From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Allen Li <darkfeline@felesatra.moe>
Newsgroups: gmane.emacs.bugs
Subject: bug#37786: 26.3; Emacs crashes when calling function to decode string
Date: Thu, 17 Oct 2019 21:28:35 -0700
Message-ID: <80wod21xu4.fsf@felesatra.moe>
References: <80sgnsdn9a.fsf@felesatra.moe> <87zhi0knm5.fsf@gnus.org>
 <m2ftjr1ywg.fsf@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="207665"; mail-complaints-to="usenet@blaine.gmane.org"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux)
Cc: 37786@debbugs.gnu.org
To: Lars Ingebrigtsen <larsi@gnus.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Oct 18 06:29:13 2019
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.89)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1iLJt3-000rvy-6U
	for geb-bug-gnu-emacs@m.gmane.org; Fri, 18 Oct 2019 06:29:13 +0200
Original-Received: from localhost ([::1]:35184 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1iLJt2-0002zm-1z
	for geb-bug-gnu-emacs@m.gmane.org; Fri, 18 Oct 2019 00:29:12 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:43394)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iLJst-0002xD-KD
 for bug-gnu-emacs@gnu.org; Fri, 18 Oct 2019 00:29:04 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iLJss-00069Y-6K
 for bug-gnu-emacs@gnu.org; Fri, 18 Oct 2019 00:29:03 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:40328)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1iLJsr-00069F-Oz
 for bug-gnu-emacs@gnu.org; Fri, 18 Oct 2019 00:29:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1iLJsr-0004Qh-IG
 for bug-gnu-emacs@gnu.org; Fri, 18 Oct 2019 00:29:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Allen Li <darkfeline@felesatra.moe>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Fri, 18 Oct 2019 04:29:01 +0000
Resent-Message-ID: <handler.37786.B37786.157137292817006@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 37786
X-GNU-PR-Package: emacs
Original-Received: via spool by 37786-submit@debbugs.gnu.org id=B37786.157137292817006
 (code B ref 37786); Fri, 18 Oct 2019 04:29:01 +0000
Original-Received: (at 37786) by debbugs.gnu.org; 18 Oct 2019 04:28:48 +0000
Original-Received: from localhost ([127.0.0.1]:49149 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1iLJsc-0004QC-IJ
 for submit@debbugs.gnu.org; Fri, 18 Oct 2019 00:28:48 -0400
Original-Received: from mail-pf1-f180.google.com ([209.85.210.180]:36214)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <darkfeline@felesatra.moe>) id 1iLJsZ-0004Ps-RF
 for 37786@debbugs.gnu.org; Fri, 18 Oct 2019 00:28:44 -0400
Original-Received: by mail-pf1-f180.google.com with SMTP id y22so3039323pfr.3
 for <37786@debbugs.gnu.org>; Thu, 17 Oct 2019 21:28:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=felesatra-moe.20150623.gappssmtp.com; s=20150623;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version;
 bh=Cvl9FeKPa2dMNonZ84qeF/uCLGOpRQMgdwTetv8clmM=;
 b=Mc2oDxQQ6jpXexbovoCHtV3hinNpxZEyeZhRGZPOSIF4wXx/SgfZuoBEBiU/VGj1rC
 KNuFsOkip85EBxYLkiId3FUf7YkLUD34ouexU/p6ZOgfGXTAmK/0UCG0C8ZxfaWKQCdw
 BrAP2k1ioEeKuSd8e+HJ1vMkv8omqhWNqXIBjl6d65o355DRtdWCzaAI9UUxuJdcGfpz
 ScpC49iw1ZYt6hgVQRwAG870+4Gdkb9Fi8eBE6fal/IVcvJV+79i9h1Cd9G5o54vAGY5
 OFgh5oamtywr3gg0SrfE1AWdLNuywaGNfUpy1qOy4E0JYZc9sUcwjQHnEC6Af+w07FHi
 Ug5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version;
 bh=Cvl9FeKPa2dMNonZ84qeF/uCLGOpRQMgdwTetv8clmM=;
 b=M0KGSTOHOW1/cz8KCobbock+ZyXHy6GZLtNpTUm8woJzFbHojVCTBN8Yh4Uh5ONArA
 OdC0klzwyi0ud/T96gacwPjZ6k+9NYDf5GmNAZWqo2O5hWCvauujEo9jsDPeLaDIcq2C
 PJoxTpY9wagEKgT7lwWLRPH1JjB75J7Y5dfJdoxlxLr1oSStfDonh0PT/oecrwG/o+Lg
 7+mtOPHoN4Xe8kLh3JjrBJDLHs/b71ET7WbneEmXq6r0NOn4K+Z3lhoyX9Zsr8TN1yNL
 DlE9nvmhDvy2hLlFP6uKSO0ip2YVmYNROHIeYTr9sDDI0pw7yqQdN/AAToLBk8Jx5jPM
 bd8Q==
X-Gm-Message-State: APjAAAVG1/EyVy+ohu7nJyMfS7qrNgV2/O4G3GvptSYSd3obDRIw2eyQ
 r9mHXDdoXrJjZINQbmwQE6a/2L3n0gsXCQ==
X-Google-Smtp-Source: APXvYqxxUDLFSPcRpEsIUGmEQrskU0qA1PGnp/B1/c4Y3QSlnq6cBckqNcAq1aXzfjEzOcXrODXg+w==
X-Received: by 2002:a62:e718:: with SMTP id s24mr4409411pfh.90.1571372917767; 
 Thu, 17 Oct 2019 21:28:37 -0700 (PDT)
Original-Received: from localhost ([2600:1700:7270:7d1f:fa59:71ff:fe00:10cc])
 by smtp.gmail.com with ESMTPSA id g7sm8039488pfm.176.2019.10.17.21.28.36
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 17 Oct 2019 21:28:37 -0700 (PDT)
In-Reply-To: <m2ftjr1ywg.fsf@gmail.com> (Robert Pluim's message of "Thu, 17
 Oct 2019 11:53:19 +0200")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 209.51.188.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:169636
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/169636>

