GNU bug report logs -
#1864
23.0.60; detect attached file coding system, make emacs crash.
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 1864 in the body.
You can then email your comments to 1864 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-submit-list <at> lists.donarmstrong.com, Emacs Bugs <bug-gnu-emacs <at> gnu.org>:
bug#1864; Package
emacs.
(Mon, 12 Jan 2009 03:00:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Wang Diancheng <dianchengwang <at> gmail.com>:
New bug report received and forwarded. Copy sent to
Emacs Bugs <bug-gnu-emacs <at> gnu.org>.
(Mon, 12 Jan 2009 03:00:03 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> emacsbugs.donarmstrong.com (full text, mbox):
[Message part 1 (text/plain, inline)]
detect attached file coding system with following code, make emacs crash
(with-temp-buffer
(insert-file-contents "/home/dcwang/1.txt")
(detect-coding-region (point-min) (point-max) t))
bt full (top 10 frames):
#0 detect_coding_utf_16 (coding=0xbfed10b0, detect_info=0xbfed11a0) at coding.c:1622
e = '\0' <repeats 45 times>, "\001", '\0' <repeats 56 times>, "\001\000\000\001\000\000\000\000\000\000\000\000\001\000\001", '\0' <repeats 138 times>
o = '\0' <repeats 45 times>, "\001", '\0' <repeats 56 times>, "\001\000\000\001\000\000\000\000\001\000\000\000\001\000\001", '\0' <repeats 138 times>
e_num = 5
o_num = 7
src = (
const unsigned char *) 0x8d78fe9 "\ninfo-title=\340\244\222\340\244\244\340\245\246\366\200\201\214900\340\245\213\ninfo-album=\340\244\222\340\244\244\340\245\246\366\200\201\214900\340\245\213\ninfo-tracknumber=1\ninfo-year=0\ninfo-genre=*\340\245\213\ninfo-note=\ninfo-playing-time=1379\n"
src_end = (const unsigned char *) 0x8d79079 ""
multibytep = 1
c1 = -2406
c2 = -1572940
#1 0x080b29bc in detect_coding_system (
src=0x8d78fd0 "info-artist=\340\244\222\340\244\244\340\245\246\366\200\201\214\ninfo-title=\340\244\222\340\244\244\340\245\246\366\200\201\214900\340\245\213\ninfo-album=\340\244\222\340\244\244\340\245\246\366\200\201\214900\340\245\213\ninfo-tracknumber=1\ninfo-year=0\ninfo-genre=*\340\245\213\ninfo-note=\ninfo-playing-time=1379\n",
src_chars=136, src_bytes=169, highest=1, multibytep=1, coding_system=137943241) at coding.c:7847
category = <value optimized out>
this = (struct coding_system *) 0x8345f30
c = <value optimized out>
i = 12
src_end = (const unsigned char *) 0x8d79079 ""
attrs = <value optimized out>
eol_type = 138073060
val = 137943241
coding = {
id = 4,
common_flags = 5120,
mode = 2,
spec = {
iso_2022 = {
flags = 135436798,
current_invocation = {-1, 169},
current_designation = {136, 136, 136, 0},
single_shifting = -1074982680,
bol = 0
},
ccl = 0x81299fe,
utf_16 = {
bom = 135436798,
endian = 4294967295,
surrogate = 169
},
utf_8_bom = 135436798,
emacs_mule_full_support = 135436798
},
max_charset_id = 0,
safe_charsets = 0x838faec "",
src_multibyte = 1,
dst_multibyte = 0,
head_ascii = 12,
produced = 148344260,
produced_char = 148346784,
consumed = 0,
consumed_char = 1,
errors = 2136,
error_positions = 0x8d78dc4,
result = CODING_RESULT_INVALID_SRC,
src_pos = 0,
src_pos_byte = -1075130800,
src_chars = 136,
src_bytes = 169,
src_object = 1,
source = 0x8d78fd0 "info-artist=\340\244\222\340\244\244\340\245\246\366\200\201\214\ninfo-title=\340\244\222\340\244\244\340\245\246\366\200\201\214900\340\245\213\ninfo-album=\340\244\222\340\244\244\340\245\246\366\200\201\214900\340\245\213\ninfo-tracknumber=1\ninfo-year=0\ninfo-genre=*\340\245\213\ninfo-note=\ninfo-playing-time=1379\n",
dst_pos = 14525,
dst_pos_byte = 0,
dst_bytes = 29,
