bug#44506: 28.0.50; Segfault on opening a particular message in Gnus in terminal/tty

[Amin Bandali <bandali@gnu.org>]

[-- Attachment #1: Type: text/plain, Size: 2583 bytes --]

Eli Zaretskii writes:

>> From: Amin Bandali <bandali@gnu.org>
>> Date: Sat, 07 Nov 2020 13:39:14 -0500
>> 
>> I noticed today that when trying to open the following message (attached
>> with John's permission) using Gnus in a terminal emulator or a tty in
>> GNU/Linux, it results in Emacs quitting with a segfault.  I'm also
>> attaching the result of running `bt full' in GDB after the segfault.
>> The issue seems related in part to the inclusion of Persian characters
>> in the message body.
>
> Just visiting the text you send in "emacs -Q -nw" doesn't cause any
> segfaults.  Does it happen to you in "emacs -Q"?
>

It does not indeed.  With -Q, visiting the message body saved into a
regular text file or opening the actual message using Gnus does not
result in a segfault.

After some bisecting of my config files, I narrowed the segaulting of
Gnus when opening that message down to inclusion of (require 'ebdb-gnus)
in my configs.  ebdb-gnus is part of EBDB, available on GNU ELPA.  I'm
Cc'ing Eric, EBDB's creator and maintainer, in case he might have any
ideas.

>> #0 0x0000555555639248 in encode_terminal_code (src=0x7ffff7f61cc0,
>> src_len=src_len@entry=1, coding=coding@entry=0x555555e7ec00) at
>> term.c:564
>>         cmp = 0x0
>>         gstring = 0x0
>>         i = <optimized out>
>>         src_end = 0x7ffff7f61cf0
>>         buf = 0x5555561483a0 ' ' <repeats 94 times>, "John ،متسود
>> یسر", '-' <repeats 39 times>
>>         nchars = 0
>>         nbytes = 0
>>         required = <optimized out>
>>         tbase = 0x0
>>         charset_list = 0x7fffea1f724b
>
> This is an optimized build, so it's hard to understand what caused the
> crash.  According to the line number, it crashes here:
>
> 	  if (src->u.cmp.automatic)
> 	    {
> 	      gstring = composition_gstring_from_id (src->u.cmp.id);
> 	      required = src->slice.cmp.to - src->slice.cmp.from + 1;
> 	    }
> 	  else
> 	    {
> 	      cmp = composition_table[src->u.cmp.id];  <<<<<<<<<<<<<<<
> 	      required = cmp->glyph_len;
> 	    }
>
> If that is true, then I don't understand how it happened: we don't use
> any compositions except automatic in Emacs, so I'm unsure how you get
> to that place.  Can you see which place in the code indeed crashes and
> why?
>

GDB's source display does indeed highlight that line for me.  Is this
the confirmation you were looking for, or did you mean I should look
into disabling optimization and *then* run Emacs through GDB to collect
the backtrace?

Thanks for your help.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 857 bytes --]