From unknown Mon Jun 23 23:49:20 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#20548 <20548@debbugs.gnu.org>
To: bug#20548 <20548@debbugs.gnu.org>
Subject: Status: Crash when Nformat was called with a loooooong format
 string specified
Reply-To: bug#20548 <20548@debbugs.gnu.org>
Date: Tue, 24 Jun 2025 06:49:20 +0000

retitle 20548 Crash when Nformat was called with a loooooong format string =
specified
reassign 20548 emacs
submitter 20548 Michelle Gilliland <xu_michelle@live.com>
severity 20548 normal

thanks


From debbugs-submit-bounces@debbugs.gnu.org Mon May 11 11:45:00 2015
Received: (at submit) by debbugs.gnu.org; 11 May 2015 15:45:01 +0000
Received: from localhost ([127.0.0.1]:41155 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1Yrpt3-0002f0-8c
	for submit@debbugs.gnu.org; Mon, 11 May 2015 11:45:00 -0400
Received: from eggs.gnu.org ([208.118.235.92]:50001)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <xu_michelle@live.com>) id 1Yrp1V-0001KH-4u
 for submit@debbugs.gnu.org; Mon, 11 May 2015 10:49:40 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <xu_michelle@live.com>) id 1Yrp1K-0006NP-5e
 for submit@debbugs.gnu.org; Mon, 11 May 2015 10:49:31 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: ***
X-Spam-Status: No, score=3.3 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
 HTML_MESSAGE,RECEIVED_FROM_WINDOWS_HOST autolearn=disabled version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:48259)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <xu_michelle@live.com>) id 1Yrp1K-0006NL-1c
 for submit@debbugs.gnu.org; Mon, 11 May 2015 10:49:26 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:35247)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <xu_michelle@live.com>) id 1Yrp1D-0003tq-Sf
 for bug-gnu-emacs@gnu.org; Mon, 11 May 2015 10:49:25 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <xu_michelle@live.com>) id 1Yrp19-0006Mq-G2
 for bug-gnu-emacs@gnu.org; Mon, 11 May 2015 10:49:19 -0400
Received: from blu004-omc1s7.hotmail.com ([65.55.116.18]:55762)
 by eggs.gnu.org with esmtp (Exim 4.71)
 (envelope-from <xu_michelle@live.com>) id 1Yrp19-0006Mm-9M
 for bug-gnu-emacs@gnu.org; Mon, 11 May 2015 10:49:15 -0400
Received: from BLU436-SMTP21 ([65.55.116.9]) by BLU004-OMC1S7.hotmail.com over
 TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751); 
 Mon, 11 May 2015 07:49:14 -0700
X-TMN: [B4mBcg8IP283ENRg5tHkhPZ5MqwDiT+O]
X-Originating-Email: [xu_michelle@live.com]
Message-ID: <BLU436-SMTP211EDAEA502813C7D50D57FEDB0@phx.gbl>
From: Michelle Gilliland <xu_michelle@live.com>
Content-Type: multipart/alternative;
 boundary="Apple-Mail=_0705315E-8DAD-4A32-AA5B-76F48F3D81E9"
Subject: Crash when Nformat was called with a loooooong format string specified
Date: Mon, 11 May 2015 22:48:07 +0800
To: bug-gnu-emacs@gnu.org
MIME-Version: 1.0 (Mac OS X Mail 8.2 \(2098\))
X-Mailer: Apple Mail (2.2098)
X-OriginalArrivalTime: 11 May 2015 14:49:13.0653 (UTC)
 FILETIME=[A5AE5E50:01D08BF9]
X-detected-operating-system: by eggs.gnu.org: Windows 7 or 8 [fuzzy]
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
 (bad octet value).
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -4.0 (----)
X-Debbugs-Envelope-To: submit
X-Mailman-Approved-At: Mon, 11 May 2015 11:44:54 -0400
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -4.0 (----)

--Apple-Mail=_0705315E-8DAD-4A32-AA5B-76F48F3D81E9
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"

Emacs terminates abnormally with SIGSEGV when format function was called =
with a loooooong format string specified. Here is the backtrace:

~/documents $ gdb ../bin/emacs24/bin/emacs core.emacs.21473.1431355113
GNU gdb Red Hat Linux (6.3.0.0-1.96rh)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you =
are
welcome to change it and/or distribute copies of it under certain =
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for =
details.
This GDB was configured as "x86_64-redhat-linux-gnu"...Using host =
libthread_db library "/lib64/tls/libthread_db.so.1".