dst_object = 0,
destination = 0x1 <Address 0x1 out of bounds>,
chars_at_source = 0,
charbuf = 0x83bb0e9,
charbuf_size = 1376529752,
charbuf_used = 1511,
annotated = 149,
carryover = "+\320\327\b(\320\327\b\371\3308\bx\021\355\277R\f\030\b\371\3308\b \000\000\000p\202\n\b\340\276\n\b\004\000\000\000\371\3308\b\370\021\355\277X!\031\b\371\3308\b\244\201\000\000\001\000\000",
carryover_bytes = 1000,
default_char = 0,
detector = 0,
decoder = 0x80a7640 <decode_coding_raw_text>,
encoder = 0x80b78b0 <encode_coding_raw_text>
}
id = <value optimized out>
detect_info = {
checked = 294911,
found = 0,
rejected = 3328
}
null_byte_found = 0
eight_bit_found = <value optimized out>
#2 0x080b2dfc in Fdetect_coding_region (start=8, end=1096, highest=137943289) at coding.c:8058
from = 1
to = 137
from_byte = 1
to_byte = 169
#3 0x081923c4 in Feval (form=148944845) at eval.c:2381
numargs = <value optimized out>
argvals = {8, 1096, 137943289, 137943241, 137943241, 148361211, 7, 7}
args_left = 137943241
i = 3
fun = <value optimized out>
val = <value optimized out>
original_fun = <value optimized out>
original_args = 148944861
funcar = <value optimized out>
backtrace = {
next = 0xbfed12e0,
function = 0xbfed1268,
args = 0xbfed1230,
nargs = 3,
evalargs = 1 '\001',
debug_on_exit = 0 '\0'
}
#4 0x0819268f in Fprogn (args=4) at eval.c:449
val = -1074982824
#5 0x0819249b in Feval (form=148942909) at eval.c:2322
numargs = 4
argvals = {2, 138158929, -1074982168, 135793746, 138157906, 148943085, 4, 1}
args_left = 148942885
i = <value optimized out>
fun = <value optimized out>
val = <value optimized out>
original_fun = <value optimized out>
original_args = 148942885
funcar = <value optimized out>
backtrace = {
next = 0xbfed1380,
function = 0xbfed12f8,
args = 0xbfed12f4,
nargs = -1,
evalargs = 0 '\0',
debug_on_exit = 0 '\0'
}
#6 0x08192ad2 in Funwind_protect (args=148942981) at eval.c:1353
val = <value optimized out>
#7 0x0819249b in Feval (form=148942989) at eval.c:2322
numargs = 4
argvals = {148344260, 136426564, 10, 145607856, 4, 0, 1, 136426564}
args_left = 148942981
i = <value optimized out>
fun = <value optimized out>
val = <value optimized out>
original_fun = <value optimized out>
original_args = 148942981
funcar = <value optimized out>
backtrace = {
next = 0xbfed1430,
function = 0xbfed1398,
args = 0xbfed1394,
nargs = -1,
evalargs = 0 '\0',
debug_on_exit = 0 '\0'
}
#8 0x0819268f in Fprogn (args=4) at eval.c:449
val = -1074982824
#9 0x08185b86 in Fsave_current_buffer (args=148943085) at editfns.c:1023
val = <value optimized out>
#10 0x0819249b in Feval (form=148943093) at eval.c:2322
numargs = 4
argvals = {136426564, 148663201, 148942989, 135863493, 148943005, 148942901, 148943013, 148663201}
args_left = 148943085
i = <value optimized out>
fun = <value optimized out>
val = <value optimized out>
original_fun = <value optimized out>
original_args = 148943085
funcar = <value optimized out>
backtrace = {
next = 0xbfed14b0,
function = 0xbfed1448,
args = 0xbfed1444,
nargs = -1,
evalargs = 0 '\0',
debug_on_exit = 0 '\0'
}
xbacktrace:
"detect-coding-region" (0xbfed1230)
"progn" (0xbfed12f4)
"unwind-protect" (0xbfed1394)
"save-current-buffer" (0xbfed1444)
"with-current-buffer" (0xbfed14c4)
"let" (0xbfed15a4)
"with-temp-buffer" (0xbfed1624)
"eval" (0xbfed16c8)
"eval-last-sexp-1" (0xbfed17f4)
"eval-last-sexp" (0xbfed1974)
"call-interactively" (0xbfed1b34)
[1.txt (text/plain, attachment)]
Information forwarded
to
bug-submit-list <at> lists.donarmstrong.com, Emacs Bugs <bug-gnu-emacs <at> gnu.org>:
bug#1864; Package
emacs.
