* bug#72255: 30.0.60; Crash on macOS with malformed XPM image file
@ 2024-07-23 13:37 Stefan Kangas
2024-07-24 3:41 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
0 siblings, 1 reply; 3+ messages in thread
From: Stefan Kangas @ 2024-07-23 13:37 UTC (permalink / raw)
To: 72255
[-- Attachment #1: Type: text/plain, Size: 18112 bytes --]
Severity: normal
Emacs crashes on macOS when opening a malformed XPM image file.
I'm attaching an example image with the file extension ".xpm.txt" below;
to reproduce, simply rename the file to ".xpm" and open it in Emacs.
(This bad file is an edited version of back-arrow.xpm in emacs.git.)
I've included an lldb backtrace below. Note that I reproduced this on
master, but the code has not changed from emacs-30.
The crash happens in nsterm.m:601:5, but I can't figure out why we're
trying to access some other address than the pointer that was passed to
that function. Maybe this is trivial to someone that knows Objective-C.
(lldb) run -Q
Process 49838 launched: '/Users/foo/wip/emacs/src/emacs' (arm64)
LANG=en_SE.UTF-8 cannot be used, using en_US.UTF-8 instead.
2024-07-23 07:29:29.243905+0200 emacs[49838:24160376] flock failed to
lock list file (/var/folders/28/y4qn6tl11_126568wmx_6kpr0000gn/C//com.apple.metal/32023/libraries.list):
errno = 35
2024-07-23 07:29:29.244748+0200 emacs[49838:24160376] flock failed to
lock list file (/var/folders/28/y4qn6tl11_126568wmx_6kpr0000gn/C//com.apple.metal/16777235_434/functions.list):
errno = 35
2024-07-23 07:29:30.784008+0200 emacs[49838:24160353] [CursorUI]
-[TUINSCursorUIController activate:]: EmacsView doesn't conform to
NSTextInputClient protocol.
2024-07-23 07:29:46.330785+0200 emacs[49838:24160353] [CursorUI]
-[TUINSCursorUIController activate:]: EmacsView doesn't conform to
NSTextInputClient protocol.
Process 49838 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason =
EXC_BAD_ACCESS (code=1, address=0x7dbf8e410b60)
frame #0: 0x00000001912446b4 libobjc.A.dylib`objc_release + 16
libobjc.A.dylib`objc_release:
-> 0x1912446b4 <+16>: ldr x17, [x2, #0x20]
0x1912446b8 <+20>: tbz w17, #0x2, 0x19124471c ; <+120>
0x1912446bc <+24>: tbz w16, #0x0, 0x191244738 ; <+148>
0x1912446c0 <+28>: lsr x17, x16, #55
Target 0: (emacs) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason =
EXC_BAD_ACCESS (code=1, address=0x7dbf8e410b60)
* frame #0: 0x00000001912446b4 libobjc.A.dylib`objc_release + 16
frame #1: 0x00000001003f06f0
emacs`ns_release_object(obj=0x0000600003730b40) at nsterm.m:601:5
frame #2: 0x000000010040fa34
emacs`ns_free_pixmap(_f=0x0000000146058c28, pixmap=0x0000600003730b40)
at nsterm.m:5291:3
frame #3: 0x00000001003e7344
emacs`image_clear_image_1(f=0x0000000146058c28,
img=0x000060000313c540, flags=7) at image.c:2076:4
frame #4: 0x00000001003ea4a4
emacs`image_clear_image(f=0x0000000146058c28, img=0x000060000313c540)
at image.c:2135:3
frame #5: 0x00000001003eeb90
emacs`xpm_load_image(f=0x0000000146058c28, img=0x000060000313c540,
contents="/* XPM */\nstatic char *back_arrow_xpm[] = {\n\"50 50 50
50\",\n\" c #000000\",\n\". c #53692A\",\n\"X c #59702D\",\n\"o c
#657255\",\n\"O c #6D7A5B\",\n\"+ c #6D8839\",\n\"@ c #7C9B40\",\n\"#
