GNU bug report logs - #53254
28.0.60; Crash in composition_adjust_point while typing

Previous Next

Package: emacs;

Reported by: Po Lu <luangruo <at> yahoo.com>

Date: Fri, 14 Jan 2022 13:31:01 UTC

Severity: normal

Found in version 28.0.60

Done: Po Lu <luangruo <at> yahoo.com>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 53254 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Po Lu <luangruo <at> yahoo.com>
Cc: 53254 <at> debbugs.gnu.org
Subject: Re: bug#53254: 28.0.60; Crash in composition_adjust_point while typing
Date: Fri, 14 Jan 2022 15:58:19 +0200

> Date: Fri, 14 Jan 2022 21:30:06 +0800
> From:  Po Lu via "Bug reports for GNU Emacs,
>  the Swiss army knife of text editors" <bug-gnu-emacs <at> gnu.org>
> 
> Typing a document, I got a crash with the following backtrace:
> 
> #0  0x00007f356943585c in __pthread_kill_implementation () at /lib64/libc.so.6
> #1  0x00007f35693e86b6 in raise () at /lib64/libc.so.6
> #2  0x000000000041db0a in terminate_due_to_signal (sig=sig <at> entry=11, backtrace_limit=backtrace_limit <at> entry=40) at emacs.c:437
> #3  0x000000000041df7d in handle_fatal_signal (sig=sig <at> entry=11) at sysdep.c:1762
> #4  0x000000000051a718 in deliver_thread_signal (sig=sig <at> entry=11, handler=0x41df72 <handle_fatal_signal>) at sysdep.c:1754
> #5  0x000000000051a789 in deliver_fatal_thread_signal (sig=11) at sysdep.c:1774
> #6  handle_sigsegv (sig=11, siginfo=<optimized out>, arg=<optimized out>) at sysdep.c:1867
> #7  0x00007f35693e8760 in <signal handler called> () at /lib64/libc.so.6
> #8  face_at_buffer_position (w=w <at> entry=0x3038d1b0, pos=pos <at> entry=31829, endptr=endptr <at> entry=0x7fff02e94768, limit=<optimized out>, mouse=<optimized out>, base_face_id=base_face_id <at> entry=-1, attr_filter=<optimized out>) at xfaces.c:6441
> #9  0x0000000000594f66 in font_range (pos=pos <at> entry=31829, pos_byte=pos_byte <at> entry=32669, limit=limit <at> entry=0x7fff02e94808, w=w <at> entry=0x3038d1b0, face=face <at> entry=0x0, string=string <at> entry=0x0, ch=62) at font.c:3928
> #10 0x00000000005e4423 in autocmp_chars (rule=0x4ee2945, charpos=charpos <at> entry=31829, bytepos=32669, limit=31832, limit <at> entry=31840, win=win <at> entry=0x3038d1b0, face=face <at> entry=0x0, string=0x0, direction=0x0, ch=62) at composite.c:924
> #11 0x00000000005e7dd2 in find_automatic_composition (pos=pos <at> entry=31839, limit=31839, limit <at> entry=-1, backlim=backlim <at> entry=-1, start=start <at> entry=0x7fff02e94938, end=end <at> entry=0x7fff02e94940, gstring=gstring <at> entry=0x7fff02e94948, string=0x0) at composite.c:1682
> #12 0x00000000005e8afd in composition_adjust_point (last_pt=last_pt <at> entry=31839, new_pt=new_pt <at> entry=31839) at composite.c:1769
> #13 0x0000000000512c93 in command_loop_1 () at keyboard.c:1608
> #14 0x000000000057c867 in internal_condition_case (bfun=bfun <at> entry=0x511c00 <command_loop_1>, handlers=handlers <at> entry=0x90, hfun=hfun <at> entry=0x508730 <cmd_error>) at eval.c:1453
> #15 0x0000000000502aca in command_loop_2 (handlers=handlers <at> entry=0x90) at keyboard.c:1133
> #16 0x000000000057c7c1 in internal_catch (tag=tag <at> entry=0xe7f0, func=func <at> entry=0x502ab0 <command_loop_2>, arg=arg <at> entry=0x90) at eval.c:1184
> #17 0x0000000000502a6f in command_loop () at keyboard.c:1111
> #18 0x000000000050832c in recursive_edit_1 () at keyboard.c:720
> #19 0x0000000000508673 in Frecursive_edit () at keyboard.c:803
> #20 0x0000000000425a73 in main (argc=1, argv=<optimized out>) at emacs.c:2310
> 
> Does anyone know why this is?  I hope this hasn't been fixed in the
> pretests (if so, sorry for the report), but I couldn't find anything
> relevant.  Thanks in advance.

Looks very similar to bug#51864, but that one was fixed a day before
your binary was built.  So I'm not sure what's going on.  However, it
sounds like it's exactly that bug, because after the fix
default_face cannot be a NULL pointer, according to my reading of the
code:

    default_face = FACE_FROM_ID_OR_NULL (f, face_id);
    if (!default_face)  <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
      default_face = FACE_FROM_ID (f,
				   lookup_basic_face (w, f, DEFAULT_FACE_ID));
  }

  /* Optimize common cases where we can use the default face.  */
  if (noverlays == 0
      && NILP (prop))
    {
      SAFE_FREE ();
      return default_face->id;
    }

  /* Begin with attributes from the default face.  */
  memcpy (attrs, default_face->lface, sizeof(attrs));

It seems to crash in the call to memcpy.

Or maybe the backtrace is inaccurate, this being an optimized build.
This bug report was last modified 3 years and 187 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.