bug#6214: 23.1; json-read-string crashes emacs with long string
Michal Sojka
sojkam1 at fel.cvut.cz
Thu Aug 12 14:58:45 PDT 2010
On Tue, 18 May 2010, Chong Yidong wrote:
> Looks like a stack overflow in the `string' function. I've checked in a
> fix, thanks for the bug report.
It seems the bug is still in the current Emacs HEAD
(http://repo.or.cz/w/emacs.git/commit/08d1bfbda3ef4a7038556f6c56bec1a37b4721f0).
I can reproduce it with the lisp code sent by Carl, but the backtrace is
different. My backtrace is attached.
Thanks
Michal
-------------- next part --------------
#0 0x0000000000566739 in Fapply (nargs=2, args=0x7fffffffbcf8) at eval.c:2492
i = 8997664
numargs = <value optimized out>
spread_arg = 12020694
funcall_args = 0x7fffff767100
fun = <value optimized out>
#1 0x0000000000565135 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:2964
fun = <value optimized out>
original_fun = 11891218
funcar = <value optimized out>
numargs = 2
val = <value optimized out>
backtrace = {
next = 0x7fffffffbf00,
function = 0x7fffffffbcf0,
args = 0x7fffffffbcf8,
nargs = 2,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffbcf8
i = <value optimized out>
#2 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679
count = 47
op = <value optimized out>
stack = {
pc = 0xea5250 "\202|",
top = 0x7fffffffbd00,
bottom = 0x7fffffffbcf0,
byte_string = 18230033,
byte_string_start = 0xea51d8 "\303`f\211\030\206\t",
constants = 18231925,
next = 0x7fffffffce20
}
top = 0x7fffffffbcf0
result = <value optimized out>
#3 0x00000000005672ef in funcall_lambda (fun=18232277, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165
val = <value optimized out>
syms_left = 11721042
next = 0
i = 0
optional = 0
rest = 0
#4 0x0000000000567454 in apply_lambda (fun=18232277, args=11721042, eval_flag=<value optimized out>) at eval.c:3092
args_left = 11721042
i = <value optimized out>
tem = <value optimized out>
#5 0x0000000000566b53 in Feval (form=18232272) at eval.c:2408
fun = 140737479340288
val = <value optimized out>
original_fun = 17897138
original_args = 11721042
funcar = 8997664
backtrace = {
next = 0x7fffffffbfe0,
function = 0x7fffffffbf28,
args = 0x7fffffffbe30,
nargs = 0,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#6 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#7 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 11697014
i = <value optimized out>
argvals = {11721042, 74852149, 74124673, 11721042, 1, 140737488339112, 140737488338912, 5892710}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890130
original_args = 11697014
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc0d0,
function = 0x7fffffffc008,
args = 0x7fffffffc000,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#8 0x0000000000567505 in Funwind_protect (args=11695302) at eval.c:1304
val = <value optimized out>
#9 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 11695302
i = <value optimized out>
argvals = {74852149, 5665519, 74852149, 74124801, 140737488339352, 21480469067, 17767008, 17768448}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890930
original_args = 11695302
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc1d0,
function = 0x7fffffffc0f8,
args = 0x7fffffffc0f0,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#10 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#11 0x000000000055951d in Fsave_current_buffer (args=11693078) at editfns.c:1012
val = <value optimized out>
#12 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 11693078
i = <value optimized out>
argvals = {8633005, 18237426, 11695062, 11695030, 140737488339456, 5662408, 1, 2}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11928034
original_args = 11693078
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc2a0,
function = 0x7fffffffc1f8,
args = 0x7fffffffc1f0,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#13 0x0000000000566cec in Feval (form=<value optimized out>) at eval.c:2406
fun = <value optimized out>
val = <value optimized out>
original_fun = 12595842
original_args = 11695030
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc3f0,
function = 0x7fffffffc2c8,
args = 0x7fffffffc2c0,
nargs = -1,
evalargs = 1 '\001',
debug_on_exit = 0 '\000'
}
#14 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#15 0x0000000000567d08 in Flet (args=11694902) at eval.c:1051
tem = 74852149
elt = <value optimized out>
varlist = <value optimized out>
#16 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 11694902
i = <value optimized out>
argvals = {8635685, 18755398, 18755446, 18755510, 140737488340000, 5662408, 1, 2}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890562