c #748261\",\n\"$ c #7F8E6B\",\n\"% c #818F71\",\n\"& c
#879772\",\n\"* c #8C9A7F\",\n\"= c #85A24D\",\n\"- c #8BA859\",\n\";
c #92AD62\",\n\": c #95A77E\",\n\"> c #98AF74\",\n\", c
#9BB572\",\n\"< c #9BAA87\",\n\"1 c #9CAF84\",\n\"2 c #A4B690\",\n\"3
c #A8BCA6\",\n\"4 c #ADBDA0\",\n\"5 c #AFC394\",\n\"6 c
#BAD09D\",\n\"7 c #B5C3A9\",\n\"8 c #BED2A3\",\n\"9 c #D5E1C6\",\n\"0
c #FFFFFF\",\n\"q c
None\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqq
qqqqqqqqqqqqq\",\n\"qqqqqqqqq qqqqqqqqqqqqq\",\n\"qqqqqqqq 9
qqqqqqqqqqqqq\",\n\"qqqqqqq 96 qqqqqqqqqq\",\n\"qqqqqq 968664%
qqqqqqqqq\",\n\"qqqqq 966666663 qqqqqqqq\",\n\"qqqq <666666666*
qqqqqqq\",\n\"qqqqq X@@@@@@;67 qqqqqq\",\n\"qqqqqq .@@@@@@=6$
qqqqqq\",\n\"qqqqqqq .@ X@,2 qqqqqq\",\n\"qqqqqqqq X q +-6
qqqqqq\",\n\"qqqqqqqqq qq @6 qqqqqq\",\n\"qqqqqqqqqq qqq -:
qqqqqq\",\n\"qqqqqqqqqqqqqq >o qqqqqq\",\n\"qqqqqqqqqqqqqq 5
qqqqqqq\",\n\"qqqqqqqqqqqqq"..., end="") at image.c:6532:3
frame #6: 0x00000001003eb1dc emacs`xpm_load(f=0x0000000146058c28,
img=0x000060000313c540) at image.c:6556:19
frame #7: 0x00000001003e311c
emacs`lookup_image(f=0x0000000146058c28, spec=(i =
0x0000000148070953), face_id=0) at image.c:3532:30
frame #8: 0x00000001003e2bf4 emacs`Fimage_size(spec=(i =
0x0000000148070953), pixels=(i = 0x0000000000000030), frame=(i =
0x0000000000000000)) at image.c:1676:22
frame #9: 0x00000001002caf30
emacs`funcall_subr(subr=0x0000000100b3cae0, numargs=3,
args=0x0000000148160648) at eval.c:3157:15
frame #10: 0x000000010034685c emacs`exec_byte_code(fun=(i =
0x000000010f82f815), args_template=769, nargs=2,
args=0x00000001481605e0) at bytecode.c:812:14
frame #11: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i =
0x000000013701ce85), nargs=0, arg_vector=0x0000000148160420) at
eval.c:3244:9
frame #12: 0x00000001002cab70 emacs`funcall_general(fun=(i =
0x000000013701ce85), numargs=0, args=0x0000000148160420) at
eval.c:3036:12
frame #13: 0x000000010034687c emacs`exec_byte_code(fun=(i =
0x0000000101d3436d), args_template=257, nargs=1,
args=0x0000000148160420) at bytecode.c:814:14
frame #14: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i =
0x0000000101d4da05), nargs=2, arg_vector=0x000000016fdfc420) at
eval.c:3244:9
frame #15: 0x00000001002cab70 emacs`funcall_general(fun=(i =
0x0000000101d4da05), numargs=2, args=0x000000016fdfc420) at
eval.c:3036:12
frame #16: 0x00000001002c2ea8 emacs`Ffuncall(nargs=3,
args=0x000000016fdfc418) at eval.c:3085:21
frame #17: 0x00000001002bb038
emacs`Ffuncall_interactively(nargs=3, args=0x000000016fdfc418) at
callint.c:250:32
frame #18: 0x00000001002cb0f4
emacs`funcall_subr(subr=0x0000000100b35ae0, numargs=3,
args=0x000000016fdfc418) at eval.c:3176:9
frame #19: 0x00000001002cab28 emacs`funcall_general(fun=(i =
0x0000000100b35ae5), numargs=3, args=0x000000016fdfc418) at
eval.c:3032:12
frame #20: 0x00000001002c2ea8 emacs`Ffuncall(nargs=4,
args=0x000000016fdfc410) at eval.c:3085:21
frame #21: 0x00000001002c9f08 emacs`Fapply(nargs=3,
args=0x000000016fdfd228) at eval.c:2757:24
frame #22: 0x00000001002bb460
emacs`Fcall_interactively(function=(i = 0x0000000001183a70),
