Hello,

I'm using Emacs 25.0.91 pretest as built by David Caldwell at
emacsforosx.com, and it crashes after opening a 104 byte file with
UTF-8 characters that causes Emacs to crash.  Admittedly, the file
contains malformed data that I copied from elsewhere.  This will make
it hard to determine what it should do, but at least it shows a
problem with the existing code.  I was able to confirm the issue with
Emacs trunk, and have included a GDB backtrace below.

To reproduce, unpack the attached zip file, and open the UTF-8 text
file as follows:

/Applications/Emacs.app/Contents/MacOS/Emacs -Q test-file

A segmentation fault occurs, and Mac OS complains that "Emacs quit
unexpectedly."

This issues exists with Emacs 24.5, as well.  However, it doesn't
occur if you use the terminal/tty version of Emacs.

Also attached is patch that shows where the segfault occurs and avoids
triggering it because a font struct is NULL.  Although avoiding a
crash, it likely doesn't do the right thing -- it only treats the
symptoms and not the cause.  Perhaps opening on another platform
(GNU/Linux?) would help to learn what the right thing to do is.

Thanks for Emacs,
Aaron

$ gdb --args ./nextstep/Emacs.app/Contents/MacOS/Emacs -Q test-file
GNU gdb (GDB) 7.10.1
Copyright (C) 2015 Free Software Foundation, Inc.
Reading symbols from ./nextstep/Emacs.app/Contents/MacOS/Emacs...done.
(gdb) run
Starting program: .nextstep/Emacs.app/Contents/MacOS/Emacs -Q test-file
[New Thread 0x1713 of process 58247]
[New Thread 0x1803 of process 58247]
[New Thread 0x1903 of process 58247]
[New Thread 0x1a03 of process 58247]
[New Thread 0x1b03 of process 58247]
[New Thread 0x1c0b of process 58247]
[New Thread 0x1d13 of process 58247]
Error while mapping shared library sections:
cl_kernels: No such file or directory.
Error while mapping shared library sections:
cl_kernels: No such file or directory.
[New Thread 0x1e33 of process 58247]

Program received signal SIGSEGV, Segmentation fault.
ns_compute_glyph_string_overhangs (s=0x7fff5fbfd690) at nsterm.m:2551
2551      if (EQ (font->driver->type, Qns))
(gdb) backtrace
#0  ns_compute_glyph_string_overhangs (s=0x7fff5fbfd690) at nsterm.m:2551
#1  0x000000010003a6c7 in draw_glyphs (w=0x101036208, x=<optimized
out>, row=0x101992d00, area=TEXT_AREA, start=0, end=52,
    hl=<optimized out>, overlaps=<optimized out>) at xdisp.c:25534
#2  0x0000000100039916 in x_write_glyphs (w=0x23a, updated_row=0x0,
start=<optimized out>, updated_area=<optimized out>, len=52)
    at xdisp.c:27630
#3  0x000000010000ab96 in update_text_area (w=<optimized out>,
updated_row=0x23b, vpos=<optimized out>) at dispnew.c:3608
#4  update_window_line (w=0x43007877a76c9b44, vpos=26815744,
mouse_face_overwritten_p=0x7fff5fbfdb87) at dispnew.c:3851
#5  0x0000000100006bde in update_window (w=0x43007877a76c9b44,
    force_p=<error reading variable: Cannot access memory at address
0x1>) at dispnew.c:3473
#6  0x00000001000052d4 in update_window_tree (w=<optimized out>,
force_p=<optimized out>) at dispnew.c:3215
#7  0x000000010000511c in update_frame (f=0x43007877a76c9b44,
force_p=<optimized out>, inhibit_hairy_id_p=false)
    at dispnew.c:3104
#8  0x0000000100028ca6 in redisplay_internal () at xdisp.c:13963
#9  0x00000001000c44e4 in read_char (commandflag=1, map=4320568723,
prev_event=0, used_mouse_menu=0x7fff5fbff5ef, end_time=0x0)
    at keyboard.c:2466
#10 0x00000001000c1d1e in read_key_sequence (keybuf=<optimized out>,
bufsize=30, prompt=<optimized out>,
    dont_downcase_last=<optimized out>,
can_return_switch_frame=<optimized out>, fix_current_buffer=<optimized
out>,
    prevent_redisplay=<optimized out>) at keyboard.c:9045
#11 0x00000001000c054d in command_loop_1 () at keyboard.c:1347
#12 0x000000010013d886 in internal_condition_case
(bfun=0x7fff5fbfd690, handlers=<optimized out>, hfun=<optimized out>)
    at eval.c:1309
#13 0x00000001000d1560 in command_loop_2 (ignore=<optimized out>) at
keyboard.c:1089
#14 0x000000010013d3f6 in internal_catch (tag=<optimized out>,
func=0x7fff5fbfd690, arg=4827991255846525764) at eval.c:1074
#15 0x00000001000bf77e in command_loop () at keyboard.c:1068
#16 0x00000001000bf699 in recursive_edit_1 () at keyboard.c:674
#17 0x00000001000bf8bc in Frecursive_edit () at keyboard.c:745
#18 0x00000001000be3c0 in main (argc=<error reading variable: Cannot
access memory at address 0x0>, argv=<optimized out>)
    at emacs.c:1610

---
 src/nsterm.m | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/nsterm.m b/src/nsterm.m
index 43d1377..adce35e 100644
--- a/src/nsterm.m
+++ b/src/nsterm.m
@@ -2532,6 +2532,9 @@ ns_compute_glyph_string_overhangs (struct glyph_string *s)
 {
   struct font *font = s->font;

+  if (!font)
+    return;
+
   if (s->char2b)
     {
       struct font_metrics metrics;