From unknown Fri Aug 15 14:17:43 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#72255 <72255@debbugs.gnu.org> To: bug#72255 <72255@debbugs.gnu.org> Subject: Status: 30.0.60; Crash on macOS with malformed XPM image file Reply-To: bug#72255 <72255@debbugs.gnu.org> Date: Fri, 15 Aug 2025 21:17:43 +0000 retitle 72255 30.0.60; Crash on macOS with malformed XPM image file reassign 72255 emacs submitter 72255 Stefan Kangas severity 72255 normal thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 23 09:37:22 2024 Received: (at submit) by debbugs.gnu.org; 23 Jul 2024 13:37:22 +0000 Received: from localhost ([127.0.0.1]:59521 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sWFhg-0001eK-9b for submit@debbugs.gnu.org; Tue, 23 Jul 2024 09:37:22 -0400 Received: from lists.gnu.org ([209.51.188.17]:38810) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sWFhc-0001eB-OK for submit@debbugs.gnu.org; Tue, 23 Jul 2024 09:37:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sWFhX-0007wA-PC for bug-gnu-emacs@gnu.org; Tue, 23 Jul 2024 09:37:11 -0400 Received: from mail-ed1-x52f.google.com ([2a00:1450:4864:20::52f]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sWFhU-0006uo-Ql for bug-gnu-emacs@gnu.org; Tue, 23 Jul 2024 09:37:11 -0400 Received: by mail-ed1-x52f.google.com with SMTP id 4fb4d7f45d1cf-5854ac817afso3840918a12.2 for ; Tue, 23 Jul 2024 06:37:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721741827; x=1722346627; darn=gnu.org; h=to:subject:message-id:date:mime-version:from:from:to:cc:subject :date:message-id:reply-to; bh=p/LP7BIV4qG2M/bI6m8dD55FlsvgbIrcUvPi21ltg50=; b=F+z4ZFcXFRls6u8uGhBAP2Xan+yV+GpN9EO3ZNB0RlIYtRlSiipSR2U0JcjgUEEFiZ wGOzRmz3sIDMee1HKa5s/gtkIgGz19pagLCcgxPnIuqVBt6b7SZibpxHw5pFQt7bpVJK 2CuXDc0zLwLcyM3nh/DZVrCacfIdIKxdyv8Ik7wCsm5Le7ozaIRxgPptsvUFI+uyKxh4 NVzwAek936oRByC6CMdxHrYMwsBikhOVmBK+GzKb7ecsyUdcoS0frxO51yGx9p7hNSvT QaDEpyK53BovijvCjSzz71mPjcOvosTdZiP8beG12HcNTTSn1e+C+w3FSTAUaXtpxkow BBEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721741827; x=1722346627; h=to:subject:message-id:date:mime-version:from:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=p/LP7BIV4qG2M/bI6m8dD55FlsvgbIrcUvPi21ltg50=; b=t1AQYjb3Biae83aRjJ4cbzMJCQZi3bRJnwDDtpJlyd8RyFBV6DtB3JUYQm7AMounUp 8TD+mMp3UyKeF3iSAkCRiX6lbwI3LkTx9VH+hGKtmm9HB9v0S5O2LO76hb1epvssGLhf whek6frExdNrMUFm72C4G5qipGTf9Sqfyz3Uplr+9E2ICGn3FrplRyXg1E5c+raEROUh +Gx+qZ0N1gkLBhBh1C7O7utVs21Kr4pJ8JE2p+HNt9V1h2s0+Vo2S+DgoHuuiDwmk93j OGryOufy9RvXE4/ZNG78V5BaK+/mVSbkX2Y9kR8d/Q2vPQZOZYYisOj4xX4GYbjmkWbM 6t/A== X-Gm-Message-State: AOJu0Ywin3gC02UcyFOakgfY3hI8ZEDQwhwoFg88hBW1brf989Txc2fF ppvdaf98M8qhqJDbeA7EpduoaLNGkq4xO5XbwCk5XN70ddPrTSSaMmrV6Bd1aqyqP18tcP43RLd NNEUNp3hdXWXpH0yTPpBgGyxnfO6/VvKJJ8o= X-Google-Smtp-Source: AGHT+IGPBli+WQ+hNs4k8/upNz5fk9UmfIDGDX0ygMpOwVeBQ0/xJv/EjRQP5ZDCDuPoO3JK9XDBnq1j4Wsb5C3W5iQ= X-Received: by 2002:a50:955d:0:b0:5a2:b867:3bcc with SMTP id 4fb4d7f45d1cf-5a943ee0b05mr1626824a12.38.1721741826499; Tue, 23 Jul 2024 06:37:06 -0700 (PDT) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Tue, 23 Jul 2024 06:37:05 -0700 From: Stefan Kangas MIME-Version: 1.0 Date: Tue, 23 Jul 2024 06:37:05 -0700 Message-ID: Subject: 30.0.60; Crash on macOS with malformed XPM image file To: bug-gnu-emacs@gnu.org Content-Type: multipart/mixed; boundary="000000000000f6bf38061dea4151" Received-SPF: pass client-ip=2a00:1450:4864:20::52f; envelope-from=stefankangas@gmail.com; helo=mail-ed1-x52f.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --000000000000f6bf38061dea4151 Content-Type: text/plain; charset="UTF-8" Severity: normal Emacs crashes on macOS when opening a malformed XPM image file. I'm attaching an example image with the file extension ".xpm.txt" below; to reproduce, simply rename the file to ".xpm" and open it in Emacs. (This bad file is an edited version of back-arrow.xpm in emacs.git.) I've included an lldb backtrace below. Note that I reproduced this on master, but the code has not changed from emacs-30. The crash happens in nsterm.m:601:5, but I can't figure out why we're trying to access some other address than the pointer that was passed to that function. Maybe this is trivial to someone that knows Objective-C. (lldb) run -Q Process 49838 launched: '/Users/foo/wip/emacs/src/emacs' (arm64) LANG=en_SE.UTF-8 cannot be used, using en_US.UTF-8 instead. 