record_flag=(i = 0x0000000000000000), keys=(i = 0x000000010274a8c5))
at callint.c:342:36
frame #23: 0x00000001002caf30
emacs`funcall_subr(subr=0x0000000100b35aa8, numargs=3,
args=0x0000000148160060) at eval.c:3157:15
frame #24: 0x000000010034685c emacs`exec_byte_code(fun=(i =
0x00000001027661a5), args_template=1025, nargs=1,
args=0x000000016fdfeb38) at bytecode.c:812:14
frame #25: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i =
0x00000001027661a5), nargs=1, arg_vector=0x000000016fdfeb30) at
eval.c:3244:9
frame #26: 0x00000001002cab70 emacs`funcall_general(fun=(i =
0x00000001027661a5), numargs=1, args=0x000000016fdfeb30) at
eval.c:3036:12
frame #27: 0x00000001002c2ea8 emacs`Ffuncall(nargs=2,
args=0x000000016fdfeb28) at eval.c:3085:21
frame #28: 0x00000001001a45ec emacs`command_loop_1 at keyboard.c:1550:13
frame #29: 0x00000001002c6b70
emacs`internal_condition_case(bfun=(emacs`command_loop_1 at
keyboard.c:1324), handlers=(i = 0x0000000000000090),
hfun=(emacs`cmd_error at keyboard.c:970)) at eval.c:1613:25
frame #30: 0x00000001001a3a64 emacs`command_loop_2(handlers=(i =
0x0000000000000090)) at keyboard.c:1168:11
frame #31: 0x00000001002c5c44 emacs`internal_catch(tag=(i =
0x0000000000011220), func=(emacs`command_loop_2 at keyboard.c:1164),
arg=(i = 0x0000000000000090)) at eval.c:1292:25
frame #32: 0x00000001001a29fc emacs`command_loop at keyboard.c:1146:2
frame #33: 0x00000001001a27a4 emacs`recursive_edit_1 at keyboard.c:754:9
frame #34: 0x00000001001a2d88 emacs`Frecursive_edit at keyboard.c:837:3
frame #35: 0x000000010019f1c4 emacs`main(argc=2,
argv=0x000000016fdff590) at emacs.c:2624:3
frame #36: 0x00000001912920e0 dyld`start + 2360
(lldb) bt full
error: bt [<digit> | all]
(lldb) bt all
* thread #1, queue = 'com.apple.main-thread', stop reason =
EXC_BAD_ACCESS (code=1, address=0x7dbf8e410b60)
* frame #0: 0x00000001912446b4 libobjc.A.dylib`objc_release + 16
frame #1: 0x00000001003f06f0
emacs`ns_release_object(obj=0x0000600003730b40) at nsterm.m:601:5
frame #2: 0x000000010040fa34
emacs`ns_free_pixmap(_f=0x0000000146058c28, pixmap=0x0000600003730b40)
at nsterm.m:5291:3
frame #3: 0x00000001003e7344
emacs`image_clear_image_1(f=0x0000000146058c28,
img=0x000060000313c540, flags=7) at image.c:2076:4
frame #4: 0x00000001003ea4a4
emacs`image_clear_image(f=0x0000000146058c28, img=0x000060000313c540)
at image.c:2135:3
frame #5: 0x00000001003eeb90
emacs`xpm_load_image(f=0x0000000146058c28, img=0x000060000313c540,
contents="/* XPM */\nstatic char *back_arrow_xpm[] = {\n\"50 50 50
50\",\n\" c #000000\",\n\". c #53692A\",\n\"X c #59702D\",\n\"o c
#657255\",\n\"O c #6D7A5B\",\n\"+ c #6D8839\",\n\"@ c #7C9B40\",\n\"#
c #748261\",\n\"$ c #7F8E6B\",\n\"% c #818F71\",\n\"& c
#879772\",\n\"* c #8C9A7F\",\n\"= c #85A24D\",\n\"- c #8BA859\",\n\";
c #92AD62\",\n\": c #95A77E\",\n\"> c #98AF74\",\n\", c
#9BB572\",\n\"< c #9BAA87\",\n\"1 c #9CAF84\",\n\"2 c #A4B690\",\n\"3
c #A8BCA6\",\n\"4 c #ADBDA0\",\n\"5 c #AFC394\",\n\"6 c
#BAD09D\",\n\"7 c #B5C3A9\",\n\"8 c #BED2A3\",\n\"9 c #D5E1C6\",\n\"0
c #FFFFFF\",\n\"q c
None\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqq
qqqqqqqqqqqqq\",\n\"qqqqqqqqq qqqqqqqqqqqqq\",\n\"qqqqqqqq 9
qqqqqqqqqqqqq\",\n\"qqqqqqq 96 qqqqqqqqqq\",\n\"qqqqqq 968664%
qqqqqqqqq\",\n\"qqqqq 966666663 qqqqqqqq\",\n\"qqqq <666666666*
qqqqqqq\",\n\"qqqqq X@@@@@@;67 qqqqqq\",\n\"qqqqqq .@@@@@@=6$
qqqqqq\",\n\"qqqqqqq .@ X@,2 qqqqqq\",\n\"qqqqqqqq X q +-6
qqqqqq\",\n\"qqqqqqqqq qq @6 qqqqqq\",\n\"qqqqqqqqqq qqq -:
qqqqqq\",\n\"qqqqqqqqqqqqqq >o qqqqqq\",\n\"qqqqqqqqqqqqqq 5
qqqqqqq\",\n\"qqqqqqqqqqqqq"..., end="") at image.c:6532:3
frame #6: 0x00000001003eb1dc emacs`xpm_load(f=0x0000000146058c28,
img=0x000060000313c540) at image.c:6556:19
frame #7: 0x00000001003e311c
emacs`lookup_image(f=0x0000000146058c28, spec=(i =
0x0000000148070953), face_id=0) at image.c:3532:30
frame #8: 0x00000001003e2bf4 emacs`Fimage_size(spec=(i =
0x0000000148070953), pixels=(i = 0x0000000000000030), frame=(i =
0x0000000000000000)) at image.c:1676:22
frame #9: 0x00000001002caf30
emacs`funcall_subr(subr=0x0000000100b3cae0, numargs=3,
args=0x0000000148160648) at eval.c:3157:15
frame #10: 0x000000010034685c emacs`exec_byte_code(fun=(i =
0x000000010f82f815), args_template=769, nargs=2,
args=0x00000001481605e0) at bytecode.c:812:14
frame #11: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i =
0x000000013701ce85), nargs=0, arg_vector=0x0000000148160420) at
eval.c:3244:9
frame #12: 0x00000001002cab70 emacs`funcall_general(fun=(i =
0x000000013701ce85), numargs=0, args=0x0000000148160420) at
eval.c:3036:12
frame #13: 0x000000010034687c emacs`exec_byte_code(fun=(i =
0x0000000101d3436d), args_template=257, nargs=1,
args=0x0000000148160420) at bytecode.c:814:14
frame #14: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i =
0x0000000101d4da05), nargs=2, arg_vector=0x000000016fdfc420) at
eval.c:3244:9
frame #15: 0x00000001002cab70 emacs`funcall_general(fun=(i =
0x0000000101d4da05), numargs=2, args=0x000000016fdfc420) at
eval.c:3036:12
frame #16: 0x00000001002c2ea8 emacs`Ffuncall(nargs=3,
args=0x000000016fdfc418) at eval.c:3085:21
frame #17: 0x00000001002bb038
emacs`Ffuncall_interactively(nargs=3, args=0x000000016fdfc418) at
callint.c:250:32
frame #18: 0x00000001002cb0f4
emacs`funcall_subr(subr=0x0000000100b35ae0, numargs=3,
args=0x000000016fdfc418) at eval.c:3176:9
frame #19: 0x00000001002cab28 emacs`funcall_general(fun=(i =
0x0000000100b35ae5), numargs=3, args=0x000000016fdfc418) at
eval.c:3032:12
frame #20: 0x00000001002c2ea8 emacs`Ffuncall(nargs=4,
args=0x000000016fdfc410) at eval.c:3085:21
frame #21: 0x00000001002c9f08 emacs`Fapply(nargs=3,
args=0x000000016fdfd228) at eval.c:2757:24
frame #22: 0x00000001002bb460
emacs`Fcall_interactively(function=(i = 0x0000000001183a70),
record_flag=(i = 0x0000000000000000), keys=(i = 0x000000010274a8c5))
at callint.c:342:36
frame #23: 0x00000001002caf30
emacs`funcall_subr(subr=0x0000000100b35aa8, numargs=3,
args=0x0000000148160060) at eval.c:3157:15
frame #24: 0x000000010034685c emacs`exec_byte_code(fun=(i =
0x00000001027661a5), args_template=1025, nargs=1,
args=0x000000016fdfeb38) at bytecode.c:812:14
frame #25: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i =
0x00000001027661a5), nargs=1, arg_vector=0x000000016fdfeb30) at
eval.c:3244:9
frame #26: 0x00000001002cab70 emacs`funcall_general(fun=(i =
0x00000001027661a5), numargs=1, args=0x000000016fdfeb30) at
eval.c:3036:12
frame #27: 0x00000001002c2ea8 emacs`Ffuncall(nargs=2,
args=0x000000016fdfeb28) at eval.c:3085:21
frame #28: 0x00000001001a45ec emacs`command_loop_1 at keyboard.c:1550:13
frame #29: 0x00000001002c6b70
emacs`internal_condition_case(bfun=(emacs`command_loop_1 at
keyboard.c:1324), handlers=(i = 0x0000000000000090),
hfun=(emacs`cmd_error at keyboard.c:970)) at eval.c:1613:25
frame #30: 0x00000001001a3a64 emacs`command_loop_2(handlers=(i =
0x0000000000000090)) at keyboard.c:1168:11
frame #31: 0x00000001002c5c44 emacs`internal_catch(tag=(i =
0x0000000000011220), func=(emacs`command_loop_2 at keyboard.c:1164),
arg=(i = 0x0000000000000090)) at eval.c:1292:25
frame #32: 0x00000001001a29fc emacs`command_loop at keyboard.c:1146:2
frame #33: 0x00000001001a27a4 emacs`recursive_edit_1 at keyboard.c:754:9
frame #34: 0x00000001001a2d88 emacs`Frecursive_edit at keyboard.c:837:3
frame #35: 0x000000010019f1c4 emacs`main(argc=2,
argv=0x000000016fdff590) at emacs.c:2624:3
frame #36: 0x00000001912920e0 dyld`start + 2360
thread #2
frame #0: 0x0000000191615d20 libsystem_pthread.dylib`start_wqthread
thread #5
frame #0: 0x00000001915e04cc libsystem_kernel.dylib`__pselect + 8
frame #1: 0x00000001915e03a4
libsystem_kernel.dylib`pselect$DARWIN_EXTSN + 64
frame #2: 0x00000001003f709c emacs`-[EmacsApp
fd_handler:](self=0x0000000145f20520, _cmd="fd_handler:",
unused=0x0000000000000000) at nsterm.m:6444:20
frame #3: 0x0000000192825f80 Foundation`__NSThread__start__ + 716
frame #4: 0x000000019161af94 libsystem_pthread.dylib`_pthread_start + 136
thread #6, name = 'com.apple.NSEventThread'
frame #0: 0x00000001915da1f4 libsystem_kernel.dylib`mach_msg2_trap + 8
frame #1: 0x00000001915ecb24 libsystem_kernel.dylib`mach_msg2_internal + 80
frame #2: 0x00000001915e2e34 libsystem_kernel.dylib`mach_msg_overwrite + 476
frame #3: 0x00000001915da578 libsystem_kernel.dylib`mach_msg + 24
frame #4: 0x00000001916fa680 CoreFoundation`__CFRunLoopServiceMachPort + 160
frame #5: 0x00000001916f8f44 CoreFoundation`__CFRunLoopRun + 1208
frame #6: 0x00000001916f8434 CoreFoundation`CFRunLoopRunSpecific + 608
frame #7: 0x0000000195082188 AppKit`_NSEventThread + 144
frame #8: 0x000000019161af94 libsystem_pthread.dylib`_pthread_start + 136
thread #7
frame #0: 0x0000000191615d20 libsystem_pthread.dylib`start_wqthread
thread #8
frame #0: 0x0000000191615d20 libsystem_pthread.dylib`start_wqthread
thread #9
frame #0: 0x0000000191615d20 libsystem_pthread.dylib`start_wqthread
thread #10
frame #0: 0x0000000000000000
(lldb)
In GNU Emacs 30.0.60 (build 3, aarch64-apple-darwin23.5.0, NS
appkit-2487.60 Version 14.5 (Build 23F79)) of 2024-07-15 built on
foo.local
Repository revision: a7b68c25640de8214bc759d20180373c2dbcfa16
Repository branch: emacs-30
Windowing system distributor 'Apple', version 10.3.2487
System Description: macOS 14.5
Configured features:
ACL GNUTLS LCMS2 LIBXML2 MODULES NOTIFY KQUEUE NS PDUMPER PNG SQLITE3
THREADS TOOLKIT_SCROLL_BARS TREE_SITTER ZLIB
Important settings:
value of $LC_CTYPE: UTF-8
value of $LANG: en_US.UTF-8
locale-coding-system: utf-8-unix
Major mode: Lisp Interaction
Minor modes in effect:
tooltip-mode: t
global-eldoc-mode: t
eldoc-mode: t
show-paren-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
minibuffer-regexp-mode: t
line-number-mode: t
indent-tabs-mode: t
transient-mark-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
Load-path shadows:
None found.
Features:
(shadow sort mail-extr emacsbug message mailcap yank-media puny dired
dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068
epg-config gnus-util text-property-search time-date subr-x mm-decode
mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader
cl-loaddefs cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util
mail-prsvr mail-utils rmc iso-transl tooltip cconv eldoc paren electric
uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel
term/ns-win ns-win ucs-normalize mule-util term/common-win tool-bar dnd
fontset image regexp-opt fringe tabulated-list replace newcomment
text-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow
isearch easymenu timer select scroll-bar mouse jit-lock font-lock syntax
font-core term/tty-colors frame minibuffer nadvice seq simple cl-generic
indonesian philippine cham georgian utf-8-lang misc-lang vietnamese
tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek
romanian slovak czech european ethiopic indian cyrillic chinese
composite emoji-zwj charscript charprop case-table epa-hook
jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs
theme-loaddefs faces cus-face macroexp files window text-properties
overlay sha1 md5 base64 format env code-pages mule custom widget keymap
hashtable-print-readable backquote threads kqueue cocoa ns lcms2
multi-tty make-network-process emacs)
Memory information:
((conses 16 38639 9033) (symbols 48 5265 0) (strings 32 11913 1820)
(string-bytes 1 282419) (vectors 16 9381)
(vector-slots 8 106144 7815) (floats 8 21 3) (intervals 56 221 0)
(buffers 992 10))
[-- Attachment #2: back-arrow.xpm.txt --]
[-- Type: text/plain, Size: 1179 bytes --]
/* XPM */
static char *back_arrow_xpm[] = {
"50 50 50 50",
" c #000000",
". c #53692A",
"X c #59702D",
"o c #657255",
"O c #6D7A5B",
"+ c #6D8839",
"@ c #7C9B40",
"# c #748261",
"$ c #7F8E6B",
"% c #818F71",
"& c #879772",
"* c #8C9A7F",
"= c #85A24D",
"- c #8BA859",
"; c #92AD62",
": c #95A77E",
"> c #98AF74",
", c #9BB572",
"< c #9BAA87",
"1 c #9CAF84",
"2 c #A4B690",
"3 c #A8BCA6",
"4 c #ADBDA0",
"5 c #AFC394",
"6 c #BAD09D",
"7 c #B5C3A9",
"8 c #BED2A3",
"9 c #D5E1C6",
"0 c #FFFFFF",
"q c None",
"qqqqqqqqqqqqqqqqqqqqqqqq",
"qqqqqqqqqqqqqqqqqqqqqqqq",
"qqqqqqqqqqqqqqqqqqqqqqqq",
"qqqqqqqqqq qqqqqqqqqqqqq",
"qqqqqqqqq qqqqqqqqqqqqq",
"qqqqqqqq 9 qqqqqqqqqqqqq",
"qqqqqqq 96 qqqqqqqqqq",
"qqqqqq 968664% qqqqqqqqq",
"qqqqq 966666663 qqqqqqqq",
"qqqq <666666666* qqqqqqq",
"qqqqq X@@@@@@;67 qqqqqq",
"qqqqqq .@@@@@@=6$ qqqqqq",
"qqqqqqq .@ X@,2 qqqqqq",
"qqqqqqqq X q +-6 qqqqqq",
"qqqqqqqqq qq @6 qqqqqq",
"qqqqqqqqqq qqq -: qqqqqq",
"qqqqqqqqqqqqqq >o qqqqqq",
"qqqqqqqqqqqqqq 5 qqqqqqq",
"qqqqqqqqqqqqq 1O qqqqqqq",
"qqqqqqqqqqqq &# qqqqqqqq",
"qqqqqqqqqqqqq qqqqqqqqq",
