From: handa <handa@gnu.org>
To: Eli Zaretskii <eliz@gnu.org>
Cc: 49066@debbugs.gnu.org, rpluim@gmail.com, eggert@cs.ucla.edu,
larsi@gnus.org, mvsfrasson@gmail.com
Subject: bug#49066: 26.3; Segmentation fault on specific utf8 string
Date: Sun, 27 Jun 2021 11:29:28 +0900 [thread overview]
Message-ID: <87sg14kpkn.fsf@gnu.org> (raw)
In-Reply-To: <83r1h0zj5d.fsf@gnu.org> (message from Eli Zaretskii on Thu, 17 Jun 2021 16:59:42 +0300)
Hi,
> (gdb) pp lgstring
> [[#<font-object "-GOOG-Noto Sans Bengali-normal-normal-normal-*-19-*-*-*-*-0-iso10646-1"> 2453 8204] nil [0 0 2453 20 16 -1 17 12 0 nil] [1 1 8204 658 0 -1 1 15 4 nil] nil nil nil [5 5 0 3039 11 0 12 7 5 nil] [6 6 1606 1044 11 0 11 8 3 nil] nil] ^^^
> I think this is a bug in that loop: it should actually exit whenever
> it finds the first LGLYPH that is nil, and update gstring.used
> accordingly. Something like this:
> for (i = 0; i < gstring.used; i++)
> {
> MFLTGlyphFT *g = (MFLTGlyphFT *) (gstring.glyphs) + i;
> if (NILP (LGSTRING_GLYPH (lgstring, g->g.from))
> || NILP (LGSTRING_GLYPH (lgstring, g->g.to)))
> break;
> g->g.from = LGLYPH_FROM (LGSTRING_GLYPH (lgstring, g->g.from));
> g->g.to = LGLYPH_TO (LGSTRING_GLYPH (lgstring, g->g.to));
> }
> gstring.used = i;
I don't think so because glyphs of indices g->g.from and g->g.to should
not be nil.
> > This is enough to cause the crash: ক
As I surely remember that rendering that string with m17n-flt had no
problem before, I suspect that some change after I wrote the code has a
problem.
So, I tried to restore the old code as the attached patch, and then the
patched emacs has no problem of rendering the above Bengali string.
The patch cancels this change:
------------------------------------------------------------
commit 04ac097f34d887e1ae8dea1e884118728e931c7a
Author: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri Nov 13 12:02:21 2015 -0800
Spruce up ftfont.c memory allocation
* src/ftfont.c (setup_otf_gstring):
Avoid O(N**2) behavior when reallocating.
(ftfont_shape_by_flt): Prefer xpalloc to xrealloc when
reallocating buffers; this simplifies the code. Do not trust
mflt_run to leave the output areas unchanged on failure, as
this isn’t part of its interface spec.
------------------------------------------------------------
But, at the moment I don't know why the new code does not work.
---
K. Handa
handa@gnu.org
diff --git a/src/ftfont.c b/src/ftfont.c
index 0603dd9ce6..26198928d8 100644
--- a/src/ftfont.c
+++ b/src/ftfont.c
@@ -2720,6 +2720,37 @@ ftfont_shape_by_flt (Lisp_Object lgstring, struct font *font,
}
}
+#define RESTORE_OLD_CODE
+#ifdef RESTORE_OLD_CODE
+ if (gstring.allocated == 0)
+ {
+ gstring.glyph_size = sizeof (MFLTGlyph);
+ gstring.glyphs = xnmalloc (len * 2, sizeof *gstring.glyphs);
+ gstring.allocated = len * 2;
+ }
+ else if (gstring.allocated < len * 2)
+ {
+ gstring.glyphs = xnrealloc (gstring.glyphs, len * 2,
+ sizeof *gstring.glyphs);
+ gstring.allocated = len * 2;
+ }
+ memset (gstring.glyphs, 0, len * sizeof *gstring.glyphs);
+ for (i = 0; i < len; i++)
+ {
+ Lisp_Object g = LGSTRING_GLYPH (lgstring, i);
+
+ gstring.glyphs[i].c = LGLYPH_CHAR (g);
+ if (with_variation_selector)
+ {
+ gstring.glyphs[i].code = LGLYPH_CODE (g);
+ gstring.glyphs[i].encoded = 1;
+ }
+ }
+
+ gstring.used = len;
+ gstring.r2l = 0;
+#endif
+
{
Lisp_Object family = Ffont_get (LGSTRING_FONT (lgstring), QCfamily);
@@ -2763,6 +2794,20 @@ ftfont_shape_by_flt (Lisp_Object lgstring, struct font *font,
return make_fixnum (0);
}
+#ifdef RESTORE_OLD_CODE
+ for (i = 0; i < 3; i++)
+ {
+ int result = mflt_run (&gstring, 0, len, &flt_font_ft.flt_font, flt);
+ if (result != -2)
+ break;
+ int len2;
+ if (INT_MULTIPLY_WRAPV (gstring.allocated, 2, &len2))
+ memory_full (SIZE_MAX);
+ gstring.glyphs = xnrealloc (gstring.glyphs,
+ gstring.allocated, 2 * sizeof (MFLTGlyphFT));
+ gstring.allocated = len2;
+ }
+#else
MFLTGlyphFT *glyphs = (MFLTGlyphFT *) gstring.glyphs;
ptrdiff_t allocated = gstring.allocated;
ptrdiff_t incr_min = len - allocated;
@@ -2795,6 +2840,7 @@ ftfont_shape_by_flt (Lisp_Object lgstring, struct font *font,
gstring.r2l = 0;
}
while (mflt_run (&gstring, 0, len, &flt_font_ft.flt_font, flt) == -2);
+#endif
if (gstring.used > LGSTRING_GLYPH_LEN (lgstring))
return Qnil;
next prev parent reply other threads:[~2021-06-27 2:29 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-16 21:07 bug#49066: 26.3; Segmentation fault on specific utf8 string Miguel V. S. Frasson
2021-06-16 21:12 ` Lars Ingebrigtsen
2021-06-17 6:43 ` Eli Zaretskii
2021-06-17 7:43 ` Robert Pluim
2021-06-17 8:13 ` Eli Zaretskii
2021-06-17 13:07 ` Robert Pluim
2021-06-17 13:59 ` Eli Zaretskii
2021-06-17 15:04 ` Eli Zaretskii
2021-06-27 2:29 ` handa [this message]
2021-06-27 6:20 ` Eli Zaretskii
2021-06-27 18:02 ` Paul Eggert
2021-06-27 19:15 ` Eli Zaretskii
2021-06-28 10:56 ` Robert Pluim
2021-06-28 12:05 ` Eli Zaretskii
2021-07-03 2:05 ` handa
2021-07-05 9:28 ` Robert Pluim
2021-07-20 12:23 ` Lars Ingebrigtsen
2021-06-16 21:22 ` bug#49066: file foo Miguel V. S. Frasson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87sg14kpkn.fsf@gnu.org \
--to=handa@gnu.org \
--cc=49066@debbugs.gnu.org \
--cc=eggert@cs.ucla.edu \
--cc=eliz@gnu.org \
--cc=larsi@gnus.org \
--cc=mvsfrasson@gmail.com \
--cc=rpluim@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).