(Wed, 14 Jan 2009 04:00:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Chong Yidong <cyd <at> stupidchicken.com>:
Extra info received and forwarded to list. Copy sent to
Emacs Bugs <bug-gnu-emacs <at> gnu.org>.
(Wed, 14 Jan 2009 04:00:04 GMT)
Full text and
rfc822 format available.
Message #10 received at 1864 <at> emacsbugs.donarmstrong.com (full text, mbox):
> detect attached file coding system with following code, make emacs crash
>
> (with-temp-buffer
> (insert-file-contents "/home/dcwang/1.txt")
> (detect-coding-region (point-min) (point-max) t))
Looks like detect_coding_utf_16 forgets to check for negative values of
ONE_MORE_BYTE. Handa-san, could you check the following patch?
*** trunk/src/coding.c.~1.406.~ 2009-01-11 08:23:34.000000000 -0500
--- trunk/src/coding.c 2009-01-13 22:54:10.000000000 -0500
***************
*** 1612,1617 ****
--- 1612,1621 ----
{
ONE_MORE_BYTE (c1);
ONE_MORE_BYTE (c2);
+
+ if (c1 < 0 || c2 < 0)
+ break;
+
if (! e[c1])
{
e[c1] = 1;
Information forwarded
to
bug-submit-list <at> lists.donarmstrong.com, Emacs Bugs <bug-gnu-emacs <at> gnu.org>:
bug#1864; Package
emacs.
(Wed, 14 Jan 2009 08:50:03 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
"Juanma Barranquero" <lekktu <at> gmail.com>:
Extra info received and forwarded to list. Copy sent to
Emacs Bugs <bug-gnu-emacs <at> gnu.org>.
(Wed, 14 Jan 2009 08:50:03 GMT)
Full text and
rfc822 format available.
Message #15 received at 1864 <at> emacsbugs.donarmstrong.com (full text, mbox):
On Wed, Jan 14, 2009 at 04:54, Chong Yidong <cyd <at> stupidchicken.com> wrote:
> *** 1612,1617 ****
> --- 1612,1621 ----
> {
> ONE_MORE_BYTE (c1);
> ONE_MORE_BYTE (c2);
> +
> + if (c1 < 0 || c2 < 0)
> + break;
> +
> if (! e[c1])
> {
> e[c1] = 1;
Don't you need a test also before lines 1605-1606, where c1 and c2 are
used as array indexes?
Juanma
bug closed, send any further explanations to Wang Diancheng <dianchengwang <at> gmail.com>
Request was from
Chong Yidong <cyd <at> stupidchicken.com>
to
control <at> emacsbugs.donarmstrong.com.
(Wed, 14 Jan 2009 13:40:05 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> emacsbugs.donarmstrong.com.
(Wed, 11 Feb 2009 15:24:08 GMT)
Full text and
rfc822 format available.
This bug report was last modified 16 years and 133 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.