From: Dmitry Antipov <dmantipov@yandex.ru>
To: Eli Zaretskii <eliz@gnu.org>
Cc: 16457@debbugs.gnu.org
Subject: bug#16457: 24.3.50; crash rendering Arabic Uthmani script
Date: Thu, 16 Jan 2014 12:01:04 +0400 [thread overview]
Message-ID: <52D791C0.7000405@yandex.ru> (raw)
In-Reply-To: <7obnzcor73.fsf@fencepost.gnu.org>
I'm not familiar with composition sequences in detail, but there is a hint.
For the uthmani-test.txt, the following code in set_iterator_to_next:
7127 /* Composition created while scanning forward. */
7128 /* Update IT's char/byte positions to point to the first
7129 character of the next grapheme cluster, or to the
7130 character visually after the current composition. */
7131 for (i = 0; i < it->cmp_it.nchars; i++)
7132 bidi_move_to_visually_next (&it->bidi_it);
7133 IT_BYTEPOS (*it) = it->bidi_it.bytepos;
7134 IT_CHARPOS (*it) = it->bidi_it.charpos;
advances IT from charpos:bytepos 11:21 to 13:25. But the following fragment
from scan_for_column:
586 /* Check composition sequence. */
587 if (cmp_it.id >= 0
588 || (scan == cmp_it.stop_pos
589 && composition_reseat_it (&cmp_it, scan, scan_byte, end,
590 w, NULL, Qnil)))
591 composition_update_it (&cmp_it, scan, scan_byte, Qnil);
592 if (cmp_it.id >= 0)
593 {
594 scan += cmp_it.nchars;
595 scan_byte += cmp_it.nbytes;
advances SCAN:SCAN_BYTE from 11:21 to 13:24. So the byte position becomes invalid
and FETCH_CHAR_ADVANCE decodes invalid byte sequence to invalid character C.
Finally, CHAR_TABLE_REF (Vcomposition_function_table, C) goes out of bounds.
Dmitry
next prev parent reply other threads:[~2014-01-16 8:01 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-15 17:24 bug#16457: 24.3.50; crash rendering Arabic Uthmani script Dmitry Antipov
2014-01-15 17:41 ` Eli Zaretskii
2014-01-15 21:44 ` Glenn Morris
2014-01-16 8:01 ` Dmitry Antipov [this message]
2014-01-16 10:07 ` Dmitry Antipov
2014-01-16 17:33 ` Eli Zaretskii
2014-01-16 17:33 ` Eli Zaretskii
2014-01-17 7:34 ` Dmitry Antipov
2014-01-17 9:10 ` Eli Zaretskii
2014-01-17 11:16 ` Dmitry Antipov
2014-01-17 12:03 ` Eli Zaretskii
2014-01-17 13:51 ` K. Handa
2014-01-19 13:45 ` K. Handa
2014-01-19 16:00 ` Dmitry Antipov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52D791C0.7000405@yandex.ru \
--to=dmantipov@yandex.ru \
--cc=16457@debbugs.gnu.org \
--cc=eliz@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).