GNU bug report logs - #56095
29.0.50; nsterm.m, use after free

Previous Next

Package: emacs;

Reported by: Gerd Möllmann <gerd.moellmann <at> gmail.com>

Date: Sun, 19 Jun 2022 15:18:01 UTC

Severity: normal

Found in version 29.0.50

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #32 received at 56095 <at> debbugs.gnu.org (full text, mbox):

From: Po Lu <luangruo <at> yahoo.com>
To: Gerd Möllmann <gerd.moellmann <at> gmail.com>
Cc: 56095 <at> debbugs.gnu.org
Subject: Re: bug#56095: 29.0.50; nsterm.m, use after free
Date: Mon, 20 Jun 2022 18:21:51 +0800

Gerd Möllmann <gerd.moellmann <at> gmail.com> writes:

> I'd say no: Ns_judge_scroll_bars is called for a frame, and loops over
> EmascScroller subviews of that frame. I don't see how it is could be
> certain that all EmascScrollers reference a live Emacs window at that
> point.

I see.  Still, the window should always be reachable through the struct
scroll_bar, which is scanned by GC and ought to be alive as long as the
EmacsScroller is.

But it seems there is no struct scroll_bar at all in the NS port!  (Why
does it always have to do things differently?)  Does anyone want me to
fix that?

In the meantime, a loop through all the scroll bars in a mark_nsterm
function would suffice.

This bug report was last modified 3 years and 48 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #56095 29.0.50; nsterm.m, use after free

GNU bug report logs - #56095
29.0.50; nsterm.m, use after free