GNU bug report logs - #8915
23.3; Repeatable segmentation fault, all platforms, in character composition code

Previous Next

Package: emacs;

Reported by: David Aspinall <David.Aspinall <at> ed.ac.uk>

Date: Tue, 21 Jun 2011 16:17:03 UTC

Severity: important

Found in version 23.3

Done: Chong Yidong <cyd <at> stupidchicken.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: YAMAMOTO Mitsuharu <mituharu <at> math.s.chiba-u.ac.jp>
To: David Aspinall <David.Aspinall <at> ed.ac.uk>
Cc: 8915 <at> debbugs.gnu.org, Kenichi Handa <handa <at> m17n.org>
Subject: bug#8915: 23.3; Repeatable segmentation fault, all platforms, in character	composition code
Date: Tue, 28 Jun 2011 18:36:40 +0900

>>>>> On Tue, 21 Jun 2011 17:04:57 +0100, David Aspinall <David.Aspinall <at> ed.ac.uk> said:

> There is a segfault which arises reproducibly when compose-character is
> used near the end of a buffer.  I'm afraid I don't have a raw test case
> but here is a recipe to reproduce it that loads the Emacs application
> Proof General:
  
>  wget http://proofgeneral.inf.ed.ac.uk/releases/ProofGeneral-4.0.tgz
>  tar -xpzf ProofGeneral-4.0.tgz
>  (cd ProofGeneral; make clean)
>  emacs -q -l ProofGeneral/generic/proof-site.el
>  C-x C-f Test.thy

> Then type

>  \<forall>

> and Emacs segfaults.  If instead you type

>  M-x 1 0 SPACE C-a \<forall>

> it behaves as expected: looks like the code is running off the end of
> the buffer.

At least, the following change seems to avoid the crash.  But I'm not
sure if this is a right fix at all.

Handa-san, could you take a look at this issue?  The problematic case
is that the addition of the `composite' property via fontification
occurs during redisplay and the composition is found in the middle of
the composed region.  That happens if the first part of the region had
a non-nil `fontified' property and the second part did not, and then
fontification-functions added the `composite' property to the whole
region.

				     YAMAMOTO Mitsuharu
				mituharu <at> math.s.chiba-u.ac.jp

=== modified file 'src/composite.c'
*** src/composite.c	2011-05-09 09:59:23 +0000
--- src/composite.c	2011-06-28 09:10:01 +0000
***************
*** 1136,1142 ****
  				       prop, string);
        if (cmp_it->id < 0)
  	goto no_composition;
!       cmp_it->nchars = end - start;
        cmp_it->nglyphs = composition_table[cmp_it->id]->glyph_len;
      }
    else if (w)
--- 1136,1142 ----
  				       prop, string);
        if (cmp_it->id < 0)
  	goto no_composition;
!       cmp_it->nchars = end - charpos;
        cmp_it->nglyphs = composition_table[cmp_it->id]->glyph_len;
      }
    else if (w)

=== modified file 'src/xdisp.c'
*** src/xdisp.c	2011-05-25 03:06:05 +0000
--- src/xdisp.c	2011-06-28 09:10:57 +0000
***************
*** 4654,4660 ****
        if (it->cmp_it.id >= 0)
  	{
  	  it->cmp_it.ch = -1;
! 	  it->cmp_it.nchars = COMPOSITION_LENGTH (prop);
  	  it->cmp_it.nglyphs = -1;
  	}
      }
--- 4654,4660 ----
        if (it->cmp_it.id >= 0)
  	{
  	  it->cmp_it.ch = -1;
! 	  it->cmp_it.nchars = end - pos;
  	  it->cmp_it.nglyphs = -1;
  	}
      }
This bug report was last modified 13 years and 323 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.