emacs-pretest-bug
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crash when using wheel mouse

From: David Kastrup
Subject: Re: Crash when using wheel mouse
Date: 05 Mar 2003 21:31:43 +0100
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3.50 
Richard Stallman <address@hidden> writes:

>     #0  abort () at /home/tmp/emacs/src/emacs.c:412
>     #1  0x0809ec09 in try_window_id (w=0x8553ec0)
>       at /home/tmp/emacs/src/xdisp.c:12414
> 
> To start the debugging, please look at the values of
> first_unchanged_at_end_row, last_text_row and last_text_row_at_end.
> That way you can see what happened overall in the series
> of if's just before that abort.

(gdb) run
Starting program: /usr/local/tmp/emacs-build/src/emacs 

Breakpoint 1, abort () at /home/tmp/emacs/src/emacs.c:412
412       kill (getpid (), SIGABRT);
(gdb) bt
#0  abort () at /home/tmp/emacs/src/emacs.c:412
#1  0x0809ebe9 in try_window_id (w=0x8553e68)
    at /home/tmp/emacs/src/xdisp.c:12414
#2  0x0809b9a1 in redisplay_window (window=1213546088, just_this_one_p=1)
    at /home/tmp/emacs/src/xdisp.c:10612
#3  0x080980bd in redisplay_window_1 (window=1213546088)
    at /home/tmp/emacs/src/xdisp.c:9457
#4  0x08161110 in internal_condition_case_1 (
    bfun=0x8098090 <redisplay_window_1>, arg=1213546088, handlers=1479572212, 
    hfun=0x8098040 <redisplay_window_error>) at /home/tmp/emacs/src/eval.c:1392
#5  0x0809734c in redisplay_internal (preserve_echo_area=1)
    at /home/tmp/emacs/src/xdisp.c:9083
#6  0x08190d2a in wait_reading_process_input (time_limit=30, microsecs=0, 
    read_kbd=268435455, do_display=1) at /home/tmp/emacs/src/process.c:4226
#7  0x08086d81 in sit_for (sec=30, usec=0, reading=1, display=1, 
    initial_display=0) at /home/tmp/emacs/src/dispnew.c:6249
#8  0x0810caba in read_char (commandflag=1, nmaps=4, maps=0xbfffd600, 
    prev_event=405651300, used_mouse_menu=0xbfffd638)
    at /home/tmp/emacs/src/keyboard.c:2698
#9  0x08112cdd in read_key_sequence (keybuf=0xbfffd760, bufsize=30, 
    prompt=405651300, dont_downcase_last=0, can_return_switch_frame=1, 
    fix_current_buffer=1) at /home/tmp/emacs/src/keyboard.c:8582
#10 0x08109e8f in command_loop_1 () at /home/tmp/emacs/src/keyboard.c:1502
#11 0x08161016 in internal_condition_case (bfun=0x8109d10 <command_loop_1>, 
    handlers=405747908, hfun=0x8109900 <cmd_error>)
    at /home/tmp/emacs/src/eval.c:1351
#12 0x08109bea in command_loop_2 () at /home/tmp/emacs/src/keyboard.c:1290
#13 0x08160bb9 in internal_catch (tag=0, func=0x8109bcc <command_loop_2>, 
    arg=405651300) at /home/tmp/emacs/src/eval.c:1112
#14 0x08109ba0 in command_loop () at /home/tmp/emacs/src/keyboard.c:1269
#15 0x081096dc in recursive_edit_1 () at /home/tmp/emacs/src/keyboard.c:985
#16 0x081097ec in Frecursive_edit () at /home/tmp/emacs/src/keyboard.c:1041
#17 0x08108147 in main (argc=1, argv=0xbfffdd34)
    at /home/tmp/emacs/src/emacs.c:1659
#18 0x411774a0 in __libc_start_main () from /lib/tls/libc.so.6
(gdb) frame 1
#1  0x0809ebe9 in try_window_id (w=0x8553e68)
    at /home/tmp/emacs/src/xdisp.c:12414
12414       abort ();
(gdb) p first_unchanged_at_end_row
$1 = (struct glyph_row *) 0xbfffc760
(gdb) p *first_unchanged_at_end_row
$2 = {
  glyphs = {0x182dbf64, 0x2, 0x586f5274, 0x68851ea4}, 
  used = {7832, 26757, 21736}, 
  x = 1753699632, 
  y = 948042260, 
  pixel_width = 947982452, 
  ascent = 405651348, 
  height = 0, 
  phys_ascent = 0, 
  phys_height = 0, 
  visible_height = 142037800, 
  hash = 11, 
  start = {
    pos = {
      charpos = 1, 
      bytepos = 141751090
    }, 
    overlay_string_index = 0, 
    string_pos = {
      charpos = -1073756320, 
      bytepos = 947340508
    }, 
    dpvec_index = 141750784
  }, 
  end = {
    pos = {
      charpos = 1215779616, 
      bytepos = -1073755456
    }, 
    overlay_string_index = 0, 
    string_pos = {
      charpos = 31746, 
      bytepos = -1073755448
    }, 
    dpvec_index = 948042612
  }, 
  enabled_p = 0, 
  truncated_on_left_p = 0, 
  truncated_on_right_p = 0, 
  overlay_arrow_p = 0, 
  continued_p = 0, 
  displays_text_p = 1, 
  ends_at_zv_p = 1, 
  fill_line_p = 0, 
  indicate_empty_line_p = 0, 
  contains_overlapping_glyphs_p = 0, 
  full_width_p = 1, 
  mode_line_p = 0, 
  overlapped_p = 1, 
  ends_in_middle_of_char_p = 0, 
  starts_in_middle_of_char_p = 1, 
  overlapping_p = 0, 
  mouse_face_p = 1, 
  ends_in_newline_from_string_p = 1, 
  continuation_lines_width = 405651300
}
(gdb) p last_text_row
$3 = (struct glyph_row *) 0x2
(gdb) p last_text_row_at_end
$4 = (struct glyph_row *) 0x0
(gdb) 


In short, it would appear that last_text_row is a pointer, and some
arithmetic is done producing it even when the pointer it is calculated
from is NULL.  Actually, this can't even be the whole story, since one
can't really arrive at 0x2 from NULL by mere pointer arithmetic as
long as the pointers involved are (struct glyph_row *), since
glyph_row certainly is a type larger than 2 bytes.  There are quite a
few places in xdisp.c where it is calculated from itself or other
pointers with arithmetic without previous range or validity checks,
and I have no clue about the internals that are involved here and what
assumptions may be made safely.

I am not overly convinced that gdb is right about those values,
actually.

-- 
David Kastrup, Kriemhildstr. 15, 44793 Bochum
reply via email to
[Prev in Thread] Current Thread [Next in Thread]