* bug#1864: 23.0.60; detect attached file coding system, make emacs crash.
@ 2009-01-12 2:51 Wang Diancheng
0 siblings, 0 replies; 3+ messages in thread
From: Wang Diancheng @ 2009-01-12 2:51 UTC (permalink / raw)
To: emacs-pretest-bug; +Cc: emacs-devel
[-- Attachment #1: Type: text/plain, Size: 6991 bytes --]
detect attached file coding system with following code, make emacs crash
(with-temp-buffer
(insert-file-contents "/home/dcwang/1.txt")
(detect-coding-region (point-min) (point-max) t))
bt full (top 10 frames):
#0 detect_coding_utf_16 (coding=0xbfed10b0, detect_info=0xbfed11a0) at coding.c:1622
e = '\0' <repeats 45 times>, "\001", '\0' <repeats 56 times>, "\001\000\000\001\000\000\000\000\000\000\000\000\001\000\001", '\0' <repeats 138 times>
o = '\0' <repeats 45 times>, "\001", '\0' <repeats 56 times>, "\001\000\000\001\000\000\000\000\001\000\000\000\001\000\001", '\0' <repeats 138 times>
e_num = 5
o_num = 7
src = (
const unsigned char *) 0x8d78fe9 "\ninfo-title=\340\244\222\340\244\244\340\245\246\366\200\201\214900\340\245\213\ninfo-album=\340\244\222\340\244\244\340\245\246\366\200\201\214900\340\245\213\ninfo-tracknumber=1\ninfo-year=0\ninfo-genre=*\340\245\213\ninfo-note=\ninfo-playing-time=1379\n"
src_end = (const unsigned char *) 0x8d79079 ""
multibytep = 1
c1 = -2406
c2 = -1572940
#1 0x080b29bc in detect_coding_system (
src=0x8d78fd0 "info-artist=\340\244\222\340\244\244\340\245\246\366\200\201\214\ninfo-title=\340\244\222\340\244\244\340\245\246\366\200\201\214900\340\245\213\ninfo-album=\340\244\222\340\244\244\340\245\246\366\200\201\214900\340\245\213\ninfo-tracknumber=1\ninfo-year=0\ninfo-genre=*\340\245\213\ninfo-note=\ninfo-playing-time=1379\n",
src_chars=136, src_bytes=169, highest=1, multibytep=1, coding_system=137943241) at coding.c:7847
category = <value optimized out>
this = (struct coding_system *) 0x8345f30
c = <value optimized out>
i = 12
src_end = (const unsigned char *) 0x8d79079 ""
attrs = <value optimized out>
eol_type = 138073060
val = 137943241
coding = {
id = 4,
common_flags = 5120,
mode = 2,
spec = {
iso_2022 = {
flags = 135436798,
current_invocation = {-1, 169},
current_designation = {136, 136, 136, 0},
single_shifting = -1074982680,
bol = 0
},
ccl = 0x81299fe,
utf_16 = {
bom = 135436798,
endian = 4294967295,
surrogate = 169
},
utf_8_bom = 135436798,
emacs_mule_full_support = 135436798
},
max_charset_id = 0,
safe_charsets = 0x838faec "",
src_multibyte = 1,
dst_multibyte = 0,
head_ascii = 12,
produced = 148344260,
produced_char = 148346784,
consumed = 0,
consumed_char = 1,
errors = 2136,
error_positions = 0x8d78dc4,
result = CODING_RESULT_INVALID_SRC,
src_pos = 0,
src_pos_byte = -1075130800,
src_chars = 136,
src_bytes = 169,
src_object = 1,
source = 0x8d78fd0 "info-artist=\340\244\222\340\244\244\340\245\246\366\200\201\214\ninfo-title=\340\244\222\340\244\244\340\245\246\366\200\201\214900\340\245\213\ninfo-album=\340\244\222\340\244\244\340\245\246\366\200\201\214900\340\245\213\ninfo-tracknumber=1\ninfo-year=0\ninfo-genre=*\340\245\213\ninfo-note=\ninfo-playing-time=1379\n",
dst_pos = 14525,
dst_pos_byte = 0,
dst_bytes = 29,
dst_object = 0,
destination = 0x1 <Address 0x1 out of bounds>,
chars_at_source = 0,
charbuf = 0x83bb0e9,
charbuf_size = 1376529752,
charbuf_used = 1511,
annotated = 149,
carryover = "+\320\327\b(\320\327\b\371\3308\bx\021\355\277R\f\030\b\371\3308\b \000\000\000p\202\n\b\340\276\n\b\004\000\000\000\371\3308\b\370\021\355\277X!\031\b\371\3308\b\244\201\000\000\001\000\000",
carryover_bytes = 1000,
default_char = 0,
detector = 0,
decoder = 0x80a7640 <decode_coding_raw_text>,
encoder = 0x80b78b0 <encode_coding_raw_text>
}
id = <value optimized out>
detect_info = {
checked = 294911,
found = 0,
rejected = 3328
}
null_byte_found = 0
eight_bit_found = <value optimized out>
#2 0x080b2dfc in Fdetect_coding_region (start=8, end=1096, highest=137943289) at coding.c:8058
from = 1
to = 137
from_byte = 1
to_byte = 169
#3 0x081923c4 in Feval (form=148944845) at eval.c:2381
numargs = <value optimized out>
argvals = {8, 1096, 137943289, 137943241, 137943241, 148361211, 7, 7}
args_left = 137943241
i = 3
fun = <value optimized out>
val = <value optimized out>
original_fun = <value optimized out>
original_args = 148944861
funcar = <value optimized out>
backtrace = {
next = 0xbfed12e0,
function = 0xbfed1268,
args = 0xbfed1230,
nargs = 3,
evalargs = 1 '\001',
debug_on_exit = 0 '\0'
}
