GNU bug report logs -
#16049
24.3.50; Crash on startup on Mac OS X 10.9
Previous Next
Reported by: Jules Colding <colding <at> venalicium.dk>
Date: Wed, 4 Dec 2013 14:08:02 UTC
Severity: normal
Found in version 24.3.50
Done: Jan Djärv <jan.h.d <at> swipnet.se>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Hello.
5 dec 2013 kl. 21:20 skrev Eli Zaretskii <eliz <at> gnu.org>:
>> From: Jan Djärv <jan.h.d <at> swipnet.se>
>> Date: Thu, 5 Dec 2013 20:59:00 +0100
>> Cc: martin rudalics <rudalics <at> gmx.at>,
>> Jules Colding <colding <at> venalicium.dk>,
>> 16049 <at> debbugs.gnu.org
>>
>> (gdb) p desired_matrix->nrows
>> $1 = -306783372
>>
>> This is not random, I get the same value each time. Overflow?
>
> Put a watchpoint on that address, and see who gives it such a bogus
> value.
The root cause is grow_mini_window in window.c.
It sets w->pixel_height to a large negative value, and it is all downhill from there.
It is called twice. Right before w->pixel_height += pixel_height;
the values for pixelwise, w->pixel_height, pixel_height, line_height, FRAME_LINE_HEIGTH(f), delta and XINT (height) are:
1 1 -47 -3 14 13 47
The 1 for w->pixel_height looks wrong.
This will set w->pixel_height to -46.
The second call:
1 -46 -2147483603 .153391685 14 60 0
I'm not sure how this function is supposed to work. pixel_value is negative or it is a huge positive value. Is it relying on overflow?
Jan D.
This bug report was last modified 11 years and 170 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.