bug#61896: 30.0.50; Emacs crashes because of an invalid free

[Mattias Engdegård]

2 mars 2023 kl. 09.53 skrev Philip Kaludercic <philipk@posteo.net>:

>> Byte-code saw quite a bit of changes on master.  Adding Mattias in
>> case he has some ideas.
> 
> From what I recall, the address being freed was on the stack.  How does
> the byte-code interpreter behave when the input is broken?  Is there
> some way of validating if the byte-code is "coherent"?  If I manually
> modify the byte code and replace random bytes, is the interpreter
> written to expect this kind of issue?

The very first thing is to make sure you don't have any lingering *.elc files 
generated during the period of incompatibility regarding `save-restriction`. 
That issue should have been resolved by now; let's not chase ghosts. The 
indication of a specpdl imbalance does point to this being a possible cause.

The byte-code interpreter normally assumes the code to be correct and performs 
few checks since every cycle counts here. There are some additional checks to 
be enabled: the general --enable-checking=all, and/or compiling with 
-DBYTE_CODE_SAFE=1 (or just adding

#define BYTE_CODE_SAFE 1

early in bytecode.c, which is what I tend to do).

These checks do not audit the specpdl balance directly but that would be 
something to add if you don't make further progress.