bug#36166: 27.0.50; Crash visiting HELLO when fringe-mode is disabled

bug#36166: 27.0.50; Crash visiting HELLO when fringe-mode is disabled

[Robert Pluim]

HOME=/tmp src/emacs /tmp/HELLO

where /tmp/.emacs.d/init.el contains:

(custom-set-variables
'(fringe-mode 0 nil (fringe))
 )

and /tmp/HELLO is etc/HELLO with all the non-ASCII removed except for
the line in Maldivian. I donʼt have a font that can display Maldivian.

gdb:

Thread 3 received signal SIGSEGV, Segmentation fault.
ns_compute_glyph_string_overhangs (s=0x7ffeefbfc7e0) at nsterm.m:2941
2941	      if (EQ (font->driver->type, Qns))
(gdb) bt
#0  ns_compute_glyph_string_overhangs (s=0x7ffeefbfc7e0) at nsterm.m:2941
#1  0x0000000100039d74 in draw_glyphs (w=<optimized out>, x=562, row=0x1050c5b00, area=TEXT_AREA, start=0, end=50,
    hl=DRAW_NORMAL_TEXT, overlaps=0) at xdisp.c:27050
#2  0x0000000100038e52 in gui_write_glyphs (w=0x105090610, updated_row=0x0, start=<optimized out>,
    updated_area=<optimized out>, len=<optimized out>) at xdisp.c:29207
#3  0x000000010000a38a in update_text_area (w=<optimized out>, updated_row=<optimized out>, vpos=<optimized out>)
    at dispnew.c:3701
#4  update_window_line (w=0x105090610, vpos=<optimized out>, mouse_face_overwritten_p=0x7ffeefbfd8b7) at dispnew.c:3944
#5  0x0000000100004e2e in update_window (w=<optimized out>, force_p=<optimized out>) at dispnew.c:3482
#6  0x0000000100004394 in update_window_tree (w=0x7ffeefbfc7e0, force_p=<optimized out>) at dispnew.c:3220
#7  0x0000000100004378 in update_window_tree (w=0x7ffeefbfc7e0, force_p=<optimized out>) at dispnew.c:3218
#8  0x00000001000041d9 in update_frame (f=0x10508ee35, force_p=<optimized out>, inhibit_hairy_id_p=224) at dispnew.c:3109
#9  0x0000000100028d66 in redisplay_internal () at xdisp.c:14541

'font' is NULL, so the crash is not surprising.

emacs-26 as of 4904fb352c14539e1c6927e8c893abb037bca8a0 crashes the
same way.

In GNU Emacs 27.0.50 (build 43, x86_64-apple-darwin18.6.0, NS appkit-1671.50 Version 10.14.5 (Build 18F132))
 of 2019-06-10 built on rpluim-mac
Repository revision: cdd994b2feeb248d1e02892739c6d6b4d2c5bbdb
Repository branch: master
Windowing system distributor 'Apple', version 10.3.1671
System Description:  Mac OS X 10.14.5

Recent messages:
Annotating...
Redisplaying annotation...done (Spanned from 10247.3 to 5.3 days old)
Annotating... done
Mark saved where search started
Type "q" to restore previous buffer.
Creating customization buffer...
Creating customization items...done
Resetting customization items...done
Creating customization setup...done
ad-handle-definition: `report-emacs-bug' got redefined

Configured using:
 'configure -C'

Configured features:
NOTIFY KQUEUE ACL GNUTLS LIBXML2 ZLIB TOOLKIT_SCROLL_BARS NS THREADS
JSON PDUMPER LCMS2 GMP

bug#36166: 27.0.50; Crash visiting HELLO when fringe-mode is disabled

[Eli Zaretskii]

> From: Robert Pluim <rpluim@gmail.com>
> Date: Tue, 11 Jun 2019 10:15:57 +0200
> 
> 
> HOME=/tmp src/emacs /tmp/HELLO
> 
> where /tmp/.emacs.d/init.el contains:
> 
> (custom-set-variables
> '(fringe-mode 0 nil (fringe))
>  )
> 
> and /tmp/HELLO is etc/HELLO with all the non-ASCII removed except for
> the line in Maldivian. I donʼt have a font that can display Maldivian.
> 
> gdb:
> 
> Thread 3 received signal SIGSEGV, Segmentation fault.
> ns_compute_glyph_string_overhangs (s=0x7ffeefbfc7e0) at nsterm.m:2941
> 2941	      if (EQ (font->driver->type, Qns))
> (gdb) bt
> #0  ns_compute_glyph_string_overhangs (s=0x7ffeefbfc7e0) at nsterm.m:2941
> #1  0x0000000100039d74 in draw_glyphs (w=<optimized out>, x=562, row=0x1050c5b00, area=TEXT_AREA, start=0, end=50,
>     hl=DRAW_NORMAL_TEXT, overlaps=0) at xdisp.c:27050

This appears to be NS-specific: the NS version of the
compute_glyph_string_overhangs method is very different from the X and
w32 versions, and lacks some safety devices.  (I did try the recipe on
w32, and didn't see any crashes.)

Thanks.

bug#36166: 27.0.50; Crash visiting HELLO when fringe-mode is disabled

[Robert Pluim]

>>>>> On Tue, 11 Jun 2019 17:26:57 +0300, Eli Zaretskii <eliz@gnu.org> said:
    Eli> This appears to be NS-specific: the NS version of the
    Eli> compute_glyph_string_overhangs method is very different from the X and
    Eli> w32 versions, and lacks some safety devices.  (I did try the recipe on
    Eli> w32, and didn't see any crashes.)

w32 and X both check s->cmp, at least (although even then they check
slightly different conditions), and they also handle COMPOSITE_GLYPH
differently.

Itʼs easy enough to chuck in a check for font being NULL, but that
feels like the wrong solution (and I donʼt know this code at all).

Robert

bug#36166: 27.0.50; Crash visiting HELLO when fringe-mode is disabled

[Eli Zaretskii]

> From: Robert Pluim <rpluim@gmail.com>
> Cc: 36166@debbugs.gnu.org
> Date: Tue, 11 Jun 2019 16:51:31 +0200
> 
> w32 and X both check s->cmp, at least (although even then they check
> slightly different conditions), and they also handle COMPOSITE_GLYPH
> differently.
> 
> Itʼs easy enough to chuck in a check for font being NULL, but that
> feels like the wrong solution (and I donʼt know this code at all).

I think the important part is the test of s->font_not_found_p.  Can
you see whether it's zero in the crash case?

bug#36166: 27.0.50; Crash visiting HELLO when fringe-mode is disabled

[Robert Pluim]

>>>>> On Tue, 11 Jun 2019 17:59:54 +0300, Eli Zaretskii <eliz@gnu.org> said:

    >> From: Robert Pluim <rpluim@gmail.com>
    >> Cc: 36166@debbugs.gnu.org
    >> Date: Tue, 11 Jun 2019 16:51:31 +0200
    >> 
    >> w32 and X both check s->cmp, at least (although even then they check
    >> slightly different conditions), and they also handle COMPOSITE_GLYPH
    >> differently.
    >> 
    >> Itʼs easy enough to chuck in a check for font being NULL, but that
    >> feels like the wrong solution (and I donʼt know this code at all).

    Eli> I think the important part is the test of s->font_not_found_p.  Can
    Eli> you see whether it's zero in the crash case?

Yes, itʼs 0.

Robert

bug#36166: 27.0.50; Crash visiting HELLO when fringe-mode is disabled

[Eli Zaretskii]

> From: Robert Pluim <rpluim@gmail.com>
> Cc: 36166@debbugs.gnu.org
> Date: Tue, 11 Jun 2019 17:17:40 +0200
> 
>     Eli> I think the important part is the test of s->font_not_found_p.  Can
>     Eli> you see whether it's zero in the crash case?
> 
> Yes, itʼs 0.

