Po Lu via "Bug reports for GNU Emacs, the Swiss army knife of text
editors" <bug-gnu-emacs@gnu.org> writes:

> Eli Zaretskii <eliz@gnu.org> writes:
>
>> I think this should be
>>
>>   if ((window_outdated (w)
>>        || !w->window_end_valid
>>        || !MATRIX_ROW_DISPLAYS_TEXT_P (MATRIX_ROW (w->current_matrix,
>> 						   vpos)))
>
> Yes, sorry.
>
>> I'm not sure it will help, because it seems the segfault happens in
>> the MATRIX_ROW_DISPLAYS_TEXT_P macro.  So I think we are somehow
>> dealing with w->current_matrix whose 'nrows' is too small.  The
>> mouse-highlight code detects that case in x_y_to_hpos_vpos.
>
> Right.  What about this?
>
> diff --git a/src/xdisp.c b/src/xdisp.c
> index d984c12d1aa..dcecc2b09d4 100644
> --- a/src/xdisp.c
> +++ b/src/xdisp.c
> @@ -35772,6 +35772,7 @@ note_fringe_highlight (struct frame *f, Lisp_Object window, int x, int y,
>    /* Don't access the TEXT_AREA of a row that does not display text, or
>       when the window is outdated.  (bug#70385) */
>    if (window_outdated (w)
> +      || (vpos >= w->current_matrix->nrows)
>        || !MATRIX_ROW_DISPLAYS_TEXT_P (MATRIX_ROW (w->current_matrix,
>  						  vpos)))
>      return;
>
> It's the same test x_y_to_hpos_vpos applies to decide whether to punt
> and return NULL.

Tried the change but it wasn't enough: