* bug#20156: Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp
@ 2015-03-21 12:06 John F Carr
2015-03-22 9:23 ` Jan D.
0 siblings, 1 reply; 2+ messages in thread
From: John F Carr @ 2015-03-21 12:06 UTC (permalink / raw)
To: 20156
[-- Attachment #1: Type: text/plain, Size: 602 bytes --]
Emacs crashes on Mac Yosemite (native window system) when I use set-frame-font with certain font patterns. The cause is writing past the end of an alloca buffer in fontset.c:fontset_pattern_regexp. This triggers a stack check assertion. Alloca is used to allocate space for a regexp, but the size neglects to consider the ^$ around the regexp. “+1” should be “+3”.
To reproduce:
(set-frame-font "-adobe-courier-medium-r-normal--24-*-75-75-m-150-iso8859-1”)
without X installed.
Bug in 24.3 and "GNU Emacs 24.4.2 (x86_64-apple-darwin14.1.0, NS apple-appkit-1344.72)”.
[-- Attachment #2: fontset.diff --]
[-- Type: application/octet-stream, Size: 618 bytes --]
--- fontset.c.orig 2014-08-09 16:41:01.000000000 -0400
+++ fontset.c 2015-03-21 07:55:48.000000000 -0400
@@ -1097,9 +1097,9 @@
we convert "*" to "[^-]*" which is much faster in regular
expression matching. */
if (ndashes < 14)
- p1 = regex = alloca (SBYTES (pattern) + 2 * nstars + 2 * nescs + 1);
+ p1 = regex = alloca (SBYTES (pattern) + 2 * nstars + 2 * nescs + 3);
else
- p1 = regex = alloca (SBYTES (pattern) + 5 * nstars + 2 * nescs + 1);
+ p1 = regex = alloca (SBYTES (pattern) + 5 * nstars + 2 * nescs + 3);
*p1++ = '^';
for (p0 = SDATA (pattern); *p0; p0++)
^ permalink raw reply [flat|nested] 2+ messages in thread
* bug#20156: Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp
2015-03-21 12:06 bug#20156: Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp John F Carr
@ 2015-03-22 9:23 ` Jan D.
0 siblings, 0 replies; 2+ messages in thread
From: Jan D. @ 2015-03-22 9:23 UTC (permalink / raw)
To: John F Carr; +Cc: 20156-done
Good call. Fixed in trunk and emacs-24 branch.
Jan D.
> 21 mar 2015 kl. 13:06 skrev John F Carr <jfc@mit.edu>:
>
> Emacs crashes on Mac Yosemite (native window system) when I use set-frame-font with certain font patterns. The cause is writing past the end of an alloca buffer in fontset.c:fontset_pattern_regexp. This triggers a stack check assertion. Alloca is used to allocate space for a regexp, but the size neglects to consider the ^$ around the regexp. “+1” should be “+3”.
>
> To reproduce:
>
> (set-frame-font "-adobe-courier-medium-r-normal--24-*-75-75-m-150-iso8859-1”)
>
> without X installed.
>
> Bug in 24.3 and "GNU Emacs 24.4.2 (x86_64-apple-darwin14.1.0, NS apple-appkit-1344.72)”.
>
>
>
> <fontset.diff>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-03-22 9:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-03-21 12:06 bug#20156: Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp John F Carr
2015-03-22 9:23 ` Jan D.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).