[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: "corrupted size vs. prev_size"
From: |
Lars Ingebrigtsen |
Subject: |
Re: "corrupted size vs. prev_size" |
Date: |
Tue, 12 Apr 2022 14:26:30 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) |
Lars Ingebrigtsen <larsi@gnus.org> writes:
> And I've now managed to catch a backtrace in gdb twice. The error
> happens here both times:
But now I got a real segfault somewhere else:
#0 0x00005555557210e9 in sweep_conses () at alloc.c:7119
#1 0x0000555555727187 in gc_sweep () at alloc.c:7384
#2 garbage_collect () at alloc.c:6235
#3 0x0000555555727651 in maybe_garbage_collect () at alloc.c:6085
#4 0x0000555555748665 in maybe_gc ()
at /home/larsi/src/emacs/trunk/src/lisp.h:5522
#5 Ffuncall (nargs=nargs@entry=2, args=args@entry=0x7fffffffd670)
at eval.c:2868
#6 0x00005555556c3856 in call1 (arg1=0x555579d44a5d, fn=0xf0f0)
at /home/larsi/src/emacs/trunk/src/lisp.h:3216
#7 timer_check_2 (idle_timers=<optimized out>, timers=<optimized out>)
at keyboard.c:4591
#8 timer_check () at keyboard.c:4653
#9 0x00005555556c3b65 in readable_events (flags=flags@entry=1)
at keyboard.c:3484
#10 0x00005555556c47a8 in get_input_pending (flags=flags@entry=1)
at keyboard.c:7225
#11 0x00005555556cb584 in detect_input_pending_run_timers (do_display=false)
at keyboard.c:10755
#12 read_char
(commandflag=1, map=0x55557836f8c3, prev_event=0x0,
used_mouse_menu=0x7fffffffdb8b, end_time=0x0) at keyboard.c:2581
#13 0x00005555556cd899 in read_key_sequence
So it's just random out-of-bounds writing. (In gif_load somewhere,
apparently -- I'm able to trigger the problem with a gif-only test.)
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
Re: "corrupted size vs. prev_size", Eli Zaretskii, 2022/04/12