Reading symbols from shared object read from target memory...done.
Loaded system supplied DSO at 0x7fffb19f6000
Core was generated by `../bin/emacs24/bin/emacs =
emacs-24.5/src/keyboard.c'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/X11R6/lib64/libSM.so.6...done.
Loaded symbols for /usr/X11R6/lib64/libSM.so.6
Reading symbols from /usr/X11R6/lib64/libICE.so.6...done.
Loaded symbols for /usr/X11R6/lib64/libICE.so.6
Reading symbols from /usr/X11R6/lib64/libX11.so.6...done.
Loaded symbols for /usr/X11R6/lib64/libX11.so.6
Reading symbols from /usr/X11R6/lib64/libXrender.so.1...done.
Loaded symbols for /usr/X11R6/lib64/libXrender.so.1
Reading symbols from /usr/X11R6/lib64/libXft.so.2...done.
Loaded symbols for /usr/X11R6/lib64/libXft.so.2
Reading symbols from /usr/lib64/libfreetype.so.6...done.
Loaded symbols for /usr/lib64/libfreetype.so.6
Reading symbols from /usr/lib64/libfontconfig.so.1...done.
Loaded symbols for /usr/lib64/libfontconfig.so.1
Reading symbols from /lib64/libacl.so.1...done.
Loaded symbols for /lib64/libacl.so.1
Reading symbols from /lib64/tls/librt.so.1...done.
Loaded symbols for /lib64/tls/librt.so.1
Reading symbols from /usr/X11R6/lib64/libXinerama.so.1...done.
Loaded symbols for /usr/X11R6/lib64/libXinerama.so.1
Reading symbols from /usr/lib64/libgpm.so.1...done.
Loaded symbols for /usr/lib64/libgpm.so.1
Reading symbols from /usr/lib64/libncurses.so.5...done.
Loaded symbols for /usr/lib64/libncurses.so.5
Reading symbols from /lib64/libselinux.so.1...done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /usr/lib64/libz.so.1...done.
Loaded symbols for /usr/lib64/libz.so.1
Reading symbols from /lib64/tls/libpthread.so.0...done.
Loaded symbols for /lib64/tls/libpthread.so.0
Reading symbols from /lib64/tls/libm.so.6...done.
Loaded symbols for /lib64/tls/libm.so.6
Reading symbols from /lib64/tls/libc.so.6...done.
Loaded symbols for /lib64/tls/libc.so.6
Reading symbols from /lib64/libdl.so.2...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /usr/X11R6/lib64/libXext.so.6...done.
Loaded symbols for /usr/X11R6/lib64/libXext.so.6
Reading symbols from /usr/lib64/libexpat.so.0...done.
Loaded symbols for /usr/lib64/libexpat.so.0
Reading symbols from /lib64/libattr.so.1...done.
Loaded symbols for /lib64/libattr.so.1
Reading symbols from /lib64/ld-linux-x86-64.so.2...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /lib64/libnss_files.so.2...done.
Loaded symbols for /lib64/libnss_files.so.2
Reading symbols from /lib64/libgcc_s.so.1...done.
Loaded symbols for /lib64/libgcc_s.so.1
#0  0x0000003f0b90c2be in raise () from /lib64/tls/libpthread.so.0
(gdb) bt
#0  0x0000003f0b90c2be in raise () from /lib64/tls/libpthread.so.0
#1  0x00000000004cbe2d in terminate_due_to_signal (sig=3D11, =
backtrace_limit=3D40) at emacs.c:376
#2  0x00000000004e6efe in handle_fatal_signal (sig=3DVariable "sig" is =
not available.) at sysdep.c:1630
#3  0x00000000004e67d0 in deliver_thread_signal (sig=3D11, =
handler=3D0x4e6ef0 <handle_fatal_signal>) at sysdep.c:1604
#4  <signal handler called>
#5  0x000000000053a036 in Fformat (nargs=3D1, args=3D0x7fffb19238a0) at =
editfns.c:4291
#6  0x00000000005411d8 in Ffuncall (nargs=3DVariable "nargs" is not =
available.) at lisp.h:913
#7  0x00000000005416a3 in Fapply (nargs=3D2, args=3D0x7fffb1923898) at =
eval.c:2297
#8  0x00000000005411d8 in Ffuncall (nargs=3DVariable "nargs" is not =
available.) at lisp.h:913
#9  0x00000000005747d8 in exec_byte_code (bytestr=3DVariable "bytestr" =
is not available.) at bytecode.c:916
#10 0x0000000000540f43 in Ffuncall (nargs=3DVariable "nargs" is not =
available.) at eval.c:2872
#11 0x00000000005747d8 in exec_byte_code (bytestr=3DVariable "bytestr" =
is not available.) at bytecode.c:916
#12 0x0000000000540aca in funcall_lambda (fun=3D20971805, nargs=3D1, =
arg_vector=3D0x7fffb1923b38) at lisp.h:1355
#13 0x0000000000540f43 in Ffuncall (nargs=3DVariable "nargs" is not =
available.) at eval.c:2872
#14 0x000000000054039f in eval_sub (form=3DVariable "form" is not =
available.) at lisp.h:913
#15 0x0000000000541bee in internal_lisp_condition_case (var=3D18706882, =
bodyform=3D17745174, handlers=3DVariable "handlers" is not available.) =
at eval.c:1317
#16 0x000000000057524d in exec_byte_code (bytestr=3DVariable "bytestr" =
