GNU bug report logs -
#1380
23.0.60; file content causes CVS emacs to crash
Previous Next
Reported by: Ted Zlatanov <tzz <at> lifelogs.com>
Date: Wed, 19 Nov 2008 16:40:04 UTC
Severity: normal
Merged with 1371
Done: Chong Yidong <cyd <at> stupidchicken.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 1380 in the body.
You can then email your comments to 1380 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded to
bug-submit-list <at> lists.donarmstrong.com, Emacs Bugs <bug-gnu-emacs <at> gnu.org>
:
bug#1380
; Package
emacs
.
Full text and
rfc822 format available.
Acknowledgement sent to
Ted Zlatanov <tzz <at> lifelogs.com>
:
New bug report received and forwarded. Copy sent to
Emacs Bugs <bug-gnu-emacs <at> gnu.org>
.
Full text and
rfc822 format available.
Message #5 received at submit <at> emacsbugs.donarmstrong.com (full text, mbox):
[Message part 1 (text/plain, inline)]
Please write in English if possible, because the Emacs maintainers
usually do not have translators to read other languages for them.
Your bug report will be posted to the emacs-pretest-bug <at> gnu.org mailing list.
Please describe exactly what actions triggered the bug
and the precise symptoms of the bug:
The file content in a file causes Emacs to crash as soon as it's opened.
Tested with "emacs -q file". This is a vimrc file, but it causes the
crash under any name, so it's content-related and not mode-related. I
can't attach the file directly because doing so crashes Emacs; I am
attaching it compressed.
If Emacs crashed, and you have the Emacs process in the gdb debugger,
please include the output from the following gdb commands:
`bt full' and `xbacktrace'.
If you would like to further debug the crash, please read the file
/usr/local/share/emacs/23.0.60/etc/DEBUG for instructions.
#0 0xb7fe3410 in __kernel_vsyscall ()
No symbol table info available.
#1 0xb76634b6 in kill () from /lib/tls/i686/cmov/libc.so.6
No symbol table info available.
#2 0x081075d2 in fatal_error_signal (sig=0xb) at emacs.c:399
No locals.
#3 <signal handler called>
No symbol table info available.
#4 0x0818769d in print_object (obj=0x1, printcharfun=0x8369d49, escapeflag=0x1) at print.c:1731
end = <value optimized out>
c = <value optimized out>
i_byte = <value optimized out>
confusing = <value optimized out>
p = <value optimized out>
size_byte = <value optimized out>
buf = "��9\b\002\000\000\000\000\000\n�I\2356\b\001\000\000\000I\2356\b\001\000\000\000I\2356\b\001\000\000\000z?:\b"
#5 0x0818bc5d in Fprin1 (object=0x1, printcharfun=0x8369d49) at print.c:750
old = (struct buffer *) 0x8370218
old_point = 0xffffffff
start_point = 0xffffffff
old_point_byte = 0xffffffff
start_point_byte = 0xffffffff
free_print_buffer = 0x0
#6 0x0818c19a in print_error_message (data=0x8d18dad, stream=0x8369d49, context=0xbfffedc6 "", caller=0x8391d91) at print.c:1105
obj = 0x0
errname = 0x83745f9
errmsg = 0x838aad3
file_error = 0x8369d19
tail = <value optimized out>
i = 0x1
#7 0x08110c8e in cmd_error_internal (data=0x8d18dad, context=0xbfffedc6 "") at keyboard.c:1283
No locals.
