I've seen something like this before, awhile ago. I have no idea what's the cause, but it could be Martin's, since he definitely did a lot of work in this area not long ago. (And furthermore, there are no tell-tale signs at all of an Andy-like problem.) Here's the call stack: NTDLL! 77f9d715() execute_rare_opcode(long * 0x0082d728, unsigned char * 0x0204204e, int 190) line 1482 + 20 bytes execute_optimized_program(unsigned char * 0x02046810, int 4, long * 0x02046010) line 657 + 17 bytes funcall_compiled_function(long 34290956, int 0, long * 0x0082da04) line 519 + 53 bytes Ffuncall(int 1, long * 0x0082da00) line 3476 + 17 bytes call0(long 30307220) line 4081 + 11 bytes Fset_buffer_major_mode(long 32897024) line 1468 + 9 bytes Ffuncall(int 2, long * 0x0082da9c) line 3441 + 66 bytes execute_optimized_program(unsigned char * 0x0082dc7c, int 3, long * 0x01c6ab10) line 751 + 16 bytes Fbyte_code(long 29837236, long 29797120, long 7) line 2410 + 38 bytes Feval(long 29715792) line 3241 + 187 bytes condition_case_1(long 29665668, long (long)* 0x0106a1d3 Feval(long), long 29715792, long (long, long)* 0x0106792b run_condition_case_handlers(long, long), long 28478044) line 1815 + 7 bytes condition_case_3(long 29715792, long 28478044, long 29665668) line 1899 + 27 bytes execute_rare_opcode(long * 0x0082e018, unsigned char * 0x01e6ff04, int 143) line 1276 + 19 bytes execute_optimized_program(unsigned char * 0x01e6fe10, int 6, long * 0x01c73f10) line 657 + 17 bytes funcall_compiled_function(long 29789760, int 1, long * 0x0082e2fc) line 519 + 53 bytes Ffuncall(int 2, long * 0x0082e2f8) line 3476 + 17 bytes execute_optimized_program(unsigned char * 0x01da6c10, int 7, long * 0x01e67510) line 751 + 16 bytes funcall_compiled_function(long 32123864, int 3, long * 0x0082e5dc) line 519 + 53 bytes Ffuncall(int 4, long * 0x0082e5d8) line 3476 + 17 bytes Fapply(int 3, long * 0x0082e6d0) line 3717 + 13 bytes Ffuncall(int 4, long * 0x0082e6cc) line 3462 + 14 bytes execute_optimized_program(unsigned char * 0x0082e8b8, int 6, long * 0x01e67110) line 751 + 16 bytes Fbyte_code(long 31713764, long 31879424, long 13) line 2410 + 38 bytes Feval(long 32841352) line 3241 + 187 bytes internal_catch(long 32717332, long (long)* 0x0106a1d3 Feval(long), long 32841352, int * 0x00000000, long * 0x00000000) line 1478 + 7 bytes execute_rare_opcode(long * 0x0082eec8, unsigned char * 0x01f7e9b1, int 141) line 1257 + 24 bytes execute_optimized_program(unsigned char * 0x01f7e990, int 5, long * 0x01f7e210) line 657 + 17 bytes funcall_compiled_function(long 32123808, int 2, long * 0x0082f1ac) line 519 + 53 bytes Ffuncall(int 3, long * 0x0082f1a8) line 3476 + 17 bytes execute_optimized_program(unsigned char * 0x01f1b550, int 4, long * 0x01f61c10) line 751 + 16 bytes funcall_compiled_function(long 32123724, int 1, long * 0x0082f480) line 519 + 53 bytes Ffuncall(int 2, long * 0x0082f47c) line 3476 + 17 bytes execute_optimized_program(unsigned char * 0x01b05290, int 4, long * 0x01f7e310) line 751 + 16 bytes funcall_compiled_function(long 32123640, int 0, long * 0x0082f758) line 519 + 53 bytes Ffuncall(int 1, long * 0x0082f754) line 3476 + 17 bytes execute_optimized_program(unsigned char * 0x01def4d0, int 2, long * 0x01f790f0) line 751 + 16 bytes funcall_compiled_function(long 32123612, int 1, long * 0x0082fa24) line 519 + 53 bytes Ffuncall(int 2, long * 0x0082fa20) line 3476 + 17 bytes Fcall_interactively(long 33046188, long 28356612, long 28356612) line 942 + 22 bytes Fcommand_execute(long 33046188, long 28356612, long 28356612) line 2888 + 17 bytes