is not available.) at bytecode.c:1162
#17 0x0000000000540aca in funcall_lambda (fun=3D20840245, nargs=3D2, =
arg_vector=3D0x7fffb1923e50) at lisp.h:1355
#18 0x0000000000540f43 in Ffuncall (nargs=3DVariable "nargs" is not =
available.) at eval.c:2872
#19 0x00000000005747d8 in exec_byte_code (bytestr=3DVariable "bytestr" =
is not available.) at bytecode.c:916
#20 0x0000000000540275 in eval_sub (form=3DVariable "form" is not =
available.) at lisp.h:913
#21 0x0000000000541bee in internal_lisp_condition_case (var=3D18706882, =
bodyform=3D17831366, handlers=3DVariable "handlers" is not available.) =
at eval.c:1317
#22 0x000000000057524d in exec_byte_code (bytestr=3DVariable "bytestr" =
is not available.) at bytecode.c:1162
#23 0x0000000000540aca in funcall_lambda (fun=3D20972317, nargs=3D3, =
arg_vector=3D0x7fffb1924220) at lisp.h:1355
#24 0x0000000000540f43 in Ffuncall (nargs=3DVariable "nargs" is not =
available.) at eval.c:2872
#25 0x00000000005747d8 in exec_byte_code (bytestr=3DVariable "bytestr" =
is not available.) at bytecode.c:916
#26 0x0000000000540275 in eval_sub (form=3DVariable "form" is not =
available.) at lisp.h:913
#27 0x0000000000541bee in internal_lisp_condition_case (var=3D18706882, =
bodyform=3D17770422, handlers=3DVariable "handlers" is not available.) =
at eval.c:1317
#28 0x000000000057524d in exec_byte_code (bytestr=3DVariable "bytestr" =
is not available.) at bytecode.c:1162
#29 0x0000000000540aca in funcall_lambda (fun=3D20844701, nargs=3D0, =
arg_vector=3D0x7fffb19246d8) at lisp.h:1355
#30 0x0000000000540f43 in Ffuncall (nargs=3DVariable "nargs" is not =
available.) at eval.c:2872
#31 0x00000000005416a3 in Fapply (nargs=3D2, args=3D0x7fffb19246d0) at =
eval.c:2297
#32 0x00000000005411d8 in Ffuncall (nargs=3DVariable "nargs" is not =
available.) at lisp.h:913
#33 0x00000000005747d8 in exec_byte_code (bytestr=3DVariable "bytestr" =
is not available.) at bytecode.c:916
#34 0x0000000000540275 in eval_sub (form=3DVariable "form" is not =
available.) at lisp.h:913
#35 0x0000000000541bee in internal_lisp_condition_case (var=3D18706882, =
bodyform=3D8745270, handlers=3DVariable "handlers" is not available.) at =
eval.c:1317
#36 0x000000000057524d in exec_byte_code (bytestr=3DVariable "bytestr" =
is not available.) at bytecode.c:1162
#37 0x0000000000540aca in funcall_lambda (fun=3D8744957, nargs=3D1, =
arg_vector=3D0x7fffb1924a98) at lisp.h:1355
#38 0x0000000000540f43 in Ffuncall (nargs=3DVariable "nargs" is not =
available.) at eval.c:2872
#39 0x00000000005413a3 in call1 (fn=3DVariable "fn" is not available.) =
at eval.c:2610
#40 0x00000000004cf794 in timer_check () at keyboard.c:4515
#41 0x00000000004cf8e9 in readable_events (flags=3D1) at keyboard.c:3448
#42 0x00000000004d5a87 in get_input_pending (flags=3D1) at lisp.h:2354
#43 0x00000000004d5c25 in swallow_events (do_display=3Dtrue) at =
keyboard.c:4317
#44 0x000000000057c0d5 in wait_reading_process_output (time_limit=3D82, =
nsecs=3D0, read_kbd=3D-1, do_display=3Dtrue, wait_for_cell=3D14691250, =
wait_proc=3D0x0, just_wait_proc=3D0) at process.c:4704
#45 0x00000000004148a8 in sit_for (timeout=3D328, reading=3Dtrue, =
display_option=3DVariable "display_option" is not available.) at =
dispnew.c:5867
#46 0x00000000004d7e76 in read_char (commandflag=3D1, map=3D25957990, =
prev_event=3D14691250, used_mouse_menu=3D0x7fffb192b76f, end_time=3D0x0) =
at lisp.h:700
#47 0x00000000004d981e in read_key_sequence (keybuf=3D0x7fffb192b900, =
bufsize=3D30, prompt=3D14691250, dont_downcase_last=3Dfalse, =
can_return_switch_frame=3Dtrue, fix_current_buffer=3Dtrue, =
prevent_redisplay=3Dfalse) at lisp.h:2354
#48 0x00000000004db44a in command_loop_1 () at keyboard.c:1453
#49 0x000000000053db57 in internal_condition_case (bfun=3D0x4db250 =
<command_loop_1>, handlers=3D14742754, hfun=3D0x4ce070 <cmd_error>) at =
eval.c:1348
#50 0x00000000004ce45a in command_loop_2 (ignore=3DVariable "ignore" is =
not available.) at keyboard.c:1178
#51 0x000000000053da60 in internal_catch (tag=3D14738690, func=3D0x4ce440 =
<command_loop_2>, arg=3D14691250) at eval.c:1112
#52 0x00000000004ce2df in recursive_edit_1 () at keyboard.c:1157
#53 0x00000000004ce426 in Frecursive_edit () at keyboard.c:849
#54 0x00000000004cce22 in main (argc=3D2, argv=3D0x7fffb192bc48) at =
emacs.c:1642
(gdb) =20


