GNU bug report logs -
#5609
23.1.92; segfault in composition_compute_stop_pos
Previous Next
Reported by: Sven Joachim <svenjoac <at> gmx.de>
Date: Sat, 20 Feb 2010 17:09:03 UTC
Severity: normal
Done: Chong Yidong <cyd <at> stupidchicken.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
>>>>> On Thu, 25 Feb 2010 11:33:22 +0900, Kenichi Handa <handa <at> m17n.org> said:
> In article <871vgfomwq.fsf <at> turtle.gmx.de>, Sven Joachim
> <svenjoac <at> gmx.de> writes:
>> During the last weeks I experienced several segfaults, mostly in
>> Dired, but unfortunately I did not run Emacs under GDB. This time
>> I did. I visited a file named "Makefile" and started an I-search
>> for "distcheck" when Emacs segfaulted. This is not reproducible.
> Although I can't reproduce that bug, I found a suspicious code and
> just fixed it. Please try the latest version.
Actually I suspected this out-of-boundary `endpos' value in
http://lists.gnu.org/archive/html/bug-gnu-emacs/2010-01/msg00522.html
I suspect the problematic case is that `charpos + field_width' in
reseat_to_string exceeds the length of the given string. The value of
`field_width' is 12 by default when displaying buffer names.
Also, I guess the upper limit of `endpos' is `SCHARS (it->string)'
instead of `charpos + SCHARS (it->string)' at line 5614 below. Could
you confirm if it is correct?
5611 it->stop_charpos = charpos;
5612 if (s == NULL && it->multibyte_p)
5613 {
5614 EMACS_INT endpos = charpos + SCHARS (it->string);
5615 if (endpos > it->end_charpos)
5616 endpos = it->end_charpos;
5617 composition_compute_stop_pos (&it->cmp_it, charpos, -1, endpos,
5618 it->string);
5619 }
YAMAMOTO Mitsuharu
mituharu <at> math.s.chiba-u.ac.jp
This bug report was last modified 15 years and 162 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.