Package: emacs;
Reported by: Sven Joachim <svenjoac <at> gmx.de>
Date: Sat, 20 Feb 2010 17:09:03 UTC
Severity: normal
Done: Chong Yidong <cyd <at> stupidchicken.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 5609 in the body.
You can then email your comments to 5609 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
owner <at> debbugs.gnu.org, svenjoac <at> gmx.de, bug-gnu-emacs <at> gnu.org:bug#5609; Package emacs.
(Sat, 20 Feb 2010 17:09:03 GMT) Full text and rfc822 format available.Sven Joachim <svenjoac <at> gmx.de>:svenjoac <at> gmx.de, bug-gnu-emacs <at> gnu.org.
(Sat, 20 Feb 2010 17:09:03 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Sven Joachim <svenjoac <at> gmx.de> To: bug-gnu-emacs <at> gnu.org Subject: 23.1.92; segfault in composition_compute_stop_pos Date: Sat, 20 Feb 2010 18:08:21 +0100
During the last weeks I experienced several segfaults, mostly in Dired,
but unfortunately I did not run Emacs under GDB. This time I did.
I visited a file named "Makefile" and started an I-search for
"distcheck" when Emacs segfaulted. This is not reproducible.
(gdb) xbacktrace
(gdb) bt full
#0 0x081e30b4 in composition_compute_stop_pos (cmp_it=0xffffb040, charpos=16, bytepos=26,
endpos=17, string=<value optimized out>) at composite.c:1072
elt = <value optimized out>
start = 0
end = -22168
c = 14719988
prop = 0
val = <value optimized out>
#1 0x08079548 in reseat_to_string (it=<value optimized out>, s=0x0, string=<value optimized out>,
charpos=0, precision=-8, field_width=17, multibyte=1) at xdisp.c:5613
No locals.
#2 0x08080031 in display_string (string=0x83ec9f2 "", lisp_string=154714081,
face_string=<value optimized out>, face_string_pos=1, start=0, it=0xffffac88, field_width=17,
precision=-8, max_x=0, multibyte=1) at xdisp.c:18866
hpos_at_start = 8
saved_face_id = 1
row = 0x8f77368
#3 0x08086434 in display_mode_element (it=<value optimized out>, depth=<value optimized out>,
field_width=<value optimized out>, precision=-8, elt=156429401, props=138332658, risky=0)
at xdisp.c:17614
nwritten = <value optimized out>
multibyte = 1
charpos = <value optimized out>
spec = 0x6 <Address 0x6 out of bounds>
string = 138332658
c = <value optimized out>
offset = 4
n = 0
field = 17
prec = <value optimized out>
literal = <value optimized out>
#4 0x08087271 in display_mode_element (it=<value optimized out>, depth=<value optimized out>,
field_width=<value optimized out>, precision=-8, elt=<value optimized out>, props=138332658,
risky=0) at xdisp.c:17786
halftail = 154085734
len = 1
car = <value optimized out>
tem = <value optimized out>
n = 0
field = <value optimized out>
prec = <value optimized out>
literal = <value optimized out>
#5 0x08087271 in display_mode_element (it=<value optimized out>, depth=<value optimized out>,
field_width=<value optimized out>, precision=0, elt=<value optimized out>, props=138332658,
risky=0) at xdisp.c:17786
halftail = 138568870
len = 8
car = <value optimized out>
tem = <value optimized out>
n = 8
field = <value optimized out>
prec = <value optimized out>
literal = <value optimized out>
#6 0x080878ad in display_mode_line (w=<value optimized out>, face_id=MODE_LINE_FACE_ID,
format=<value optimized out>) at xdisp.c:17297
it = {
window = 155275757,
w = 0x94151e8,
f = 0x8743160,
method = GET_FROM_STRING,
stop_charpos = 0,
end_charpos = 17,
s = 0x0,
string_nchars = 4,
region_beg_charpos = -1,
region_end_charpos = -1,
redisplay_end_trigger_charpos = 0,
multibyte_p = 1,
header_line_p = 0,
string_from_display_prop_p = 0,
ellipsis_p = 0,
avoid_cursor_p = 0,
dp = 0x8eb1488,
dpvec = 0x0,
dpend = 0x0,
dpvec_char_len = 0,
dpvec_face_id = 0,
saved_face_id = 1,
ctl_chars = {0 <repeats 16 times>},
start = {
pos = {
charpos = 0,
bytepos = 0
},
overlay_string_index = 0,
string_pos = {
charpos = 0,
bytepos = 0
},
dpvec_index = 0
},
current = {
pos = {
charpos = 0,
bytepos = 0
},
overlay_string_index = -1,
string_pos = {
charpos = 0,
bytepos = 0
},
dpvec_index = -1
},
n_overlay_strings = 0,
overlay_strings = {0 <repeats 16 times>},
string_overlays = {0 <repeats 16 times>},
string = 154714081,
from_overlay = 0,
stack = {{
string = 0,
string_nchars = 0,
end_charpos = 0,
stop_charpos = 0,
cmp_it = {
stop_pos = 0,
id = 0,
ch = 0,
lookback = 0,
nglyphs = 0,
nchars = 0,
nbytes = 0,
from = 0,
to = 0,
width = 0
},
face_id = 0,
u = {
image = {
object = 0,
slice = {
x = 0,
y = 0,
width = 0,
height = 0
},
image_id = 0
},
comp = {
object = 0
},
stretch = {
object = 0
}
},
position = {
charpos = 0,
bytepos = 0
},
current = {
pos = {
charpos = 0,
bytepos = 0
},
overlay_string_index = 0,
string_pos = {
charpos = 0,
bytepos = 0
},
dpvec_index = 0
},
from_overlay = 0,
area = LEFT_MARGIN_AREA,
method = GET_FROM_BUFFER,
multibyte_p = 0,
string_from_display_prop_p = 0,
display_ellipsis_p = 0,
avoid_cursor_p = 0,
line_wrap = TRUNCATE,
voffset = 0,
space_width = 0,
font_height = 0
}, {
string = 0,
string_nchars = 0,
end_charpos = 0,
stop_charpos = 0,
cmp_it = {
stop_pos = 0,
id = 0,
ch = 0,
lookback = 0,
nglyphs = 0,
nchars = 0,