The root cause of this problem is freeing `char *discarded` in the =
middle of using it (editfns.c, line 4394). `discarded` and `info` were =
allocated with the SAFE_ALLOCA call on (editfns.c, line 3806), when =
format string is longer than 16K, malloc would be called and `discarded` =
would be allocated on the heap, thus the SAFE_FREE call on line 4394 =
will do the actual heap free and make the memory pointed by `discarded` =
inaccessible. A possible fix might look like this:

diff -u /home/kontinuation/documents/editfns.c =
/home/kontinuation/documents/new_editfns.c
--- /home/kontinuation/documents/editfns.c	2015-05-11 =
22:28:27.992501954 +0800
+++ /home/kontinuation/documents/new_editfns.c	2015-05-11 =
22:28:54.679014773 +0800
@@ -4390,8 +4390,6 @@
     nchars =3D multibyte_chars_in_text ((unsigned char *) buf, p - =
buf);
   val =3D make_specified_string (buf, nchars, p - buf, multibyte);
=20
-  /* If we allocated BUF with malloc, free it too.  */
-  SAFE_FREE ();
=20
   /* If the format string has text properties, or any of the string
      arguments has text properties, set up text properties of the
@@ -4498,6 +4496,9 @@
       UNGCPRO;
     }
=20
+  /* If we allocated BUF with malloc, free it too.  */
+  SAFE_FREE ();
+
   return val;
 }


--Apple-Mail=_0705315E-8DAD-4A32-AA5B-76F48F3D81E9
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="us-ascii"