#8 0x08110d95 in cmd_error (data=0x8d18dad) at keyboard.c:1222
old_level = 0x8369d19
old_length = 0x8369d19
macroerror = "\000���\004\b\000\000\000\000����@���\000\000\000\000\000\000��\031\2356\b��\205\b\000\000\n�\000\000\000\000\020\237>\b\000\237>\b"
#9 0x0816f3bc in internal_condition_case (bfun=0x810d300 <top_level_2>, handlers=0x83745c9, hfun=0x8110ce0 <cmd_error>) at eval.c:1501
val = <value optimized out>
c = {tag = 0x8369d19, val = 0x8d18dad, next = 0xbfffef30, gcpro = 0x0, jmp = {{__jmpbuf = {0x0, 0x83e9f10, 0x83e9f00, 0xbfffeef8, 0xebdc2081, 0x39e6a3ee}, __mask_was_saved = 0x0, __saved_mask = {__val = {0xb7643b1c, 0xbfff0002, 0xb7ff2259, 0x804ecee, 0xb78eacd4, 0xb7ffeff4, 0xbfffed50, 0xb73bf620, 0xbfffed84, 0xb7fed059, 0x8c2d778, 0xbfffed44, 0xb7782ff4, 0x8c2d778, 0xb7ffb5bc, 0xbfffed50, 0xbfffee50, 0xbfffeeb0, 0xbfffefd0, 0xffffffff, 0xbfffef38, 0x811f6c3, 0xbfffefd0, 0xb763fb9c, 0xb78ead20, 0x0, 0xffffffff, 0xb7ffeff4, 0x804a758, 0xb7fff668, 0xbfffef00, 0xb7ff1429}}}}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0x0, pdlcount = 0x2, poll_suppress_count = 0x1, interrupt_input_blocked = 0x0, byte_stack = 0x0}
h = {handler = 0x83745c9, var = 0x8369d19, chosen_clause = 0x8369d49, tag = 0xbfffee1c, next = 0x0}
#10 0x08110a80 in top_level_1 () at keyboard.c:1355
No locals.
#11 0x0816f46a in internal_catch (tag=0x8373611, func=0x8110a50 <top_level_1>, arg=0x8369d19) at eval.c:1247
c = {tag = 0x8373611, val = 0x8369d19, next = 0x0, gcpro = 0x0, jmp = {{__jmpbuf = {0x0, 0x83e9f10, 0x83e9f00, 0xbfffeff8, 0xebde4081, 0x39e8bbee}, __mask_was_saved = 0x0, __saved_mask = {__val = {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb76a3d91, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8c52328, 0xb77652f5, 0x0, 0xb7784190, 0x0, 0x83a4022, 0x83a4648, 0x83a4020, 0xbfffefe8, 0x8160f75, 0x83a4649, 0x83a4022, 0x8369d19, 0x8370218, 0x0, 0x0, 0x8369d31}}}}, backlist = 0x0, handlerlist = 0x0, lisp_eval_depth = 0x0, pdlcount = 0x2, poll_suppress_count = 0x1, interrupt_input_blocked = 0x0, byte_stack = 0x0}
#12 0x08110b29 in command_loop () at keyboard.c:1310
No locals.
#13 0x08110ebb in recursive_edit_1 () at keyboard.c:942
val = <value optimized out>
#14 0x08110ff1 in Frecursive_edit () at keyboard.c:1004
buffer = 0x8369d19
#15 0x081068d5 in main (argc=0x3, argv=0xbffff3f4) at emacs.c:1777
dummy = 0x0
stack_bottom_variable = 0x8
do_initial_setlocale = <value optimized out>
skip_args = 0x0
rlim = {rlim_cur = 0x800000, rlim_max = 0xffffffffffffffff}
no_loadup = 0x0
junk = 0x0
dname_arg = 0x0
In GNU Emacs 23.0.60.24 (i686-pc-linux-gnu, GTK+ Version 2.12.9)
of 2008-11-17 on tzlatanov-ubuntu-desktop
Windowing system distributor `The X.Org Foundation', version 11.0.10400090
configured using `configure '--without-makeinfo' 'CC=gcc''
Important settings:
value of $LC_ALL: nil
value of $LC_COLLATE: nil
value of $LC_CTYPE: nil
value of $LC_MESSAGES: nil
value of $LC_MONETARY: nil
value of $LC_NUMERIC: nil
value of $LC_TIME: nil
value of $LANG: en_US.UTF-8
value of $XMODIFIERS: nil
locale-coding-system: utf-8
default-enable-multibyte-characters: t
[v.gz (application/octet-stream, attachment)]
Information forwarded to
bug-submit-list <at> lists.donarmstrong.com, Emacs Bugs <bug-gnu-emacs <at> gnu.org>
:
bug#1380
; Package
emacs
.
