GNU bug report logs - #47094
27.1; emacs dies with XBM display

Previous Next

Full log

Message #19 received at 47094 <at> debbugs.gnu.org (full text, mbox):

From: Alan Third <alan <at> idiocy.org>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: ynyaaa <at> gmail.com, 47094 <at> debbugs.gnu.org
Subject: Re: bug#47094: 27.1; emacs dies with XBM display
Date: Sat, 13 Mar 2021 22:07:14 +0000

On Sat, Mar 13, 2021 at 09:19:17AM +0200, Eli Zaretskii wrote:
> > Date: Fri, 12 Mar 2021 22:08:10 +0000
> > From: Alan Third <alan <at> idiocy.org>
> > 
> > > > (let* ((w 256)
> > > >        (h 256)
> > > >        (s (make-string (* (/ w 8) h) #x55)))
> > > >   (insert-image (create-image s 'xbm t :width w :height h)))
> > > 
> > > I can reproduce in Emacs 27, but not on the current master branch.  So
> > > I guess this has been fixed already, and I'm closing the bug.
> > 
> > I can reproduce on the master branch. It looks like a stack overflow
> > in xbm_read_bitmap_data.
> 
> I did indeed get an infinite recursion on the emacs-27 branch, but not
> on master.
> 
> > I tried it in a debugger, but the backtrace looks truncated.
> 
> Before or after SIGSEGV?  If it's after, then it isn't surprising you
> get a truncated backtrace.
> 
> I think if you see the infinite recursion we should understand why it
> happens in the first place, and try to prevent it.

It turns out it was a buffer overflow in xbm_scan that was clobbering
the stack. I've pushed a fix to the master branch.

-- 
Alan Third

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.