2024-07-23 07:29:29.243905+0200 emacs[49838:24160376] flock failed to lock list file (/var/folders/28/y4qn6tl11_126568wmx_6kpr0000gn/C//com.apple.metal/32023/libraries.list): errno = 35 2024-07-23 07:29:29.244748+0200 emacs[49838:24160376] flock failed to lock list file (/var/folders/28/y4qn6tl11_126568wmx_6kpr0000gn/C//com.apple.metal/16777235_434/functions.list): errno = 35 2024-07-23 07:29:30.784008+0200 emacs[49838:24160353] [CursorUI] -[TUINSCursorUIController activate:]: EmacsView doesn't conform to NSTextInputClient protocol. 2024-07-23 07:29:46.330785+0200 emacs[49838:24160353] [CursorUI] -[TUINSCursorUIController activate:]: EmacsView doesn't conform to NSTextInputClient protocol. Process 49838 stopped * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x7dbf8e410b60) frame #0: 0x00000001912446b4 libobjc.A.dylib`objc_release + 16 libobjc.A.dylib`objc_release: -> 0x1912446b4 <+16>: ldr x17, [x2, #0x20] 0x1912446b8 <+20>: tbz w17, #0x2, 0x19124471c ; <+120> 0x1912446bc <+24>: tbz w16, #0x0, 0x191244738 ; <+148> 0x1912446c0 <+28>: lsr x17, x16, #55 Target 0: (emacs) stopped. (lldb) bt * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x7dbf8e410b60) * frame #0: 0x00000001912446b4 libobjc.A.dylib`objc_release + 16 frame #1: 0x00000001003f06f0 emacs`ns_release_object(obj=0x0000600003730b40) at nsterm.m:601:5 frame #2: 0x000000010040fa34 emacs`ns_free_pixmap(_f=0x0000000146058c28, pixmap=0x0000600003730b40) at nsterm.m:5291:3 frame #3: 0x00000001003e7344 emacs`image_clear_image_1(f=0x0000000146058c28, img=0x000060000313c540, flags=7) at image.c:2076:4 frame #4: 0x00000001003ea4a4 emacs`image_clear_image(f=0x0000000146058c28, img=0x000060000313c540) at image.c:2135:3 frame #5: 0x00000001003eeb90 emacs`xpm_load_image(f=0x0000000146058c28, img=0x000060000313c540, contents="/* XPM */\nstatic char *back_arrow_xpm[] = {\n\"50 50 50 50\",\n\" c #000000\",\n\". c #53692A\",\n\"X c #59702D\",\n\"o c #657255\",\n\"O c #6D7A5B\",\n\"+ c #6D8839\",\n\"@ c #7C9B40\",\n\"# c #748261\",\n\"$ c #7F8E6B\",\n\"% c #818F71\",\n\"& c #879772\",\n\"* c #8C9A7F\",\n\"= c #85A24D\",\n\"- c #8BA859\",\n\"; c #92AD62\",\n\": c #95A77E\",\n\"> c #98AF74\",\n\", c #9BB572\",\n\"< c #9BAA87\",\n\"1 c #9CAF84\",\n\"2 c #A4B690\",\n\"3 c #A8BCA6\",\n\"4 c #ADBDA0\",\n\"5 c #AFC394\",\n\"6 c #BAD09D\",\n\"7 c #B5C3A9\",\n\"8 c #BED2A3\",\n\"9 c #D5E1C6\",\n\"0 c #FFFFFF\",\n\"q c None\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqq qqqqqqqqqqqqq\",\n\"qqqqqqqqq qqqqqqqqqqqqq\",\n\"qqqqqqqq 9 qqqqqqqqqqqqq\",\n\"qqqqqqq 96 qqqqqqqqqq\",\n\"qqqqqq 968664% qqqqqqqqq\",\n\"qqqqq 966666663 qqqqqqqq\",\n\"qqqq <666666666* qqqqqqq\",\n\"qqqqq X@@@@@@;67 qqqqqq\",\n\"qqqqqq .@@@@@@=6$ qqqqqq\",\n\"qqqqqqq .@ X@,2 qqqqqq\",\n\"qqqqqqqq X q +-6 qqqqqq\",\n\"qqqqqqqqq qq @6 qqqqqq\",\n\"qqqqqqqqqq qqq -: qqqqqq\",\n\"qqqqqqqqqqqqqq >o qqqqqq\",\n\"qqqqqqqqqqqqqq 5 qqqqqqq\",\n\"qqqqqqqqqqqqq"..., end="") at image.c:6532:3 frame #6: 0x00000001003eb1dc emacs`xpm_load(f=0x0000000146058c28, img=0x000060000313c540) at image.c:6556:19 frame #7: 0x00000001003e311c emacs`lookup_image(f=0x0000000146058c28, spec=(i = 0x0000000148070953), face_id=0) at image.c:3532:30 frame #8: 0x00000001003e2bf4 emacs`Fimage_size(spec=(i = 0x0000000148070953), pixels=(i = 0x0000000000000030), frame=(i = 0x0000000000000000)) at image.c:1676:22 frame #9: 0x00000001002caf30 emacs`funcall_subr(subr=0x0000000100b3cae0, numargs=3, args=0x0000000148160648) at eval.c:3157:15 frame #10: 0x000000010034685c emacs`exec_byte_code(fun=(i = 0x000000010f82f815), args_template=769, nargs=2, args=0x00000001481605e0) at bytecode.c:812:14 frame #11: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i = 0x000000013701ce85), nargs=0, arg_vector=0x0000000148160420) at eval.c:3244:9 frame #12: 0x00000001002cab70 emacs`funcall_general(fun=(i = 0x000000013701ce85), numargs=0, args=0x0000000148160420) at eval.c:3036:12 frame #13: 0x000000010034687c emacs`exec_byte_code(fun=(i = 0x0000000101d3436d), args_template=257, nargs=1, args=0x0000000148160420) at bytecode.c:814:14 frame #14: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i = 0x0000000101d4da05), nargs=2, arg_vector=0x000000016fdfc420) at eval.c:3244:9 frame #15: 0x00000001002cab70 emacs`funcall_general(fun=(i = 0x0000000101d4da05), numargs=2, args=0x000000016fdfc420) at eval.c:3036:12 frame #16: 0x00000001002c2ea8 emacs`Ffuncall(nargs=3, args=0x000000016fdfc418) at eval.c:3085:21 frame #17: 0x00000001002bb038 emacs`Ffuncall_interactively(nargs=3, args=0x000000016fdfc418) at callint.c:250:32 frame #18: 0x00000001002cb0f4 emacs`funcall_subr(subr=0x0000000100b35ae0, numargs=3, args=0x000000016fdfc418) at eval.c:3176:9 frame #19: 0x00000001002cab28 emacs`funcall_general(fun=(i = 0x0000000100b35ae5), numargs=3, args=0x000000016fdfc418) at eval.c:3032:12 frame #20: 0x00000001002c2ea8 emacs`Ffuncall(nargs=4, args=0x000000016fdfc410) at eval.c:3085:21 frame #21: 0x00000001002c9f08 emacs`Fapply(nargs=3, args=0x000000016fdfd228) at eval.c:2757:24 frame #22: 0x00000001002bb460 emacs`Fcall_interactively(function=(i = 0x0000000001183a70), record_flag=(i = 0x0000000000000000), keys=(i = 0x000000010274a8c5)) at callint.c:342:36 frame #23: 0x00000001002caf30 emacs`funcall_subr(subr=0x0000000100b35aa8, numargs=3, args=0x0000000148160060) at eval.c:3157:15 frame #24: 0x000000010034685c emacs`exec_byte_code(fun=(i = 0x00000001027661a5), args_template=1025, nargs=1, args=0x000000016fdfeb38) at bytecode.c:812:14 frame #25: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i = 0x00000001027661a5), nargs=1, arg_vector=0x000000016fdfeb30) at eval.c:3244:9 frame #26: 0x00000001002cab70 emacs`funcall_general(fun=(i = 0x00000001027661a5), numargs=1, args=0x000000016fdfeb30) at eval.c:3036:12 frame #27: 0x00000001002c2ea8 emacs`Ffuncall(nargs=2, args=0x000000016fdfeb28) at eval.c:3085:21 frame #28: 0x00000001001a45ec emacs`command_loop_1 at keyboard.c:1550:13 frame #29: 0x00000001002c6b70 emacs`internal_condition_case(bfun=(emacs`command_loop_1 at keyboard.c:1324), handlers=(i = 0x0000000000000090), hfun=(emacs`cmd_error at keyboard.c:970)) at eval.c:1613:25 frame #30: 0x00000001001a3a64 emacs`command_loop_2(handlers=(i = 0x0000000000000090)) at keyboard.c:1168:11 frame #31: 0x00000001002c5c44 emacs`internal_catch(tag=(i = 0x0000000000011220), func=(emacs`command_loop_2 at keyboard.c:1164), arg=(i = 0x0000000000000090)) at eval.c:1292:25 frame #32: 0x00000001001a29fc emacs`command_loop at keyboard.c:1146:2 frame #33: 0x00000001001a27a4 emacs`recursive_edit_1 at keyboard.c:754:9 frame #34: 0x00000001001a2d88 emacs`Frecursive_edit at keyboard.c:837:3 frame #35: 0x000000010019f1c4 emacs`main(argc=2, argv=0x000000016fdff590) at emacs.c:2624:3 frame #36: 0x00000001912920e0 dyld`start + 2360 (lldb) bt full error: bt [ | all] (lldb) bt all * thread #1, queue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x7dbf8e410b60) * frame #0: 0x00000001912446b4 libobjc.A.dylib`objc_release + 16 frame #1: 0x00000001003f06f0 emacs`ns_release_object(obj=0x0000600003730b40) at nsterm.m:601:5 frame #2: 0x000000010040fa34 emacs`ns_free_pixmap(_f=0x0000000146058c28, pixmap=0x0000600003730b40) at nsterm.m:5291:3 frame #3: 0x00000001003e7344 emacs`image_clear_image_1(f=0x0000000146058c28, img=0x000060000313c540, flags=7) at image.c:2076:4 frame #4: 0x00000001003ea4a4 emacs`image_clear_image(f=0x0000000146058c28, img=0x000060000313c540) at image.c:2135:3 frame #5: 0x00000001003eeb90 emacs`xpm_load_image(f=0x0000000146058c28, img=0x000060000313c540, contents="/* XPM */\nstatic char *back_arrow_xpm[] = {\n\"50 50 50 50\",\n\" c #000000\",\n\". c #53692A\",\n\"X c #59702D\",\n\"o c #657255\",\n\"O c #6D7A5B\",\n\"+ c #6D8839\",\n\"@ c #7C9B40\",\n\"# c #748261\",\n\"$ c #7F8E6B\",\n\"% c #818F71\",\n\"& c #879772\",\n\"* c #8C9A7F\",\n\"= c #85A24D\",\n\"- c #8BA859\",\n\"; c #92AD62\",\n\": c #95A77E\",\n\"> c #98AF74\",\n\", c #9BB572\",\n\"< c #9BAA87\",\n\"1 c #9CAF84\",\n\"2 c #A4B690\",\n\"3 c #A8BCA6\",\n\"4 c #ADBDA0\",\n\"5 c #AFC394\",\n\"6 c #BAD09D\",\n\"7 c #B5C3A9\",\n\"8 c #BED2A3\",\n\"9 c #D5E1C6\",\n\"0 c #FFFFFF\",\n\"q c None\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqq qqqqqqqqqqqqq\",\n\"qqqqqqqqq qqqqqqqqqqqqq\",\n\"qqqqqqqq 9 qqqqqqqqqqqqq\",\n\"qqqqqqq 96 qqqqqqqqqq\",\n\"qqqqqq 968664% qqqqqqqqq\",\n\"qqqqq 966666663 qqqqqqqq\",\n\"qqqq <666666666* qqqqqqq\",\n\"qqqqq X@@@@@@;67 qqqqqq\",\n\"qqqqqq .@@@@@@=6$ qqqqqq\",\n\"qqqqqqq .@ X@,2 qqqqqq\",\n\"qqqqqqqq X q +-6 qqqqqq\",\n\"qqqqqqqqq qq @6 qqqqqq\",\n\"qqqqqqqqqq qqq -: qqqqqq\",\n\"qqqqqqqqqqqqqq >o qqqqqq\",\n\"qqqqqqqqqqqqqq 5 qqqqqqq\",\n\"qqqqqqqqqqqqq"..., end="") at image.c:6532:3 frame #6: 0x00000001003eb1dc emacs`xpm_load(f=0x0000000146058c28, img=0x000060000313c540) at image.c:6556:19 frame #7: 0x00000001003e311c emacs`lookup_image(f=0x0000000146058c28, spec=(i = 0x0000000148070953), face_id=0) at image.c:3532:30 frame #8: 0x00000001003e2bf4 emacs`Fimage_size(spec=(i = 0x0000000148070953), pixels=(i = 0x0000000000000030), frame=(i = 0x0000000000000000)) at image.c:1676:22 frame #9: 0x00000001002caf30 emacs`funcall_subr(subr=0x0000000100b3cae0, numargs=3, args=0x0000000148160648) at eval.c:3157:15 frame #10: 0x000000010034685c emacs`exec_byte_code(fun=(i = 0x000000010f82f815), args_template=769, nargs=2, args=0x00000001481605e0) at bytecode.c:812:14 frame #11: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i = 0x000000013701ce85), nargs=0, arg_vector=0x0000000148160420) at eval.c:3244:9 frame #12: 0x00000001002cab70 emacs`funcall_general(fun=(i = 0x000000013701ce85), numargs=0, args=0x0000000148160420) at eval.c:3036:12 frame #13: 0x000000010034687c emacs`exec_byte_code(fun=(i = 0x0000000101d3436d), args_template=257, nargs=1, args=0x0000000148160420) at bytecode.c:814:14 frame #14: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i = 0x0000000101d4da05), nargs=2, arg_vector=0x000000016fdfc420) at eval.c:3244:9 frame #15: 0x00000001002cab70 emacs`funcall_general(fun=(i = 0x0000000101d4da05), numargs=2, args=0x000000016fdfc420) at eval.c:3036:12 frame #16: 0x00000001002c2ea8 emacs`Ffuncall(nargs=3, args=0x000000016fdfc418) at eval.c:3085:21 frame #17: 0x00000001002bb038 emacs`Ffuncall_interactively(nargs=3, args=0x000000016fdfc418) at callint.c:250:32 frame #18: 0x00000001002cb0f4 emacs`funcall_subr(subr=0x0000000100b35ae0, numargs=3, args=0x000000016fdfc418) at eval.c:3176:9 frame #19: 0x00000001002cab28 emacs`funcall_general(fun=(i = 0x0000000100b35ae5), numargs=3, args=0x000000016fdfc418) at eval.c:3032:12 frame #20: 0x00000001002c2ea8 emacs`Ffuncall(nargs=4, args=0x000000016fdfc410) at eval.c:3085:21 frame #21: 0x00000001002c9f08 emacs`Fapply(nargs=3, args=0x000000016fdfd228) at eval.c:2757:24 frame #22: 0x00000001002bb460 emacs`Fcall_interactively(function=(i = 0x0000000001183a70), record_flag=(i = 0x0000000000000000), keys=(i = 0x000000010274a8c5)) at callint.c:342:36 frame #23: 0x00000001002caf30 emacs`funcall_subr(subr=0x0000000100b35aa8, numargs=3, args=0x0000000148160060) at eval.c:3157:15 frame #24: 0x000000010034685c emacs`exec_byte_code(fun=(i = 0x00000001027661a5), args_template=1025, nargs=1, args=0x000000016fdfeb38) at bytecode.c:812:14 frame #25: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i = 0x00000001027661a5), nargs=1, arg_vector=0x000000016fdfeb30) at eval.c:3244:9 frame #26: 0x00000001002cab70 emacs`funcall_general(fun=(i = 0x00000001027661a5), numargs=1, args=0x000000016fdfeb30) at eval.c:3036:12 frame #27: 0x00000001002c2ea8 emacs`Ffuncall(nargs=2, args=0x000000016fdfeb28) at eval.c:3085:21 frame #28: 0x00000001001a45ec emacs`command_loop_1 at keyboard.c:1550:13 frame #29: 0x00000001002c6b70 