From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#23522: 25.0.93; SEGFAULT when displaying HELLO Date: Fri, 13 May 2016 10:46:36 +0300 Message-ID: <8337pm9z8j.fsf@gnu.org> References: <83lh3f9jdr.fsf@gnu.org> <83eg979g1p.fsf@gnu.org> <87wpmzgfxw.fsf@md5i.com> Reply-To: Eli Zaretskii NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: ger.gmane.org 1463125651 17251 80.91.229.3 (13 May 2016 07:47:31 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Fri, 13 May 2016 07:47:31 +0000 (UTC) Cc: mwd@cert.org, 23522@debbugs.gnu.org To: mwd@md5i.com, Kenichi Handa Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri May 13 09:47:17 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1b17ob-0005h1-F2 for geb-bug-gnu-emacs@m.gmane.org; Fri, 13 May 2016 09:47:17 +0200 Original-Received: from localhost ([::1]:33210 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b17oV-0002D6-UF for geb-bug-gnu-emacs@m.gmane.org; Fri, 13 May 2016 03:47:11 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:36717) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b17oR-00028c-KG for bug-gnu-emacs@gnu.org; Fri, 13 May 2016 03:47:08 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b17oM-0004AZ-3q for bug-gnu-emacs@gnu.org; Fri, 13 May 2016 03:47:06 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:37174) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b17oM-0004AO-0o for bug-gnu-emacs@gnu.org; Fri, 13 May 2016 03:47:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1b17oL-0001EN-SI for bug-gnu-emacs@gnu.org; Fri, 13 May 2016 03:47:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 13 May 2016 07:47:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23522 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 23522-submit@debbugs.gnu.org id=B23522.14631256074712 (code B ref 23522); Fri, 13 May 2016 07:47:01 +0000 Original-Received: (at 23522) by debbugs.gnu.org; 13 May 2016 07:46:47 +0000 Original-Received: from localhost ([127.0.0.1]:49510 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b17o7-0001Dv-Bn for submit@debbugs.gnu.org; Fri, 13 May 2016 03:46:47 -0400 Original-Received: from eggs.gnu.org ([208.118.235.92]:45674) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1b17o3-0001De-PX for 23522@debbugs.gnu.org; Fri, 13 May 2016 03:46:46 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1b17nx-00047H-CW for 23522@debbugs.gnu.org; Fri, 13 May 2016 03:46:38 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:32956) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1b17ns-00046p-AO; Fri, 13 May 2016 03:46:32 -0400 Original-Received: from 84.94.185.246.cable.012.net.il ([84.94.185.246]:4488 helo=home-c4e4a596f7) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1b17nj-0005ZV-Ti; Fri, 13 May 2016 03:46:28 -0400 In-reply-to: <87wpmzgfxw.fsf@md5i.com> (message from Michael Welsh Duggan on Thu, 12 May 2016 16:49:15 -0400) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:118191 Archived-At: > From: Michael Welsh Duggan > Cc: Michael Welsh Duggan , , <23522@debbugs.gnu.org> > Date: Thu, 12 May 2016 16:49:15 -0400 > > Eli Zaretskii writes: > > >> From: Michael Welsh Duggan > >> Cc: , <23522@debbugs.gnu.org> > >> Date: Thu, 12 May 2016 15:58:43 -0400 > >> > >> (gdb) up > >> #4 0x00000000006b47e2 in ftfont_shape_by_flt (lgstring=14496901, > >> font=0x17b3660, ft_face=0x1739f10, otf=0x16df8d0, matrix=0x17b3758) > >> at ../../../git/emacs/src/ftfont.c:2655 > >> (gdb) pp lgstring > >> [[# >> Gujarati-normal-normal-normal-*-13-*-*-*-*-0-iso10646-1"> 2744 2765 > >> 2724 2759] nil [0 0 2744 98 10 0 9 8 0 nil] [1 1 2765 115 0 -4 3 0 4 > >> nil] [2 2 2724 81 9 0 8 8 0 nil] [3 3 2759 110 0 -7 -1 12 -7 nil] > >> nil nil nil nil] > >> (gdb) > > > > In the above stack frame, what is the value of g->g (it's a > > structure)? > > (gdb) p g->g > $3 = { > c = 0, > code = 175, > from = 0, > to = 115, <<<<<<<<<<<<<<<<<<<<<< This value of 'to' looks bogus (too large) to me. The line that segfaults is g->g.to = LGLYPH_TO (LGSTRING_GLYPH (lgstring, g->g.to)); and the LGSTRING_GLYPH macro expands to AREF (lgstring, g->g.to+2), so we are indexing an lgstring with an index that's 117, too large. The value of lgstring shown above has only 10 elements, which is consistent with the definition of an lgstring (see composite.h, around line 270). So the question becomes: where did that value of 'to' come from, and how come its value is bogus? Can you look at the code before the faulting line and figure that out? I'm CC'ing Handa-san, who might have insight for this problem. > > The crash seems to happen when Emacs tries to display line #10 of > > HELLO, which begins with " South Asia:". The first word after that is > > the one that causes the crash. Can you look at another system, where > > there's no crash, and tell which font is used for that word? > > Looking at previous frames, it looks like the character is char 383: That's right. > position: 383 of 3322 (11%), column: 16 > character: સ (displayed as સ) (codepoint 2744, #o5270, #xab8) > preferred charset: mule-unicode-0100-24ff (Unicode characters of the range U+0100..U+24FF.) > code point in charset: 0x3978 > script: gujarati > syntax: w which means: word > category: .:Base, L:Left-to-right (strong) > to input: type "C-x 8 RET ab8" or "C-x 8 RET GUJARATI LETTER SA" > buffer code: #xE0 #xAA #xB8 > file code: ESC #x24 #x2C #x31 #x39 #x78 (encoded by coding system iso-2022-7bit-unix) > display: composed to form "સ્તે" (see below) > > Composed with the following character(s) "્તે" using this font: > xft:-unknown-FreeSerif-normal-normal-normal-*-15-*-*-*-*-0-iso10646-1 > by these glyphs: > [0 3 0 10195 9 0 10 10 0 nil] > [0 3 2724 2103 10 1 10 10 1 nil] > [0 3 2759 2132 0 -8 -2 13 -10 [-1 0 0]] So why does Emacs use FreeSerif on this system and Lohit Gujarati on the faulting one? Are both fonts installed on both systems? Is Lohit Gujarati a bad font, by any chance? Also, do both systems have the same version of libm17n-flt and m17n-db libraries?