nbytes = 0,
from = 0,
to = 0,
width = 0
},
face_id = 0,
u = {
image = {
object = 0,
slice = {
x = 0,
y = 0,
width = 0,
height = 0
},
image_id = 0
},
comp = {
object = 0
},
stretch = {
object = 0
}
},
position = {
charpos = 0,
bytepos = 0
},
current = {
pos = {
charpos = 0,
bytepos = 0
},
overlay_string_index = 0,
string_pos = {
charpos = 0,
bytepos = 0
},
dpvec_index = 0
},
from_overlay = 0,
area = LEFT_MARGIN_AREA,
method = GET_FROM_BUFFER,
multibyte_p = 0,
string_from_display_prop_p = 0,
display_ellipsis_p = 0,
avoid_cursor_p = 0,
line_wrap = TRUNCATE,
voffset = 0,
space_width = 0,
font_height = 0
}, {
string = 0,
string_nchars = 0,
end_charpos = 0,
stop_charpos = 0,
cmp_it = {
stop_pos = 0,
id = 0,
ch = 0,
lookback = 0,
nglyphs = 0,
nchars = 0,
nbytes = 0,
from = 0,
to = 0,
width = 0
},
face_id = 0,
u = {
image = {
object = 0,
slice = {
x = 0,
y = 0,
width = 0,
height = 0
},
image_id = 0
},
comp = {
object = 0
},
stretch = {
object = 0
}
},
position = {
charpos = 0,
bytepos = 0
},
current = {
pos = {
charpos = 0,
bytepos = 0
},
overlay_string_index = 0,
string_pos = {
charpos = 0,
bytepos = 0
},
dpvec_index = 0
},
from_overlay = 0,
area = LEFT_MARGIN_AREA,
method = GET_FROM_BUFFER,
multibyte_p = 0,
string_from_display_prop_p = 0,
display_ellipsis_p = 0,
avoid_cursor_p = 0,
line_wrap = TRUNCATE,
voffset = 0,
space_width = 0,
font_height = 0
}, {
string = 0,
string_nchars = 0,
end_charpos = 0,
stop_charpos = 0,
cmp_it = {
stop_pos = 0,
id = 0,
ch = 0,
lookback = 0,
nglyphs = 0,
nchars = 0,
nbytes = 0,
from = 0,
to = 0,
width = 0
},
face_id = 0,
u = {
image = {
object = 0,
slice = {
x = 0,
y = 0,
width = 0,
height = 0
},
image_id = 0
},
comp = {
object = 0
},
stretch = {
object = 0
}
},
position = {
charpos = 0,
bytepos = 0
},
current = {
pos = {
charpos = 0,
bytepos = 0
},
overlay_string_index = 0,
string_pos = {
charpos = 0,
bytepos = 0
},
dpvec_index = 0
},
from_overlay = 0,
area = LEFT_MARGIN_AREA,
method = GET_FROM_BUFFER,
multibyte_p = 0,
string_from_display_prop_p = 0,
display_ellipsis_p = 0,
avoid_cursor_p = 0,
line_wrap = TRUNCATE,
voffset = 0,
space_width = 0,
font_height = 0
}},
sp = 0,
selective = -1,
what = IT_EOB,
face_id = 1,
selective_display_ellipsis_p = 1,
ctl_arrow_p = 1,
face_box_p = 1,
start_of_box_run_p = 0,
end_of_box_run_p = 0,
overlay_strings_at_end_processed_p = 0,
ignore_overlay_strings_at_pos_p = 0,
glyph_not_available_p = 0,
starts_in_middle_of_char_p = 0,
face_before_selective_p = 0,
constrain_row_ascent_descent_p = 0,
line_wrap = TRUNCATE,
base_face_id = 1,
c = 32,
len = 1,
cmp_it = {
stop_pos = 17,
id = -1,
ch = -2,
lookback = 0,
nglyphs = 0,
nchars = 0,
nbytes = 0,
from = 0,
to = 0,
width = 0
},
char_to_display = 32,
image_id = 0,
slice = {
x = 138332658,
y = 138332658,
width = 138332658,
height = 138332658
},
space_width = 138332658,
voffset = 0,
tab_width = 8,
font_height = 138332658,
object = 136532569,
position = {
charpos = 1,
bytepos = 1
},
truncation_pixel_width = 0,
continuation_pixel_width = 0,
first_visible_x = 0,
last_visible_x = 1280,
last_visible_y = 945,
extra_line_spacing = 0,
max_extra_line_spacing = 0,
override_ascent = -1,
override_descent = 0,
override_boff = 0,
glyph_row = 0x8f77368,
area = TEXT_AREA,
nglyphs = 1,
pixel_width = 10,
ascent = 12,
descent = 3,
max_ascent = 12,
max_descent = 3,
phys_ascent = 1,
phys_descent = 0,
max_phys_ascent = 11,
max_phys_descent = 0,
current_x = 81,
continuation_lines_width = 0,
current_y = 0,
first_vpos = 0,
vpos = 0,
hpos = 8,
left_user_fringe_bitmap = 0,
right_user_fringe_bitmap = 0,
left_user_fringe_face_id = 0,
right_user_fringe_face_id = 0
}
face = 0x0
#7 0x08087b32 in display_mode_lines (w=0x94151e8) at xdisp.c:17241
sel_w = 0x94151e8
old_selected_window = 155275757
old_selected_frame = 141832549
n = <value optimized out>
#8 0x0808e110 in redisplay_window (window=<value optimized out>,
just_this_one_p=<value optimized out>) at xdisp.c:13868
w = 0x94151e8
f = 0x8743160
buffer = <value optimized out>
old = 0x86f5ba0
startp = <value optimized out>
update_mode_line = 1
tem = <value optimized out>
it = {
window = 0,
w = 0x0,
f = 0x8743160,
method = GET_FROM_BUFFER,
stop_charpos = -16312,
end_charpos = 141833240,
s = 0xffffbba8 "\035\064t\b\030\064t\b`1t\b",
string_nchars = 0,
region_beg_charpos = -16312,
region_end_charpos = 134783922,
redisplay_end_trigger_charpos = -17496,
multibyte_p = 0,
header_line_p = 0,
string_from_display_prop_p = 0,
ellipsis_p = 1,
avoid_cursor_p = 1,
dp = 0x1,
dpvec = 0x1,
dpend = 0x87c8e48,
dpvec_char_len = 140138472,
dpvec_face_id = 1,
saved_face_id = 14,
ctl_chars = {15, 0, 141832549, 141716496, 142380616, 140138472, 141833245, 141833240,
141832544, 0, 1, 1, 0, 0, -1, -1},
start = {
pos = {
charpos = 0,
bytepos = 0
},
overlay_string_index = 149623944,
string_pos = {
charpos = 0,
bytepos = 0
},
dpvec_index = 0
},
current = {
pos = {
charpos = 0,
bytepos = -1
},
overlay_string_index = 0,
string_pos = {
charpos = 0,
bytepos = 0
},
dpvec_index = 0
},
n_overlay_strings = 0,
overlay_strings = {0 <repeats 11 times>, 1, 1, -1, -1, -1},
