nasty crash

I've hit this exact same crash twice today; no other crashes today. (The infinite throw bomb seems to have resolved itself, probably with those gcpro's I added. But this one is something else. In both case, I think I may have been scrolling with the wheel on my mouse (this was definitely the case the second time), and I have lazy-lock enabled, which explains the pre-idle-hook; lazy-lock was definitely being called. What's more interesting is that while lazy-lock is doing its thing, it does a select-window, which calls record-buffer, which runs some hook (clearly an Andy hook). The problem here is that this call to condition_case_unwind is impossible. garbage_collect_1 puts only one thing onto the specpdl stack (a record-unwind-protect), and yet when the specpdl stack is unwound (and should only process the record-unwind-protect), it instead processes condition_case_unwind(), which shouldn't be there. (It should be somewhere lower on the stack.) Looking at unbind_to_hairy(), I think I see a logic error. If so, it's amazing we are able to run ok at all. void unbind_to_hairy (int count) { int quitf; check_quit (); /* make Vquit_flag accurate */ quitf = !NILP (Vquit_flag); Vquit_flag = Qnil; ++specpdl_ptr; ^^^^^^^^^^^^^^^^^^^^ ++specpdl_depth_counter; ^^^^^^^^^^^^^^^^^^^^ while (specpdl_depth_counter != count) { --specpdl_ptr; --specpdl_depth_counter; if (specpdl_ptr->func != 0) /* An unwind-protect */ (*specpdl_ptr->func) (specpdl_ptr->old_value); else { /* We checked symbol for validity when we specbound it, so only need to call Fset if symbol has magic value. */ Lisp_Symbol *sym = XSYMBOL (specpdl_ptr->symbol); if (!SYMBOL_VALUE_MAGIC_P (sym->value)) sym->value = specpdl_ptr->old_value; else Fset (specpdl_ptr->symbol, specpdl_ptr->old_value); } The two flagged lines cause unbind_to to try and unbind the entry past the end of the stack, as well as the stack end entry, which could cause all sorts of fucked up behavior. I'm going to try removing them and seeing what happens. Stack trace: NTDLL! 77f9d715() error_check_cons(long 35731556) line 589 + 59 bytes condition_case_unwind(long 35731556) line 1525 + 9 bytes unbind_to_hairy(int 45) line 4658 + 18 bytes unbind_to(int 45, long 20172152) line 4633 + 174 bytes garbage_collect_1() line 3608 + 15 bytes Ffuncall(int 2, long * 0x0082d838) line 3169 execute_optimized_program(unsigned char * 0x014b7790, int 7, long * 0x013cb26c) line 747 + 16 bytes funcall_compiled_function(long 20914232, int 2, long * 0x0082db18) line 519 + 53 bytes Ffuncall(int 3, long * 0x0082db14) line 3253 + 17 bytes execute_optimized_program(unsigned char * 0x014b7750, int 3, long * 0x013cb1a8) line 747 + 16 bytes funcall_compiled_function(long 20914092, int 1, long * 0x0082ddec) line 519 + 53 bytes Ffuncall(int 2, long * 0x0082dde8) line 3253 + 17 bytes execute_optimized_program(unsigned char * 0x00e47598, int 7, long * 0x013d288c) line 747 + 16 bytes funcall_compiled_function(long 20926132, int 4, long * 0x0082e1b4) line 519 + 53 bytes Ffuncall(int 5, long * 0x0082e1b0) line 3253 + 17 bytes Fapply(int 6, long * 0x0082e1b0) line 3426 + 16 bytes Ffuncall(int 7, long * 0x0082e1ac) line 3239 + 14 bytes execute_optimized_program(unsigned char * 0x014b7710, int 7, long * 0x013cb1c4) line 747 + 16 bytes funcall_compiled_function(long 20914120, int 2, long * 0x0082e494) line 519 + 53 bytes Ffuncall(int 3, long * 0x0082e490) line 3253 + 17 bytes execute_optimized_program(unsigned char * 0x014b74b0, int 5, long * 0x013cb2cc) line 747 + 16 bytes funcall_compiled_function(long 20914260, int 2, long * 0x0082e77c) line 519 + 53 bytes Ffuncall(int 3, long * 0x0082e778) line 3253 + 17 bytes execute_optimized_program(unsigned char * 0x014b6ce0, int 6, long * 0x013cb41c) line 747 + 16 bytes funcall_compiled_function(long 20914372, int 1, long * 0x0082eabc) line 519 + 53 bytes Ffuncall(int 2, long * 0x0082eab8) line 