GNU bug report logs - #70385
Crash in note_fringe_highlight

Previous Next

Full log

View this message in rfc822 format

From: Po Lu <luangruo <at> yahoo.com>
To: Eli Zaretskii <eliz <at> gnu.org>
Cc: bjorn.bidar <at> thaodan.de, juri <at> linkov.net, 70385 <at> debbugs.gnu.org, vekazanov <at> gmail.com
Subject: bug#70385: Crash in note_fringe_highlight
Date: Mon, 15 Apr 2024 21:58:15 +0800

Eli Zaretskii <eliz <at> gnu.org> writes:

> I think this should be
>
>   if ((window_outdated (w)
>        || !w->window_end_valid
>        || !MATRIX_ROW_DISPLAYS_TEXT_P (MATRIX_ROW (w->current_matrix,
> 						   vpos)))

Yes, sorry.

> I'm not sure it will help, because it seems the segfault happens in
> the MATRIX_ROW_DISPLAYS_TEXT_P macro.  So I think we are somehow
> dealing with w->current_matrix whose 'nrows' is too small.  The
> mouse-highlight code detects that case in x_y_to_hpos_vpos.

Right.  What about this?

diff --git a/src/xdisp.c b/src/xdisp.c
index d984c12d1aa..dcecc2b09d4 100644
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -35772,6 +35772,7 @@ note_fringe_highlight (struct frame *f, Lisp_Object window, int x, int y,
   /* Don't access the TEXT_AREA of a row that does not display text, or
      when the window is outdated.  (bug#70385) */
   if (window_outdated (w)
+      || (vpos >= w->current_matrix->nrows)
       || !MATRIX_ROW_DISPLAYS_TEXT_P (MATRIX_ROW (w->current_matrix,
 						  vpos)))
     return;

It's the same test x_y_to_hpos_vpos applies to decide whether to punt
and return NULL.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.