GNU bug report logs -
#49066
26.3; Segmentation fault on specific utf8 string
Previous Next
Reported by: "Miguel V. S. Frasson" <mvsfrasson <at> gmail.com>
Date: Wed, 16 Jun 2021 21:08:02 UTC
Severity: normal
Tags: patch
Found in version 26.3
Fixed in version 28.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
>>>>> On Sun, 27 Jun 2021 22:15:50 +0300, Eli Zaretskii <eliz <at> gnu.org> said:
>> Cc: rpluim <at> gmail.com, larsi <at> gnus.org, 49066 <at> debbugs.gnu.org,
>> mvsfrasson <at> gmail.com
>> From: Paul Eggert <eggert <at> cs.ucla.edu>
>> Date: Sun, 27 Jun 2021 11:02:26 -0700
>>
>> On 6/26/21 11:20 PM, Eli Zaretskii wrote:
>> > Since we are moving away of m17n-flt, I don't think we should optimize
>> > memory management when m17n-flt is used, especially if that causes
>> > problems. So if the patch fixes the crash, I think we should install
>> > it.
>>
>> Sure, and I can volunteer to do that. Would you like me to do it in
>> master now, or wait for confirmation and install it on the emacs-27
>> branch? or perhaps some other course of action?
Eli> I'd like to see the confirmation, and then install this on master.
Eli> Thanks.
With the patch it still crashes for me in emacs-master with harfbuzz disabled:
Thread 1 "emacs" received signal SIGSEGV, Segmentation fault.
0x000055555576d4e7 in AREF (array=XIL(0), idx=1) at lisp.h:1838
1838 return XVECTOR (array)->contents[idx];
(gdb) bt
#0 0x000055555576d4e7 in AREF (array=XIL(0), idx=1) at lisp.h:1838
#1 0x0000555555774be0 in ftfont_shape_by_flt
(lgstring=XIL(0x7ffff1e5301d), font=0x55555604f410, ft_face=0x5555566a2400, otf=0x555556696b60, matrix=0x55555604f508) at ftfont.c:2852
#2 0x0000555555775002 in ftfont_shape (lgstring=XIL(0x7ffff1e5301d), direction=XIL(0)) at ftfont.c:2890
#3 0x000055555577629e in ftcrfont_shape (lgstring=XIL(0x7ffff1e5301d), direction=XIL(0)) at ftcrfont.c:477
#4 0x000055555571344c in Ffont_shape_gstring (gstring=XIL(0x7ffff1e5301d), direction=XIL(0)) at font.c:4499
#5 0x00005555557019fb in Ffuncall (nargs=3, args=args <at> entry=0x7fffffffd670) at eval.c:3039
#6 0x000055555573cdf8 in exec_byte_code
(bytestr=<optimized out>, vector=<optimized out>, maxdepth=<optimized out>, args_template=<optimized out>, nargs=<optimized out>, args=<optimized out>) at bytecode.c:632
#7 0x0000555555701937 in Ffuncall (nargs=nargs <at> entry=7, args=args <at> entry=0x7fffffffd990) at eval.c:3055
#8 0x0000555555700cf9 in internal_condition_case_n (bfun=
0x555555701760 <Ffuncall>, nargs=nargs <at> entry=7, args=args <at> entry=0x7fffffffd990, handlers=handlers <at> entry=XIL(0x30), hfun=hfun <at> entry=
0x5555555ca5e0 <safe_eval_handler>) at eval.c:1642
#9 0x00005555555b8603 in safe__call
(inhibit_quit=inhibit_quit <at> entry=false, nargs=nargs <at> entry=7, func=<optimized out>, ap=ap <at> entry=0x7fffffffda28) at lisp.h:1002
#10 0x00005555555c79b5 in safe_call (nargs=nargs <at> entry=7, func=<optimized out>) at xdisp.c:3009
#11 0x00005555557609c5 in autocmp_chars
(rule=XIL(0x7ffff1e501bd), charpos=charpos <at> entry=146, bytepos=<optimized out>, limit=<optimized out>,
limit <at> entry=148, win=win <at> entry=0x555556030100, face=face <at> entry=0x0, string=XIL(0), direction=XIL(0)) at lisp.h:731
#12 0x000055555576426d in find_automatic_composition (pos=pos <at> entry=146, limit=146,
limit <at> entry=-1, backlim=backlim <at> entry=-1, start=start <at> entry=0x7fffffffdc68, end=end <at> entry=0x7fffffffdc70, gstring=gstring <at> entry=0x7fffffffdc78, string=XIL(0)) at composite.c:1661
#13 0x0000555555764f39 in composition_adjust_point (last_pt=last_pt <at> entry=146, new_pt=new_pt <at> entry=146) at lisp.h:1002
#14 0x00005555556960ff in command_loop_1 () at keyboard.c:1569
#15 0x00005555557009d7 in internal_condition_case
(bfun=bfun <at> entry=0x555555695020 <command_loop_1>, handlers=handlers <at> entry=XIL(0x90), hfun=hfun <at> entry=0x55555568bac0 <cmd_error>)
at eval.c:1478
#16 0x0000555555686064 in command_loop_2 (ignore=ignore <at> entry=XIL(0)) at lisp.h:1002
#17 0x0000555555702ed3 in internal_catch (tag=tag <at> entry=XIL(0xe520), func=func <at> entry=0x555555686040 <command_loop_2>, arg=arg <at> entry=XIL(0))
at eval.c:1198
#18 0x000055555568600b in command_loop () at lisp.h:1002
#19 0x000055555568b6d6 in recursive_edit_1 () at keyboard.c:720
#20 0x000055555568ba02 in Frecursive_edit () at keyboard.c:789
#21 0x00005555555a177f in main (argc=2, argv=<optimized out>) at emacs.c:2308
Lisp Backtrace:
"font-shape-gstring" (0xffffd678)
"auto-compose-chars" (0xffffd998)
(gdb) up
#1 0x0000555555774be0 in ftfont_shape_by_flt (lgstring=XIL(0x7ffff1e5301d), font=0x55555604f410, ft_face=0x5555566a2400,
otf=0x555556696b60, matrix=0x55555604f508) at ftfont.c:2852
2852 g->g.to = LGLYPH_TO (LGSTRING_GLYPH (lgstring, g->g.to));
(gdb) up
#2 0x0000555555775002 in ftfont_shape (lgstring=XIL(0x7ffff1e5301d), direction=XIL(0)) at ftfont.c:2890
2890 return ftfont_shape_by_flt (lgstring, font, ftfont_info->ft_size->face, otf,
(gdb) pp lgstring
[[#<font-object "-GOOG-Noto Sans Bengali-normal-normal-normal-*-19-*-*-*-*-0-iso10646-1"> 2453 8204] nil [0 0 2453 20 16 -1 16 12 0 nil] [1 1 8204 658 0 -1 1 15 4 nil] nil nil nil nil nil nil]
(gdb) down
#1 0x0000555555774be0 in ftfont_shape_by_flt (lgstring=XIL(0x7ffff1e5301d), font=0x55555604f410, ft_face=0x5555566a2400,
otf=0x555556696b60, matrix=0x55555604f508) at ftfont.c:2852
2852 g->g.to = LGLYPH_TO (LGSTRING_GLYPH (lgstring, g->g.to));
(gdb) p *g
$1 = {
g = {
c = 2453,
code = 0,
from = 0,
to = 2,
xadv = 704,
yadv = 0,
ascent = 896,
descent = 0,
lbearing = 64,
rbearing = 640,
xoff = 0,
yoff = 0,
encoded = 1,
measured = 1,
adjusted = 0,
internal = 1073741823
},
libotf_positioning_type = 8204
}
Robert
--
This bug report was last modified 3 years and 305 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.