bug#61896: 30.0.50; Emacs crashes because of an invalid free

[Eli Zaretskii]

> From: Philip Kaludercic <philipk@posteo.net>
> Cc: Mattias Engdegård <mattiase@acm.org>,
>   61896@debbugs.gnu.org
> Date: Thu, 02 Mar 2023 08:53:54 +0000
> 
> >From what I recall, the address being freed was on the stack.  How does
> the byte-code interpreter behave when the input is broken?  Is there
> some way of validating if the byte-code is "coherent"?  If I manually
> modify the byte code and replace random bytes, is the interpreter
> written to expect this kind of issue?

Sorry, I don't understand the questions.  Maybe Mattias will.

My interpretation of this problem is that some corruption happened to
the specpdl stuff, which causes SAFE_FREE decide that some data should
be 'free'd when it was actually allocated off the stack.  The question
is how could that happen.