[Bug: 21.5-b26] XEmacs crashes with menu-accelerator-enabled followed by Shift-spacebar

Jerry James james at xemacs.org
Sat Apr 22 16:31:57 EDT 2006 

"Stephen J. Turnbull" <stephen at xemacs.org> wrote:
>>>>>> "Doug" == Doug Kramer <doog at google.com> writes:
>
>     Doug> If I modify init.el to contain only one statement to enable
>     Doug> the menu accelerator keyboard shortcuts to work, after
>     Doug> XEmacs comes up, if I press Shift-spacebar, XEmacs instantly
>     Doug> quits with this error message:
>
>     Fatal error: assertion failed, file menubar-x.c, line 1218, RECORD_TYPEP (obj, lrecord_type_console)
>
> *Please* try *hard* to obtain a C stack backtrace; without it, we are unlikely
> to be able to analyze the problem.  Locate the core file produced as a result
> of this crash (often called `core' or `core.<process-id>', and located in
> the directory in which you started XEmacs or your home directory).
>
> If you didn't get a core file, then try running XEmacs under the
> debugger and eliciting the crash.
>
> I will try to replicate myself, but if nobody here manages to do so,
> we'll need your help to get the essential information.
>
> You can possibly avoid the crash by configuring with --with-xim=no.

I can reproduce.  The assertion fails because the supposed console
object it got was nil (Qnil in C).  Here is a backtrace:

#0  0x007c9402 in __kernel_vsyscall ()
#1  0x0083c159 in raise () from /lib/libc.so.6
#2  0x0083d6e3 in abort () from /lib/libc.so.6
#3  0x081072c1 in really_abort ()
    at /home/james/Projects/xemacs/xemacs-21.5/src/emacs.c:4692
#4  0x0810920e in assert_failed (
    file=0x83ca280
"/home/james/Projects/xemacs/xemacs-21.5/src/menubar-x.c", 
    line=31407, expr=0x6 <Address 0x6 out of bounds>)
    at /home/james/Projects/xemacs/xemacs-21.5/src/emacs.c:3985
#5  0x0836270f in command_builder_find_menu_accelerator
(builder=0xb09ff20)
    at /home/james/Projects/xemacs/xemacs-21.5/src/console.h:77
#6  0x0812eb6e in command_builder_find_leaf_no_jit_binding (
    builder=0xb09ff20, allow_misc_user_events_p=1, did_munge=0xbfd5b548)
    at /home/james/Projects/xemacs/xemacs-21.5/src/event-stream.c:3355
#7  0x0812ecc2 in command_builder_find_leaf_no_jit_binding (
    builder=0xac80160, allow_misc_user_events_p=1, did_munge=0xbfd5b548)
    at /home/james/Projects/xemacs/xemacs-21.5/src/event-stream.c:3399
#8  0x0812ed9b in command_builder_find_leaf_and_update_global_state (
    builder=0xac80160, allow_misc_user_events_p=1)
    at /home/james/Projects/xemacs/xemacs-21.5/src/event-stream.c:3489
#9  0x0812f726 in lookup_command_event (command_builder=0xac80160, 
    event=184856424, allow_misc_user_events_p=1)
    at /home/james/Projects/xemacs/xemacs-21.5/src/event-stream.c:4074
#10 0x081316a7 in Fdispatch_event (event=184856424)
    at /home/james/Projects/xemacs/xemacs-21.5/src/event-stream.c:4461
#11 0x080c3fd1 in Fcommand_loop_1 ()
    at /home/james/Projects/xemacs/xemacs-21.5/src/cmdloop.c:600
#12 0x080c4025 in command_loop_1 (unused_dummy=Could not find the frame
base for "command_loop_1".
)
    at /home/james/Projects/xemacs/xemacs-21.5/src/cmdloop.c:505
#13 0x08111fdd in condition_case_1 (handlers=175471544, 
    bfun=0x80c3fe5 <command_loop_1>, barg=175474704, 
    hfun=0x80c41e4 <cmd_error>, harg=175474704)
    at /home/james/Projects/xemacs/xemacs-21.5/src/eval.c:1924
#14 0x080c41ad in command_loop_2 (unused_dummy=175474704)
    at /home/james/Projects/xemacs/xemacs-21.5/src/cmdloop.c:262
#15 0x08110532 in internal_catch (tag=175221616, 
    func=0x80c415f <command_loop_2>, arg=175474704, threw=0x0, 
    thrown_tag=0x0, backtrace_before_throw=0x0)
    at /home/james/Projects/xemacs/xemacs-21.5/src/eval.c:1530
#16 0x080c441b in initial_command_loop (load_me=175474704)
    at /home/james/Projects/xemacs/xemacs-21.5/src/cmdloop.c:313
#17 0x0810af28 in xemacs_21_5_b26_i686_pc_linux (argc=1,
argv=0xbfd5ba34, 
    unused_envp=0x0, restart=0)
    at /home/james/Projects/xemacs/xemacs-21.5/src/emacs.c:2666
#18 0x0810afe9 in main (argc=Cannot access memory at address 0x7aaf
)
    at /home/james/Projects/xemacs/xemacs-21.5/src/emacs.c:3110

The problem appears to stem from some code in
command_builder_find_leaf_no_jit_binding() in event-stream.c.  The
parameter builder points to a valid console device.  On line 3393,
builder is passed to the copy_command_builder() function and the result
is assigned to local variable neubauten.  The trouble appears to be that
copy_command_builder() doesn't actually copy everything.  In particular,
it does not copy the Lisp object referring to the console device.
Hence, neubauten has nil in that slot.  The partial copy is then passed
in a recursive call to command_builder_find_leaf_no_jit_binding(), and
on down the stack we go until we try access the console device.

I don't understand this code at all, so I don't know if making
copy_command_builder copy whatever got left out is sufficient or not.
-- 
Jerry James, Assistant Professor        james at xemacs.org
Computer Science Department             http://www.cs.usu.edu/~jerry/
Utah State University

More information about the XEmacs-Beta mailing list