Robert Pluim <rpluim@gmail.com> writes:

>>>>>> On Thu, 17 Oct 2019 06:22:10 +0200, Lars Ingebrigtsen <larsi@gnus.org> said:
>
>     Lars> Allen Li <darkfeline@felesatra.moe> writes:
>     >> The following expression, when evaluated in emacs -Q, causes emacs to
>     >> crash and dump core:
>     >> 
>     >> (mail-decode-encoded-word-string
>     >> #("=?UTF-8?B?4pyoUERYQ09OIFNBTEXinKggRW5qb3kgU3BlY2lhbCBPZmZlcnMg?=
>     >> =?UTF-8?B?V2hpbGUgWW91IFdhaXQh?=" 0 64 (ws-butler-chg chg) 64 65
>     >> (ws-butler-chg chg) 65 97 (ws-butler-chg chg)))
>
>     Lars> I'm unable to reproduce this in Emacs 27 or Emacs 26.3.
>
>     Lars> Could you do this under gdb and post the backtrace?

This is the backtrace using the simpler repro from Robert.

#0  0x0000000000565ae9 in terminate_due_to_signal (sig=6, backtrace_limit=40) at emacs.c:363
#1  0x000000000058ca83 in emacs_abort () at sysdep.c:2380
#2  0x000000000045c17e in redisplay_internal () at xdisp.c:13797
#3  0x000000000045e0b7 in redisplay_preserve_echo_area (from_where=13) at xdisp.c:14602
#4  0x0000000000667fbe in Fdelete_process (process=XIL(0x6aa3395)) at process.c:1054
#5  0x000000000067716b in kill_buffer_processes (buffer=XIL(0)) at process.c:7819
#6  0x00000000005683d0 in shut_down_emacs (sig=0, stuff=XIL(0)) at emacs.c:2096
#7  0x000000000052d854 in x_connection_closed (dpy=0x2b77f50, error_message=0x7fffffff6fc0 "X protocol error: BadLength (poly request too large or internal Xlib length error) on protocol request 139", ioerror=false) at xterm.c:9799
#8  0x000000000052da1b in x_error_quitter (display=0x2b77f50, event=0x7fffffff7160) at xterm.c:9893
#9  0x000000000052d966 in x_error_handler (display=0x2b77f50, event=0x7fffffff7160) at xterm.c:9863
#10 0x00007ffff6ce75db in _XError () at /usr/lib/libX11.so.6
#11 0x00007ffff6ce4388 in  () at /usr/lib/libX11.so.6
#12 0x00007ffff6ce4425 in  () at /usr/lib/libX11.so.6
#13 0x00007ffff6ce4d8a in _XEventsQueued () at /usr/lib/libX11.so.6
#14 0x00007ffff6cd6782 in XPending () at /usr/lib/libX11.so.6
#15 0x00007ffff7671a00 in  () at /usr/lib/libgdk-3.so.0
#16 0x00007ffff6e79a60 in g_main_context_prepare () at /usr/lib/libglib-2.0.so.0
#17 0x00007ffff6e7a0a6 in  () at /usr/lib/libglib-2.0.so.0
#18 0x00007ffff6e7a2fa in g_main_context_pending () at /usr/lib/libglib-2.0.so.0
#19 0x00007ffff79ae550 in gtk_events_pending () at /usr/lib/libgtk-3.so.0
#20 0x000000000052c185 in XTread_socket (terminal=0x1232e40 <bss_sbrk_buffer+7610880>, hold_quit=0x7fffffff74a0) at xterm.c:9120
#21 0x000000000057685f in gobble_input () at keyboard.c:6909
#22 0x0000000000576da8 in handle_async_input () at keyboard.c:7146
#23 0x0000000000576dc7 in process_pending_signals () at keyboard.c:7160
#24 0x0000000000576e07 in unblock_input_to (level=0) at keyboard.c:7175
#25 0x0000000000576e2b in unblock_input () at keyboard.c:7194
#26 0x00000000006ab340 in xftfont_open (f=0x1279c30 <bss_sbrk_buffer+7901168>, entity=XIL(0x5f805b5), pixel_size=15) at xftfont.c:391