#4 0x0819268f in Fprogn (args=4) at eval.c:449
val = -1074982824
#5 0x0819249b in Feval (form=148942909) at eval.c:2322
numargs = 4
argvals = {2, 138158929, -1074982168, 135793746, 138157906, 148943085, 4, 1}
args_left = 148942885
i = <value optimized out>
fun = <value optimized out>
val = <value optimized out>
original_fun = <value optimized out>
original_args = 148942885
funcar = <value optimized out>
backtrace = {
next = 0xbfed1380,
function = 0xbfed12f8,
args = 0xbfed12f4,
nargs = -1,
evalargs = 0 '\0',
debug_on_exit = 0 '\0'
}
#6 0x08192ad2 in Funwind_protect (args=148942981) at eval.c:1353
val = <value optimized out>
#7 0x0819249b in Feval (form=148942989) at eval.c:2322
numargs = 4
argvals = {148344260, 136426564, 10, 145607856, 4, 0, 1, 136426564}
args_left = 148942981
i = <value optimized out>
fun = <value optimized out>
val = <value optimized out>
original_fun = <value optimized out>
original_args = 148942981
funcar = <value optimized out>
backtrace = {
next = 0xbfed1430,
function = 0xbfed1398,
args = 0xbfed1394,
nargs = -1,
evalargs = 0 '\0',
debug_on_exit = 0 '\0'
}
#8 0x0819268f in Fprogn (args=4) at eval.c:449
val = -1074982824
#9 0x08185b86 in Fsave_current_buffer (args=148943085) at editfns.c:1023
val = <value optimized out>
#10 0x0819249b in Feval (form=148943093) at eval.c:2322
numargs = 4
argvals = {136426564, 148663201, 148942989, 135863493, 148943005, 148942901, 148943013, 148663201}
args_left = 148943085
i = <value optimized out>
fun = <value optimized out>
val = <value optimized out>
original_fun = <value optimized out>
original_args = 148943085
funcar = <value optimized out>
backtrace = {
next = 0xbfed14b0,
function = 0xbfed1448,
args = 0xbfed1444,
nargs = -1,
evalargs = 0 '\0',
debug_on_exit = 0 '\0'
}
xbacktrace:
"detect-coding-region" (0xbfed1230)
"progn" (0xbfed12f4)
"unwind-protect" (0xbfed1394)
"save-current-buffer" (0xbfed1444)
"with-current-buffer" (0xbfed14c4)
"let" (0xbfed15a4)
"with-temp-buffer" (0xbfed1624)
"eval" (0xbfed16c8)
"eval-last-sexp-1" (0xbfed17f4)
"eval-last-sexp" (0xbfed1974)
"call-interactively" (0xbfed1b34)
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 1.txt --]
[-- Type: text/plain, Size: 177 bytes --]
info-artist=ऒत०ö€Œ
info-title=ऒत०ö€Œ900ो
info-album=ऒत०ö€Œ900ो
info-tracknumber=1
info-year=0
info-genre=*ो
info-note=
info-playing-time=1379
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#1864: 23.0.60; detect attached file coding system, make emacs crash.
@ 2009-01-14 3:54 Chong Yidong
2009-01-14 8:44 ` Juanma Barranquero
0 siblings, 1 reply; 3+ messages in thread
From: Chong Yidong @ 2009-01-14 3:54 UTC (permalink / raw)
To: Kenichi Handa; +Cc: 1864, Wang Diancheng
> detect attached file coding system with following code, make emacs crash
>
> (with-temp-buffer
> (insert-file-contents "/home/dcwang/1.txt")
> (detect-coding-region (point-min) (point-max) t))
Looks like detect_coding_utf_16 forgets to check for negative values of
ONE_MORE_BYTE. Handa-san, could you check the following patch?
*** trunk/src/coding.c.~1.406.~ 2009-01-11 08:23:34.000000000 -0500
--- trunk/src/coding.c 2009-01-13 22:54:10.000000000 -0500
***************
*** 1612,1617 ****
--- 1612,1621 ----
{
ONE_MORE_BYTE (c1);
ONE_MORE_BYTE (c2);
+
+ if (c1 < 0 || c2 < 0)
+ break;
+
if (! e[c1])
{
e[c1] = 1;
^ permalink raw reply [flat|nested] 3+ messages in thread
* bug#1864: 23.0.60; detect attached file coding system, make emacs crash.
2009-01-14 3:54 Chong Yidong
@ 2009-01-14 8:44 ` Juanma Barranquero
0 siblings, 0 replies; 3+ messages in thread
From: Juanma Barranquero @ 2009-01-14 8:44 UTC (permalink / raw)
To: Chong Yidong; +Cc: 1864, Wang Diancheng, Kenichi Handa
On Wed, Jan 14, 2009 at 04:54, Chong Yidong <cyd@stupidchicken.com> wrote:
> *** 1612,1617 ****
> --- 1612,1621 ----
> {
> ONE_MORE_BYTE (c1);
> ONE_MORE_BYTE (c2);
> +
> + if (c1 < 0 || c2 < 0)
> + break;
> +
> if (! e[c1])
> {
> e[c1] = 1;
Don't you need a test also before lines 1605-1606, where c1 and c2 are
used as array indexes?
Juanma
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-01-14 8:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-01-12 2:51 bug#1864: 23.0.60; detect attached file coding system, make emacs crash Wang Diancheng
-- strict thread matches above, loose matches on Subject: below --
2009-01-14 3:54 Chong Yidong
2009-01-14 8:44 ` Juanma Barranquero
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).