"qqqqqqqqqqqqqqqqqqqqqqqq",
"qqqqqqqqqqqqqqqqqqqqqqqq",
"qqqqqqqqqqqqqqqqqqqqqqqq"};
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#72255: 30.0.60; Crash on macOS with malformed XPM image file
2024-07-23 13:37 bug#72255: 30.0.60; Crash on macOS with malformed XPM image file Stefan Kangas
@ 2024-07-24 3:41 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-24 3:51 ` Stefan Kangas
0 siblings, 1 reply; 3+ messages in thread
From: Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors @ 2024-07-24 3:41 UTC (permalink / raw)
To: Stefan Kangas; +Cc: 72255
Stefan Kangas <stefankangas@gmail.com> writes:
> Severity: normal
>
> Emacs crashes on macOS when opening a malformed XPM image file.
>
> I'm attaching an example image with the file extension ".xpm.txt" below;
> to reproduce, simply rename the file to ".xpm" and open it in Emacs.
> (This bad file is an edited version of back-arrow.xpm in emacs.git.)
>
> I've included an lldb backtrace below. Note that I reproduced this on
> master, but the code has not changed from emacs-30.
>
> The crash happens in nsterm.m:601:5, but I can't figure out why we're
> trying to access some other address than the pointer that was passed to
> that function. Maybe this is trivial to someone that knows Objective-C.
Please test the emacs-30 branch. It was a double free on NS affecting
not only XPM, but all image loading functions in varying measures.
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#72255: 30.0.60; Crash on macOS with malformed XPM image file
2024-07-24 3:41 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
@ 2024-07-24 3:51 ` Stefan Kangas
0 siblings, 0 replies; 3+ messages in thread
From: Stefan Kangas @ 2024-07-24 3:51 UTC (permalink / raw)
To: Po Lu; +Cc: 72255-done
Version: 30.1
Po Lu <luangruo@yahoo.com> writes:
> Stefan Kangas <stefankangas@gmail.com> writes:
>
>> Severity: normal
>>
>> Emacs crashes on macOS when opening a malformed XPM image file.
>>
>> I'm attaching an example image with the file extension ".xpm.txt" below;
>> to reproduce, simply rename the file to ".xpm" and open it in Emacs.
>> (This bad file is an edited version of back-arrow.xpm in emacs.git.)
>>
>> I've included an lldb backtrace below. Note that I reproduced this on
>> master, but the code has not changed from emacs-30.
>>
>> The crash happens in nsterm.m:601:5, but I can't figure out why we're
>> trying to access some other address than the pointer that was passed to
>> that function. Maybe this is trivial to someone that knows Objective-C.
>
> Please test the emacs-30 branch. It was a double free on NS affecting
> not only XPM, but all image loading functions in varying measures.
That seems to have fixed the crash. Closing the bug, thanks!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-07-24 3:51 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-07-23 13:37 bug#72255: 30.0.60; Crash on macOS with malformed XPM image file Stefan Kangas
2024-07-24 3:41 ` Po Lu via Bug reports for GNU Emacs, the Swiss army knife of text editors
2024-07-24 3:51 ` Stefan Kangas
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).