GNU bug report logs - #70385
Crash in note_fringe_highlight

Previous Next

Full log

Message #76 received at 70385 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Po Lu <luangruo <at> yahoo.com>
Cc: bjorn.bidar <at> thaodan.de, juri <at> linkov.net, 70385 <at> debbugs.gnu.org,
 vekazanov <at> gmail.com
Subject: Re: bug#70385: Crash in note_fringe_highlight
Date: Mon, 15 Apr 2024 17:39:03 +0300

> From: Po Lu <luangruo <at> yahoo.com>
> Cc: bjorn.bidar <at> thaodan.de,  vekazanov <at> gmail.com,  70385 <at> debbugs.gnu.org,
>   juri <at> linkov.net
> Date: Mon, 15 Apr 2024 21:58:15 +0800
> 
> Eli Zaretskii <eliz <at> gnu.org> writes:
> 
> > I think this should be
> >
> >   if ((window_outdated (w)
> >        || !w->window_end_valid
> >        || !MATRIX_ROW_DISPLAYS_TEXT_P (MATRIX_ROW (w->current_matrix,
> > 						   vpos)))
> 
> Yes, sorry.
> 
> > I'm not sure it will help, because it seems the segfault happens in
> > the MATRIX_ROW_DISPLAYS_TEXT_P macro.  So I think we are somehow
> > dealing with w->current_matrix whose 'nrows' is too small.  The
> > mouse-highlight code detects that case in x_y_to_hpos_vpos.
> 
> Right.  What about this?
> 
> diff --git a/src/xdisp.c b/src/xdisp.c
> index d984c12d1aa..dcecc2b09d4 100644
> --- a/src/xdisp.c
> +++ b/src/xdisp.c
> @@ -35772,6 +35772,7 @@ note_fringe_highlight (struct frame *f, Lisp_Object window, int x, int y,
>    /* Don't access the TEXT_AREA of a row that does not display text, or
>       when the window is outdated.  (bug#70385) */
>    if (window_outdated (w)
> +      || (vpos >= w->current_matrix->nrows)
>        || !MATRIX_ROW_DISPLAYS_TEXT_P (MATRIX_ROW (w->current_matrix,
>  						  vpos)))
>      return;
> 
> It's the same test x_y_to_hpos_vpos applies to decide whether to punt
> and return NULL.

Yes, LGTM.  Let's see if it prevents the crashes.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.