emacs`internal_condition_case(bfun=(emacs`command_loop_1 at keyboard.c:1324), handlers=(i = 0x0000000000000090), hfun=(emacs`cmd_error at keyboard.c:970)) at eval.c:1613:25 frame #30: 0x00000001001a3a64 emacs`command_loop_2(handlers=(i = 0x0000000000000090)) at keyboard.c:1168:11 frame #31: 0x00000001002c5c44 emacs`internal_catch(tag=(i = 0x0000000000011220), func=(emacs`command_loop_2 at keyboard.c:1164), arg=(i = 0x0000000000000090)) at eval.c:1292:25 frame #32: 0x00000001001a29fc emacs`command_loop at keyboard.c:1146:2 frame #33: 0x00000001001a27a4 emacs`recursive_edit_1 at keyboard.c:754:9 frame #34: 0x00000001001a2d88 emacs`Frecursive_edit at keyboard.c:837:3 frame #35: 0x000000010019f1c4 emacs`main(argc=2, argv=0x000000016fdff590) at emacs.c:2624:3 frame #36: 0x00000001912920e0 dyld`start + 2360 thread #2 frame #0: 0x0000000191615d20 libsystem_pthread.dylib`start_wqthread thread #5 frame #0: 0x00000001915e04cc libsystem_kernel.dylib`__pselect + 8 frame #1: 0x00000001915e03a4 libsystem_kernel.dylib`pselect$DARWIN_EXTSN + 64 frame #2: 0x00000001003f709c emacs`-[EmacsApp fd_handler:](self=0x0000000145f20520, _cmd="fd_handler:", unused=0x0000000000000000) at nsterm.m:6444:20 frame #3: 0x0000000192825f80 Foundation`__NSThread__start__ + 716 frame #4: 0x000000019161af94 libsystem_pthread.dylib`_pthread_start + 136 thread #6, name = 'com.apple.NSEventThread' frame #0: 0x00000001915da1f4 libsystem_kernel.dylib`mach_msg2_trap + 8 frame #1: 0x00000001915ecb24 libsystem_kernel.dylib`mach_msg2_internal + 80 frame #2: 0x00000001915e2e34 libsystem_kernel.dylib`mach_msg_overwrite + 476 frame #3: 0x00000001915da578 libsystem_kernel.dylib`mach_msg + 24 frame #4: 0x00000001916fa680 CoreFoundation`__CFRunLoopServiceMachPort + 160 frame #5: 0x00000001916f8f44 CoreFoundation`__CFRunLoopRun + 1208 frame #6: 0x00000001916f8434 CoreFoundation`CFRunLoopRunSpecific + 608 frame #7: 0x0000000195082188 AppKit`_NSEventThread + 144 frame #8: 0x000000019161af94 libsystem_pthread.dylib`_pthread_start + 136 thread #7 frame #0: 0x0000000191615d20 libsystem_pthread.dylib`start_wqthread thread #8 frame #0: 0x0000000191615d20 libsystem_pthread.dylib`start_wqthread thread #9 frame #0: 0x0000000191615d20 libsystem_pthread.dylib`start_wqthread thread #10 frame #0: 0x0000000000000000 (lldb) In GNU Emacs 30.0.60 (build 3, aarch64-apple-darwin23.5.0, NS appkit-2487.60 Version 14.5 (Build 23F79)) of 2024-07-15 built on foo.local Repository revision: a7b68c25640de8214bc759d20180373c2dbcfa16 Repository branch: emacs-30 Windowing system distributor 'Apple', version 10.3.2487 System Description: macOS 14.5 Configured features: ACL GNUTLS LCMS2 LIBXML2 MODULES NOTIFY KQUEUE NS PDUMPER PNG SQLITE3 THREADS TOOLKIT_SCROLL_BARS TREE_SITTER ZLIB Important settings: value of $LC_CTYPE: UTF-8 value of $LANG: en_US.UTF-8 locale-coding-system: utf-8-unix Major mode: Lisp Interaction Minor modes in effect: tooltip-mode: t global-eldoc-mode: t eldoc-mode: t show-paren-mode: t electric-indent-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t blink-cursor-mode: t minibuffer-regexp-mode: t line-number-mode: t indent-tabs-mode: t transient-mark-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t Load-path shadows: None found. Features: (shadow sort mail-extr emacsbug message mailcap yank-media puny dired dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068 epg-config gnus-util text-property-search time-date subr-x mm-decode mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader cl-loaddefs cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils rmc iso-transl tooltip cconv eldoc paren electric uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel term/ns-win ns-win ucs-normalize mule-util term/common-win tool-bar dnd fontset image regexp-opt fringe tabulated-list replace newcomment text-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow isearch easymenu timer select scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors frame minibuffer nadvice seq simple cl-generic indonesian philippine cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese composite emoji-zwj charscript charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp files window text-properties overlay sha1 md5 base64 format env code-pages mule custom widget keymap hashtable-print-readable backquote threads kqueue cocoa ns lcms2 multi-tty make-network-process emacs) Memory information: ((conses 16 38639 9033) (symbols 48 5265 0) (strings 32 11913 1820) (string-bytes 1 282419) (vectors 16 9381) (vector-slots 8 106144 7815) (floats 8 21 3) (intervals 56 221 0) (buffers 992 10)) --000000000000f6bf38061dea4151 Content-Type: text/plain; charset="US-ASCII"; name="back-arrow.xpm.txt" Content-Disposition: attachment; filename="back-arrow.xpm.txt" Content-Transfer-Encoding: base64 X-Attachment-Id: 788b72720fa11dde_0.1 LyogWFBNICovCnN0YXRpYyBjaGFyICpiYWNrX2Fycm93X3hwbVtdID0gewoiNTAgNTAgNTAgNTAi LAoiICBjICMwMDAwMDAiLAoiLiBjICM1MzY5MkEiLAoiWCBjICM1OTcwMkQiLAoibyBjICM2NTcy NTUiLAoiTyBjICM2RDdBNUIiLAoiKyBjICM2RDg4MzkiLAoiQCBjICM3QzlCNDAiLAoiIyBjICM3 NDgyNjEiLAoiJCBjICM3RjhFNkIiLAoiJSBjICM4MThGNzEiLAoiJiBjICM4Nzk3NzIiLAoiKiBj ICM4QzlBN0YiLAoiPSBjICM4NUEyNEQiLAoiLSBjICM4QkE4NTkiLAoiOyBjICM5MkFENjIiLAoi OiBjICM5NUE3N0UiLAoiPiBjICM5OEFGNzQiLAoiLCBjICM5QkI1NzIiLAoiPCBjICM5QkFBODci LAoiMSBjICM5Q0FGODQiLAoiMiBjICNBNEI2OTAiLAoiMyBjICNBOEJDQTYiLAoiNCBjICNBREJE QTAiLAoiNSBjICNBRkMzOTQiLAoiNiBjICNCQUQwOUQiLAoiNyBjICNCNUMzQTkiLAoiOCBjICNC RUQyQTMiLAoiOSBjICNENUUxQzYiLAoiMCBjICNGRkZGRkYiLAoicSBjIE5vbmUiLAoicXFxcXFx cXFxcXFxcXFxcXFxcXFxcXFxIiwKInFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcSIsCiJxcXFxcXFx cXFxcXFxcXFxcXFxcXFxcXEiLAoicXFxcXFxcXFxcSBxcXFxcXFxcXFxcXFxIiwKInFxcXFxcXFx cSAgcXFxcXFxcXFxcXFxcSIsCiJxcXFxcXFxcSA5IHFxcXFxcXFxcXFxcXEiLAoicXFxcXFxcSA5 NiAgICBxcXFxcXFxcXFxIiwKInFxcXFxcSA5Njg2NjQlIHFxcXFxcXFxcSIsCiJxcXFxcSA5NjY2 NjY2NjMgcXFxcXFxcXEiLAoicXFxcSA8NjY2NjY2NjY2KiBxcXFxcXFxIiwKInFxcXFxIFhAQEBA QEA7NjcgIHFxcXFxcSIsCiJxcXFxcXEgLkBAQEBAQD02JCBxcXFxcXEiLAoicXFxcXFxcSAuQCAg IFhALDIgcXFxcXFxIiwKInFxcXFxcXFxIFggcSAgKy02IHFxcXFxcSIsCiJxcXFxcXFxcXEgIHFx ICBANiBxcXFxcXEiLAoicXFxcXFxcXFxcSBxcXEgLTogcXFxcXFxIiwKInFxcXFxcXFxcXFxcXFx ID5vIHFxcXFxcSIsCiJxcXFxcXFxcXFxcXFxcSA1IHFxcXFxcXEiLAoicXFxcXFxcXFxcXFxcSAx TyBxcXFxcXFxIiwKInFxcXFxcXFxcXFxcSAmIyBxcXFxcXFxcSIsCiJxcXFxcXFxcXFxcXFxICBx cXFxcXFxcXEiLAoicXFxcXFxcXFxcXFxcXFxcXFxcXFxcXFxIiwKInFxcXFxcXFxcXFxcXFxcXFx cXFxcXFxcSIsCiJxcXFxcXFxcXFxcXFxcXFxcXFxcXFxcXEifTsK --000000000000f6bf38061dea4151-- From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 23 23:41:42 2024 Received: (at 72255) by debbugs.gnu.org; 24 Jul 2024 03:41:43 +0000 Received: from localhost ([127.0.0.1]:32947 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sWSso-0000ci-Jh for submit@debbugs.gnu.org; Tue, 23 Jul 2024 23:41:42 -0400 Received: from sonic302-20.consmr.mail.ne1.yahoo.com ([66.163.186.146]:34330) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sWSsl-0000cU-R0 for 72255@debbugs.gnu.org; Tue, 23 Jul 2024 23:41:41 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1721792487; bh=Xsy01b+Uw4Zy+veADCTnGmElp7Y3PRyfNoOExOzfu7M=; h=From:To:Cc:Subject:In-Reply-To:References:Date:From:Subject:Reply-To; b=D9lohDSgmmAid6iiQPGYOtcEJAZFxkTcPt5l+65OAc43bDTz1vjtrzuVpkknB3Jt/Xfe+C8+74rAT5sj7zUzMeG3Q4jqLZM1A1cq2A5Z6r5rLtJ9onKGejP9ENkoKhpHgMKmzWATC4UnmVaFN+FQbuuJNhVPmvMaq600AqNpbyoHA/Oop7Q78tZsbIfHoIbBMpCoTtwnq5yS1KSeGv4Fl0hDxH3Mb5ShSM3u0eUDDk1tpEm1kQKYUB8jkl6PfGoMZ1g3AeZP3DnonvAoULwnCkDEcAtLukxxppRztRgWn3e7jv9BFb9H2VXl8JPO7Azdc22DJpPO4EH0kVnSfL0SKQ== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1721792487; bh=EnngrTUGSP/Jv1kbWMLvKVYBkPik1kq+RKVmei6dA/O=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=mT2KSKudmbvC1fYAjUD4wF0vMWBIISLf2F25mRuFEO50sc09jEB3aox6y6RLbK9jd4X3R1TnmxsKQVZ/Lzku3J24KfSK5N2mR6lOnSm7XrmXxlp+HA4Ds2NTDEeKnGNneAZbQfdQfLEX25NUMgNvVkGHO+993nTNGNoIIylrXiDAb6s/bxZA8iz2wU5f58ZsT+wIX4SkiIGbeibT2VOVrP9tTbXzls4Fq5zWoJwSxhjhMhPJo53ei5/FggkIPNI0uCxZm6/YZhlKSbHKFAZKk34II+CAa2XcyXOQwM3QyamrlZrZadKso7nLoG7Qoz7UDmwaySaEk0peaQ0lNvCSVQ== X-YMail-OSG: 