GNU bug report logs - #20156
Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp

Previous Next

Package: emacs;

Reported by: John F Carr <jfc <at> mit.edu>

Date: Sat, 21 Mar 2015 17:30:03 UTC

Severity: normal

Done: "Jan D." <jan.h.d <at> swipnet.se>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: John F Carr <jfc <at> mit.edu>
Subject: bug#20156: closed (Re: bug#20156: Emacs 24 stack corruption in
 fontset.c:fontset_pattern_regexp)
Date: Sun, 22 Mar 2015 09:24:03 +0000

[Message part 1 (text/plain, inline)]
Your bug report

#20156: Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp

which was filed against the emacs package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 20156 <at> debbugs.gnu.org.

-- 
20156: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=20156
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: "Jan D." <jan.h.d <at> swipnet.se>
To: John F Carr <jfc <at> mit.edu>
Cc: 20156-done <at> debbugs.gnu.org
Subject: Re: bug#20156: Emacs 24 stack corruption in
 fontset.c:fontset_pattern_regexp
Date: Sun, 22 Mar 2015 10:23:27 +0100

Good call.  Fixed in trunk and emacs-24 branch.

	Jan D.

> 21 mar 2015 kl. 13:06 skrev John F Carr <jfc <at> mit.edu>:
> 
> Emacs crashes on Mac Yosemite (native window system) when I use set-frame-font with certain font patterns.  The cause is writing past the end of an alloca buffer in fontset.c:fontset_pattern_regexp.  This triggers a stack check assertion.  Alloca is used to allocate space for a regexp, but the size neglects to consider the ^$ around the regexp.  “+1” should be “+3”.
> 
> To reproduce:
> 
> (set-frame-font "-adobe-courier-medium-r-normal--24-*-75-75-m-150-iso8859-1”)
> 
> without X installed.
> 
> Bug in 24.3 and "GNU Emacs 24.4.2 (x86_64-apple-darwin14.1.0, NS apple-appkit-1344.72)”.
> 
> 
> 
> <fontset.diff>



[Message part 3 (message/rfc822, inline)]
From: John F Carr <jfc <at> mit.edu>
To: "bug-gnu-emacs <at> gnu.org" <bug-gnu-emacs <at> gnu.org>
Subject: Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp
Date: Sat, 21 Mar 2015 12:06:16 +0000

[Message part 4 (text/plain, inline)]
Emacs crashes on Mac Yosemite (native window system) when I use set-frame-font with certain font patterns.  The cause is writing past the end of an alloca buffer in fontset.c:fontset_pattern_regexp.  This triggers a stack check assertion.  Alloca is used to allocate space for a regexp, but the size neglects to consider the ^$ around the regexp.  “+1” should be “+3”.

To reproduce:

(set-frame-font "-adobe-courier-medium-r-normal--24-*-75-75-m-150-iso8859-1”)

without X installed.

Bug in 24.3 and "GNU Emacs 24.4.2 (x86_64-apple-darwin14.1.0, NS apple-appkit-1344.72)”.




[fontset.diff (application/octet-stream, attachment)]
This bug report was last modified 10 years and 121 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.