bug#43589: 27.1.50; Crash in Org mode buffer when moving point after using outline-hide-other when visual-line-mode and visual line numbers are enabled

[Andy Moreton]

On Thu 24 Sep 2020, Simon Pugnet wrote:

> Daniel Martín <mardani29@yahoo.es> writes:
>
>> Simon, if you can reproduce the problem consistently, could you describe
>> in more detail the position of point at each step? Are you copying and
>> pasting the sample Org document? Perhaps those implicit assumptions are
>> making the problem harder to reproduce. Thanks.
>
> Hello Daniel and Eli,
>
> Here's a more detailed explanation of exactly what I'm dong to cause this
> issue.
>
> 1. Execute: emacs -Q
> 2. In the scratch buffer that opens by default, activate Org mode: M-x
> org-mode
> 3. Type the following directly into the buffer (3 lines): -
>
> * Heading 1
> ** Heading 1a
> ** Heading 1b
>
> 4. The point should now be after the "b" in "Heading 1b"
> 5. Evaluate (M-:) the following: (setq display-line-numbers-type 'visual)
> 6. Activate display-line-numbers-mode: M-x display-line-numbers-mode
> 7. Activate visual-line-mode: M-x visual-line-mode
> 8. Hide other outline headings: M-x outline-hide-other
> 9. Try to move the point to the previous line: C-p or previous-line
>
> If I perform these steps on Emacs 27.1 (GUI or text frame), and also the
> packaged version of Emacs 26.3 on Android (via the Termux app), I always get a
> segmentation fault.
>
> This happens in other Org mode buffers too, including those loaded directly
> from the file system.
>
> I hope that helps!

With this recipe, I can reliably reproduce this on 64bit mingw64 on
Windows (built with -O2). Running this produces the message:

    Re-entering top level after C stack overflow

... which confirms Eli's hunch about the cause. Running the same recipe
under gdb, I get the following backtrace:

(gdb) bt
#0  0x000000006f8d0f25 in ?? () from C:\msys64\mingw64\bin\libharfbuzz-0.dll
#1  0x000000006f85a24b in ?? () from C:\msys64\mingw64\bin\libharfbuzz-0.dll
#2  0x000000006f8526cb in ?? () from C:\msys64\mingw64\bin\libharfbuzz-0.dll
#3  0x00000004001c0367 in w32hb_encode_char (font=0x5698a90, c=0x5c) at 
C:/emacs/git/emacs/master/src/w32uniscribe.c:1359
#4  0x000000040004ba06 in get_char_glyph_code (char2b=0x4041cc, font=0x5698a90, 
c=<optimized out>) at C:/emacs/git/emacs/master/src/xdisp.c:27746
#5  gui_produce_glyphs (it=0x404270) at 
C:/emacs/git/emacs/master/src/xdisp.c:30173
#6  0x000000040001e204 in produce_special_glyphs (it=it@entry=0x405750, 
what=what@entry=IT_CONTINUATION) at C:/emacs/git/emacs/master/src/xdisp.c:29779
#7  0x000000040002ca1d in init_iterator (it=it@entry=0x405750, 
w=w@entry=0x5698320, charpos=0xab, bytepos=<optimized out>, row=0x578bc00, 
base_face_id=<optimized out>, base_face_id@entry=DEFAULT_FACE_ID) at 
C:/emacs/git/emacs/master/src/xdisp.c:3286
#8  0x000000040002e321 in start_display (it=it@entry=0x405750, w=0x5698320, 
pos=...) at C:/emacs/git/emacs/master/src/xdisp.c:3459
#9  0x000000040002f02c in display_count_lines_visually (it=0x40dfe0) at 
C:/emacs/git/emacs/master/src/xdisp.c:22824
#10 maybe_produce_line_number (it=it@entry=0x40dfe0) at 
C:/emacs/git/emacs/master/src/xdisp.c:22868
#11 0x0000000400030580 in move_it_in_display_line_to (it=it@entry=0x40dfe0, 
to_charpos=to_charpos@entry=0xab, to_x=to_x@entry=0xffffffff, 
op=op@entry=MOVE_TO_POS) at C:/emacs/git/emacs/master/src/xdisp.c:9184
#12 0x00000004000344af in move_it_to (it=<optimized out>, it@entry=0x40dfe0, 
to_charpos=to_charpos@entry=0xab, to_x=<optimized out>, to_x@entry=0xffffffff, 
to_y=<optimized out>, to_y@entry=0xffffffff, to_vpos=<optimized out>, 
to_vpos@entry=0xffffffff, op=<optimized out>, op@entry=0x8) at 
C:/emacs/git/emacs/master/src/xdisp.c:10006
#13 0x000000040002e3da in start_display (it=it@entry=0x40dfe0, w=0x5698320, 
pos=...) at C:/emacs/git/emacs/master/src/xdisp.c:6968
#14 0x000000040002f02c in display_count_lines_visually (it=0x416870) at 
C:/emacs/git/emacs/master/src/xdisp.c:22824
#15 maybe_produce_line_number (it=it@entry=0x416870) at 
C:/emacs/git/emacs/master/src/xdisp.c:22868
#16 0x0000000400030580 in move_it_in_display_line_to (it=it@entry=0x416870, 
to_charpos=to_charpos@entry=0xab, to_x=to_x@entry=0xffffffff, 
op=op@entry=MOVE_TO_POS) at C:/emacs/git/emacs/master/src/xdisp.c:9184
#17 0x00000004000344af in move_it_to (it=<optimized out>, it@entry=0x416870, 
to_charpos=to_charpos@entry=0xab, to_x=<optimized out>, to_x@entry=0xffffffff, 
to_y=<optimized out>, to_y@entry=0xffffffff, to_vpos=<optimized out>, 
to_vpos@entry=0xffffffff, op=<optimized out>, op@entry=0x8) at 
C:/emacs/git/emacs/master/src/xdisp.c:10006
#18 0x000000040002e3da in start_display (it=it@entry=0x416870, w=0x5698320, 
pos=...) at C:/emacs/git/emacs/master/src/xdisp.c:6968
#19 0x000000040002f02c in display_count_lines_visually (it=0x41f100) at 
C:/emacs/git/emacs/master/src/xdisp.c:22824