<html><head><meta http-equiv=3D"Content-Type" content=3D"text/html =
charset=3Dus-ascii"><meta http-equiv=3D"Content-Type" content=3D"text/html=
 charset=3Dus-ascii"><meta http-equiv=3D"Content-Type" =
content=3D"text/html charset=3Dus-ascii"><meta http-equiv=3D"Content-Type"=
 content=3D"text/html charset=3Dus-ascii"></head><body style=3D"word-wrap:=
 break-word; -webkit-nbsp-mode: space; -webkit-line-break: =
after-white-space;" class=3D"">Emacs terminates abnormally with SIGSEGV =
when <font face=3D"Courier New" class=3D"">format</font> function was =
called with a loooooong format string specified. Here is the =
backtrace:<div class=3D""><br class=3D""><div class=3D""><div =
class=3D""><span style=3D"font-family: 'Courier New';" =
class=3D"">~/documents $ gdb ../bin/emacs24/bin/emacs =
core.emacs.21473.1431355113</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">GNU gdb Red Hat Linux =
(6.3.0.0-1.96rh)</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">Copyright 2004 Free Software Foundation, =
Inc.</font></div><div class=3D""><font face=3D"Courier New" class=3D"">GDB=
 is free software, covered by the GNU General Public License, and you =
are</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">welcome to change it and/or distribute copies of it under =
certain conditions.</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">Type "show copying" to see the =
conditions.</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">There is absolutely no warranty for GDB. &nbsp;Type "show =
warranty" for details.</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">This GDB was configured as =
"x86_64-redhat-linux-gnu"...Using host libthread_db library =
"/lib64/tls/libthread_db.so.1".</font></div><div class=3D""><font =
face=3D"Courier New" class=3D""><br class=3D""></font></div><div =
class=3D""><font face=3D"Courier New" class=3D"">Reading symbols from =
shared object read from target memory...done.</font></div><div =
class=3D""><font face=3D"Courier New" class=3D"">Loaded system supplied =
DSO at 0x7fffb19f6000</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">Core was generated by `../bin/emacs24/bin/emacs =
emacs-24.5/src/keyboard.c'.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Program terminated with signal 11, =
Segmentation fault.</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">Reading symbols from =
/usr/X11R6/lib64/libSM.so.6...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/usr/X11R6/lib64/libSM.so.6</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Reading symbols from =
/usr/X11R6/lib64/libICE.so.6...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/usr/X11R6/lib64/libICE.so.6</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Reading symbols from =
/usr/X11R6/lib64/libX11.so.6...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/usr/X11R6/lib64/libX11.so.6</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Reading symbols from =
/usr/X11R6/lib64/libXrender.so.1...done.</font></div><div class=3D""><font=
 face=3D"Courier New" class=3D"">Loaded symbols for =
/usr/X11R6/lib64/libXrender.so.1</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Reading symbols from =
/usr/X11R6/lib64/libXft.so.2...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/usr/X11R6/lib64/libXft.so.2</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Reading symbols from =
/usr/lib64/libfreetype.so.6...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/usr/lib64/libfreetype.so.6</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Reading symbols from =
/usr/lib64/libfontconfig.so.1...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/usr/lib64/libfontconfig.so.1</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Reading symbols from =
/lib64/libacl.so.1...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/lib64/libacl.so.1</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">Reading symbols from =
/lib64/tls/librt.so.1...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/lib64/tls/librt.so.1</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">Reading symbols from =
/usr/X11R6/lib64/libXinerama.so.1...done.</font></div><div =
class=3D""><font face=3D"Courier New" class=3D"">Loaded symbols for =
/usr/X11R6/lib64/libXinerama.so.1</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Reading symbols from =
/usr/lib64/libgpm.so.1...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/usr/lib64/libgpm.so.1</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">Reading symbols from =
/usr/lib64/libncurses.so.5...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/usr/lib64/libncurses.so.5</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Reading symbols from =
/lib64/libselinux.so.1...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/lib64/libselinux.so.1</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">Reading symbols from =
/usr/lib64/libz.so.1...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/usr/lib64/libz.so.1</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">Reading symbols from =
/lib64/tls/libpthread.so.0...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/lib64/tls/libpthread.so.0</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Reading symbols from =
/lib64/tls/libm.so.6...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/lib64/tls/libm.so.6</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">Reading symbols from =
/lib64/tls/libc.so.6...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/lib64/tls/libc.so.6</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">Reading symbols from =
/lib64/libdl.so.2...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/lib64/libdl.so.2</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">Reading symbols from =
/usr/X11R6/lib64/libXext.so.6...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/usr/X11R6/lib64/libXext.so.6</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Reading symbols from =
/usr/lib64/libexpat.so.0...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/usr/lib64/libexpat.so.0</font></div><div class=3D""><font face=3D"Courier=
 New" class=3D"">Reading symbols from =
/lib64/libattr.so.1...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/lib64/libattr.so.1</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">Reading symbols from =
/lib64/ld-linux-x86-64.so.2...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/lib64/ld-linux-x86-64.so.2</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Reading symbols from =
/lib64/libnss_files.so.2...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/lib64/libnss_files.so.2</font></div><div class=3D""><font face=3D"Courier=
 New" class=3D"">Reading symbols from =
/lib64/libgcc_s.so.1...done.</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">Loaded symbols for =
/lib64/libgcc_s.so.1</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">#0 &nbsp;0x0000003f0b90c2be in raise () from =
/lib64/tls/libpthread.so.0</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">(gdb) bt</font></div><div class=3D""><font=