3253 + 17 bytes run_hook_with_args_in_buffer(buffer * 0x0155ce80, int 2, long * 0x0082eab8, int 0) line 3704 + 13 bytes run_hook_with_args(int 2, long * 0x0082eab8, int 0) line 3717 + 23 bytes va_run_hook_with_args(long 19991168, int 1) line 3788 + 18 bytes Frecord_buffer(long 22234416) line 1423 + 17 bytes Fselect_window(long 35454408, long 20172152) line 3376 + 12 bytes Ffuncall(int 2, long * 0x0082ebc4) line 3218 + 93 bytes execute_optimized_program(unsigned char * 0x014fb3e0, int 2, long * 0x014c3c10) line 747 + 16 bytes funcall_compiled_function(long 36319072, int 1, long * 0x0082ee98) line 519 + 53 bytes Ffuncall(int 2, long * 0x0082ee94) line 3253 + 17 bytes execute_optimized_program(unsigned char * 0x014fb380, int 6, long * 0x013d4b60) line 747 + 16 bytes funcall_compiled_function(long 20929296, int 3, long * 0x0082f178) line 519 + 53 bytes Ffuncall(int 4, long * 0x0082f174) line 3253 + 17 bytes execute_optimized_program(unsigned char * 0x0082f35c, int 5, long * 0x014c3c60) line 747 + 16 bytes Fbyte_code(long 36284332, long 21773392, long 11) line 2406 + 38 bytes Feval(long 35732876) line 3018 + 187 bytes condition_case_1(long 35761328, long (long)* 0x010696b7 Feval(long), long 35732876, long (long, long)* 0x01066f13 run_condition_case_handlers(long, long), long 20172152) line 1644 + 7 bytes condition_case_3(long 35732876, long 20172152, long 35761328) line 1728 + 27 bytes execute_rare_opcode(long * 0x0082f674, unsigned char * 0x014fb34a, int 143) line 1272 + 19 bytes execute_optimized_program(unsigned char * 0x014fb340, int 3, long * 0x014c3d00) line 657 + 17 bytes funcall_compiled_function(long 36319100, int 0, long * 0x0082f94c) line 519 + 53 bytes Ffuncall(int 1, long * 0x0082f948) line 3253 + 17 bytes execute_optimized_program(unsigned char * 0x014dd130, int 3, long * 0x014b6a60) line 747 + 16 bytes funcall_compiled_function(long 36318876, int 0, long * 0x0082fca8) line 519 + 53 bytes Ffuncall(int 1, long * 0x0082fca4) line 3253 + 17 bytes run_hook_with_args_in_buffer(buffer * 0x01534530, int 1, long * 0x0082fca4, int 0) line 3704 + 13 bytes run_hook_with_args(int 1, long * 0x0082fca4, int 0) line 3717 + 23 bytes Frun_hooks(int 1, long * 0x0082fca4) line 3571 + 19 bytes run_hook(long 36367700) line 3818 + 11 bytes catch_them_squirmers_run_hook(long 20006864) line 4262 + 9 bytes condition_case_1(long 20171960, long (long)* 0x0106c536 catch_them_squirmers_run_hook(long), long 20006864, long (long, long)* 0x0106c719 allow_quit_safe_run_hook_caught_a_squirmer(long, long), long 37001588) line 1644 + 7 bytes safe_run_hook_trapping_errors(char * 0x01267a74, long 20006864, int 1) line 4329 + 51 bytes run_pre_idle_hook() line 2007 + 19 bytes Fnext_event(long 39751880, long 20172152) line 2173 Fcommand_loop_1() line 566 + 16 bytes command_loop_1(long 20172152) line 491 condition_case_1(long 20171960, long (long)* 0x01049997 command_loop_1(long), long 20172152, long (long, long)* 0x010493ac cmd_error(long, long), long 20172152) line 1644 + 7 bytes command_loop_3() line 252 + 35 bytes command_loop_2(long 20172152) line 264 internal_catch(long 20011136, long (long)* 0x010494fc command_loop_2(long), long 20172152, int * 0x00000000) line 1310 + 7 bytes initial_command_loop(long 20172152) line 301 + 25 bytes STACK_TRACE_EYE_CATCHER(int 1, char * * 0x014b11d0, char * * 0x014b0200, int 0) line 1828 + 9 bytes main(int 1, char * * 0x014b11d0, char * * 0x014b0200) line 2192 + 19 bytes mainCRTStartup() line 338 + 17 bytes KERNEL32! 77e9bc52() -- Ben In order to save my hands, I am cutting back on my mail. I also write as succinctly as possible -- please don't be offended. If you send me mail, you _will_ get a response, but please be patient, especially for XEmacs-related mail. If you need an immediate response and it is not apparent in your message, please say so. Thanks for your understanding. See also http://www.666.com/ben/typing.html.