From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: =?UTF-8?Q?Cl=C3=A9ment?= Pit--Claudel Newsgroups: gmane.emacs.bugs Subject: bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c Date: Mon, 25 Jul 2016 18:37:17 -0400 Message-ID: <0f1f4edb-100e-5bfa-b1da-fc9c68723ee3@gmail.com> References: <18720133-6691-74c9-528f-3baee920b421@gmail.com> <83vaztu1n5.fsf@gnu.org> <3092bb3f-6d7f-0495-bf53-a317b9f52fa9@gmail.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="891FIugaAojpCvI6uSOUNOvWMNoc8DB1j" X-Trace: ger.gmane.org 1469486305 20693 80.91.229.3 (25 Jul 2016 22:38:25 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Mon, 25 Jul 2016 22:38:25 +0000 (UTC) To: 24064@debbugs.gnu.org Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jul 26 00:38:13 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1bRoVo-0004p0-9z for geb-bug-gnu-emacs@m.gmane.org; Tue, 26 Jul 2016 00:38:12 +0200 Original-Received: from localhost ([::1]:35662 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bRoVn-0003kq-L5 for geb-bug-gnu-emacs@m.gmane.org; Mon, 25 Jul 2016 18:38:11 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41818) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bRoVh-0003gI-4q for bug-gnu-emacs@gnu.org; Mon, 25 Jul 2016 18:38:06 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bRoVd-0001gU-SP for bug-gnu-emacs@gnu.org; Mon, 25 Jul 2016 18:38:05 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:53188) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bRoVd-0001gQ-OU for bug-gnu-emacs@gnu.org; Mon, 25 Jul 2016 18:38:01 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1bRoVd-0004di-KR for bug-gnu-emacs@gnu.org; Mon, 25 Jul 2016 18:38:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: =?UTF-8?Q?Cl=C3=A9ment?= Pit--Claudel Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Mon, 25 Jul 2016 22:38:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 24064 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: X-Debbugs-Original-To: bug-gnu-emacs@gnu.org Original-Received: via spool by submit@debbugs.gnu.org id=B.146948626217807 (code B ref -1); Mon, 25 Jul 2016 22:38:01 +0000 Original-Received: (at submit) by debbugs.gnu.org; 25 Jul 2016 22:37:42 +0000 Original-Received: from localhost ([127.0.0.1]:37292 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bRoVJ-0004d8-Uj for submit@debbugs.gnu.org; Mon, 25 Jul 2016 18:37:42 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:50733) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bRoVI-0004cx-T9 for submit@debbugs.gnu.org; Mon, 25 Jul 2016 18:37:41 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bRoVC-0001e5-Gi for submit@debbugs.gnu.org; Mon, 25 Jul 2016 18:37:35 -0400 Original-Received: from lists.gnu.org ([2001:4830:134:3::11]:33110) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bRoVC-0001e1-DJ for submit@debbugs.gnu.org; Mon, 25 Jul 2016 18:37:34 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41698) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bRoVA-0003UT-1N for bug-gnu-emacs@gnu.org; Mon, 25 Jul 2016 18:37:33 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bRoV5-0001dW-Qa for bug-gnu-emacs@gnu.org; Mon, 25 Jul 2016 18:37:31 -0400 Original-Received: from mout.kundenserver.de ([212.227.126.135]:54322) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bRoV4-0001dF-6p for bug-gnu-emacs@gnu.org; Mon, 25 Jul 2016 18:37:27 -0400 Original-Received: from [18.26.2.123] ([18.26.2.123]) by mrelayeu.kundenserver.de (mreue003) with ESMTPSA (Nemesis) id 0MXkt1-1bmWRP2Ex5-00Wnp5 for ; Tue, 26 Jul 2016 00:37:24 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 In-Reply-To: <3092bb3f-6d7f-0495-bf53-a317b9f52fa9@gmail.com> X-Provags-ID: V03:K0:NiLs1HXE9yQXfspRkYwXthvQ3He1Ry3tSr8TLGJ8t4oxIh/fqwS eIkvPJF9tHqkZ+OqYnNL6GVSOElncL7k/2ebyR8TjwJXZZN6IPuYadEdrVOXmofB71sPWgx Vl7VlGRwvB17ajJRwmRF6mxK8ILfRjkDu1eZQ1rZQ01zvoCoKdYbw+2h74QeRmmPRV9GUv8 DNHe3Io83sWQ1YB1eJq+A== X-UI-Out-Filterresults: notjunk:1;V01:K0:ZfSZkvfCv+Y=:D1qAmF+PXTJ4IySamO3IRM