GNU bug report logs - #72802
31.0.50; Crash in (equal sub-char-table-a sub-char-table-b)

Previous Next

Package: emacs;

Reported by: Pip Cet <pipcet <at> protonmail.com>

Date: Sun, 25 Aug 2024 13:15:02 UTC

Severity: normal

Found in version 31.0.50

Done: Felix Lechner <felix.lechner <at> lease-up.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Pip Cet <pipcet <at> protonmail.com>
To: 72802 <at> debbugs.gnu.org
Subject: bug#72802: 31.0.50; Crash in (equal sub-char-table-a sub-char-table-b)
Date: Sun, 25 Aug 2024 14:11:17 +0000

Pip Cet <pipcet <at> protonmail.com> writes:
> The code in internal_equal compares sub-char-tables incorrectly

This patch should fix things for the release branch:


From df31249b3686c38e4816cfa2784c25443a61b749 Mon Sep 17 00:00:00 2001
From: Pip Cet <pipcet <at> protonmail.com>
Subject: [PATCH] Fix crashes when comparing sub char tables (Bug#72802)

* src/fns.c (internal_equal): Handle sub char tables specially, like
'mark_char_table' does.
---
 src/fns.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/fns.c b/src/fns.c
index 57113a8c5ed..cb799a13a6e 100644
--- a/src/fns.c
+++ b/src/fns.c
@@ -2948,14 +2948,28 @@ internal_equal (Lisp_Object o1, Lisp_Object o2, enum equal_kind equal_kind,
 	/* Aside from them, only true vectors, char-tables, compiled
 	   functions, and fonts (font-spec, font-entity, font-object)
 	   are sensible to compare, so eliminate the others now.  */
+	ptrdiff_t i = 0;
 	if (size & PSEUDOVECTOR_FLAG)
 	  {
 	    if (((size & PVEC_TYPE_MASK) >> PSEUDOVECTOR_AREA_BITS)
 		< PVEC_CLOSURE)
 	      return false;
+
+	    /* Bug#72802.  See 'mark_char_table' in alloc.c.  */
+	    if (SUB_CHAR_TABLE_P (o1))
+	      {
+		i = SUB_CHAR_TABLE_OFFSET;
+		if (XSUB_CHAR_TABLE (o1)->depth !=
+		    XSUB_CHAR_TABLE (o2)->depth)
+		  return false;
+		if (XSUB_CHAR_TABLE (o1)->min_char !=
+		    XSUB_CHAR_TABLE (o2)->min_char)
+		  return false;
+	      }
+
 	    size &= PSEUDOVECTOR_SIZE_MASK;
 	  }
-	for (ptrdiff_t i = 0; i < size; i++)
+	for (; i < size; i++)
 	  {
 	    Lisp_Object v1, v2;
 	    v1 = AREF (o1, i);
-- 
2.45.2


Okay for emacs-30 (and/or master, though I'd prefer to fix it
differently on that branch)?

For the master branch, I think the right thing to do is to turn the
first two, non-Lisp members of Lisp_Sub_Char_Table ('depth' and
'min_char') into 'Lisp_Object's.  Then we can simplify the code and
compare sub char tables as we do ordinary vectors, at the cost of eight
bytes of extra storage per sub char table on machines with 64-bit
EMACS_INTs.

BTW, I'm surprised this code returns nil; I think that should be
documented.

(setq a (make-char-table nil))
(setq b (make-char-table nil))
(aset a 1 nil)
(dotimes (i (max-char))
  (unless (equal (aref a i) (aref b i))
    (error "i = %S" i)))
(equal a b)

Pip
This bug report was last modified 265 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.