From d52ba1b5e7da071660ebd294bab3dcea7774aae2 Mon Sep 17 00:00:00 2001
From: Matthew Flatt <mflatt@racket-lang.org>
Date: Mon, 12 Aug 2013 19:13:19 -0600
Subject: [PATCH] fix interaction of continuations and stack overflow

There was an off-by-one error in trimming overflow
records in a captured continuation.

I provoked the crash by running the program below on Mac OS X;
resizing the frame caused a crash. It has something to do with the
`try-atomic' implementation, I think. I wasn't able to make a test
case in a half-hour of trying, however, and I'm giving up for now.

(define f (new frame% [label "deep"]))
(define b (new button%
               [parent f]
               [label "0"]))
(send f show #t)
(let loop ([n 0] [m 0])
  (if (= n 10000)
      (begin
        (send b set-label (format "~a" m))
        (for ([i 10]) (yield))
        (loop 0 (add1 m)))
      (cons 1 (loop (add1 n) m))))
---
 racket/src/racket/src/fun.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/racket/src/racket/src/fun.c b/racket/src/racket/src/fun.c
index 4eb1443a99..04b8ea99cd 100644
--- a/racket/src/racket/src/fun.c
+++ b/racket/src/racket/src/fun.c
@@ -4499,8 +4499,9 @@ static MZ_MARK_STACK_TYPE find_shareable_marks()
 static Scheme_Overflow *clone_overflows(Scheme_Overflow *overflow, void *limit, Scheme_Overflow *tail)
 {
   Scheme_Overflow *naya, *first = NULL, *prev = NULL;
+  int stop = 0;
 
-  for (; overflow && (!limit || (overflow->id != limit)); overflow = overflow->prev) {
+  for (; overflow && !stop; overflow = overflow->prev) {
     naya = MALLOC_ONE_RT(Scheme_Overflow);
     memcpy(naya, overflow, sizeof(Scheme_Overflow));
     if (prev)
@@ -4508,6 +4509,8 @@ static Scheme_Overflow *clone_overflows(Scheme_Overflow *overflow, void *limit,
     else
       first = naya;
     prev = naya;
+    if (limit && overflow->id == limit)
+      stop = 1;
   }
 
   if (first) {