execute_command_event(command_builder * 0x01d59680, long 33589428) line 3879 + 25 bytes Fdispatch_event(long 33589428) line 4206 + 70 bytes Fcommand_loop_1() line 565 + 9 bytes command_loop_1(long 28356612) line 491 condition_case_1(long 28356708, long (long)* 0x0104a26d command_loop_1(long), long 28356612, long (long, long)* 0x01049c80 cmd_error(long, long), long 28356612) line 1815 + 7 bytes command_loop_3() line 252 + 35 bytes command_loop_2(long 28356612) line 264 internal_catch(long 28434436, long (long)* 0x01049dd0 command_loop_2(long), long 28356612, int * 0x00000000, long * 0x00000000) line 1478 + 7 bytes initial_command_loop(long 28356612) line 301 + 27 bytes STACK_TRACE_EYE_CATCHER(int 1, char * * 0x01b49500, char * * 0x01b05680, int 0) line 2010 + 9 bytes main(int 1, char * * 0x01b49500, char * * 0x01b05680) line 2439 + 21 bytes mainCRTStartup + 211 bytes _start() line 183 KERNEL32! 77e9bc52() and here's the scoop: In execute_optimized_program, the bad opcode is 190, and the pointer to the beginning of the program array is at 0x02046810. However, the pointer to the current location in the program array, stored in program_ptr, is 0x0204204e -- which is nowhere near the array! That's almost certainly the fuckup. I've enclosed a memory dump of the program array, and in it you should be able to find the instruction causing the problem and see if you can figure out why this is happening. Martin, I suggest really putting in some sanity checks in the execution of the byte code, controlled by ERROR_CHECK_BYTE_CODE, to check for this kind of stuff and all sorts of other possibilities. If this can occur, there might be a whole bunch of problems that could be occurring, most of the time causing no harm but every once in awhile fucking something else up in a strange, difficult to debug way. I can imagine already that you're going to grumble about the performance loss, but that's a given with error-checking, and it's saved our asses way many times. + program,m 0x02046810 d0 10 e7 01 54 8f b4 01 b4 8f b4 01 84 27 b8 01 ....T........'.. + program+16,m 0x02046820 8c 2d bf 01 cc e7 c1 01 e4 f1 b1 01 cc e7 c1 01 .-.............. + program+32,m 0x02046830 8c 2d bf 01 84 27 b8 01 8c 2d bf 01 fc b4 b5 01 .-...'...-...... + program+48,m 0x02046840 1c b0 b0 01 e4 f1 b1 01 24 8f b4 01 cc e7 c1 01 ........$....... + program+64,m 0x02046850 dc fe c3 01 64 4b c1 01 e4 f1 b1 01 b4 c4 bb 01 ....dK.......... + program+80,m 0x02046860 b4 8f b4 01 c4 60 bd 01 1c b0 b0 01 dc fe c3 01 .....`.......... + program+96,m 0x02046870 cc e7 c1 01 1c 9b b2 01 34 43 b2 01 08 19 0a c3 ........4C...... + program+112,m 0x02046880 16 68 04 02 40 6c 08 02 45 e8 00 00 40 00 00 00 .h..＠l..E...＠... + program+128,m 0x02046890 c0 20 ad 3c 09 ab 05 c2 20 aa 07 c3 c4 20 21 c5 . .<.... .... !. + program+144,m 0x020468a0 61 ad 2d 0e 06 3b ad 28 c7 0e 06 21 ad 22 0e 06 a.-..;.(...!.".. + program+160,m 0x020468b0 09 ab 09 c8 c9 ca 20 22 41 aa 08 cb cc cd 20 c9 ...... "A..... . + program+176,m 0x020468c0 22 21 98 3f ad 0a ce cd 20 c9 0e 06 42 43 22 87 "!.?.... ...BC". + program+192,m 0x020468d0 54 b3 04 02 76 69 70 65 72 2d 75 73 65 2d 72 65 T...viper-use-re -- Ben In order to save my hands, I am cutting back on my mail. I also write as succinctly as possible -- please don't be offended. If you send me mail, you _will_ get a response, but please be patient, especially for XEmacs-related mail. If you need an immediate response and it is not apparent in your message, please say so. Thanks for your understanding. See also http://www.666.com/ben/typing.html.