 face=3D"Courier New" class=3D"">#0 &nbsp;0x0000003f0b90c2be in raise () =
from /lib64/tls/libpthread.so.0</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#1 &nbsp;0x00000000004cbe2d in =
terminate_due_to_signal (sig=3D11, backtrace_limit=3D40) at =
emacs.c:376</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#2 &nbsp;0x00000000004e6efe in handle_fatal_signal =
(sig=3DVariable "sig" is not available.</font><span style=3D"font-family: =
'Courier New';" class=3D"">) at sysdep.c:1630</span></div><div =
class=3D""><font face=3D"Courier New" class=3D"">#3 =
&nbsp;0x00000000004e67d0 in deliver_thread_signal (sig=3D11, =
handler=3D0x4e6ef0 &lt;handle_fatal_signal&gt;) at =
sysdep.c:1604</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#4 &nbsp;&lt;signal handler called&gt;</font></div><div =
class=3D""><font face=3D"Courier New" class=3D"">#5 =
&nbsp;0x000000000053a036 in Fformat (nargs=3D1, args=3D0x7fffb19238a0) =
at editfns.c:4291</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#6 &nbsp;0x00000000005411d8 in Ffuncall (nargs=3DVariable =
"nargs" is not available.</font><span style=3D"font-family: 'Courier =
New';" class=3D"">) at lisp.h:913</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#7 &nbsp;0x00000000005416a3 in Fapply =
(nargs=3D2, args=3D0x7fffb1923898) at eval.c:2297</font></div><div =
class=3D""><font face=3D"Courier New" class=3D"">#8 =
&nbsp;0x00000000005411d8 in Ffuncall (nargs=3DVariable "nargs" is not =
available.</font><span style=3D"font-family: 'Courier New';" class=3D"">) =
at lisp.h:913</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#9 &nbsp;0x00000000005747d8 in exec_byte_code =
(bytestr=3DVariable "bytestr" is not available.</font><span =
style=3D"font-family: 'Courier New';" class=3D"">) at =
bytecode.c:916</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#10 0x0000000000540f43 in Ffuncall (nargs=3DVariable "nargs" =
is not available.</font><span style=3D"font-family: 'Courier New';" =
class=3D"">) at eval.c:2872</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#11 0x00000000005747d8 in exec_byte_code =
(bytestr=3DVariable "bytestr" is not available.</font><span =
style=3D"font-family: 'Courier New';" class=3D"">) at =
bytecode.c:916</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#12 0x0000000000540aca in funcall_lambda (fun=3D20971805, =
nargs=3D1, arg_vector=3D0x7fffb1923b38) at lisp.h:1355</font></div><div =
class=3D""><font face=3D"Courier New" class=3D"">#13 0x0000000000540f43 =
in Ffuncall (nargs=3DVariable "nargs" is not available.</font><span =
style=3D"font-family: 'Courier New';" class=3D"">) at =
eval.c:2872</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#14 0x000000000054039f in eval_sub (form=3DVariable "form" is =
not available.</font><span style=3D"font-family: 'Courier New';" =
class=3D"">) at lisp.h:913</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#15 0x0000000000541bee in =
internal_lisp_condition_case (var=3D18706882, bodyform=3D17745174, =
handlers=3DVariable "handlers" is not available.</font><span =
style=3D"font-family: 'Courier New';" class=3D"">) at =
eval.c:1317</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#16 0x000000000057524d in exec_byte_code (bytestr=3DVariable =
"bytestr" is not available.</font><span style=3D"font-family: 'Courier =
New';" class=3D"">) at bytecode.c:1162</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#17 0x0000000000540aca in funcall_lambda =
(fun=3D20840245, nargs=3D2, arg_vector=3D0x7fffb1923e50) at =
lisp.h:1355</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#18 0x0000000000540f43 in Ffuncall (nargs=3DVariable "nargs" =
is not available.</font><span style=3D"font-family: 'Courier New';" =
class=3D"">) at eval.c:2872</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#19 0x00000000005747d8 in exec_byte_code =
(bytestr=3DVariable "bytestr" is not available.</font><span =
style=3D"font-family: 'Courier New';" class=3D"">) at =
bytecode.c:916</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#20 0x0000000000540275 in eval_sub (form=3DVariable "form" is =
not available.</font><span style=3D"font-family: 'Courier New';" =
class=3D"">) at lisp.h:913</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#21 0x0000000000541bee in =
internal_lisp_condition_case (var=3D18706882, bodyform=3D17831366, =
handlers=3DVariable "handlers" is not available.</font><span =
style=3D"font-family: 'Courier New';" class=3D"">) at =
eval.c:1317</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#22 0x000000000057524d in exec_byte_code (bytestr=3DVariable =
"bytestr" is not available.</font><span style=3D"font-family: 'Courier =
New';" class=3D"">) at bytecode.c:1162</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#23 0x0000000000540aca in funcall_lambda =
(fun=3D20972317, nargs=3D3, arg_vector=3D0x7fffb1924220) at =
lisp.h:1355</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#24 0x0000000000540f43 in Ffuncall (nargs=3DVariable "nargs" =
is not available.</font><span style=3D"font-family: 'Courier New';" =
class=3D"">) at eval.c:2872</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#25 0x00000000005747d8 in exec_byte_code =
(bytestr=3DVariable "bytestr" is not available.</font><span =
style=3D"font-family: 'Courier New';" class=3D"">) at =
bytecode.c:916</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#26 0x0000000000540275 in eval_sub (form=3DVariable "form" is =
not available.</font><span style=3D"font-family: 'Courier New';" =
class=3D"">) at lisp.h:913</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#27 0x0000000000541bee in =
internal_lisp_condition_case (var=3D18706882, bodyform=3D17770422, =
handlers=3DVariable "handlers" is not available.</font><span =
style=3D"font-family: 'Courier New';" class=3D"">) at =
eval.c:1317</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#28 0x000000000057524d in exec_byte_code (bytestr=3DVariable =
"bytestr" is not available.</font><span style=3D"font-family: 'Courier =
New';" class=3D"">) at bytecode.c:1162</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#29 0x0000000000540aca in funcall_lambda =
(fun=3D20844701, nargs=3D0, arg_vector=3D0x7fffb19246d8) at =
lisp.h:1355</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#30 0x0000000000540f43 in Ffuncall (nargs=3DVariable "nargs" =
is not available.</font><span style=3D"font-family: 'Courier New';" =
class=3D"">) at eval.c:2872</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#31 0x00000000005416a3 in Fapply =
(nargs=3D2, args=3D0x7fffb19246d0) at eval.c:2297</font></div><div =
class=3D""><font face=3D"Courier New" class=3D"">#32 0x00000000005411d8 =
in Ffuncall (nargs=3DVariable "nargs" is not available.</font><span =
style=3D"font-family: 'Courier New';" class=3D"">) at =
lisp.h:913</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#33 0x00000000005747d8 in exec_byte_code (bytestr=3DVariable =
"bytestr" is not available.</font><span style=3D"font-family: 'Courier =
New';" class=3D"">) at bytecode.c:916</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#34 0x0000000000540275 in eval_sub =