#27 0x000000000063107b in font_open_entity (f=0x1279c30 <bss_sbrk_buffer+7901168>, entity=XIL(0x5f805b5), pixel_size=15) at font.c:2903
#28 0x0000000000632a50 in font_open_for_lface (f=0x1279c30 <bss_sbrk_buffer+7901168>, entity=XIL(0x5f805b5), attrs=0x32610d0, spec=XIL(0)) at font.c:3332
#29 0x00000000006aea8a in fontset_find_font (fontset=XIL(0x1470c35), c=10024, face=0x32610d0, charset_id=-1, fallback=true) at fontset.c:707
#30 0x00000000006aefb7 in fontset_font (fontset=XIL(0x1470c35), c=10024, face=0x32610d0, id=-1) at fontset.c:788
#31 0x00000000006af6bc in face_for_char (f=0x1279c30 <bss_sbrk_buffer+7901168>, face=0x32610d0, c=10024, pos=1, object=XIL(0)) at fontset.c:990
#32 0x0000000000563994 in FACE_FOR_CHAR (f=0x1279c30 <bss_sbrk_buffer+7901168>, face=0x32610d0, character=10024, pos=1, object=XIL(0)) at dispextern.h:1818
#33 0x000000000044b256 in get_next_display_element (it=0x7fffffff8ef0) at xdisp.c:7288
#34 0x00000000004730c0 in display_line (it=0x7fffffff8ef0, cursor_vpos=0) at xdisp.c:21337
#35 0x0000000000467f0f in try_window (window=XIL(0x127ac35), pos=..., flags=1) at xdisp.c:17592
#36 0x0000000000465a0d in redisplay_window (window=XIL(0x127ac35), just_this_one_p=false) at xdisp.c:17039
#37 0x000000000045e869 in redisplay_window_0 (window=XIL(0x127ac35)) at xdisp.c:14799
#38 0x000000000061316d in internal_condition_case_1 (bfun=0x45e827 <redisplay_window_0>, arg=XIL(0x127ac35), handlers=XIL(0xb5afb3), hfun=0x45e7ef <redisplay_window_error>) at eval.c:1356
#39 0x000000000045e7c3 in redisplay_windows (window=XIL(0x127ac35)) at xdisp.c:14779
#40 0x000000000045d608 in redisplay_internal () at xdisp.c:14268
#41 0x000000000045b4ee in redisplay () at xdisp.c:13488
#42 0x000000000056db90 in read_char (commandflag=1, map=XIL(0x6564303), prev_event=XIL(0), used_mouse_menu=0x7fffffffe1f1, end_time=0x0) at keyboard.c:2480
#43 0x000000000057b533 in read_key_sequence (keybuf=0x7fffffffe390, bufsize=30, prompt=XIL(0), dont_downcase_last=false, can_return_switch_frame=true, fix_current_buffer=true, prevent_redisplay=false) at keyboard.c:9147
#44 0x000000000056adfb in command_loop_1 () at keyboard.c:1368
#45 0x00000000006130c6 in internal_condition_case (bfun=0x56a9cf <command_loop_1>, handlers=XIL(0x5220), hfun=0x56a17a <cmd_error>) at eval.c:1332
#46 0x000000000056a6b0 in command_loop_2 (ignore=XIL(0)) at keyboard.c:1110
#47 0x0000000000612963 in internal_catch (tag=XIL(0xc6c0), func=0x56a683 <command_loop_2>, arg=XIL(0)) at eval.c:1097
#48 0x000000000056a64e in command_loop () at keyboard.c:1089
#49 0x0000000000569d4b in recursive_edit_1 () at keyboard.c:695
#50 0x0000000000569ecc in Frecursive_edit () at keyboard.c:766
#51 0x00000000005679ae in main (argc=1, argv=0x7fffffffe7f8) at emacs.c:1713


>
> Probably font-related. I suspect "C-x 8 RET 2728" will cause the same
> crash for OP.
>
> Robert

Yep, this also crashes for me.