bug#17168: 24.3.50; Segfault at mark

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#17168: 24.3.50; Segfault at mark_object

From:	Daniel Colascione
Subject:	bug#17168: 24.3.50; Segfault at mark_object
Date:	Thu, 03 Apr 2014 02:08:46 -0700
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0

On 04/03/2014 12:55 AM, Daniel Colascione wrote:
> On 04/03/2014 12:04 AM, Dmitry Antipov wrote:
>> On 04/03/2014 10:59 AM, Dmitry Antipov wrote:
>>
>>> 3. Run 'emacs -Q', then M-x byte-force-recompile
>>>     /path/to/trunk/lis/org
>>                      ^^^^^^^
>> Mean /path/to/trunk/lisp/org, i.e. all Org mode.
> 
> Nice work. What gave you the idea of using byte-force-recompile to
> repro? I'd tried a few other stress cases myself and couldn't find
> anything. Your repro works perfectly.
> 

Found the bug: that symbol's name is in pure storage, so we ignore the
value of sym->s.gcmarkbit and assume the symbol is always live: we
never put it on the free list, so we never set its function slot to
Vdead. Later, during another GC pass, conservative GC scanning happens
to find a pointer to the symbol. We begin marking it, descend into the
function slot, which is still pointing to the old, dead object value. We
try to mark memory being used for some other purpose and enter la-la land.

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#17168: 24.3.50; Segfault at mark_object, (continued)

Prev by Date: bug#16200: shr should allow user to toggle HTML-specified colors on and off
Next by Date: bug#16617: 24.3.50; REGRESSION: `C-q ?' pops up annoying *Char Help* buffer
Previous by thread: bug#17168: 24.3.50; Segfault at mark_object
Next by thread: bug#17168: 24.3.50; Segfault at mark_object
Index(es):
- Date
- Thread