(form=3DVariable "form" is not available.</font><span =
style=3D"font-family: 'Courier New';" class=3D"">) at =
lisp.h:913</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#35 0x0000000000541bee in internal_lisp_condition_case =
(var=3D18706882, bodyform=3D8745270, handlers=3DVariable "handlers" is =
not available.</font><span style=3D"font-family: 'Courier New';" =
class=3D"">) at eval.c:1317</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#36 0x000000000057524d in exec_byte_code =
(bytestr=3DVariable "bytestr" is not available.</font><span =
style=3D"font-family: 'Courier New';" class=3D"">) at =
bytecode.c:1162</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#37 0x0000000000540aca in funcall_lambda (fun=3D8744957, =
nargs=3D1, arg_vector=3D0x7fffb1924a98) at lisp.h:1355</font></div><div =
class=3D""><font face=3D"Courier New" class=3D"">#38 0x0000000000540f43 =
in Ffuncall (nargs=3DVariable "nargs" is not available.</font><span =
style=3D"font-family: 'Courier New';" class=3D"">) at =
eval.c:2872</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#39 0x00000000005413a3 in call1 (fn=3DVariable "fn" is not =
available.</font><span style=3D"font-family: 'Courier New';" class=3D"">) =
at eval.c:2610</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#40 0x00000000004cf794 in timer_check () at =
keyboard.c:4515</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#41 0x00000000004cf8e9 in readable_events (flags=3D1) at =
keyboard.c:3448</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#42 0x00000000004d5a87 in get_input_pending (flags=3D1) at =
lisp.h:2354</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#43 0x00000000004d5c25 in swallow_events (do_display=3Dtrue) =
at keyboard.c:4317</font></div><div class=3D""><font face=3D"Courier =
New" class=3D"">#44 0x000000000057c0d5 in wait_reading_process_output =
(time_limit=3D82, nsecs=3D0, read_kbd=3D-1, do_display=3Dtrue, =
wait_for_cell=3D14691250, wait_proc=3D0x0, just_wait_proc=3D0) at =
process.c:4704</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#45 0x00000000004148a8 in sit_for (timeout=3D328, =
reading=3Dtrue, display_option=3DVariable "display_option" is not =
available.</font><span style=3D"font-family: 'Courier New';" class=3D"">) =
at dispnew.c:5867</span></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#46 0x00000000004d7e76 in read_char (commandflag=3D1, =
map=3D25957990, prev_event=3D14691250, used_mouse_menu=3D0x7fffb192b76f, =
end_time=3D0x0) at lisp.h:700</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#47 0x00000000004d981e in =
read_key_sequence (keybuf=3D0x7fffb192b900, bufsize=3D30, =
prompt=3D14691250, dont_downcase_last=3Dfalse, =
can_return_switch_frame=3Dtrue, fix_current_buffer=3Dtrue, =
prevent_redisplay=3Dfalse) at lisp.h:2354</font></div><div =
class=3D""><font face=3D"Courier New" class=3D"">#48 0x00000000004db44a =
in command_loop_1 () at keyboard.c:1453</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#49 0x000000000053db57 in =
internal_condition_case (bfun=3D0x4db250 &lt;command_loop_1&gt;, =
handlers=3D14742754, hfun=3D0x4ce070 &lt;cmd_error&gt;) at =
eval.c:1348</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#50 0x00000000004ce45a in command_loop_2 (ignore=3DVariable =
"ignore" is not available.</font><span style=3D"font-family: 'Courier =
New';" class=3D"">) at keyboard.c:1178</span></div><div class=3D""><font =
face=3D"Courier New" class=3D"">#51 0x000000000053da60 in internal_catch =
(tag=3D14738690, func=3D0x4ce440 &lt;command_loop_2&gt;, arg=3D14691250) =
at eval.c:1112</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#52 0x00000000004ce2df in recursive_edit_1 () at =
keyboard.c:1157</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#53 0x00000000004ce426 in Frecursive_edit () at =
keyboard.c:849</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">#54 0x00000000004cce22 in main (argc=3D2, =
argv=3D0x7fffb192bc48) at emacs.c:1642</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">(gdb) &nbsp;</font></div></div><div =
class=3D""><br class=3D""></div><div class=3D""><br class=3D""></div><div =
class=3D"">The root cause of this problem is freeing `char *discarded` =
in the middle of using it (editfns.c, line 4394). `discarded` and `info` =
were allocated with the SAFE_ALLOCA call on (editfns.c, line 3806), when =
format string is longer than 16K, malloc would be called and `discarded` =
would be allocated on the heap, thus the SAFE_FREE call on line 4394 =
will do the actual heap free and make the memory pointed by `discarded` =
inaccessible. A possible fix might look like this:</div><div =
class=3D""><br class=3D""></div><div class=3D""><div class=3D""><font =
face=3D"Courier New" class=3D"">diff -u =
/home/kontinuation/documents/editfns.c =
/home/kontinuation/documents/new_editfns.c</font></div><div =
class=3D""><font face=3D"Courier New" class=3D"">--- =
/home/kontinuation/documents/editfns.c<span class=3D"Apple-tab-span" =
style=3D"white-space:pre">	</span>2015-05-11 22:28:27.992501954 =
+0800</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">+++ /home/kontinuation/documents/new_editfns.c<span =
class=3D"Apple-tab-span" style=3D"white-space:pre">	=
</span>2015-05-11 22:28:54.679014773 +0800</font></div><div =
class=3D""><font face=3D"Courier New" class=3D"">@@ -4390,8 +4390,6 =
@@</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">&nbsp; &nbsp; &nbsp;nchars =3D multibyte_chars_in_text =
((unsigned char *) buf, p - buf);</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">&nbsp; &nbsp;val =3D =
make_specified_string (buf, nchars, p - buf, =
multibyte);</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">&nbsp;</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">- &nbsp;/* If we allocated BUF with malloc, free it too. =
&nbsp;*/</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">- &nbsp;SAFE_FREE ();</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">&nbsp;</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">&nbsp; &nbsp;/* If the format string has =
text properties, or any of the string</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">&nbsp; &nbsp; &nbsp; arguments has text =
properties, set up text properties of the</font></div><div =
class=3D""><font face=3D"Courier New" class=3D"">@@ -4498,6 +4496,9 =
@@</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">&nbsp; &nbsp; &nbsp; &nbsp;UNGCPRO;</font></div><div =
class=3D""><font face=3D"Courier New" class=3D"">&nbsp; &nbsp; =
&nbsp;}</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">&nbsp;</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">+ &nbsp;/* If we allocated BUF with malloc, free it too. =
&nbsp;*/</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">+ &nbsp;SAFE_FREE ();</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">+</font></div><div class=3D""><font =
face=3D"Courier New" class=3D"">&nbsp; &nbsp;return =
val;</font></div><div class=3D""><font face=3D"Courier New" =
class=3D"">&nbsp;}</font></div></div><div class=3D""><br =
class=3D""></div></div></body></html>=