   ... (truncated for brevity) ...

#1200 maybe_produce_line_number (it=it@entry=0xbfd550) at 
C:/emacs/git/emacs/master/src/xdisp.c:22868
#1201 0x0000000400030580 in move_it_in_display_line_to (it=it@entry=0xbfd550, 
to_charpos=to_charpos@entry=0xab, to_x=to_x@entry=0xffffffff, 
op=op@entry=MOVE_TO_POS) at C:/emacs/git/emacs/master/src/xdisp.c:9184
#1202 0x00000004000344af in move_it_to (it=<optimized out>, it@entry=0xbfd550, 
to_charpos=to_charpos@entry=0xab, to_x=<optimized out>, to_x@entry=0xffffffff, 
to_y=<optimized out>, to_y@entry=0xffffffff, to_vpos=<optimized out>, 
to_vpos@entry=0xffffffff, op=<optimized out>, op@entry=0x8) at 
C:/emacs/git/emacs/master/src/xdisp.c:10006
#1203 0x000000040002e3da in start_display (it=it@entry=0xbfd550, 
w=w@entry=0x5698320, pos=...) at C:/emacs/git/emacs/master/src/xdisp.c:6968
#1204 0x000000040003556d in Fline_pixel_height () at 
C:/emacs/git/emacs/master/src/xdisp.c:1494
#1205 0x0000000400130347 in Ffuncall (nargs=<optimized out>, 
args=args@entry=0xbfe960) at C:/emacs/git/emacs/master/src/lisp.h:2080
#1206 0x000000040016b6f0 in exec_byte_code (bytestr=<optimized out>, 
vector=<optimized out>, maxdepth=<optimized out>, 
args_template=args_template@entry=make_fixnum(1025), nargs=nargs@entry=0x4, 
args=<optimized out>, args@entry=0xbfec70) at 
C:/emacs/git/emacs/master/src/bytecode.c:632
#1207 0x000000040013345b in fetch_and_exec_byte_code (args=0xbfec70, nargs=0x4, 
syms_left=make_fixnum(1025), fun=XIL(0x3fecff5)) at 
C:/emacs/git/emacs/master/src/lisp.h:1835
#1208 funcall_lambda (fun=XIL(0x3fecff5), nargs=nargs@entry=0x4, 
arg_vector=arg_vector@entry=0xbfec70) at 
C:/emacs/git/emacs/master/src/eval.c:3007
#1209 0x000000040013027b in Ffuncall (nargs=0x5, args=args@entry=0xbfec68) at 
C:/emacs/git/emacs/master/src/eval.c:2818
#1210 0x000000040016b6f0 in exec_byte_code (bytestr=<optimized out>, 
vector=<optimized out>, maxdepth=<optimized out>, 
args_template=args_template@entry=make_fixnum(512), nargs=nargs@entry=0x2, 
args=<optimized out>, args@entry=0xbfefc0) at 
C:/emacs/git/emacs/master/src/bytecode.c:632
#1211 0x000000040013345b in fetch_and_exec_byte_code (args=0xbfefc0, nargs=0x2, 
syms_left=make_fixnum(512), fun=XIL(0x3fed59d)) at 
C:/emacs/git/emacs/master/src/lisp.h:1835
#1212 funcall_lambda (fun=XIL(0x3fed59d), nargs=nargs@entry=0x2, 
arg_vector=arg_vector@entry=0xbfefc0) at 
C:/emacs/git/emacs/master/src/eval.c:3007
#1213 0x000000040013027b in Ffuncall (nargs=nargs@entry=0x3, 
args=args@entry=0xbfefb8) at C:/emacs/git/emacs/master/src/eval.c:2818
#1214 0x000000040012c979 in Ffuncall_interactively (nargs=0x3, args=0xbfefb8) 
at C:/emacs/git/emacs/master/src/callint.c:253
#1215 0x0000000400130347 in Ffuncall (nargs=nargs@entry=0x875c815, 
args=0xbfefb0, args@entry=0xbff260) at C:/emacs/git/emacs/master/src/lisp.h:2080
#1216 0x000000040012dcaf in Fcall_interactively (function=<optimized out>, 
record_flag=<optimized out>, keys=<optimized out>) at 
C:/emacs/git/emacs/master/src/callint.c:779
#1217 0x0000000400130347 in Ffuncall (nargs=<optimized out>, 
args=args@entry=0xbff228) at C:/emacs/git/emacs/master/src/lisp.h:2080
#1218 0x000000040016b6f0 in exec_byte_code (bytestr=<optimized out>, 
vector=<optimized out>, maxdepth=<optimized out>, 
args_template=args_template@entry=make_fixnum(1025), nargs=nargs@entry=0x1, 
args=<optimized out>, args@entry=0xbff4f8) at 
C:/emacs/git/emacs/master/src/bytecode.c:632
#1219 0x000000040013345b in fetch_and_exec_byte_code (args=0xbff4f8, nargs=0x1, 
syms_left=make_fixnum(1025), fun=XIL(0x40b4645)) at 
C:/emacs/git/emacs/master/src/lisp.h:1835
#1220 funcall_lambda (fun=XIL(0x40b4645), nargs=nargs@entry=0x1, 
arg_vector=arg_vector@entry=0xbff4f8) at 
C:/emacs/git/emacs/master/src/eval.c:3007
#1221 0x000000040013027b in Ffuncall (nargs=nargs@entry=0x2, 
args=args@entry=0xbff4f0) at C:/emacs/git/emacs/master/src/eval.c:2818
#1222 0x00000004001303fd in call1 (fn=fn@entry=XIL(0x3f30), arg1=<optimized 
out>) at C:/emacs/git/emacs/master/src/eval.c:2664
#1223 0x00000004000c339d in command_loop_1 () at 
C:/emacs/git/emacs/master/src/lisp.h:1007
#1224 0x000000040012f3fd in internal_condition_case 
(bfun=bfun@entry=0x4000c2fa0 <command_loop_1>, 
handlers=handlers@entry=XIL(0x90), hfun=hfun@entry=0x4000ba310 <cmd_error>) at 
C:/emacs/git/emacs/master/src/eval.c:1356
#1225 0x00000004000b3db8 in command_loop_2 (ignore=<optimized out>) at 
C:/emacs/git/emacs/master/src/lisp.h:1007
#1226 0x000000040012f36b in internal_catch (tag=tag@entry=XIL(0xe070), 
func=func@entry=0x4000b3d90 <command_loop_2>, arg=arg@entry=XIL(0)) at 
C:/emacs/git/emacs/master/src/eval.c:1117
#1227 0x00000004000b3d39 in command_loop () at 
C:/emacs/git/emacs/master/src/lisp.h:1007
#1228 0x0000000000000000 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

Lisp Backtrace:
"line-pixel-height" (0xbfe968)
"line-move" (0xbfec70)
"previous-line" (0xbfefc0)
"funcall-interactively" (0xbfefb8)
"call-interactively" (0xbff230)
"command-execute" (0xbff4f8)


Eli, shout if you need help in digging in to this further (and if a -O0
build would be more useful).

    AndyM