Package: emacs;
Reported by: Richard Hansen <rhansen <at> bbn.com>
Date: Sat, 12 Apr 2014 06:12:02 UTC
Severity: normal
Found in version 24.3
Done: Paul Eggert <eggert <at> cs.ucla.edu>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 17249 in the body.
You can then email your comments to 17249 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
bug-gnu-emacs <at> gnu.org:bug#17249; Package emacs.
(Sat, 12 Apr 2014 06:12:02 GMT) Full text and rfc822 format available.Richard Hansen <rhansen <at> bbn.com>:bug-gnu-emacs <at> gnu.org.
(Sat, 12 Apr 2014 06:12:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Richard Hansen <rhansen <at> bbn.com> To: bug-gnu-emacs <at> gnu.org Subject: 24.3; segfault with certain unicode strings in C locale Date: Sat, 12 Apr 2014 02:11:20 -0400
I can get emacs to crash with these shell commands:
# generate a unicode string
printf '\040\314\210\302\273\n' >crash-emacs.txt
LC_ALL=C emacs -nw -Q +1:3 crash-emacs.txt
If I set LC_ALL=en_US.utf8 then it does not crash.
Here is the gdb backtrace:
#0 0x0000000000498c20 in char_table_ref (table=<optimized out>,
c=c <at> entry=4194690) at chartab.c:234
tbl = 0xbb5000
val = 4611686018429485125
#1 0x00000000005a679e in composition_compute_stop_pos (
cmp_it=cmp_it <at> entry=0x7fffffffcf50, charpos=4, charpos <at> entry=3,
bytepos=<optimized out>, bytepos <at> entry=3,
endpos=<optimized out>, endpos <at> entry=5, string=12124434)
at composite.c:1053
start = 3
end = 40
c = 4194690
prop = 839073240292445696
val = <optimized out>
#2 0x000000000051bc7e in scan_for_column (
endpos=endpos <at> entry=0x7fffffffcfe8,
goalcol=goalcol <at> entry=0x7fffffffcff8,
prevcol=prevcol <at> entry=0x7fffffffcff0) at indent.c:595
c = <optimized out>
ctl_arrow = true
dp = 0x0
multibyte = true
cmp_it = {
stop_pos = 5,
id = -1,
ch = -2,
rule_idx = 0,
lookback = 1,
nglyphs = 2,
reversed_p = false,
charpos = 2,
nchars = 1,
nbytes = 1,
from = 1,
to = 2,
width = 1
}
window = <optimized out>
w = 0xba2978
col = 2
prev_col = 1
goal = 2
end = 5
scan = 3
scan_byte = 3
next_boundary = 5
#3 0x000000000051cea1 in Fmove_to_column (column=<optimized out>,
force=12124434) at indent.c:990
pos = 5
prev_col = 20186896
col = 2
goal = 2
#4 0x000000000055006d in Ffuncall (nargs=<optimized out>,
args=<optimized out>) at eval.c:2781
fun = 8584349
original_fun = 12285586
funcar = <optimized out>
numargs = <optimized out>
lisp_numargs = <optimized out>
val = <optimized out>
backtrace = {
next = 0x7fffffffd250,
function = 12285586,
args = 0x7fffffffd160,
nargs = 1,
debug_on_exit = 0
}
internal_args = 0x7fffffffd030
i = <optimized out>
#5 0x0000000000584a8b in exec_byte_code (bytestr=12275717,
vector=4194690, maxdepth=4611686018695757824,
args_template=4611686018430533632, nargs=4611686018695757824,
args=0x7fffffffd150) at bytecode.c:900
targets = {0x584ba8 <exec_byte_code+1032>,
...