--Apple-Mail=_0705315E-8DAD-4A32-AA5B-76F48F3D81E9--




From debbugs-submit-bounces@debbugs.gnu.org Wed May 13 02:49:59 2015
Received: (at 20548-done) by debbugs.gnu.org; 13 May 2015 06:49:59 +0000
Received: from localhost ([127.0.0.1]:42935 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1YsQUQ-0007EX-U2
	for submit@debbugs.gnu.org; Wed, 13 May 2015 02:49:59 -0400
Received: from smtp.cs.ucla.edu ([131.179.128.62]:37862)
 by debbugs.gnu.org with esmtp (Exim 4.80)
 (envelope-from <eggert@cs.ucla.edu>) id 1YsQUP-0007EK-LR
 for 20548-done@debbugs.gnu.org; Wed, 13 May 2015 02:49:58 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
 by smtp.cs.ucla.edu (Postfix) with ESMTP id 72AF1A6000C;
 Tue, 12 May 2015 23:49:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at smtp.cs.ucla.edu
Received: from smtp.cs.ucla.edu ([127.0.0.1])
 by localhost (smtp.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id WfXUWc0D4voI; Tue, 12 May 2015 23:49:50 -0700 (PDT)
Received: from [192.168.1.9] (pool-100-32-155-148.lsanca.fios.verizon.net
 [100.32.155.148])
 by smtp.cs.ucla.edu (Postfix) with ESMTPSA id 15AFCA60005;
 Tue, 12 May 2015 23:49:50 -0700 (PDT)
Message-ID: <5552F40D.3000802@cs.ucla.edu>
Date: Tue, 12 May 2015 23:49:49 -0700
From: Paul Eggert <eggert@cs.ucla.edu>
Organization: UCLA Computer Science Department
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: Michelle Gilliland <xu_michelle@live.com>
Subject: Re: Crash when Nformat was called with a loooooong format string
 specified
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 20548-done
Cc: 20548-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

Thanks for the bug report and diagnosis.  I installed that fix (with a slightly 
different comment) in the Emacs master as commit 
a314016775858612d0c79e24f71b1698d6784ad6.




From unknown Mon Jun 23 23:49:20 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Wed, 10 Jun 2015 11:24:05 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator