GNU bug report logs - #61887
30.0.50; Segfault on revert-buffer-with-coding-system

Previous Next

Full log

View this message in rfc822 format

From: Stefan Monnier <monnier <at> iro.umontreal.ca>
To: Petteri Hintsanen <petterih <at> iki.fi>
Cc: 61887 <at> debbugs.gnu.org
Subject: bug#61887: 30.0.50; Segfault on revert-buffer-with-coding-system
Date: Fri, 03 Mar 2023 18:56:11 -0500

> But yes, there's something funny going on in `set_intervals_multibyte_1`.

I think I found it: when `total_length` is 0, we call `delete_interval (i)`
but that only deletes the interval represented by the node itself rather
than the whole subtree, so we may end up keeping subtrees of `i`.
Not only that's wrong since `total_length == 0` means there should be
nothing at all, but we don't even recurse on those subtrees so
they keep using the positions of the old mode.

In my case some call `delete_interval (i)` ended up replacing the node
of `total_length == 0` with an old subnode of length 2!

The patch below seems to fix it.


        Stefan


diff --git a/src/intervals.c b/src/intervals.c
index 75e37a8c90c..6f6a0c94cf5 100644
--- a/src/intervals.c
+++ b/src/intervals.c
@@ -2333,6 +2333,9 @@ set_intervals_multibyte_1 (INTERVAL i, bool multi_flag,
 
   if (TOTAL_LENGTH (i) == 0)
     {
+      /* Delete the whole subtree.  */
+      i->left = NULL;
+      i->right = NULL;
       delete_interval (i);
       return;
     }
@@ -2355,7 +2358,8 @@ set_intervals_multibyte_1 (INTERVAL i, bool multi_flag,
 	  left_end_byte = CHAR_TO_BYTE (left_end);
 	}
 
-      set_intervals_multibyte_1 (i->left, multi_flag, start, start_byte,
+      set_intervals_multibyte_1 (i->left, multi_flag,
+				 start, start_byte,
 				 left_end, left_end_byte);
     }
   if (i->right)

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.