vectorp = 0x8c6fb8 <pure+601144>
stack = {
pc = 0xab5414 <pure+2625684> "\210\313\262\006\266\002\201Q",
byte_string = 9203593,
byte_string_start = 0xab5099 <pure+2624793> "\306 \210\b\203\021",
constants = 9203629,
next = 0x7fffffffd380
}
result = 4611686018429485125
#6 0x000000000054f9bd in funcall_lambda (fun=9203629,
nargs=nargs <at> entry=1, arg_vector=0x8c6f89 <pure+601097>,
arg_vector <at> entry=0x7fffffffd2d0) at eval.c:2944
val = <optimized out>
syms_left = <optimized out>
next = <optimized out>
lexenv = <optimized out>
count = -26216640712628180
i = <optimized out>
optional = <optimized out>
rest = <optimized out>
#7 0x000000000054feeb in Ffuncall (nargs=2, args=0x7fffffffd2c8)
at eval.c:2839
fun = <optimized out>
original_fun = 16434802
funcar = <optimized out>
numargs = 1
lisp_numargs = <optimized out>
val = <optimized out>
backtrace = {
next = 0x7fffffffd410,
function = 16434802,
args = 0x7fffffffd2d0,
nargs = 1,
debug_on_exit = 0
}
internal_args = <optimized out>
i = <optimized out>
#8 0x0000000000584a8b in exec_byte_code (bytestr=12275717,
vector=4194690, maxdepth=4611686018695757824,
args_template=4611686018430533632, nargs=4611686018695757824,
args=0x7fffffffd2c8) at bytecode.c:900
targets = {0x584ba8 <exec_byte_code+1032>,
...
vectorp = 0x8c0600 <pure+574080>
stack = {
pc = 0xab7f31 <pure+2636721> "\210\016H\203\264\005\201\303",
byte_string = 9176529,
byte_string_start = 0xab7989 <pure+2635273> "\306 \020\307\021\n\023\307\024\310\311!\211\307=\204\060",
constants = 9176565,
next = 0x7fffffffd500
}
result = 4611686018429485125
#9 0x000000000054f9bd in funcall_lambda (fun=9176565,
nargs=nargs <at> entry=0, arg_vector=0x8c05d1 <pure+574033>,
arg_vector <at> entry=0x7fffffffd498) at eval.c:2944
val = <optimized out>
syms_left = <optimized out>
next = <optimized out>
lexenv = <optimized out>
count = -26216640712628168
i = <optimized out>
optional = <optimized out>
rest = <optimized out>
#10 0x000000000054feeb in Ffuncall (nargs=1, args=0x7fffffffd490)
at eval.c:2839
fun = <optimized out>
original_fun = 15567250
funcar = <optimized out>
numargs = 0
lisp_numargs = <optimized out>
val = <optimized out>
backtrace = {
next = 0x7fffffffd630,
function = 15567250,
args = 0x7fffffffd498,
nargs = 0,
debug_on_exit = 0
}
internal_args = <optimized out>
i = <optimized out>
#11 0x0000000000584a8b in exec_byte_code (bytestr=12275717,
vector=4194690, maxdepth=4611686018695757824,
args_template=4611686018430533632, nargs=4611686018695757824,
args=0x7fffffffd488) at bytecode.c:900
targets = {0x584ba8 <exec_byte_code+1032>,
...