yhdMowgrWZiPJ+dcnxXwSjGKYwAHa8C7ifSfM8mZAQZpZj0Su4nodZnuPkmoVbTB5hFVbKGa4 28rW+bb3MOfmLx7jj4TTRC5BWQpG9Awjpq4RKBOxNp3d+TDRgNc44s7RPZxv7tOYzamKvKE4W ocVGwiNH1OvcVBhoG72nj/XXq6wKugwGz3FnFAt/88zDhcIDr+1eXkBxuUrflTzvaWruhAY2L w11VKaAQI1uuDwyxbHvAHxKqzeIxQKl2MDeY/wHwHVGDCCL3Zwpo9OQb1MnK1ZufbgBek+ehU P2acwkmAQe5oX6+xiE9iIGDrwyc7Yr+EaKmj8NsRhGSmmHG+TLHBhm63nmKQneuLqnm0SaG47 Y6Bo3oOtuIlaAdHK2ggG0yJwjZwZOlx4Z/HGKxOi8LpuPXH9g3CFkffw8U33rPz6IX/ww66Mw Vs/xrC+ECUlnpBWxaKMPqFAfkqthkBlDMqE0wcTgtCa9/ZNv9GbDkuzb9y+mDc4KCZGAP5L5/ h/KDo9mEnAkDdL0obQbTM+rbTcHM/eTIISnQFlDPdFLuNIGNEW0hDKHfWST17YLeGjz+prsiD cSXL55dAhcq1gs8Ym2fP0+DNXkygBYRNfLRi+5tT9KkMGOpez2Kx5YlLrKQSFbDMdcHejEs17 W36QVFDuJIqgc88Oj2723rGNIO+nRQ6gD8hsfFfzf67gcB8XajN/Cj/b9NpwSDG1HGjM= X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:121539 Archived-At: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --891FIugaAojpCvI6uSOUNOvWMNoc8DB1j Content-Type: multipart/mixed; boundary="VdchiT6HJ1faa7EjI03mlUguXiEIeVaKS" From: =?UTF-8?Q?Cl=c3=a9ment_Pit--Claudel?= To: bug-gnu-emacs@gnu.org Message-ID: <0f1f4edb-100e-5bfa-b1da-fc9c68723ee3@gmail.com> Subject: Re: bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c References: <18720133-6691-74c9-528f-3baee920b421@gmail.com> <83vaztu1n5.fsf@gnu.org> <3092bb3f-6d7f-0495-bf53-a317b9f52fa9@gmail.com> In-Reply-To: <3092bb3f-6d7f-0495-bf53-a317b9f52fa9@gmail.com> --VdchiT6HJ1faa7EjI03mlUguXiEIeVaKS Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2016-07-25 18:02, Sergei Litvin wrote: > I've prepared an elisp file to reproduce a crash: >=20 > 1) Open it and move cursor to the end of the file > 2) Execute eval-buffer > 3) Press C-l several times Running this recipe does not cause a crash for me in GNU Emacs 25.1.50.7 = (x86_64-pc-linux-gnu, GTK+ Version 3.18.9) of 2016-07-20. Am I missing s= omething? > On 07/25/2016 07:24 PM, Eli Zaretskii wrote: >>> From: Sergei Litvin >>> Date: Mon, 25 Jul 2016 02:51:40 +0300 >>> >>> >>> struct position * >>> compute_motion (ptrdiff_t from, ptrdiff_t frombyte, EMACS_INT fromvpo= s, >>> EMACS_INT fromhpos, bool did_motion, ptrdiff_t to, >>> EMACS_INT tovpos, EMACS_INT tohpos, EMACS_INT width, >>> ptrdiff_t hscroll, int tab_offset, struct window *win) >>> { >>> >>> ... >>> >>> if (dp =3D=3D buffer_display_table ()) >>> width_table =3D (VECTORP (BVAR (current_buffer, width_table)) >>> ? XVECTOR (BVAR (current_buffer, width_table))->contents >>> : 0); >>> else >>> /* If the window has its own display table, we can't use the width >>> run cache, because that's based on the buffer's display table. */ >>> width_table =3D 0; // initialize it with 0 (current buffer has no dis= play table) >>> >>> ... >>> >>> if (width_cache) >>> { >>> /* Is this character part of the current run? If so, extend >>> the run. */ >>> if (pos - 1 =3D=3D width_run_end >>> && XFASTINT (width_table[c]) =3D=3D width_run_width) // dereference w= idth_table here, and crash >>> width_run_end =3D pos; >> Did you actually see such a crash, and if so, can you show a recipe >> for reproducing that? >> >> Thanks. >=20 --VdchiT6HJ1faa7EjI03mlUguXiEIeVaKS-- --891FIugaAojpCvI6uSOUNOvWMNoc8DB1j Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXlpSdAAoJEPqg+cTm90wjBssQALF6DUb22kgAx/pIgYMTCgF6 YEEh4RSISNGjZq1MMDt6xnWItt+J6Iyw/Yf/ESKGD2hz0L+btZ4WmfN8znQZmNPl b4eX+Bqv9U767uK/WeeCM1kwg0FO4GhgFoLDJJaPsEYohO6MbFDo69YROLCvPcac PsedaP57J5svZK8dYY1pFSQtFpWEK2osMHLJ8rtAZIGxO03R+Sb3ba5cDJD6Tb2r ENDnlLypHm06Np2/9zEpl5GuVPzVXeteZ6Vm2TMiRO3B9E8nl62PotMMZFXsWXkh ZV//VKANzkaQhd7AWQHlR1WuSM9C9tCGSwjyWkvmi9SHeRkeJ8rrIuI0mIJihBAD OZLufZHigRy7GEcqmuVm+zvERL19Lky0y0Ef7QmXXh6tHMg3Hnyu/7sCuDsN0jfD Ng/Tp2iOIKc4Gs7Dm1Pwe4jT78GRz8RzlqNlVH2VprLyYMf0hmX8OcgY3emJE5Xs eLrLqW7uIUX2MsBZ7jNJ2LjH9JzNDmAtyTlppAfpDD9MUWZhr+djM4H6F/2k7ZrA cD+hANALnsgNAl9bQ2FF4oJ1gD3G6VKmClnN47uxJxcoSZ7IeV1vQQ+TB1mtIq32 B0DAMgRCiQalo7ExKxHZhsK8qINxdgnZflu0hHT1qiiR6O47DrgCYPhc6g8wIpV6 jLfZPizY2GnYwggJZutK =Zwy/ -----END PGP SIGNATURE----- --891FIugaAojpCvI6uSOUNOvWMNoc8DB1j--