Re: Emacs crashes when selecting certain articles while in gnus summary

emacs-pretest-bug

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs crashes when selecting certain articles while in gnus summary

From:	Eli Zaretskii
Subject:	Re: Emacs crashes when selecting certain articles while in gnus summary buffer
Date:	10 Feb 2004 08:05:38 +0200

> From: Peter Lee <address@hidden>
> Date: Mon, 09 Feb 2004 14:27:33 -0600
> 
> Certain articles I select while in Gnus summary buffer causes Emacs
> to crash.  It happens every time I try to view the article:
> 
> "3d scene generation - Timothy Brady", in
> comp.os.ms-windows.programmer.win32.
> 
> When I select that article, I see in the minibuffer "loading
> uudecode" and then it crashes.
> 
> I built a debug version and attached a debugger... the following is
> what I thought would be useful.  If you need more info just let me
> know.  Below is the disassembled function, the registers, and the
> stack at the time of the crash.  
> 
> The parms passed in were:
> int spec=0x00000000, int key=0x213bc688, int * found=0x00000000
> 
> =====================================================================
> 
> static Lisp_Object
> image_spec_value (spec, key, found)
>      Lisp_Object spec, key;
>      int *found;
> {
> 010D806D  push        ebp  
> 010D806E  mov         ebp,esp 
>   Lisp_Object tail;
>     
>   xassert (valid_image_p (spec));
> 
>   for (tail = XCDR (spec);
>        CONSP (tail) && CONSP (XCDR (tail));
>        tail = XCDR (XCDR (tail)))
> 010D8070  mov         ecx,dword ptr [ebp+8] 
> 010D8073  push        ebx  
> 010D8074  push        esi  
> 010D8075  mov         eax,1FFFFFFFh 
> 010D807A  and         ecx,eax 
> 010D807C  push        edi  
> 010D807D  mov         edi,dword ptr [ecx+4]  <<==== *** CRASH ***

It crashes because ECX holds a value that's invalid as a pointer, and
the code tries to dereference it (with "[ecx+4]").

> Registers:
> 
> EAX = 1FFFFFFF EBX = 0082EF18 
> ECX = 00000000 EDX = A0000000 

Here we see that ECX holds a NULL pointer, which is not something you
want to dereference...

> >     emacs.exe!image_spec_value(int spec=0x00000000, int key=0x213bc688, int 
> > * found=0x00000000)  Line 7268 + 0xd    C
>       emacs.exe!lookup_image(frame * f=0x0166fa00, int spec=0xa2a37a60)  Line 
> 7998 + 0x10     C
>       emacs.exe!Fimage_size(int spec=0xa2a37a60, int pixels=0x213bc400, int 
> frame=0x213bc400)  Line 7299 + 0xb        C

It is quite obvious that spec=0x00000000 in the call to
image_spec_value is the source of the NULL pointer.  I don't have time
to dig into this further, but I'd suggest looking at higher frames
(inside lookup_image and Fimage_size) and trying to understand what is
wrong with the image spec and why.

Note that there are guidelines to debugging Emacs in etc/DEBUG; near
the end of the file you will find hints for using the MS debugger.

[Prev in Thread]

Current Thread

[Next in Thread]

Emacs crashes when selecting certain articles while in gnus summary buffer, Peter Lee, 2004/02/09
- Re: Emacs crashes when selecting certain articles while in gnus summary buffer, Eli Zaretskii <=

Prev by Date: dired-at-point: Wrong type argument: stringp, nil
Next by Date: Re: char-displayable-p returns t for undisplayable characters
Previous by thread: Emacs crashes when selecting certain articles while in gnus summary buffer
Next by thread: x-select-utf8-or-ctext is too slow
Index(es):
- Date
- Thread