Full text and
rfc822 format available.
Acknowledgement sent to
Chong Yidong <cyd <at> stupidchicken.com>
:
Extra info received and forwarded to list. Copy sent to
Emacs Bugs <bug-gnu-emacs <at> gnu.org>
.
Full text and
rfc822 format available.
Message #10 received at 1380 <at> emacsbugs.donarmstrong.com (full text, mbox):
> The file content in a file causes Emacs to crash as soon as it's
> opened. Tested with "emacs -q file".
Looks like the charbuf in the coding structure is overflowing. The
following rough patch prevents this overflow and the crash, but maybe
there is a deeper bug. The comments in coding.c:6610 says "We are sure
that the number of data is less than the size of coding->charbuf." This
bug comes about due to that faile assumption.
Handa-san, what do you think?
*** trunk/src/coding.c.~1.394.~ 2008-10-24 00:06:43.000000000 -0400
--- trunk/src/coding.c 2008-11-20 02:29:02.000000000 -0500
***************
*** 6617,6622 ****
--- 6617,6633 ----
if (c & 0x80)
c = BYTE8_TO_CHAR (c);
+
+ if (coding->charbuf_used >= coding->charbuf_size)
+ {
+ int *old_charbuf = coding->charbuf;
+
+ coding->charbuf_size *= 2;
+ coding->charbuf = (int *) alloca (sizeof (int)
+ * coding->charbuf_size);
+ bcopy (old_charbuf, coding->charbuf, coding->charbuf_size);
+ }
+
coding->charbuf[coding->charbuf_used++] = c;
}
produce_chars (coding, Qnil, 1);
Merged 1371 1380.
Request was from
"Juanma Barranquero" <lekktu <at> gmail.com>
to
control <at> emacsbugs.donarmstrong.com
.
(Thu, 20 Nov 2008 09:25:04 GMT)
Full text and
rfc822 format available.
Information forwarded to
bug-submit-list <at> lists.donarmstrong.com, Emacs Bugs <bug-gnu-emacs <at> gnu.org>
:
bug#1380
; Package
emacs
.
Full text and
rfc822 format available.
Acknowledgement sent to
Kenichi Handa <handa <at> m17n.org>
:
Extra info received and forwarded to list. Copy sent to
Emacs Bugs <bug-gnu-emacs <at> gnu.org>
.
Full text and
rfc822 format available.
Message #17 received at 1380 <at> emacsbugs.donarmstrong.com (full text, mbox):
In article <87myfuhmrk.fsf <at> cyd.mit.edu>, Chong Yidong <cyd <at> stupidchicken.com> writes:
> > The file content in a file causes Emacs to crash as soon as it's
> > opened. Tested with "emacs -q file".
> Looks like the charbuf in the coding structure is overflowing. The
> following rough patch prevents this overflow and the crash, but maybe
> there is a deeper bug. The comments in coding.c:6610 says "We are sure
> that the number of data is less than the size of coding->charbuf." This
> bug comes about due to that faile assumption.
> Handa-san, what do you think?
I found that it's a bug in detect/decode_coding_iso_2022,
and just installed a fix.
---
Kenichi Handa
handa <at> ni.aist.go.jp
bug closed, send any further explanations to Ted Zlatanov <tzz <at> lifelogs.com>
Request was from
Chong Yidong <cyd <at> stupidchicken.com>
to
control <at> emacsbugs.donarmstrong.com
.
(Fri, 21 Nov 2008 02:55:04 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> emacsbugs.donarmstrong.com
.
(Wed, 14 Jan 2009 15:24:04 GMT)
Full text and
rfc822 format available.
This bug report was last modified 16 years and 216 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.