eval_sub followed dangling pointer when debugging
Problem reported by Pip Cet (Bug#21245). This bug could occur in eval_sub if the C compiler reused storage associated with the ‘argvals’ local after ‘argvals’ went out of scope, and if the Elisp debugger stopped on Elisp function exit and accessed ‘argvals’. It could also occur if a variadic function was called with so many arguments (over 2048 args on x86-64) that SAFE_ALLOCA_LISP called malloc, then SAFE_FREE freed the arguments, then the memory manager used the storage for other purposes, then the debugger accessed the arguments. * src/eval.c (eval_sub): Declare ‘argvals’ at top level of function body. Simplify local decls. When allocating args via SAFE_ALLOCA, call debugger before invoking SAFE_FREE, as the debugger needs access to the args. (eval_sub, apply_lambda): Rework to avoid need for set_backtrace_debug_on_exit hack. This is cleaner, and should work better with buggy custom debuggers.
Showing with 22 additions and 15 deletions