original_args = 11694902
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc4c0,
function = 0x7fffffffc418,
args = 0x7fffffffc410,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#17 0x0000000000566cec in Feval (form=<value optimized out>) at eval.c:2406
fun = <value optimized out>
val = <value optimized out>
original_fun = 12606802
original_args = 18755430
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc610,
function = 0x7fffffffc4e8,
args = 0x7fffffffc4e0,
nargs = -1,
evalargs = 1 '\001',
debug_on_exit = 0 '\000'
}
#18 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#19 0x0000000000567d08 in Flet (args=18755366) at eval.c:1051
tem = 74125073
elt = <value optimized out>
varlist = <value optimized out>
#20 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 18755366
i = <value optimized out>
argvals = {17896994, 11721042, 11721042, 5561631, 140737488340688, 5708090, 41, 0}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890562
original_args = 18755366
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc6f0,
function = 0x7fffffffc638,
args = 0x7fffffffc630,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#21 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#22 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 18752566
i = <value optimized out>
argvals = {11721042, 15322325, 15321809, 11721042, 1, 140737488340920, 140737488340720, 17986768}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890130
original_args = 18752566
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc7e0,
function = 0x7fffffffc718,
args = 0x7fffffffc710,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#23 0x0000000000567505 in Funwind_protect (args=18752758) at eval.c:1304
val = <value optimized out>
#24 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 18752758
i = <value optimized out>
argvals = {15322325, 5665519, 15322325, 8618505, 140737488341160, 21474836480, 17767008, 17768320}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890930
original_args = 18752758
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc8e0,
function = 0x7fffffffc808,
args = 0x7fffffffc800,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#25 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#26 0x000000000055951d in Fsave_current_buffer (args=18752966) at editfns.c:1012
val = <value optimized out>
#27 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 18752966
i = <value optimized out>
argvals = {8633005, 17897186, 18752774, 18752806, 140737488341264, 5662408, 1, 2}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11928034
original_args = 18752966
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffc9b0,
function = 0x7fffffffc908,
args = 0x7fffffffc900,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#28 0x0000000000566cec in Feval (form=<value optimized out>) at eval.c:2406
fun = <value optimized out>
val = <value optimized out>
original_fun = 12595842
original_args = 18752806
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffcb00,
function = 0x7fffffffc9d8,
args = 0x7fffffffc9d0,
nargs = -1,
evalargs = 1 '\001',
debug_on_exit = 0 '\000'
}
#29 0x00000000005670c7 in Fprogn (args=<value optimized out>) at eval.c:395
val = 8997664
#30 0x0000000000567d08 in Flet (args=18752854) at eval.c:1051
tem = 15322325
elt = <value optimized out>
varlist = <value optimized out>
#31 0x0000000000566ec4 in Feval (form=<value optimized out>) at eval.c:2295
numargs = 8997664
args_left = 18752854
i = <value optimized out>
argvals = {8635685, 18755046, 18755126, 18755254, 140737488341808, 5662408, 11739872, 2}
fun = <value optimized out>
val = <value optimized out>
original_fun = 11890562
original_args = 18752854
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffcbd0,
function = 0x7fffffffcb28,
args = 0x7fffffffcb20,
nargs = -1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#32 0x0000000000566cec in Feval (form=<value optimized out>) at eval.c:2406
fun = <value optimized out>
val = <value optimized out>
original_fun = 12606802
original_args = 18755110
funcar = <value optimized out>
backtrace = {
next = 0x7fffffffcd70,
function = 0x7fffffffcbf8,
args = 0x7fffffffcbf0,
nargs = -1,
evalargs = 1 '\001',
debug_on_exit = 0 '\000'
}
#33 0x000000000058ae4f in readevalloop (readcharfun=18093061, stream=0x0, sourcename=18361409, printflag=<value optimized out>, unibyte=<value optimized out>, readfun=<value optimized out>, start=11721042, end=11721042,
evalfun=<value optimized out>) at lread.c:1739
count1 = 40