0h4CrBsVM1mJ2uDmuEzqflBdO.yfoU0dga2Utf6u56J3.zRAf6mrqNRo6jT6qkW l36wGWKc286RRvb.rBKRtCCHR1sl76shywb1FhtG1jDjyXdkb6T7WOZMEQ3YAnfGC3YeI2jcC7VW YuNPxy3dAiy7LXApYQel2WKntgl3g9oCfZDg2nm3z2nSejJiyPeq0X3X0RRYA5Zr0hu3RSWyrbee dveA.cskyJlSNLOcf40EnRwD.w6AA5KVBns7FJmGsVUv6lI90LTUdP5lL1QdXTPiMR7UqtHu2nyl 7i4CcRTxt9RSu8otzP3taJCZA_oCKobcY1uUDvf95tpT6UYpXGS9I4UYUm7nlerv1LhEhwc9LCym TOi2zMwojCgwO0r7lIIpSco.NHRdhKWB5cKYftL40VSUf6o82FYzixJDxsJxjr..7VBar8_iTsxB StBobamKCjP93fu1Ny3ZN_Gjn7Q3TPkWou5jtZQZdzwOcBbSpw5rK4y_iFhpWsK.PVPduegphpbL X_DAC49LCM7UdBdoFOD3aIUDgF5cmMl1zPxFYEqgpbLcUrb9jb7uTY7FQk2HLtlMqOk54utU3Xig _CZmK9IlhaU.SKgwOvA4zVJ5d7r7NmGkhZbexXWg8ugzZQfrKXjbyx.Swcf4zetEvSD2KB6_sfCQ NP.fyL0d7EW0n9zZvVO9UpZHweSzuHL75jzpnyupO2wZZJFvHPfKqvBsKNJUmfrX2CHvU5Tt_.QZ 7MInmvSAWhkJPo.iNdaM8aGDd_d5JHpHDx3_CLwxtJvyxSnYc_WeBtYj2goQdjetR9dvgFM_ClVg ORxFnfUBDPCbaxus2MoPW.NPuoIbAYeAqWVo2vuUjI8PZpCNdA7OG59AngrZWNxX8wpVZqJx5uS9 _kf5IenxGnGzCMMR.G_y6aWGnWm4nX9OZ5NQBbn2AgwwgRIuLlmQkkQROCasb_5arHEx2uXswRwa H7xmbRVRi77XOGC12s7kHd2vyVTIvmYpZfwx4wZHa6o4KyLI1cRooxAIUJhI4lCr98K_aA8jHPOn 25nf05jm1D2WteRzc8XIbQo6YbqcvMm6tiXBqXAb8Owu.Jf2WPAZGCZBNmd30Ebz8pDl2W_sjHeg secvWof9fcxrp39HWSLNbgynLHfucAsImW4wT0W8ug_ngMtimk63l6T4nveGL5mr9oc7SCBMf7.P KRcMAhYgN8j_eAE5WzD0Pnm0I5z5gYaO5YXlHSrsL1UwcoFmXnzwBs8A13QvelwkZpcJSRIIO435 zUJYSS0ab4CV4bTQg4SBwAB_eSSPa0yu8F6GGkkOBxEO4viFHzUS05h7GquFolYCkdXuF_BvJm3w 7grRpwf7YFiQeEKfpE.pjeJfn3WX0M71WW5OUgtQBbR0Nzh71Bol5YLtS3xIVITd4FmwEErOCEZo PErJHJMB3oSr1arcFpVMwNl9WlP.q4UvFQbx0em_44piCmJCjnCVpoZJGP5VHc7NXl7Nn53kNeLP aoMPYNseKcrtN1xw25znkToTyL3lZx_XiRh_4rrRVokFzGrhWj3yCn44lHfxC.CwZZ.0pwKmTRYz W.PYLdn3Ym_rEU38QtOk6N_Pt2NBaEnLkUWovtHlnKXUUGeK6so.Bucbo0QAucyKL.4N9bMCHtP2 woCXjuSTzeowV3WzT9gzRHd_X8T4SrL6vfS88Z6xtSjjWxYSLiuD9OvaHKI9CJDLkiQs9gafB1B_ 18XL8Y6iWV9gMtxazc_.vJpsOzlJDzCLCVsyLWICJYIJTnAcQbygjcaajrOUAOB7GBCa2RPCpqWD FjXQ5ALjygU7DgwKMF04E7RXg5DoiLZ7UOh6KlU9byoJjWdCimTzhrlDxw5j31XRjUcEUNpDKKPj 2kFJzFC8WHBO1TNss82O3J_kovI48eXAVgyEnfk0hScN0GrlUJjM8Hf0BJS.EqrsBa57CGLCpyQz 3sXtqUnoX17oWAKECBLFNU03kIV5xdT6jIdDjbyqE2Ohl_nbnXwtwr_wpM1AMoqpelcpyUeTJH6d RgapvANQ5xoK7Ax76tFILa9ua8a.tZod8SyPzOeRRoSI6VCavUCxulq6Pe25ROAVnES3uRhB2QDn S3aVq5QzUsB5YEtGg4XOrtW3xjeFEzLZs.aUehLdUbp0DGTDDa3H.KgCR9JFyOaWQyEvz_eK5T7R HWeD7W_Ya0lVDRn5d7vkxturmwK2M2EIXVirv1VhYDaX_SK9inPtOXnpNdA2rw1z9K9h1aPLLYST wbHV8gmrGZiK1gs0T3zAfM1J8HkW6_w33mKmMw6GDt2p149pl X-Sonic-MF: X-Sonic-ID: f5002f60-27f6-4cd2-aa75-896e58fec638 Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Wed, 24 Jul 2024 03:41:27 +0000 Received: by hermes--production-sg3-85fdb5cfc8-9f8w5 (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 766b27dee61003ec63d9999436d841d3; Wed, 24 Jul 2024 03:41:21 +0000 (UTC) From: Po Lu To: Stefan Kangas Subject: Re: bug#72255: 30.0.60; Crash on macOS with malformed XPM image file In-Reply-To: (Stefan Kangas's message of "Tue, 23 Jul 2024 06:37:05 -0700") References: User-Agent: Gnus/5.13 (Gnus v5.13) Date: Wed, 24 Jul 2024 11:41:13 +0800 Message-ID: <871q3jxxra.fsf@yahoo.com> MIME-Version: 1.0 Content-Type: text/plain X-Mailer: WebService/1.1.22501 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Content-Length: 845 X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 72255 Cc: 72255@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Stefan Kangas writes: > Severity: normal > > Emacs crashes on macOS when opening a malformed XPM image file. > > I'm attaching an example image with the file extension ".xpm.txt" below; > to reproduce, simply rename the file to ".xpm" and open it in Emacs. > (This bad file is an edited version of back-arrow.xpm in emacs.git.) > > I've included an lldb backtrace below. Note that I reproduced this on > master, but the code has not changed from emacs-30. > > The crash happens in nsterm.m:601:5, but I can't figure out why we're > trying to access some other address than the pointer that was passed to > that function. Maybe this is trivial to someone that knows Objective-C. Please test the emacs-30 branch. It was a double free on NS