-table w32-win w32-vars tool-bar dnd fontset image
regexp-opt fringe tabulated-list newcomment lisp-mode prog-mode register
page menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock
font-lock syntax facemenu font-core frame cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew
greek romanian slovak czech european ethiopic indian cyrillic chinese
case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer nadvice
loaddefs button faces cus-face macroexp files text-properties overlay
sha1 md5 base64 format env code-pages mule custom widget
hashtable-print-readable backquote make-network-process w32notify w32
multi-tty emacs)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]