[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#18473: 24.4.50; SEGFAULT when vconcatting more than 2048 vectors
From: |
Dmitry Antipov |
Subject: |
bug#18473: 24.4.50; SEGFAULT when vconcatting more than 2048 vectors |
Date: |
Sun, 14 Sep 2014 21:10:31 +0400 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1 |
On 09/14/2014 06:37 AM, Michael Welsh Duggan wrote:
With attached foo.el:
emacs -Q -l foo.el
(testbug 2049)
C-j
SEGFAULT
Also reproduced in emacs-24 branch (here and below, emacs-24 branch is assumed).
This looks a fundamental bug in eval_sub, probably introduced in r112828.
When compiling with --enable-checking, it gives:
../../emacs-24/src/eval.c:184: Emacs fatal error: assertion failed: pdl->kind
== SPECPDL_BACKTRACE
(gdb) bt 10
#0 0x000000000056a602 in terminate_due_to_signal (sig=6,
backtrace_limit=2147483647) at ../../emacs-24/src/emacs.c:351
#1 0x00000000005f1d8e in die (msg=0x714b20 "pdl->kind == SPECPDL_BACKTRACE",
file=0x714ab8 "../../emacs-24/src/eval.c", line=184)
at ../../emacs-24/src/alloc.c:6833
#2 0x000000000060c5e6 in set_backtrace_args (pdl=0x1327bc0,
args=0x7fffec33e010) at ../../emacs-24/src/eval.c:184
#3 0x0000000000611b76 in eval_sub (form=...) at ../../emacs-24/src/eval.c:2154
#4 0x0000000000611c3d in eval_sub (form=...) at ../../emacs-24/src/eval.c:2170
#5 0x000000000061141b in Feval (form=..., lexical=...) at
../../emacs-24/src/eval.c:2003
#6 0x000000000061347d in Ffuncall (nargs=3, args=0x7fffffffbfa8) at
../../emacs-24/src/eval.c:2818
#7 0x000000000065ce9a in exec_byte_code (bytestr=..., vector=...,
maxdepth=..., args_template=..., nargs=1, args=0x7fffffffc7e0)
at ../../emacs-24/src/bytecode.c:916
#8 0x0000000000613c9b in funcall_lambda (fun=..., nargs=1,
arg_vector=0x7fffffffc7d8) at ../../emacs-24/src/eval.c:2983
#9 0x0000000000613633 in Ffuncall (nargs=2, args=0x7fffffffc7d0) at
../../emacs-24/src/eval.c:2864
#10 0x000000000065ce9a in exec_byte_code (bytestr=..., vector=...,
maxdepth=..., args_template=..., nargs=1, args=0x7fffffffd050)
at ../../emacs-24/src/bytecode.c:916
In eval.c:
2134 else if (XSUBR (fun)->max_args == MANY)
2135 {
2136 /* Pass a vector of evaluated arguments. */
2137 Lisp_Object *vals;
2138 ptrdiff_t argnum = 0;
2139 USE_SAFE_ALLOCA;
2140
2141 SAFE_ALLOCA_LISP (vals, XINT (numargs));
2142
2143 GCPRO3 (args_left, fun, fun);
2144 gcpro3.var = vals;
2145 gcpro3.nvars = 0;
2146
2147 while (!NILP (args_left))
2148 {
2149 vals[argnum++] = eval_sub (Fcar (args_left));
2150 args_left = Fcdr (args_left);
2151 gcpro3.nvars = argnum;
2152 }
2153
2154 set_backtrace_args (specpdl_ptr - 1, vals);
2155 set_backtrace_nargs (specpdl_ptr - 1, XINT (numargs));
2156
2157 val = (XSUBR (fun)->function.aMANY) (XINT (numargs), vals);
2158 UNGCPRO;
2159 SAFE_FREE ();
2160 }
At 2141, if numargs is > 2047 (and so allocation size exceeds MAX_ALLOCA on
a 64-bit system), SAFE_ALLOCA_LISP pushes an entry of type SPECPDL_UNWIND to
specpdl stack. At line 2154, set_backtrace_args modifies this entry assuming
SPECPDL_BACKTRACE. Oops.
Dmitry
bug#18473: 24.4.50; SEGFAULT when vconcatting more than 2048 vectors, Paul Eggert, 2014/09/23