Avoid crashes due to objects read with the #n=object form

* src/lread.c (read1): Use Fcons for 'placeholder', not AUTO_CONS, because elements of the list in 'read_objects' cannot be allocated off the stack. (Bug#24640)
author: Eli Zaretskii <eliz@gnu.org> 2016-10-14 22:52:46 +0300
committer: Eli Zaretskii <eliz@gnu.org> 2016-10-14 22:52:46 +0300
commit: 10835b18cdfd93442e6fae093ffd130587006fcf (patch)
tree: 98bdfa191e4c2de8b27dbc27e2c6ef2acb17a4b4 /src
parent: 4de671d844c56d70e747366657664c8d293fe2bf (diff)
download: emacs-10835b18cdfd93442e6fae093ffd130587006fcf.tar.gz
1 files changed, 12 insertions, 1 deletions
diff --git a/src/lread.c b/src/lread.c
index ef58b20070d..8a368806e15 100644
--- a/src/lread.c
+++ b/src/lread.c
@@ -2845,7 +2845,18 @@ read1 (Lisp_Object readcharfun, int *pch, bool first_in_list)
 		  if (c == '=')
 		    {
 		      /* Make a placeholder for #n# to use temporarily.  */
-		      AUTO_CONS (placeholder, Qnil, Qnil);
+		      /* Note: We used to use AUTO_CONS to allocate
+			 placeholder, but that is a bad idea, since it
+			 will place a stack-allocated cons cell into
+			 the list in read_objects, which is a
+			 staticpro'd global variable, and thus each of
+			 its elements is marked during each GC.  A
+			 stack-allocated object will become garbled
+			 when its stack slot goes out of scope, and
+			 some other function reuses it for entirely
+			 different purposes, which will cause crashes
+			 in GC.  */
+		      Lisp_Object placeholder = Fcons (Qnil, Qnil);
 		      Lisp_Object cell = Fcons (make_number (n), placeholder);
 		      read_objects = Fcons (cell, read_objects);
author	Eli Zaretskii <eliz@gnu.org>	2016-10-14 22:52:46 +0300
committer	Eli Zaretskii <eliz@gnu.org>	2016-10-14 22:52:46 +0300
commit	10835b18cdfd93442e6fae093ffd130587006fcf (patch)
tree	98bdfa191e4c2de8b27dbc27e2c6ef2acb17a4b4 /src
parent	4de671d844c56d70e747366657664c8d293fe2bf (diff)
download	emacs-10835b18cdfd93442e6fae093ffd130587006fcf.tar.gz