string_overlays = {-1, 1, 1, -1, -1, -1, -1, 0, 0, 0, 0, 0, 0, 0, 0, 0},
string = 0,
from_overlay = 0,
stack = {{
string = 0,
string_nchars = 0,
end_charpos = 0,
stop_charpos = 0,
cmp_it = {
stop_pos = 0,
id = 0,
ch = 0,
lookback = 0,
nglyphs = 0,
nchars = 0,
nbytes = 0,
from = 0,
to = 0,
width = 0
},
face_id = 0,
u = {
image = {
object = 0,
slice = {
x = 0,
y = 0,
width = 0,
height = 0
},
image_id = 0
},
comp = {
object = 0
},
stretch = {
object = 0
}
},
position = {
charpos = 0,
bytepos = 138332658
},
current = {
pos = {
charpos = 0,
bytepos = 0
},
overlay_string_index = 0,
string_pos = {
charpos = 0,
bytepos = 0
},
dpvec_index = 0
},
from_overlay = 0,
area = LEFT_MARGIN_AREA,
method = GET_FROM_BUFFER,
multibyte_p = 0,
string_from_display_prop_p = 0,
display_ellipsis_p = 0,
avoid_cursor_p = 0,
line_wrap = TRUNCATE,
voffset = 0,
space_width = 0,
font_height = 0
}, {
string = 0,
string_nchars = 0,
end_charpos = 0,
stop_charpos = 0,
cmp_it = {
stop_pos = 0,
id = 0,
ch = 0,
lookback = 0,
nglyphs = 0,
nchars = 0,
nbytes = 0,
from = 0,
to = 0,
width = 0
},
face_id = 0,
u = {
image = {
object = 0,
slice = {
x = 0,
y = 0,
width = 0,
height = 0
},
image_id = 0
},
comp = {
object = 0
},
stretch = {
object = 0
}
},
position = {
charpos = 0,
bytepos = 0
},
current = {
pos = {
charpos = 0,
bytepos = 0
},
overlay_string_index = 0,
string_pos = {
charpos = 0,
bytepos = 0
},
dpvec_index = 0
},
from_overlay = 0,
area = LEFT_MARGIN_AREA,
method = GET_FROM_BUFFER,
multibyte_p = 0,
string_from_display_prop_p = 0,
display_ellipsis_p = 0,
avoid_cursor_p = 0,
line_wrap = TRUNCATE,
voffset = 0,
space_width = 0,
font_height = 0
}, {
string = 0,
string_nchars = 0,
end_charpos = 0,
stop_charpos = 0,
cmp_it = {
stop_pos = 0,
id = 0,
ch = 0,
lookback = 0,
nglyphs = 0,
nchars = 0,
nbytes = 0,
from = 0,
to = 0,
width = 0
},
face_id = 0,
u = {
image = {
object = 0,
slice = {
x = 0,
y = 0,
width = 0,
height = 0
},
image_id = 0
},
comp = {
object = 0
},
stretch = {
object = 0
}
},
position = {
charpos = 0,
bytepos = 0
},
current = {
pos = {
charpos = 0,
bytepos = 0
},
overlay_string_index = 0,
string_pos = {
charpos = 0,
bytepos = 0
},
dpvec_index = 0
},
from_overlay = 0,
area = LEFT_MARGIN_AREA,
method = GET_FROM_BUFFER,
multibyte_p = 0,
string_from_display_prop_p = 0,
display_ellipsis_p = 0,
avoid_cursor_p = 0,
line_wrap = TRUNCATE,
voffset = 0,
space_width = 0,
font_height = 0
}, {
string = 0,
string_nchars = 0,
end_charpos = 0,
stop_charpos = 0,
cmp_it = {
stop_pos = 0,
id = 0,
ch = 0,
lookback = 0,
nglyphs = 0,
nchars = 0,
nbytes = 0,
from = 0,
to = 0,
width = 0
},
face_id = 0,
u = {
image = {
object = 0,
slice = {
x = 0,
y = 0,
width = 0,
height = 0
},
image_id = 0
},
comp = {
object = 0
},
stretch = {
object = 0
}
},
position = {
charpos = 0,
bytepos = 0
},
current = {
pos = {
charpos = 0,
bytepos = 0
},
overlay_string_index = 0,
string_pos = {
charpos = 0,
bytepos = 0
},
dpvec_index = 0
},
from_overlay = 0,
area = LEFT_MARGIN_AREA,
method = GET_FROM_BUFFER,
multibyte_p = 0,
string_from_display_prop_p = 0,
display_ellipsis_p = 0,
avoid_cursor_p = 0,
line_wrap = TRUNCATE,
voffset = 0,
space_width = 0,
font_height = 0
}},
sp = 0,
selective = 0,
what = IT_CHARACTER,
face_id = 0,
selective_display_ellipsis_p = 0,
ctl_arrow_p = 0,
face_box_p = 0,
start_of_box_run_p = 0,
end_of_box_run_p = 0,
overlay_strings_at_end_processed_p = 0,
ignore_overlay_strings_at_pos_p = 0,
glyph_not_available_p = 0,
starts_in_middle_of_char_p = 0,
face_before_selective_p = 0,
constrain_row_ascent_descent_p = 0,
line_wrap = TRUNCATE,
base_face_id = 0,
c = 0,
len = 0,
cmp_it = {
stop_pos = 0,
id = 0,
ch = 0,
lookback = 0,
nglyphs = 0,
nchars = 0,
nbytes = 0,
from = 0,
to = 0,
width = 0
},
char_to_display = 0,
image_id = 0,
slice = {
x = 0,
y = 0,
width = 0,
height = 0
},
space_width = 0,
voffset = 4,
tab_width = 0,
font_height = 0,
object = 35,
position = {
charpos = 2,
bytepos = 0
},
truncation_pixel_width = 0,
continuation_pixel_width = 0,
first_visible_x = 0,
last_visible_x = 1,
last_visible_y = -1,
extra_line_spacing = -2,
max_extra_line_spacing = 0,
override_ascent = 0,
override_descent = 0,
override_boff = 0,
glyph_row = 0x8410c7a,
area = 141931472,
nglyphs = 143393862,
pixel_width = -16456,
ascent = 135781496,
descent = 138480762,
max_ascent = 138477947,
max_descent = 154085310,
phys_ascent = 0,
phys_descent = 138332658,
max_phys_ascent = 524288,
max_phys_descent = 138332658,
current_x = 138480762,
continuation_lines_width = 141716496,
current_y = 80,
first_vpos = -16424,
vpos = 135781869,
hpos = 1240,
left_user_fringe_bitmap = 15,
right_user_fringe_bitmap = 0,
left_user_fringe_face_id = 0,
right_user_fringe_face_id = 185024
}
current_matrix_up_to_date_p = 0
used_current_matrix_p = 0
buffer_unchanged_p = 0
temp_scroll_step = <value optimized out>
centering_position = <value optimized out>
last_line_misfit = 141238272
beg_unchanged = 0
end_unchanged = 2568
#9 0x08090483 in redisplay_window_0 (window=155275757) at xdisp.c:12278
No locals.
#10 0x0818c487 in internal_condition_case_1 (bfun=0x8090460 <redisplay_window_0>, arg=155275757,
handlers=138320542, hfun=0x806ac70 <redisplay_window_error>) at eval.c:1538
val = 6
c = {
tag = 138332658,
val = 138332658,
next = 0xffffcf44,
gcpro = 0x0,
jmp = {{
__jmpbuf = {155275752, 141832544, 138938688, -16136, -287380560, 550922335},
__mask_was_saved = 0,
__saved_mask = {
__val = {138377114, 138371811, 1600000, 141515680, 141213181, 138332658, 0, 1,
1073741820, 154085328, 138332658, 138332682, 138480762, 1073741820, 0, 1600000,
138377114, 64, 4294951112, 135838356, 138377114, 1600000, 0, 1, 141833240,
134784400, 143408256, 138332658, 138377114, 1073741820, 138332658, 141832544}
}
}},
backlist = 0x0,
handlerlist = 0xffffd00c,
lisp_eval_depth = 0,
pdlcount = 4,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
h = {
handler = 138320542,
var = 138332658,
chosen_clause = 138320552,
tag = 0xffffc014,
next = 0xffffd00c
}
#11 0x0807ba3f in redisplay_windows (window=0) at xdisp.c:12257
w = 0x94151e8
#12 0x08092280 in redisplay_internal (preserve_echo_area=<value optimized out>) at xdisp.c:11829
f = 0x8743160
tail = <value optimized out>
frame = <value optimized out>
w = 0x94151e8
pause = 0
must_finish = 1
---Type <return> to continue, or q <return> to quit---
number_of_visible_frames = <value optimized out>
polling_stopped_here = 0
old_frame = 141832549
consider_all_windows_p = <value optimized out>
#13 0x0812aa30 in read_char (commandflag=1, nmaps=2, maps=0xffffcd30, prev_event=138332658,
used_mouse_menu=0xffffcde8, end_time=0x0) at keyboard.c:2727
c = <value optimized out>
local_getcjmp = {{
__jmpbuf = {-1, -13300, 141515680, -13320, 136158720, 154649174},
__mask_was_saved = 138360818,
__saved_mask = {
__val = {1, 4294967295, 4294953996, 4294967295, 4294954216, 135818359, 154649174,
138360818, 141515685, 143544384, 4294953764, 2, 144514080, 135781869, 1, 0,
4294953784, 4294954060, 4294953760, 4294953764, 2, 135725056, 139178826,
4294953736, 0, 4294953760, 141515685, 2812, 4294954184, 136181870, 141515680, 0}
}
}}
save_jump = {{
__jmpbuf = {2812, 1773, 0, 970, 2812, 4114930},
__mask_was_saved = -13432,
__saved_mask = {
__val = {141515685, 4294953996, 141515680, 4294953832, 136155080, 138481026, 701,
4294953896, 136156349, 160257596, 703, 1, 101, 2808, 0, 4294953896, 5, 154649168,
138332658, 4294953944, 136158539, 138360818, 154085310, 4294953944, 136181141,
160257596, 702, 1, 154649174, 154649158, 138481026, 141515685}
}
}}
key_already_recorded = 0
tem = <value optimized out>
save = <value optimized out>
previous_echo_area_message = 138332658
also_record = 138332658
reread = 0
polling_stopped_here = <value optimized out>
orig_kboard = 0x852b728
#14 0x0812cd0e in read_key_sequence (keybuf=<value optimized out>, bufsize=<value optimized out>,
prompt=<value optimized out>, dont_downcase_last=0, can_return_switch_frame=1,
fix_current_buffer=1) at keyboard.c:9512
interrupted_kboard = 0x852b728
key = <value optimized out>
used_mouse_menu = 0
echo_local_start = 0
last_real_key_start = 0
keys_local_start = 0
local_first_binding = 0
from_string = 138332658
count = 2
t = 0
echo_start = 0
keys_start = 0
nmaps = 2
nmaps_allocated = 2
defs = 0xffffcd10
submaps = 0xffffcd30
orig_local_map = 138321278
orig_keymap = 138332658
localized_local_map = 0
first_binding = 0
first_unbound = 31
mock_input = 0
fkey = {
parent = 139906014,
map = 139906014,
start = 0,
end = 0
}
keytran = {
parent = 138325734,
map = 138325734,
start = 0,
end = 0
}
indec = {
parent = 139906870,
map = 139906870,
start = 0,
end = 0
}
shift_translated = 0
delayed_switch_frame = 138332658
original_uppercase = -12776
original_uppercase_position = -1
starting_buffer = <value optimized out>
fake_prefixed_keys = 138332658
#15 0x0812f05b in command_loop_1 () at keyboard.c:1643
cmd = <value optimized out>
lose = <value optimized out>
keybuf = {452, 400, 392, -134245944, -12592, -12578, 138332658, 138332658, -12504,
135434301, 153440622, -12578, 0, 0, 0, 0, -12564, -16724416, 0, -144834560, 138332658,
139239074, 134524336, 1, -134230028, 139103760, 139103760, 139103776, -12504, 135414371}
i = <value optimized out>
prev_modiff = 322
prev_buffer = 0x91f11c8
already_adjusted = 0
#16 0x0818c581 in internal_condition_case (bfun=0x812ee80 <command_loop_1>, handlers=138370474,
hfun=0x8128f70 <cmd_error>) at eval.c:1490
val = 6
c = {
tag = 138332658,
val = 138332658,
next = 0xffffd068,
gcpro = 0x0,
jmp = {{
__jmpbuf = {139103760, 139103760, 139103776, -12248, -289371216, 550791263},
__mask_was_saved = 0,
__saved_mask = {
__val = {0, 18, 0, 0, 0, 4160679520, 134546603, 4150183196, 4160737268,
4143076812, 28, 4294954692, 4160655461, 4294954680, 4149112913, 4149029509,
140498800, 4140892148, 4160721352, 4294954640, 4150183280, 0, 276967387,
8655230, 68, 4148686304, 4150183280, 4294955312, 4294967295, 4160737268,
134524336, 4160738928}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
h = {
handler = 138370474,
var = 138332658,
chosen_clause = 138332706,
tag = 0xffffcf44,
next = 0x0
}
#17 0x08128445 in command_loop_2 () at keyboard.c:1360
val = 6
#18 0x0818c661 in internal_catch (tag=138367546, func=0x8128420 <command_loop_2>, arg=138332658)
at eval.c:1226
c = {
tag = 138367546,
val = 138332658,
next = 0x0,
gcpro = 0x0,
jmp = {{
__jmpbuf = {139103760, 139103760, 139103776, -11976, -285324368, 550670431},
__mask_was_saved = 0,
__saved_mask = {
__val = {4294955300, 4294955448, 135430290, 4149103649, 0, 0, 0, 0, 0, 0,
138358368, 138332658, 138499904, 4294955288, 135783316, 138499906, 138497787,
138332658, 138358368, 22, 140457504, 4, 0, 2144828478, 138802912, 1, 138332682,
0, 14, 4294955404, 138499906, 138332658}
}
}},
backlist = 0x0,
handlerlist = 0x0,
lisp_eval_depth = 0,
pdlcount = 2,
poll_suppress_count = 1,
interrupt_input_blocked = 0,
byte_stack = 0x0
}
#19 0x08128dbf in command_loop () at keyboard.c:1339
No locals.
#20 0x0812915a in recursive_edit_1 () at keyboard.c:954
val = <value optimized out>
#21 0x08129282 in Frecursive_edit () at keyboard.c:1016
buffer = 138332658
#22 0x0811d8d8 in main (argc=<value optimized out>, argv=<value optimized out>) at emacs.c:1833
dummy = -11092
stack_bottom_variable = 8 '\b'
do_initial_setlocale = 139103760
skip_args = 0
rlim = {
rlim_cur = 8388608,
rlim_max = 18446744073709551615
}
no_loadup = 0
junk = 0x0
dname_arg = 0x0
In GNU Emacs 23.1.92.1 (i486-pc-linux-gnu, GTK+ Version 2.18.7)
of 2010-02-20 on turtle, modified by Debian
(emacs-snapshot package, version 1:20100220-1)
Windowing system distributor `The X.Org Foundation', version 11.0.10705000
configured using `configure '--build' 'i486-linux-gnu' '--host' 'i486-linux-gnu' '--prefix=/usr' '--sharedstatedir=/var/lib' '--libexecdir=/usr/lib' '--localstatedir=/var' '--infodir=/usr/share/info' '--mandir=/usr/share/man' '--with-pop=yes' '--enable-locallisppath=/etc/emacs-snapshot:/etc/emacs:/usr/local/share/emacs/23.1.92/site-lisp:/usr/local/share/emacs/site-lisp:/usr/share/emacs/23.1.92/site-lisp:/usr/share/emacs/site-lisp' '--with-x=yes' '--with-x-toolkit=gtk' 'build_alias=i486-linux-gnu' 'host_alias=i486-linux-gnu' 'CFLAGS=-DDEBIAN -DSITELOAD_PURESIZE_EXTRA=5000 -g -O2' 'LDFLAGS=-g -Wl,--as-needed' 'CPPFLAGS=''
Important settings:
value of $LC_ALL: nil
value of $LC_COLLATE: C
value of $LC_CTYPE: nil
value of $LC_MESSAGES: nil
value of $LC_MONETARY: nil
value of $LC_NUMERIC: nil
value of $LC_TIME: nil
value of $LANG: de_DE.UTF-8
value of $XMODIFIERS: nil
locale-coding-system: utf-8-unix
default enable-multibyte-characters: t
Major mode: Group
Minor modes in effect:
gnus-undo-mode: t
display-time-mode: t
auto-image-file-mode: t
show-paren-mode: t
tooltip-mode: t
mouse-wheel-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
auto-encryption-mode: t
auto-compression-mode: t
temp-buffer-resize-mode: t
column-number-mode: t
line-number-mode: t
transient-mark-mode: t
Recent input:
<help-echo> C-x d / t m <tab> <return> <down> <down>
<down> <return> <down> <down> <down> <down> <down>
<down> <down> <down> <down> v C-s d i s t c h e c k
C-s C-s C-s <return> <return> <f7> <down> <down> <down>
<return> M-x g n u s <return> y <down> <down> <down>
<down> <down> <down> <down> <down> <down> <down> <down>
<down> <down> <down> <down> <down> <down> <down> <down>
<down> <down> <down> <down> <down> <down> <down> <down>
<down> <down> <down> <down> <down> SPC q SPC q M-x
r e p o r t - e m <tab> <return>
Recent messages:
Opening nnfolder server...done
No new newsgroups
Opening nnfolder server on archive...done
Opening nntp server on news.gnus.org...done
Opening nntp server on news.eternal-september.org...done
Retrieving newsgroup: nntp+news.eternal-september.org:de.comp.os.unix.apps.kde...
Fetching headers for nntp+news.eternal-september.org:de.comp.os.unix.apps.kde...done
Retrieving newsgroup: nntp+news.eternal-september.org:de.sci.mathematik...
