From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Eli Zaretskii Newsgroups: gmane.emacs.bugs Subject: bug#9495: 24.0.50; Segfault in try_cursor_movement Date: Wed, 14 Sep 2011 01:22:21 -0400 Message-ID: References: <877h5ctf72.fsf@gnu.org> Reply-To: Eli Zaretskii NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Trace: dough.gmane.org 1315977762 1042 80.91.229.12 (14 Sep 2011 05:22:42 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Wed, 14 Sep 2011 05:22:42 +0000 (UTC) Cc: 9495@debbugs.gnu.org To: Johan =?UTF-8?Q?Bockg=C3=A5rd?= Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Wed Sep 14 07:22:37 2011 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1R3hvg-0005DU-DP for geb-bug-gnu-emacs@m.gmane.org; Wed, 14 Sep 2011 07:22:36 +0200 Original-Received: from localhost ([::1]:54885 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R3hvf-0003MX-DQ for geb-bug-gnu-emacs@m.gmane.org; Wed, 14 Sep 2011 01:22:35 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:57156) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R3hvd-0003MR-5A for bug-gnu-emacs@gnu.org; Wed, 14 Sep 2011 01:22:34 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1R3hvb-0006UJ-7r for bug-gnu-emacs@gnu.org; Wed, 14 Sep 2011 01:22:33 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:54592) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1R3hvb-0006UF-53 for bug-gnu-emacs@gnu.org; Wed, 14 Sep 2011 01:22:31 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1R3hzx-0002TQ-La; Wed, 14 Sep 2011 01:27:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Eli Zaretskii Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Wed, 14 Sep 2011 05:27:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 9495 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 9495-submit@debbugs.gnu.org id=B9495.13159780169495 (code B ref 9495); Wed, 14 Sep 2011 05:27:01 +0000 Original-Received: (at 9495) by debbugs.gnu.org; 14 Sep 2011 05:26:56 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1R3hzs-0002T5-Ai for submit@debbugs.gnu.org; Wed, 14 Sep 2011 01:26:56 -0400 Original-Received: from fencepost.gnu.org ([140.186.70.10]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1R3hzo-0002Sx-Vz for 9495@debbugs.gnu.org; Wed, 14 Sep 2011 01:26:54 -0400 Original-Received: from eliz by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1R3hvR-0006AI-IC; Wed, 14 Sep 2011 01:22:21 -0400 In-reply-to: <877h5ctf72.fsf@gnu.org> (message from Johan =?UTF-8?Q?Bockg=C3=A5rd?= on Tue, 13 Sep 2011 21:28:17 +0200) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Wed, 14 Sep 2011 01:27:01 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 1) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:51128 Archived-At: > From: Johan Bockgård > Date: Tue, 13 Sep 2011 21:28:17 +0200 > > > Program terminated with signal 11, Segmentation fault. > #0 0x00007f5bccbe6fe7 in kill () at ../sysdeps/unix/syscall-template.S:82 > 82 ../sysdeps/unix/syscall-template.S: No such file or directory. > in ../sysdeps/unix/syscall-template.S > (gdb) bt > #0 0x00007f5bccbe6fe7 in kill () at ../sysdeps/unix/syscall-template.S:82 > #1 0x000000000056e889 in fatal_error_signal (sig=11) at emacs.c:358 > #2 > #3 0x0000000000465f3f in try_cursor_movement (window=20987605, startp=..., > scroll_step=0x7fff5e400758) at xdisp.c:14639 > > xdisp.c:14639: (BUFFERP (g->object) && g->charpos == PT) > > g is not a valid glyph here. > > (gdb) p MATRIX_ROW (w->current_matrix, w->cursor.vpos).used[TEXT_AREA] > $3 = 80 > (gdb) p w->cursor.hpos > $4 = 80 Thanks. But what is the value of `rv' at that point? > 2011-09-13 Johan Bockgård > > * xdisp.c (try_cursor_movement): Check bounds of hpos. That will prevent your particular crash, but I'm not sure it's correct in all cases (like R2L lines and other atrocities). Can you give a recipe for reproducing this crash from "emacs -Q"? I'd like to investigate a bit more. TIA. > BTW, is this code in try_window_reusing_current_matrix correct? > > struct glyph *glyph = row->glyphs[TEXT_AREA] + w->cursor.hpos; > struct glyph *end = glyph + row->used[TEXT_AREA]; No, it's a bug. I fixed it. Thanks for spotting it.