c = <value optimized out>
val = <value optimized out>
b = 0x1141400
continue_reading_p = 1
whole_buffer = 1
first_sexp = <value optimized out>
#34 0x000000000058bb71 in Feval_buffer (buffer=<value optimized out>, printflag=11721042, filename=15002881, unibyte=11721042, do_allow_print=<value optimized out>) at lread.c:1799
tem = <value optimized out>
buf = 18093061
#35 0x0000000000565073 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:2997
fun = <value optimized out>
original_fun = <value optimized out>
funcar = <value optimized out>
numargs = 5
val = <value optimized out>
backtrace = {
next = 0x7fffffffcf30,
function = 0x7fffffffcdd0,
args = 0x7fffffffcdd8,
nargs = 5,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffcdd8
i = 5
#36 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679
count = 27
op = <value optimized out>
stack = {
pc = 0xaa6e3a "\210,\336\b!\210\016\"\204\256",
top = 0x7fffffffcdf8,
bottom = 0x7fffffffcdd0,
byte_string = 8682273,
byte_string_start = 0xaa6dae "\306\b!\204\022",
constants = 8682309,
next = 0x7fffffffd2c0
}
top = 0x7fffffffcdd0
result = <value optimized out>
#37 0x00000000005672ef in funcall_lambda (fun=8682141, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165
val = <value optimized out>
syms_left = 11721042
next = 12593154
i = 4
optional = 1
rest = 0
#38 0x0000000000564f03 in Ffuncall (nargs=<value optimized out>, args=0x847a98) at eval.c:3040
fun = 140737479340288
original_fun = 12593010
funcar = 8997664
numargs = 4
val = <value optimized out>
backtrace = {
next = 0x7fffffffd1f0,
function = 0x7fffffffcf90,
args = 0x7fffffffcf98,
nargs = 4,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffcf98
i = <value optimized out>
#39 0x00000000005652d9 in call4 (fn=<value optimized out>, arg1=<value optimized out>, arg2=16, arg3=8473480, arg4=0) at eval.c:2831
ret_ungc_val = 8997664
args = {12593010, 15002881, 15002881, 11721042, 11721090}
#40 0x000000000058b71d in Fload (file=18663777, noerror=8473480, nomessage=11721090, nosuffix=<value optimized out>, must_suffix=<value optimized out>) at lread.c:1183
val = <value optimized out>
stream = <value optimized out>
fd = 5
count = 20
found = 15002881
efound = <value optimized out>
hist_file_name = 15002881
newer = 0
compiled = 17487280
handler = <value optimized out>
safe_p = 17767648
tmp = {18737654, 13154870}
version = 0
#41 0x0000000000565073 in Ffuncall (nargs=<value optimized out>, args=<value optimized out>) at eval.c:2997
fun = <value optimized out>
original_fun = <value optimized out>
funcar = <value optimized out>
numargs = 5
val = <value optimized out>
backtrace = {
next = 0x7fffffffd3d0,
function = 0x7fffffffd250,
args = 0x7fffffffd258,
nargs = 3,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffd1a0
i = 5
#42 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679
count = 5
op = <value optimized out>
stack = {
pc = 0xa88814 "\210*\202\300\003\016L?!\002\347\016N\206\f\002\f\211A\024@!\036S\346\016S!\036T\352\016T\314?$\210*\202\300\003\016L?J\002\331\026Q\016N\206\065\002\f\211A\024@\211\026F;\204@\002\332\355!\210\356\347\016F!!\210\202\300\003\016L?X\002\360\331!\210\202\300\003\016L\361\232\203f\002\362\363!\210\202\300\003\321\364\016L\"\203w\002\365\016L!\026B\202\300\003\321\366\016L\"\203\224\002\365\325\326\016L\"!\026B\365\325\367\016L\"!\026A\202\300\003\334\016M\016H\"\211\026F\203\252\002\016FA@\f\233\024\202\300\003\334\016M\016K\"\211\026F\203\300\002\016FA@\f\233\024"...,
top = 0x7fffffffd268,
bottom = 0x7fffffffd250,
byte_string = 9032857,
byte_string_start = 0xa8861f "\306 \210\b\203\021",
constants = 9032893,
next = 0x7fffffffd490
}
top = 0x7fffffffd250
result = <value optimized out>
#43 0x00000000005672ef in funcall_lambda (fun=9032797, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165
val = <value optimized out>
syms_left = 11721042
next = 13750050
i = 1
optional = 0
rest = 0
#44 0x0000000000564f03 in Ffuncall (nargs=<value optimized out>, args=0x89d458) at eval.c:3040
fun = 140737479340288
original_fun = 13756226
funcar = 8997664
numargs = 1
val = <value optimized out>
backtrace = {
next = 0x7fffffffd5a0,
function = 0x7fffffffd430,
args = 0x7fffffffd438,
nargs = 1,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffd438
i = <value optimized out>
#45 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679
count = 4
op = <value optimized out>
stack = {
pc = 0xa8b2dc "\210\016N\203s\006\201", <incomplete sequence \346>,
top = 0x7fffffffd438,
bottom = 0x7fffffffd430,
byte_string = 9005745,
byte_string_start = 0xa8ac75 "\306 \020\307\021\n\023\307\024\310\311!\211\035\307=\204\064",