vectorp = 0x8bf9d0 <pure+570960>
stack = {
pc = 0xab84b7 <pure+2638135> "\210)\210\351\352\353\"\210\354\321\355\"\211;\203\256",
byte_string = 9173409,
byte_string_start = 0xab8422 <pure+2637986> "\b\203\b",
constants = 9173445,
next = 0x0
}
result = 4611686018429485125
#12 0x000000000054f9bd in funcall_lambda (fun=9173445,
fun <at> entry=9173357, nargs=nargs <at> entry=0,
arg_vector=0x8bf9a1 <pure+570913>,
arg_vector <at> entry=0x7fffffffd570) at eval.c:2944
val = <optimized out>
syms_left = <optimized out>
next = <optimized out>
lexenv = <optimized out>
count = -26221038759138928
i = <optimized out>
optional = <optimized out>
rest = <optimized out>
#13 0x000000000054effd in apply_lambda (fun=9173357,
args=<optimized out>) at eval.c:2887
args_left = 12124434
i = <optimized out>
numargs = 0
arg_vector = <optimized out>
gcpro1 = <optimized out>
tem = <optimized out>
sa_count = 3
sa_must_free = <optimized out>
#14 0x000000000054f3c2 in eval_sub (form=form <at> entry=12349798)
at eval.c:2218
fun = <optimized out>
val = <optimized out>
original_fun = 15837026
original_args = 12124434
funcar = <optimized out>
backtrace = {
next = 0x0,
function = 15837026,
args = 0x7fffffffd570,
nargs = 0,
debug_on_exit = 0
}
gcpro3 = <optimized out>
#15 0x00000000005527cd in Feval (form=12349798,
lexical=<optimized out>) at eval.c:2005
count = 2
#16 0x000000000054e5b3 in internal_condition_case (
bfun=bfun <at> entry=0x4dd600 <top_level_2>, handlers=12176114,
hfun=hfun <at> entry=0x4e2290 <cmd_error>) at eval.c:1289
val = <optimized out>
c = {
tag = 12124434,
val = 12124434,
next = 0x7fffffffd8b0,
gcpro = 0x0,
jmp = {{
__jmpbuf = {1, 7163789923458151104, 12124434, 4000,
140737488346000, 1, -7163791675184188736,
7163791299020387008},
__mask_was_saved = 0,
__saved_mask = {
__val = {17, 0, 140737354130880, 0, 140737354130880,
140737488345136, 140737488345120, 3488983867,
4299206140, 4294967295, 4238103, 4294967295,
67108864, 140737251060432, 140737353872624, 0}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
h = {
handler = 12176114,
var = 12124434,
chosen_clause = 4294967296,
tag = 0x7fffffffd760,
next = 0x0
}
#17 0x00000000004dd5e6 in top_level_1 (ignore=ignore <at> entry=12124434)
at keyboard.c:1185
No locals.
#18 0x000000000054e48e in internal_catch (tag=<optimized out>,
func=func <at> entry=0x4dd580 <top_level_1>, arg=12124434)
at eval.c:1060
c = {
tag = 12171954,
val = 12124434,
next = 0x0,
gcpro = 0x0,
jmp = {{
__jmpbuf = {1, 7163789923458151104, 12124434, 4000,
140737488346000, 1, -7163791674762661184,
7163791298990764736},
__mask_was_saved = 0,
__saved_mask = {
__val = {140737351972645, 400, 5, 0, 0, 0, 0,
227633266711, 5849150, 532575944823, 6198499,
140737488345584, 140737488345592, 0,
140737488345584, 6198499}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
#19 0x00000000004e1d9f in command_loop () at keyboard.c:1146
No locals.
#20 recursive_edit_1 () at keyboard.c:779
count = 1
val = 20186704
#21 0x00000000004e20b4 in Frecursive_edit () at keyboard.c:843
count = 0
buffer = 12124434
#22 0x00000000004171d5 in main (argc=<optimized out>,
argv=0x7fffffffdb98) at emacs.c:1528
dummy = 140737353873872
stack_bottom_variable = -15 '\361'
do_initial_setlocale = <optimized out>
dumping = <optimized out>
skip_args = 1
rlim = {
rlim_cur = 8720000,
rlim_max = 18446744073709551615
}
no_loadup = false
junk = 0x0
dname_arg = 0x0
ch_to_dir = 0x818 <Address 0x818 out of bounds>
Lisp Backtrace:
"move-to-column" (0xffffd160)
"command-line-1" (0xffffd2d0)
"command-line" (0xffffd498)
"normal-top-level" (0xffffd570)
In GNU Emacs 24.3.1 (x86_64-pc-linux-gnu, GTK+ Version 3.8.2)
of 2013-07-26 on roseapple, modified by Debian
Windowing system distributor `The X.Org Foundation', version 11.0.11405000
System Description: Ubuntu 13.10
Configured using:
`configure '--build' 'x86_64-linux-gnu' '--build' 'x86_64-linux-gnu'
'--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib'
'--localstatedir=/var/lib' '--infodir=/usr/share/info'
'--mandir=/usr/share/man' '--with-pop=yes'
'--enable-locallisppath=/etc/emacs24:/etc/emacs:/usr/local/share/emacs/24.3/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/24.3/site-lisp:/usr/share/emacs/site-lisp'
'--with-crt-dir=/usr/lib/x86_64-linux-gnu' '--with-x=yes'
'--with-x-toolkit=gtk3' '--with-toolkit-scroll-bars'
'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wall'
'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro'
'CPPFLAGS=-D_FORTIFY_SOURCE=2''
Important settings:
value of $LC_TIME: en_DK.utf8
value of $LANG: en_US.utf8
locale-coding-system: utf-8-unix
default enable-multibyte-characters: t
bug-gnu-emacs <at> gnu.org:bug#17249; Package emacs.