affecting not only XPM, but all image loading functions in varying measures. From debbugs-submit-bounces@debbugs.gnu.org Tue Jul 23 23:52:21 2024 Received: (at 72255-done) by debbugs.gnu.org; 24 Jul 2024 03:52:21 +0000 Received: from localhost ([127.0.0.1]:32955 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sWT36-0000t2-VC for submit@debbugs.gnu.org; Tue, 23 Jul 2024 23:52:21 -0400 Received: from mail-ej1-f47.google.com ([209.85.218.47]:43354) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sWT34-0000sj-Ey for 72255-done@debbugs.gnu.org; Tue, 23 Jul 2024 23:52:19 -0400 Received: by mail-ej1-f47.google.com with SMTP id a640c23a62f3a-a7a94478a4eso80141666b.1 for <72255-done@debbugs.gnu.org>; Tue, 23 Jul 2024 20:52:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1721793067; x=1722397867; darn=debbugs.gnu.org; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:from:to:cc:subject:date:message-id:reply-to; bh=zSWAbR4Kt9nvKQQJXq4jw0syc2FKXyXs/z261BUXq0I=; b=j1BSwCa1KkQ07ZI9UDl1ZrbiRhBqcc5Ve1iXH4GmfErVc3ulCjYrQX/+ZScCKEMmrC YhmzrHKY4gfiGHp8uelI4jnrPH0NTlmgXunIKlneDaqf+kZpgr8bTqAAt8jewx1ySzps TZ+tuW1fTj1hxxEYJmiegmGVjqvQxYm3po+6ahIEzeMLhjL4ZdEAn/p7yrFBZdKDTbEN ucFhUnHTF2ydCt/+KInZQu4Q2YM10xBSKrZSqRALWc/HHv6OTyw+E/QBkZ3VxgDMduxq i4A9W+qb2FJNFIPFcp7uYNoVWhJ6mkwlCKhG17MDieaiHGZddPy2nHqdTkM+BiGSrHWK a5Jw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721793067; x=1722397867; h=cc:to:subject:message-id:date:mime-version:references:in-reply-to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=zSWAbR4Kt9nvKQQJXq4jw0syc2FKXyXs/z261BUXq0I=; b=eCfqCiiygduDtidh15hS386zfGJ8pwuYKrGfB+3jWrTK2n1YSUSC4MlShpyLJplk3S RUJmABIkQl0yw4nTQWzEV1kQOr1rsruGAqCfIgAJv7GUZIe5T2qPTtuWVzewqAYLVe6c ZYN/WKfpuay3WMR2gVuSgEwNv95yUsWmknJjDZ0f7mj4gNqFET6C8SL/X40J61HW7h0h p3UfAKtG/yjjnwZwhCLo5wd7FPOcHDVBAYBcLviHx14hi873ilqpZzWsWWOgMAbmnCOn tvua+GpJHL8c/7Noz/0XDXjBMYQA7gGa/G7meC72MlJaB07mKLDtR+E9nz+AIDouwC/7 XxpQ== X-Gm-Message-State: AOJu0YyL0+CbE/kjUwq5ccTlmJKWUy9HlJD5caGGGrC5/G0knQ67i2+m mcwgxfkD/q+a17g/Yr9fZYqDhk11tvW7XvI+5XVk9pYUQ70/OLXtazeqZlp/t12LeMzKSG8K+L5 VfsB1Vi0L5gqJyoGoAW+lAoVNVxc= X-Google-Smtp-Source: AGHT+IFLaUkvPOESxNmDvqOuweRkW1oSozabJOsoBOvj/29gI/6qWkKLm8JS2a3LSNB+qxbDrCrtGJLT+zcEHgifBUM= X-Received: by 2002:a17:907:5c7:b0:a77:cdae:6a59 with SMTP id a640c23a62f3a-a7ab2febf78mr38639966b.21.1721793066907; Tue, 23 Jul 2024 20:51:06 -0700 (PDT) Received: from 753933720722 named unknown by gmailapi.google.com with HTTPREST; Tue, 23 Jul 2024 20:51:06 -0700 From: Stefan Kangas In-Reply-To: <871q3jxxra.fsf@yahoo.com> References: <871q3jxxra.fsf@yahoo.com> MIME-Version: 1.0 Date: Tue, 23 Jul 2024 20:51:06 -0700 Message-ID: Subject: Re: bug#72255: 30.0.60; Crash on macOS with malformed XPM image file To: Po Lu Content-Type: text/plain; charset="UTF-8" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 72255-done Cc: 72255-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Version: 30.1 Po Lu writes: > Stefan Kangas writes: > >> Severity: normal >> >> Emacs crashes on macOS when opening a malformed XPM image file. >> >> I'm attaching an example image with the file extension ".xpm.txt" below; >> to reproduce, simply rename the file to ".xpm" and open it in Emacs. >> (This bad file is an edited version of back-arrow.xpm in emacs.git.) >> >> I've included an lldb backtrace below. Note that I reproduced this on >> master, but the code has not changed from emacs-30. >> >> The crash happens in nsterm.m:601:5, but I can't figure out why we're >> trying to access some other address than the pointer that was passed to >> that function. Maybe this is trivial to someone that knows Objective-C. > > Please test the emacs-30 branch. It was a double free on NS affecting > not only XPM, but all image loading functions in varying measures. That seems to have fixed the crash. Closing the bug, thanks! From unknown Fri Aug 15 14:17:43 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Wed, 21 Aug 2024 11:24:07 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator