GNU bug report logs -
#77325
Crash in Fjson_parse_buffer: ZV changes underneath it?
Previous Next
Full log
Message #11 received at 77325 <at> debbugs.gnu.org (full text, mbox):
> From: Daniel Colascione <dancol <at> dancol.org>
> Date: Thu, 27 Mar 2025 21:07:02 -0400
>
>
> Somehow, the buffer changes underneath json_parse. We pass an
> out-of-bounds position to SET_PT_BOTH (position, byte), which either
> asserts or crashes. Not sure how the buffer could have changed ---
> maybe a handler-bind? The JSON parser doesn't seem to do anything
> except allocate and signal.
Can you post a recipe for reproducing this?
> own_text = {
> beg = 0x0000000130088000 ""
> gpt = 1
> z = 74465
> gpt_byte = 1
> z_byte = 76476
> gap_size = 60247
> modiff = 15338
> chars_modiff = 15338
> save_modiff = 1
> overlay_modiff = 757
> compact = 1
> beg_unchanged = 0
> end_unchanged = 0
> unchanged_modified = 4374
> overlay_unchanged_modified = 755
> intervals = 0x000000011f38caa8
> markers = 0x000000011ffa4288
> inhibit_shrinking = false
> redisplay = true
> }
> text = 0x000000011e011268
> pt = 1
> pt_byte = 1
> begv = 1
> begv_byte = 1
> zv = 1
> zv_byte = 1
This seems to tell that the buffer is narrowed to an empty region.
Does that make sense in the scenario where you had this problem?
> (lldb) print p.point_of_current_line
> (ptrdiff_t) 1
> (lldb) print p.current_column
> (ptrdiff_t) 6
>
> input_begin = 0x0000000130096b57 "\n 6 pass\n 620 skip\n [...]
> input_current = 0x0000000130096b5e " pass\n 620 skip\n
Give BEGV and ZV, this seems to mean we are accessing beyond the
restriction, which should never happen.
This bug report was last modified 79 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.