Fetching headers for nntp+news.eternal-september.org:de.sci.mathematik...done
Quit [2 times]
Load-path shadows:
~/elisp/po-mode hides /usr/share/emacs-snapshot/site-lisp/gettext/po-mode
~/elisp/debian-bts-control hides /usr/share/emacs-snapshot/site-lisp/dpkg-dev-el/debian-bts-control
/usr/share/emacs/23.1.92/site-lisp/auctex/tex-fptex hides /usr/share/emacs/site-lisp/auctex/tex-fptex
/usr/share/emacs/23.1.92/site-lisp/auctex/tex hides /usr/share/emacs/site-lisp/auctex/tex
/usr/share/emacs/23.1.92/site-lisp/auctex/latex hides /usr/share/emacs/site-lisp/auctex/latex
/usr/share/emacs/23.1.92/site-lisp/auctex/tex-fold hides /usr/share/emacs/site-lisp/auctex/tex-fold
/usr/share/emacs/23.1.92/site-lisp/auctex/texmathp hides /usr/share/emacs/site-lisp/auctex/texmathp
/usr/share/emacs/23.1.92/site-lisp/auctex/tex-bar hides /usr/share/emacs/site-lisp/auctex/tex-bar
/usr/share/emacs/23.1.92/site-lisp/auctex/tex-mik hides /usr/share/emacs/site-lisp/auctex/tex-mik
/usr/share/emacs/23.1.92/site-lisp/auctex/context hides /usr/share/emacs/site-lisp/auctex/context
/usr/share/emacs/23.1.92/site-lisp/auctex/context-nl hides /usr/share/emacs/site-lisp/auctex/context-nl
/usr/share/emacs/23.1.92/site-lisp/auctex/bib-cite hides /usr/share/emacs/site-lisp/auctex/bib-cite
/usr/share/emacs/23.1.92/site-lisp/auctex/multi-prompt hides /usr/share/emacs/site-lisp/auctex/multi-prompt
/usr/share/emacs/23.1.92/site-lisp/auctex/tex-buf hides /usr/share/emacs/site-lisp/auctex/tex-buf
/usr/share/emacs/23.1.92/site-lisp/auctex/tex-jp hides /usr/share/emacs/site-lisp/auctex/tex-jp
/usr/share/emacs/23.1.92/site-lisp/auctex/context-en hides /usr/share/emacs/site-lisp/auctex/context-en
/usr/share/emacs/23.1.92/site-lisp/auctex/tex-font hides /usr/share/emacs/site-lisp/auctex/tex-font
/usr/share/emacs/23.1.92/site-lisp/auctex/toolbar-x hides /usr/share/emacs/site-lisp/auctex/toolbar-x
/usr/share/emacs/23.1.92/site-lisp/auctex/tex-style hides /usr/share/emacs/site-lisp/auctex/tex-style
/usr/share/emacs/23.1.92/site-lisp/auctex/font-latex hides /usr/share/emacs/site-lisp/auctex/font-latex
/usr/share/emacs/23.1.92/site-lisp/auctex/tex-info hides /usr/share/emacs/site-lisp/auctex/tex-info
/usr/share/emacs-snapshot/site-lisp/bbdb/bbdb-pilot-jwz hides /usr/share/emacs/site-lisp/bbdb/bbdb-pilot-jwz
~/elisp/po-mode hides /usr/share/emacs/site-lisp/gettext/po-mode
/usr/share/emacs-snapshot/site-lisp/gettext/po-compat hides /usr/share/emacs/site-lisp/gettext/po-compat
/usr/share/emacs-snapshot/site-lisp/gnuplot-mode/gnuplot hides /usr/share/emacs/site-lisp/gnuplot-mode/gnuplot
/usr/share/emacs-snapshot/site-lisp/gnuplot-mode/info-look.20.3 hides /usr/share/emacs/site-lisp/gnuplot-mode/info-look.20.3
/usr/share/emacs-snapshot/site-lisp/gnuplot-mode/gnuplot-gui hides /usr/share/emacs/site-lisp/gnuplot-mode/gnuplot-gui
/usr/share/emacs/23.1.92/site-lisp/cmake/cmake-mode hides /usr/share/emacs/23.1.92/site-lisp/cmake-data/cmake-mode
/usr/share/emacs/23.1.92/site-lisp/cmake/cmake-mode hides /usr/share/emacs/site-lisp/cmake-mode
/usr/share/emacs/23.1.92/site-lisp/debian-startup hides /usr/share/emacs/site-lisp/debian-startup
/usr/share/emacs/23.1.92/site-lisp/magit hides /usr/share/emacs/site-lisp/magit
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-util hides /usr/share/emacs/site-lisp/w3m/w3m-util
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-dtree hides /usr/share/emacs/site-lisp/w3m/w3m-dtree
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-hist hides /usr/share/emacs/site-lisp/w3m/w3m-hist
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-weather hides /usr/share/emacs/site-lisp/w3m/w3m-weather
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-rss hides /usr/share/emacs/site-lisp/w3m/w3m-rss
/usr/share/emacs-snapshot/site-lisp/w3m/mew-w3m hides /usr/share/emacs/site-lisp/w3m/mew-w3m
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-filter hides /usr/share/emacs/site-lisp/w3m/w3m-filter
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-session hides /usr/share/emacs/site-lisp/w3m/w3m-session
/usr/share/emacs-snapshot/site-lisp/w3m/w3mhack hides /usr/share/emacs/site-lisp/w3m/w3mhack
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-search hides /usr/share/emacs/site-lisp/w3m/w3m-search
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-lnum hides /usr/share/emacs/site-lisp/w3m/w3m-lnum
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-proc hides /usr/share/emacs/site-lisp/w3m/w3m-proc
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-fb hides /usr/share/emacs/site-lisp/w3m/w3m-fb
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-favicon hides /usr/share/emacs/site-lisp/w3m/w3m-favicon
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-bug hides /usr/share/emacs/site-lisp/w3m/w3m-bug
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-perldoc hides /usr/share/emacs/site-lisp/w3m/w3m-perldoc
/usr/share/emacs-snapshot/site-lisp/w3m/mime-w3m hides /usr/share/emacs/site-lisp/w3m/mime-w3m
