GNU bug report logs - #61704
29.0.60; Crash in get_narrowed_begv

Previous Next

Package: emacs;

Reported by: Po Lu <luangruo <at> yahoo.com>

Date: Wed, 22 Feb 2023 12:23:01 UTC

Severity: normal

Found in version 29.0.60

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Gregory Heytings <gregory <at> heytings.org>
Cc: luangruo <at> yahoo.com, 61704 <at> debbugs.gnu.org
Subject: bug#61704: 29.0.60; Crash in get_narrowed_begv
Date: Wed, 22 Feb 2023 14:59:51 +0200

> Cc: 61704 <at> debbugs.gnu.org
> Date: Wed, 22 Feb 2023 12:48:02 +0000
> From: Gregory Heytings <gregory <at> heytings.org>
> 
> 
> > The cause is an arithmetic trap in get_narrowed_begv:
> >
> > return max ((pos / len - 1) * len, BEGV);
> >
> > where len is 0.  The window was previously being resized, and has a 
> > pixel width of 24.
> >
> 
> How can len possibly be 0 at that point?  It is (in short) 
> window_body_width (w, WINDOW_BODY_IN_CANONICAL_CHARS) * window_body_height 
> (w, WINDOW_BODY_IN_CANONICAL_CHARS).  We could add a condition in 
> get_narrowed_len to return 1 when the result is 0, but it could be a bug 
> somewhere else (can a window body have a zero width and/or height?), in 
> which case it would be better to fix the bug there.

I agree that we should understand how this happened (and asked a
similar question), but I installed a defensive protection anyway.  It
cannot do any harm.
This bug report was last modified 2 years and 114 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.