(Sat, 12 Apr 2014 07:24:01 GMT) Full text and rfc822 format available.Message #8 received at 17249 <at> debbugs.gnu.org (full text, mbox):
From: Eli Zaretskii <eliz <at> gnu.org> To: Richard Hansen <rhansen <at> bbn.com> Cc: 17249 <at> debbugs.gnu.org Subject: Re: bug#17249: 24.3; segfault with certain unicode strings in C locale Date: Sat, 12 Apr 2014 10:23:00 +0300
> From: Richard Hansen <rhansen <at> bbn.com> > Date: Sat, 12 Apr 2014 02:11:20 -0400 > > I can get emacs to crash with these shell commands: > > # generate a unicode string > printf '\040\314\210\302\273\n' >crash-emacs.txt > LC_ALL=C emacs -nw -Q +1:3 crash-emacs.txt > > If I set LC_ALL=en_US.utf8 then it does not crash. I can reproduce this in Emacs 24.3, but not with the current development code, so I guess this was already fixed.
bug-gnu-emacs <at> gnu.org:bug#17249; Package emacs.
(Mon, 14 Apr 2014 04:57:02 GMT) Full text and rfc822 format available.Message #11 received at 17249 <at> debbugs.gnu.org (full text, mbox):
From: Richard Hansen <rhansen <at> bbn.com> To: Eli Zaretskii <eliz <at> gnu.org> Cc: 17249 <at> debbugs.gnu.org Subject: Re: bug#17249: 24.3; segfault with certain unicode strings in C locale Date: Mon, 14 Apr 2014 00:56:28 -0400
On 2014-04-12 03:23, Eli Zaretskii wrote: >> From: Richard Hansen <rhansen <at> bbn.com> >> Date: Sat, 12 Apr 2014 02:11:20 -0400 >> >> I can get emacs to crash with these shell commands: >> >> # generate a unicode string >> printf '\040\314\210\302\273\n' >crash-emacs.txt >> LC_ALL=C emacs -nw -Q +1:3 crash-emacs.txt >> >> If I set LC_ALL=en_US.utf8 then it does not crash. > > I can reproduce this in Emacs 24.3, but not with the current > development code, so I guess this was already fixed. Thanks for checking! I just did my own testing and agree that this has already been fixed. I checked out the latest emacs-24 branch of the Git repository (git://git.savannah.gnu.org/emacs.git) and could not reproduce the problem. To ensure the crash in 24.3 wasn't due to certain arguments passed to 'configure' (e.g., -fstack-protector in the CFLAGS used by Ubuntu), I checked out the emacs-24.3 tag, ran 'configure' with the same arguments I used to build the tip of the emacs-24 branch, and was still able to reproduce the crash. Thanks, Richard
Paul Eggert <eggert <at> cs.ucla.edu>:Richard Hansen <rhansen <at> bbn.com>:Message #16 received at 17249-done <at> debbugs.gnu.org (full text, mbox):
From: Paul Eggert <eggert <at> cs.ucla.edu> To: 17249-done <at> debbugs.gnu.org Subject: Re: 24.3; segfault with certain unicode strings in C locale Date: Sun, 13 Apr 2014 22:49:59 -0700
Thanks for checking. Since the bug is fixed I'm marking it as done.
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Mon, 12 May 2014 11:24:03 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.