GNU bug report logs - #20156
Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp

Previous Next

Package: emacs;

Reported by: John F Carr <jfc <at> mit.edu>

Date: Sat, 21 Mar 2015 17:30:03 UTC

Severity: normal

Done: "Jan D." <jan.h.d <at> swipnet.se>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: "Jan D." <jan.h.d <at> swipnet.se>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#20156: closed (Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp)
Date: Sun, 22 Mar 2015 09:24:02 +0000

[Message part 1 (text/plain, inline)]
Your message dated Sun, 22 Mar 2015 10:23:27 +0100
with message-id <A353AAE9-AF49-4146-B2FE-789C25B7E575 <at> swipnet.se>
and subject line Re: bug#20156: Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp
has caused the debbugs.gnu.org bug report #20156,
regarding Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
20156: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=20156
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: John F Carr <jfc <at> mit.edu>
To: "bug-gnu-emacs <at> gnu.org" <bug-gnu-emacs <at> gnu.org>
Subject: Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp
Date: Sat, 21 Mar 2015 12:06:16 +0000

[Message part 3 (text/plain, inline)]
Emacs crashes on Mac Yosemite (native window system) when I use set-frame-font with certain font patterns.  The cause is writing past the end of an alloca buffer in fontset.c:fontset_pattern_regexp.  This triggers a stack check assertion.  Alloca is used to allocate space for a regexp, but the size neglects to consider the ^$ around the regexp.  “+1” should be “+3”.

To reproduce:

(set-frame-font "-adobe-courier-medium-r-normal--24-*-75-75-m-150-iso8859-1”)

without X installed.

Bug in 24.3 and "GNU Emacs 24.4.2 (x86_64-apple-darwin14.1.0, NS apple-appkit-1344.72)”.




[fontset.diff (application/octet-stream, attachment)]
[Message part 5 (message/rfc822, inline)]
From: "Jan D." <jan.h.d <at> swipnet.se>
To: John F Carr <jfc <at> mit.edu>
Cc: 20156-done <at> debbugs.gnu.org
Subject: Re: bug#20156: Emacs 24 stack corruption in
 fontset.c:fontset_pattern_regexp
Date: Sun, 22 Mar 2015 10:23:27 +0100

Good call.  Fixed in trunk and emacs-24 branch.

	Jan D.

> 21 mar 2015 kl. 13:06 skrev John F Carr <jfc <at> mit.edu>:
> 
> Emacs crashes on Mac Yosemite (native window system) when I use set-frame-font with certain font patterns.  The cause is writing past the end of an alloca buffer in fontset.c:fontset_pattern_regexp.  This triggers a stack check assertion.  Alloca is used to allocate space for a regexp, but the size neglects to consider the ^$ around the regexp.  “+1” should be “+3”.
> 
> To reproduce:
> 
> (set-frame-font "-adobe-courier-medium-r-normal--24-*-75-75-m-150-iso8859-1”)
> 
> without X installed.
> 
> Bug in 24.3 and "GNU Emacs 24.4.2 (x86_64-apple-darwin14.1.0, NS apple-appkit-1344.72)”.
> 
> 
> 
> <fontset.diff>
This bug report was last modified 10 years and 120 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.