Thanks.  So I think this:

      if (EQ (font->driver->type, Qns))

should be amended like this:

      if (!s->font_not_found_p && EQ (font->driver->type, Qns))

But I'd love to hear Alan's opinion on this.

bug#36166: 27.0.50; Crash visiting HELLO when fringe-mode is disabled

[Robert Pluim]

>>>>> On Tue, 11 Jun 2019 18:26:31 +0300, Eli Zaretskii <eliz@gnu.org> said:

    >> From: Robert Pluim <rpluim@gmail.com>
    >> Cc: 36166@debbugs.gnu.org
    >> Date: Tue, 11 Jun 2019 17:17:40 +0200
    >> 
    Eli> I think the important part is the test of s->font_not_found_p.  Can
    Eli> you see whether it's zero in the crash case?
    >> 
    >> Yes, itʼs 0.

    Eli> Thanks.  So I think this:

    Eli>       if (EQ (font->driver->type, Qns))

    Eli> should be amended like this:

    Eli>       if (!s->font_not_found_p && EQ (font->driver->type, Qns))

Are you sure? if font_not_found_p == 0, then this condition will be
true, and font == NULL here, so we get a crash.

Robert

bug#36166: 27.0.50; Crash visiting HELLO when fringe-mode is disabled

[Eli Zaretskii]

> From: Robert Pluim <rpluim@gmail.com>
> Cc: 36166@debbugs.gnu.org
> Date: Tue, 11 Jun 2019 17:32:50 +0200
> 
>     Eli> I think the important part is the test of s->font_not_found_p.  Can
>     Eli> you see whether it's zero in the crash case?
>     >> 
>     >> Yes, itʼs 0.
> 
>     Eli> Thanks.  So I think this:
> 
>     Eli>       if (EQ (font->driver->type, Qns))
> 
>     Eli> should be amended like this:
> 
>     Eli>       if (!s->font_not_found_p && EQ (font->driver->type, Qns))
> 
> Are you sure? if font_not_found_p == 0, then this condition will be
> true, and font == NULL here, so we get a crash.

Sorry, I've misinterpreted your finding.  It actually means that the
font_not_found_p flag is not working in this case.

So now I _really_ want to hear Alan's opinion on this.

bug#36166: 27.0.50; Crash visiting HELLO when fringe-mode is disabled

[Lars Ingebrigtsen]

Eli Zaretskii <eliz@gnu.org> writes:

>> Are you sure? if font_not_found_p == 0, then this condition will be
>> true, and font == NULL here, so we get a crash.
>
> Sorry, I've misinterpreted your finding.  It actually means that the
> font_not_found_p flag is not working in this case.
>
> So now I _really_ want to hear Alan's opinion on this.

This was two years ago -- Robert, are you still seeing this issue on the
trunk?

(I've added Alan to the CCs.)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#36166: 27.0.50; Crash visiting HELLO when fringe-mode is disabled

[Robert Pluim]

>>>>> On Sat, 29 Jan 2022 15:52:46 +0100, Lars Ingebrigtsen <larsi@gnus.org> said:

    Lars> Eli Zaretskii <eliz@gnu.org> writes:
    >>> Are you sure? if font_not_found_p == 0, then this condition will be
    >>> true, and font == NULL here, so we get a crash.
    >> 
    >> Sorry, I've misinterpreted your finding.  It actually means that the
    >> font_not_found_p flag is not working in this case.
    >> 
    >> So now I _really_ want to hear Alan's opinion on this.

    Lars> This was two years ago -- Robert, are you still seeing this issue on the
    Lars> trunk?

No, it doesnʼt crash with master. I guess we can close this.

Robert
-- 

bug#36166: 27.0.50; Crash visiting HELLO when fringe-mode is disabled

[Lars Ingebrigtsen]

Robert Pluim <rpluim@gmail.com> writes:

> No, it doesnʼt crash with master. I guess we can close this.

Thanks for checking; closing the bug, then.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no