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-bookmark hides /usr/share/emacs/site-lisp/w3m/w3m-bookmark
/usr/share/emacs-snapshot/site-lisp/w3m/octet hides /usr/share/emacs/site-lisp/w3m/octet
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-ems hides /usr/share/emacs/site-lisp/w3m/w3m-ems
/usr/share/emacs-snapshot/site-lisp/w3m/w3m hides /usr/share/emacs/site-lisp/w3m/w3m
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-ccl hides /usr/share/emacs/site-lisp/w3m/w3m-ccl
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-mail hides /usr/share/emacs/site-lisp/w3m/w3m-mail
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-cookie hides /usr/share/emacs/site-lisp/w3m/w3m-cookie
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-image hides /usr/share/emacs/site-lisp/w3m/w3m-image
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-form hides /usr/share/emacs/site-lisp/w3m/w3m-form
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-antenna hides /usr/share/emacs/site-lisp/w3m/w3m-antenna
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-symbol hides /usr/share/emacs/site-lisp/w3m/w3m-symbol
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-tabmenu hides /usr/share/emacs/site-lisp/w3m/w3m-tabmenu
/usr/share/emacs-snapshot/site-lisp/w3m/w3m-namazu hides /usr/share/emacs/site-lisp/w3m/w3m-namazu
Features:
(shadow ispell emacsbug sort gnus-cite smiley ansi-color mail-extr
gnus-async gnus-bcklg parse-time timezone gnus-ml disp-table auth-source
byte-opt bytecomp byte-compile nnfolder nndraft nnmh nnagent nnml
gnus-agent gnus-srvr gnus-score score-mode nnvirtual gnus-msg gnus-art
mm-uu mml2015 epg-config mm-view smime dig nntp gnus-cache gnus-sum nnoo
gnus-group gnus-undo nnmail mail-source format-spec gnus-start gnus-spec
gnus-int gnus-range message idna sendmail ecomplete rfc822 mml easymenu
mml-sec password-cache mm-decode mm-bodies mm-encode mailcap mail-parse
rfc2231 rfc2047 rfc2045 qp ietf-drums mailabbrev gmm-utils mailheader
canlock sha1 hex-util hashcash gnus-win gnus gnus-ems nnheader gnus-util
netrc time-date mail-utils mm-util mail-prsvr wid-edit multi-isearch
vc-git make-mode view dired-x dired-aux dired time server uniquify
advice help-fns advice-preload po generic-x regexp-opt image-file paren
add-ons bitmap bitmap-ci poem poem-e20 poem-e20_3 pces pces-e20 pces-20
broken pcustom poe pym static apel-ver product debian-el
debian-el-loaddefs w3m-load vm-autoload vm-autoloads vm-init
emacs-goodies-el emacs-goodies-custom emacs-goodies-loaddefs dpkg-dev-el
dpkg-dev-el-loaddefs bbdb-autoloads preview-latex tex-site auto-loads
tooltip ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd
font-setting tool-bar dnd fontset image fringe lisp-mode register page
menu-bar rfn-eshadow timer select scroll-bar mldrag mouse jit-lock
font-lock syntax facemenu font-core frame cham georgian utf-8-lang
misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew
greek romanian slovak czech european ethiopic indian cyrillic chinese
case-table epa-hook jka-cmpr-hook help simple abbrev loaddefs button
minibuffer faces cus-face files text-properties overlay md5 base64
format env code-pages mule custom widget hashtable-print-readable
backquote make-network-process dbusbind font-render-setting gtk
x-toolkit x multi-tty emacs)
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#5609; Package emacs.
(Sun, 21 Feb 2010 13:17:01 GMT) Full text and rfc822 format available.Message #8 received at 5609 <at> debbugs.gnu.org (full text, mbox):
From: Chong Yidong <cyd <at> stupidchicken.com> To: Kenichi Handa <handa <at> m17n.org> Cc: Sven Joachim <svenjoac <at> gmx.de>, 5609 <at> debbugs.gnu.org Subject: Re: 23.1.92; segfault in composition_compute_stop_pos Date: Sun, 21 Feb 2010 08:16:26 -0500
Hi Handa-san, It looks like your changes to composite.c last month may have led to a bug. Could you take a look? Thanks! Sven Joachim <svenjoac <at> gmx.de> wrote: > During the last weeks I experienced several segfaults, mostly in Dired, > but unfortunately I did not run Emacs under GDB. This time I did. > I visited a file named "Makefile" and started an I-search for > "distcheck" when Emacs segfaulted. This is not reproducible. > (gdb) xbacktrace > (gdb) bt full > #0 0x081e30b4 in composition_compute_stop_pos (cmp_it=0xffffb040, > charpos=16, bytepos=26, > endpos=17, string=<value optimized out>) at composite.c:1072 > elt = <value optimized out> > start = 0 > end = -22168 > c = 14719988 > prop = 0 > val = <value optimized out> > #1 0x08079548 in reseat_to_string (it=<value optimized out>, s=0x0, > string=<value optimized out>, > charpos=0, precision=-8, field_width=17, multibyte=1) at xdisp.c:5613 > No locals. > > #2 0x08080031 in display_string (string=0x83ec9f2 "", > lisp_string=154714081, face_string=<value optimized out>, > face_string_pos=1, start=0, it=0xffffac88, field_width=17, > precision=-8, max_x=0, multibyte=1) at xdisp.c:18866 > hpos_at_start = 8 > saved_face_id = 1 > row = 0x8f77368
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#5609; Package emacs.
