[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#60096: 29.0.60; Crash in format_mode_line_unwind_data
From: |
martin rudalics |
Subject: |
bug#60096: 29.0.60; Crash in format_mode_line_unwind_data |
Date: |
Sat, 17 Dec 2022 16:26:36 +0100 |
> It is needed in this case because it forces redisplay to recompute the
> window list (in propagate_buffer_redisplay, if not earlier). If the
> above is not done, Vwindow_list will be reused, and the problematic
> (bogus?) windows in it _will_ cause a crash.
>
> Specifically, here's what happens:
>
> . We call
>
> wset_buffer (w, other_buffer_safely (Fcurrent_buffer ()));
>
> . other_buffer_safely cannot find a single buffer that satisfies the
> candidate_buffer condition, so it ends up recreating *scratch*
> (whose deletion caused this mess to begin with) by calling
> get-scratch-buffer-create in Lisp
> . get-scratch-buffer-create calls substitute-command-keys to produce
> the blurb we put in the comment at the beginning of *scratch*
> . substitute-command-keys uses a temporary buffer to format the
> message, and calls kill-buffer to delete that buffer when it's done
> . kill-buffer calls replace_buffer_in_windows, which calls
> replace-buffer-in-windows in Lisp
> . replace-buffer-in-windows calls window-list-1, which calls
> window_list, which fills Vwindow_list with windows that have no
> buffer:
>
> (gdb) pp Vwindow_list
> (#<window 8> #<window 4>)
>
> . one of these windows gets assigned a buffer, eventually, since it's
> a selected-window, but the other window stays without a buffer, and
> causes a crash in the following redisplay
Thanks for the explanation. I must have tested with my own version of
'replace-buffer-in-windows' which starts with
(let ((buffer (window-normalize-buffer buffer-or-name)))
;; Don't scan 'window-list-1' unless necessary (often it isn't, for
;; example, when killing a temporary buffer).
(when (> (buffer-windows-count buffer) 0)
(dolist (window (window-list-1 nil nil t))
But since there's no guarantee that a temporary buffer will not be shown
in a window temporarily, your patch is a bit safer. Alternatively, we
could exclude windows with a nil buffer in add_window_to_list (think of
the case that within the blurb producing code someone wants to consult
the window list). In either case, we'd be accepting a temporarily
broken basic invariant - that a live window always shows a live buffer.
Principally, we should never run 'replace-buffer-in-windows' from within
'set-window-configuration'. That bloated window list is just the tip of
an iceberg here.
> What about the other parts of the changeset I installed -- do they
> look okay to you? any comments?
I see
- return safe_call (1, Qget_scratch_buffer_create);
+ /* This function must return a valid buffer, since it is frequently
+ our last line of defense in the face of the expected buffers
+ becoming dead under our feet. safe_call below could return nil
+ if recreating *scratch* in Lisp, which does some fancy stuff,
+ signals an error in some weird use case. */
+ buf = safe_call (1, Qget_scratch_buffer_create);
+ if (NILP (buf))
+ {
+ AUTO_STRING (scratch, "*scratch*");
+ buf = Fget_buffer_create (scratch, Qnil);
+ }
+ return buf;
and
+ Fset_buffer_major_mode (buf);
which look okay to me. Unless, again, the latter would try to deal with
the window list or do some other nasty stuff. Then other_buffer_safely
should not be allowed to recreate *scratch* but rather some fallback
buffer in fundamental mode with no hooks run and any buffer lists having
it as single element.
martin
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, Juri Linkov, 2022/12/15
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, Eli Zaretskii, 2022/12/15
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, Juri Linkov, 2022/12/16
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, Eli Zaretskii, 2022/12/16
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, Eli Zaretskii, 2022/12/16
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, Eli Zaretskii, 2022/12/16
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, martin rudalics, 2022/12/17
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, Eli Zaretskii, 2022/12/17
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, Eli Zaretskii, 2022/12/17
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data,
martin rudalics <=
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, Eli Zaretskii, 2022/12/17
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, martin rudalics, 2022/12/17
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, Eli Zaretskii, 2022/12/17
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, martin rudalics, 2022/12/18
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, Eli Zaretskii, 2022/12/18
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, Juri Linkov, 2022/12/17
- bug#60096: 29.0.60; Crash in format_mode_line_unwind_data, Eli Zaretskii, 2022/12/17