GNU bug report logs - #15948
24.3.50; buf_charpos_to_bytepos crash

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 15948 in the body.
You can then email your comments to 15948 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Richard Stallman <rms <at> gnu.org>
To: bug-gnu-emacs <at> gnu.org
Subject: 24.3.50; buf_charpos_to_bytepos crash
Date: Thu, 21 Nov 2013 16:27:52 -0500

I got a crash because find_newline called buf_charpos_to_bytepos with
a charpos bigger than BUF_Z.  It was in an Rmail summary buffer.
Unfortunately I spazzed and the process got destroyed.



In GNU Emacs 24.3.50.14 (mips64el-unknown-linux-gnu, GTK+ Version 2.20.1)
 of 2013-11-12 on chiefs-gnewsense
Bzr revision: 115064 monnier <at> iro.umontreal.ca-20131111180547-6k3t8pomzwp8zbtf
System Description:	gNewSense GNU/Linux 3.0 (parkes)

Configured using:
 `configure 'CFLAGS=-g -O0''

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Buffer Menu

Minor modes in effect:
  shell-dirtrack-mode: t
  gpm-mouse-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  buffer-read-only: t
  line-number-mode: t
  transient-mark-mode: t
  abbrev-mode: t

Recent input:
e g r e e s SPC o f SPC i n s u f f i c i e n c y RET 
o f SPC f r e e d o m . C-x C-s C-x b R TAB C-g C-x 
C-f ESC DEL e m a c s - b z r / s c / DEL DEL r c / 
c m d s . x DEL c RET C-x C-v ESC b t r u n k / RET 
C-s f i n d _ n C-x C-g ESC x r e p o r t SPC e m a 
c s SPC b u g RET C-g ESC b ESC b C-s C-w C-w C-s C-s 
C-s ESC x g r e p RET f i n d _ n e w l i n e SPC * 
. c RET C-x o C-x 1 C-u C-u C-n C-n C-n C-n C-n C-n 
RET C-x 1 C-v C-v C-v C-v C-v ESC C-e C-x C-f C-g ESC 
C-a ESC C-a ESC C-a C-x C-f b u f f e r . h RET C-v 
C-v C-v C-v C-v C-v C-v C-v C-v C-v C-u C-u C-n C-u 
C-n C-n C-n C-n C-f C-f C-f C-@ ESC f ESC f ESC f ESC 
f ESC w ESC x g r e p RET C-y SPC * . c RET C-x o C-x 
C-g C-v C-u C-n RET C-x 1 C-@ ESC C-f ESC w C-u C-x 
m C-g ESC x r e n SPC b u f RET C-g ESC x r e n SPC 
u n RET C-x C-b C-x o C-g ESC x r e p o r t SPC e m 
a s SPC DEL c s SPC b u g RET

Recent messages:
Mark saved where search started
Grep finished (matches found)
Mark set [2 times]
Quit
Mark set [2 times]
Grep finished (matches found)
C-x C-g is undefined
Mark set [2 times]
Auto save file for draft message exists; consider M-x mail-recover
Quit [3 times]

Load-path shadows:
/home/rms/emacs-bzr/trunk/lisp/net/shr-color hides /home/rms/emacs-bzr/trunk/lisp/gnus/shr-color
/home/rms/emacs-bzr/trunk/lisp/net/shr hides /home/rms/emacs-bzr/trunk/lisp/gnus/shr

Features:
(shadow mule-util emacsbug vc-bzr cc-langs cl cl-loaddefs cl-lib
cc-mode cc-fonts cc-guess cc-menus cc-cmds cc-styles cc-align
cc-engine cc-vars cc-defs rmailout grep compile shell pcomplete comint
ansi-color ring misearch multi-isearch dabbrev quail help-mode
mailalias qp rmailmm message sendmail format-spec rfc822 mml easymenu
mml-sec mm-decode mm-bodies mm-encode mailabbrev gmm-utils mailheader
mail-parse rfc2231 dired t-mouse finder-inf package rmailedit rmail
rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils time-date
paren cus-start cus-load advice help-fns tooltip ediff-hook vc-hooks
lisp-float-type mwheel x-win x-dnd tool-bar dnd fontset image
regexp-opt fringe tabulated-list newcomment lisp-mode prog-mode
register page menu-bar rfn-eshadow timer select scroll-bar mouse
jit-lock font-lock syntax facemenu font-core frame cham georgian
utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean
japanese hebrew greek romanian slovak czech european ethiopic indian
cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev
minibuffer nadvice loaddefs button faces cus-face macroexp files
text-properties overlay sha1 md5 base64 format env code-pages mule
custom widget hashtable-print-readable backquote make-network-process
dbusbind gfilenotify dynamic-setting system-font-setting
font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs)
        [ To any NSA and FBI agents reading my email: please consider
        [ whether defending the US Constitution against all enemies,
        [ foreign or domestic, requires you to follow Snowden's example.


-- 
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org  www.gnu.org
Skype: No way! That's nonfree (freedom-denying) software.
  Use Ekiga or an ordinary phone call.

Message #12 received at 15948 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: rms <at> gnu.org
Cc: 15948 <at> debbugs.gnu.org
Subject: Re: bug#15948: 24.3.50; buf_charpos_to_bytepos crash
Date: Fri, 22 Nov 2013 09:27:26 +0200

> Date: Thu, 21 Nov 2013 16:27:52 -0500
> From: Richard Stallman <rms <at> gnu.org>
> 
> 
> I got a crash because find_newline called buf_charpos_to_bytepos with
> a charpos bigger than BUF_Z.  It was in an Rmail summary buffer.

This is bug #15841, it was fixed in bzr revision 115138.  Your build
is older than that, so please update soon to avoid this nasty
problem.  In the meantime, you can turn off cache-long-scans by
default, or even rebuild after doing that in buffer.c.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.