(Mon, 22 Feb 2010 07:55:01 GMT) Full text and rfc822 format available.Message #11 received at 5609 <at> debbugs.gnu.org (full text, mbox):
From: Kenichi Handa <handa <at> m17n.org> To: Chong Yidong <cyd <at> stupidchicken.com> Cc: svenjoac <at> gmx.de, 5609 <at> debbugs.gnu.org Subject: Re: 23.1.92; segfault in composition_compute_stop_pos Date: Mon, 22 Feb 2010 16:54:14 +0900
In article <87r5oed905.fsf <at> stupidchicken.com>, Chong Yidong <cyd <at> stupidchicken.com> writes: > Hi Handa-san, > It looks like your changes to composite.c last month may have led to a > bug. Could you take a look? Thanks! Ok, I'll work on it. --- Kenichi Handa handa <at> m17n.org > Sven Joachim <svenjoac <at> gmx.de> wrote: > > During the last weeks I experienced several segfaults, mostly in Dired, > > but unfortunately I did not run Emacs under GDB. This time I did. > > I visited a file named "Makefile" and started an I-search for > > "distcheck" when Emacs segfaulted. This is not reproducible. > > (gdb) xbacktrace > > (gdb) bt full > > #0 0x081e30b4 in composition_compute_stop_pos (cmp_it=0xffffb040, > > charpos=16, bytepos=26, > > endpos=17, string=<value optimized out>) at composite.c:1072 > > elt = <value optimized out> > > start = 0 > > end = -22168 > > c = 14719988 > > prop = 0 > > val = <value optimized out> > > #1 0x08079548 in reseat_to_string (it=<value optimized out>, s=0x0, > > string=<value optimized out>, > > charpos=0, precision=-8, field_width=17, multibyte=1) at xdisp.c:5613 > > No locals. > > > > #2 0x08080031 in display_string (string=0x83ec9f2 "", > > lisp_string=154714081, face_string=<value optimized out>, > > face_string_pos=1, start=0, it=0xffffac88, field_width=17, > > precision=-8, max_x=0, multibyte=1) at xdisp.c:18866 > > hpos_at_start = 8 > > saved_face_id = 1 > > row = 0x8f77368
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#5609; Package emacs.
(Thu, 25 Feb 2010 02:34:02 GMT) Full text and rfc822 format available.Message #14 received at 5609 <at> debbugs.gnu.org (full text, mbox):
From: Kenichi Handa <handa <at> m17n.org> To: Sven Joachim <svenjoac <at> gmx.de> Cc: svenjoac <at> gmx.de, 5609 <at> debbugs.gnu.org Subject: Re: bug#5609: 23.1.92; segfault in composition_compute_stop_pos Date: Thu, 25 Feb 2010 11:33:22 +0900
In article <871vgfomwq.fsf <at> turtle.gmx.de>, Sven Joachim <svenjoac <at> gmx.de> writes: > During the last weeks I experienced several segfaults, mostly in Dired, > but unfortunately I did not run Emacs under GDB. This time I did. > I visited a file named "Makefile" and started an I-search for > "distcheck" when Emacs segfaulted. This is not reproducible. Although I can't reproduce that bug, I found a suspicious code and just fixed it. Please try the latest version. --- Kenichi Handa handa <at> m17n.org
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#5609; Package emacs.
(Thu, 25 Feb 2010 23:31:01 GMT) Full text and rfc822 format available.Message #17 received at 5609 <at> debbugs.gnu.org (full text, mbox):
From: YAMAMOTO Mitsuharu <mituharu <at> math.s.chiba-u.ac.jp> To: Kenichi Handa <handa <at> m17n.org> Cc: Sven Joachim <svenjoac <at> gmx.de>, 5609 <at> debbugs.gnu.org Subject: Re: bug#5609: 23.1.92; segfault in composition_compute_stop_pos Date: Fri, 26 Feb 2010 08:30:07 +0900
>>>>> On Thu, 25 Feb 2010 11:33:22 +0900, Kenichi Handa <handa <at> m17n.org> said:
> In article <871vgfomwq.fsf <at> turtle.gmx.de>, Sven Joachim
> <svenjoac <at> gmx.de> writes:
>> During the last weeks I experienced several segfaults, mostly in
>> Dired, but unfortunately I did not run Emacs under GDB. This time
>> I did. I visited a file named "Makefile" and started an I-search
>> for "distcheck" when Emacs segfaulted. This is not reproducible.
> Although I can't reproduce that bug, I found a suspicious code and
> just fixed it. Please try the latest version.
Actually I suspected this out-of-boundary `endpos' value in
http://lists.gnu.org/archive/html/bug-gnu-emacs/2010-01/msg00522.html
I suspect the problematic case is that `charpos + field_width' in
reseat_to_string exceeds the length of the given string. The value of
`field_width' is 12 by default when displaying buffer names.
Also, I guess the upper limit of `endpos' is `SCHARS (it->string)'
instead of `charpos + SCHARS (it->string)' at line 5614 below. Could
you confirm if it is correct?
5611 it->stop_charpos = charpos;
5612 if (s == NULL && it->multibyte_p)
5613 {
5614 EMACS_INT endpos = charpos + SCHARS (it->string);
5615 if (endpos > it->end_charpos)
5616 endpos = it->end_charpos;
5617 composition_compute_stop_pos (&it->cmp_it, charpos, -1, endpos,
5618 it->string);
5619 }
YAMAMOTO Mitsuharu
mituharu <at> math.s.chiba-u.ac.jp
owner <at> debbugs.gnu.org, bug-gnu-emacs <at> gnu.org:bug#5609; Package emacs.
(Fri, 26 Feb 2010 01:24:02 GMT) Full text and rfc822 format available.Message #20 received at 5609 <at> debbugs.gnu.org (full text, mbox):
From: Kenichi Handa <handa <at> m17n.org> To: YAMAMOTO Mitsuharu <mituharu <at> math.s.chiba-u.ac.jp> Cc: svenjoac <at> gmx.de, 5609 <at> debbugs.gnu.org Subject: Re: bug#5609: 23.1.92; segfault in composition_compute_stop_pos Date: Fri, 26 Feb 2010 10:23:04 +0900
In article <wlk4u051xc.wl%mituharu <at> math.s.chiba-u.ac.jp>, YAMAMOTO Mitsuharu <mituharu <at> math.s.chiba-u.ac.jp> writes: > Actually I suspected this out-of-boundary `endpos' value in > http://lists.gnu.org/archive/html/bug-gnu-emacs/2010-01/msg00522.html > I suspect the problematic case is that `charpos + field_width' in > reseat_to_string exceeds the length of the given string. The value of > `field_width' is 12 by default when displaying buffer names. Ya, at that time, I fixed only some other part related the same problem. > Also, I guess the upper limit of `endpos' is `SCHARS (it->string)' > instead of `charpos + SCHARS (it->string)' at line 5614 below. Could > you confirm if it is correct? Of course, you are right! I've just installed a fix. --- Kenichi Handa handa <at> m17n.org
Chong Yidong <cyd <at> stupidchicken.com>
to control <at> debbugs.gnu.org.
(Sat, 06 Mar 2010 18:10:03 GMT) Full text and rfc822 format available.Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Sun, 04 Apr 2010 11:24:03 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.