constants = 9005781,
next = 0x7fffffffd650
}
top = 0x7fffffffd430
result = <value optimized out>
#46 0x00000000005672ef in funcall_lambda (fun=9005701, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165
val = <value optimized out>
syms_left = 11721042
next = 12575218
i = 0
optional = 0
rest = 2
#47 0x0000000000564f03 in Ffuncall (nargs=<value optimized out>, args=0x896a80) at eval.c:3040
fun = 140737479340288
original_fun = 12575218
funcar = 8997664
numargs = 0
val = <value optimized out>
backtrace = {
next = 0x7fffffffd810,
function = 0x7fffffffd600,
args = 0x7fffffffd608,
nargs = 0,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
internal_args = 0x7fffffffd608
i = <value optimized out>
#48 0x000000000059ecd2 in Fbyte_code (bytestr=<value optimized out>, vector=<value optimized out>, maxdepth=<value optimized out>) at bytecode.c:679
count = 2
op = <value optimized out>
stack = {
pc = 0xa8ba98 "\210*\340\341\342\"\210\343\321\344\"\211\036$;\203\251",
top = 0x7fffffffd600,
bottom = 0x7fffffffd600,
byte_string = 9000737,
byte_string_start = 0xa8ba0a "\b\203\b",
constants = 9000773,
next = 0x0
}
top = 0x7fffffffd600
result = <value optimized out>
#49 0x00000000005672ef in funcall_lambda (fun=9000693, nargs=<value optimized out>, arg_vector=<value optimized out>) at eval.c:3165
val = <value optimized out>
syms_left = 11721042
next = 0
i = 0
optional = 32767
rest = 0
#50 0x0000000000567454 in apply_lambda (fun=9000693, args=11721042, eval_flag=<value optimized out>) at eval.c:3092
args_left = 11721042
i = <value optimized out>
tem = <value optimized out>
#51 0x0000000000566b53 in Feval (form=9000688) at eval.c:2408
fun = 140737479340288
val = <value optimized out>
original_fun = 13749474
original_args = 11721042
funcar = 8997664
backtrace = {
next = 0x0,
function = 0x7fffffffd838,
args = 0x7fffffffd740,
nargs = 0,
evalargs = 0 '\000',
debug_on_exit = 0 '\000'
}
#52 0x000000000056437d in internal_condition_case (bfun=<value optimized out>, handlers=<value optimized out>, hfun=<value optimized out>) at eval.c:1458
val = 8997664
c = {
tag = 11721042,
val = 11721042,
next = 0x7fffffffda10,
gcpro = 0x0,
jmp = {{
__jmpbuf = {13365184, 3949921905019383304, 13365216, 140737488346744, 1, 1, -3949921426383376888, 3949920965887585800},
__mask_was_saved = 0,
__saved_mask = {
__val = {140737353880784, 140737353835656, 4294967295, 4238812, 1, 8460504, 0, 1, 1, 0, 140737351959490, 140733193388033, 0, 140737488345816, 140737251616176, 226670640}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
h = {
handler = 11773138,
var = 11721042,
chosen_clause = 11721042,
tag = 0x7fffffffd8a0,
next = 0x0
}
#53 0x00000000004f9e06 in top_level_1 (ignore=<value optimized out>) at keyboard.c:1355
No locals.
#54 0x00000000005644a8 in internal_catch (tag=<value optimized out>, func=<value optimized out>, arg=<value optimized out>) at eval.c:1202
c = {
tag = 11769202,
val = 11721042,
next = 0x0,
gcpro = 0x0,
jmp = {{
__jmpbuf = {13365184, 3949921905019383304, 13365216, 140737488346744, 1, 1, -3949921426333045240, 3949920965646937608},
__mask_was_saved = 0,
__saved_mask = {
__val = {0, 0, 0, 0, 112, 140737255104152, 352, 140737255104152, 140737255104168, 30064771072, 344, 94489280656, 30064771072, 384, 94489280612, 11993394}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
#55 0x00000000004f9e7b in command_loop () at keyboard.c:1310
No locals.
#56 0x00000000004fa278 in recursive_edit_1 () at keyboard.c:940
val = <value optimized out>
#57 0x00000000004fa3b7 in Frecursive_edit () at keyboard.c:1002
buffer = 11721042
#58 0x00000000004ed995 in main (argc=0, argv=0x7fffffffdf98) at emacs.c:1764
dummy = 0
stack_bottom_variable = 0 '\000'
do_initial_setlocale = <value optimized out>
skip_args = 1
rlim = {
rlim_cur = 8720000,
rlim_max = 18446744073709551615
}
no_loadup = 0
junk = 0x0
dname_arg = 0x0
ch_to_dir = 0x0
Lisp Backtrace:
"apply" (0xffffbcf8)
"json-read-string" (0xffffbe30)
"progn" (0xffffc000)
"unwind-protect" (0xffffc0f0)
"save-current-buffer" (0xffffc1f0)
"with-current-buffer" (0xffffc2c0)
"let" (0xffffc410)
"with-temp-buffer" (0xffffc4e0)
"let" (0xffffc630)
"progn" (0xffffc710)
"unwind-protect" (0xffffc800)
"save-current-buffer" (0xffffc900)
"with-current-buffer" (0xffffc9d0)
"let" (0xffffcb20)
"with-temp-buffer" (0xffffcbf0)
"eval-buffer" (0xffffcdd8)
"load-with-code-conversion" (0xffffcf98)
"load" (0xffffd258)
"command-line-1" (0xffffd438)
"command-line" (0xffffd608)
"normal-top-level" (0xffffd740)
More information about the notmuch
mailing list