DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:date:from:subject:in-reply-to:to:cc:reply-to
	:message-id:references; q=dns; s=default; b=IukNy2ozVd34SDCdl5V3
	7yoSmIlOMwXtPKSRV/woDv6Hi6EzuhUWozhITwab18K31AASIDOhDAkbRNxjfPTT
	AQgTSYbRkpP5zuQ04XMrCC2nVYcQ6uzIqKvVJekUr6YVvTC1ytC/CHI5KD63U1GP
	eyupvC7v8wV1RX6ygzeBAdE=
Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm
Sender: cygwin-owner@cygwin.com
Mail-Followup-To: cygwin@cygwin.com
Date: Fri, 16 Aug 2013 12:13:01 +0300
From: Eli Zaretskii <eliz@gnu.org>
Subject: Re: 64-bit emacs crashes a lot
In-reply-to: <520DBFCD.4080808@cs.utoronto.ca>
To: Ryan Johnson <ryan.johnson@cs.utoronto.ca>
Cc: cygwin@cygwin.com
Reply-to: Eli Zaretskii <eliz@gnu.org>
Message-id: <8338qangma.fsf@gnu.org>
References: <51F3151D.7040000@cs.utoronto.ca> <51F33565.1090406@cornell.edu> <51F33F52.4060405@cs.utoronto.ca> <51FB1D9E.5090102@cs.utoronto.ca> <20130802080211.GA18054@calimero.vinschen.de> <51FB9228.2020309@cornell.edu> <51FBA100.90005@cs.utoronto.ca> <51FD5462.5020400@cs.utoronto.ca> <51FFBDFF.7040501@cornell.edu> <51FFC4F2.8080909@cs.utoronto.ca> <5203D89E.6030801@cornell.edu> <5203DCCA.1010105@cs.utoronto.ca> <5205B364.8090007@cs.utoronto.ca> <52064730.50404@cornell.edu> <"52065B3C.6060104@cs.utoronto <520CCA41.3000107"@cs.utoronto.ca> <520D089A.1020806@cornell.edu> <83ioz6op5v.fsf@gnu.org> <520D4036.8010303@cs.utoronto.ca> <520D900A.8000907@cornell.edu> <520DABDC.8020304@cs.utoronto.ca> <520DBFCD.4080808@cs.utoronto.ca>


Please move this discussion to emacs-devel@gnu.org.

> Date: Fri, 16 Aug 2013 01:59:41 -0400
> From: Ryan Johnson <ryan.johnson@cs.utoronto.ca>
> 
> The variable pending_exact has value 0x0, which would be a Bad Thing... 
> except that the code looks like this:
> >           if (!pending_exact
> >
> >               /* If last exactn not at current position.  */
> > =>            || pending_exact + *pending_exact + 1 != b
> >
> ... with corresponding assembly code looking very reasonable:
> >    0x0000000100535cfa <regex_compile+34482>:    cmpq   $0x0,0x3f8(%rbp)
> >    0x0000000100535d02 <regex_compile+34490>:    je 0x100535eca 
> > <regex_compile+34946>
> >    0x0000000100535d08 <regex_compile+34496>:    mov 0x3f8(%rbp),%rax
> > => 0x0000000100535d0f <regex_compile+34503>:    movzbl (%rax),%eax
> >    0x0000000100535d12 <regex_compile+34506>:    movzbl %al,%eax
> >    0x0000000100535d15 <regex_compile+34509>:    lea 0x1(%rax),%rdx
> >    0x0000000100535d19 <regex_compile+34513>:    mov 0x3f8(%rbp),%rax
> >    0x0000000100535d20 <regex_compile+34520>:    add %rdx,%rax
> >    0x0000000100535d23 <regex_compile+34523>:    cmp %rbx,%rax
> >    0x0000000100535d26 <regex_compile+34526>:    jne 0x100535eca 
> > <regex_compile+34946>

What is the value in the RAX register at the point of the crash?  Is
it also zero?  Or maybe it is some other invalid pointer value?

> A third crash:
> > #1  0x0000000100541930 in re_match_2_internal (bufp=0x10095ce20 
> > <searchbufs+2912>, string1=0x0, size1=0, string2=0x6fffff00028 "-*- 
> > mode: compilation; default-directory: \"~/\" -*-\nCompilation started 
> > at Fri Aug 16 01:32:19\n\nls\n#message-20130808-090732#\t 
> > emacs-crash.txt\t\tmusic\n6b8ob06a.default.tar.xz\t\t 
> > emacs-nox.exe."..., size2=355, pos=254, regs=0x10095def0 
> > <search_regs>, stop=317) at regex.c:6217
> > 6217              abort ();
> This time, p (the subject of the case statement) points to 0x76b3b6c7, 
> which is the middle of a function (ntdll!RtlFillMemory, though the 
> memory map places that address smack in the middle of kernel32.dll 
> instead). This time it makes perfect sense that the switch statement 
> should fail, but how did p go so wrong?

What is bufp->buffer at this point, and what is its contents?

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple