From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: YAMAMOTO Mitsuharu Newsgroups: gmane.emacs.bugs Subject: bug#8915: 23.3; Repeatable segmentation fault, all platforms, in character composition code Date: Tue, 28 Jun 2011 18:36:40 +0900 Organization: Faculty of Science, Chiba University Message-ID: References: <1C1DC554-0A35-4CAC-B896-98DF5E3AB684@ed.ac.uk> NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 (generated by SEMI 1.14.6 - "Maruoka") Content-Type: text/plain; charset=US-ASCII X-Trace: dough.gmane.org 1309253852 11214 80.91.229.12 (28 Jun 2011 09:37:32 GMT) X-Complaints-To: usenet@dough.gmane.org NNTP-Posting-Date: Tue, 28 Jun 2011 09:37:32 +0000 (UTC) Cc: 8915@debbugs.gnu.org To: David Aspinall Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jun 28 11:37:28 2011 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([140.186.70.17]) by lo.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1QbUjW-0005dA-2R for geb-bug-gnu-emacs@m.gmane.org; Tue, 28 Jun 2011 11:37:26 +0200 Original-Received: from localhost ([::1]:60880 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QbUjU-0002qb-Su for geb-bug-gnu-emacs@m.gmane.org; Tue, 28 Jun 2011 05:37:25 -0400 Original-Received: from eggs.gnu.org ([140.186.70.92]:60774) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QbUjC-0002qC-0w for bug-gnu-emacs@gnu.org; Tue, 28 Jun 2011 05:37:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1QbUj9-0001i5-G9 for bug-gnu-emacs@gnu.org; Tue, 28 Jun 2011 05:37:05 -0400 Original-Received: from debbugs.gnu.org ([140.186.70.43]:38987) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1QbUj9-0001hz-6g for bug-gnu-emacs@gnu.org; Tue, 28 Jun 2011 05:37:03 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.69) (envelope-from ) id 1QbUj8-0000bG-FP; Tue, 28 Jun 2011 05:37:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: YAMAMOTO Mitsuharu Original-Sender: debbugs-submit-bounces@debbugs.gnu.org Resent-To: owner@debbugs.gnu.org Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Tue, 28 Jun 2011 09:37:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 8915 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 8915-submit@debbugs.gnu.org id=B8915.13092538172294 (code B ref 8915); Tue, 28 Jun 2011 09:37:02 +0000 Original-Received: (at 8915) by debbugs.gnu.org; 28 Jun 2011 09:36:57 +0000 Original-Received: from localhost ([127.0.0.1] helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QbUj2-0000ax-MQ for submit@debbugs.gnu.org; Tue, 28 Jun 2011 05:36:57 -0400 Original-Received: from mathmail.math.s.chiba-u.ac.jp ([133.82.132.2]) by debbugs.gnu.org with esmtp (Exim 4.69) (envelope-from ) id 1QbUiw-0000ad-68 for 8915@debbugs.gnu.org; Tue, 28 Jun 2011 05:36:56 -0400 Original-Received: from church.math.s.chiba-u.ac.jp (church [133.82.132.36]) by mathmail.math.s.chiba-u.ac.jp (Postfix) with ESMTP id 0529BC0557; Tue, 28 Jun 2011 18:36:40 +0900 (JST) In-Reply-To: <1C1DC554-0A35-4CAC-B896-98DF5E3AB684@ed.ac.uk> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (=?UTF-8?Q?Shij=C5=8D?=) APEL/10.6 Emacs/22.3 (sparc-sun-solaris2.8) MULE/5.0 (SAKAKI) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.11 Precedence: list Resent-Date: Tue, 28 Jun 2011 05:37:02 -0400 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6 (newer, 3) X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:47554 Archived-At: >>>>> On Tue, 21 Jun 2011 17:04:57 +0100, David Aspinall said: > There is a segfault which arises reproducibly when compose-character is > used near the end of a buffer. I'm afraid I don't have a raw test case > but here is a recipe to reproduce it that loads the Emacs application > Proof General: > wget http://proofgeneral.inf.ed.ac.uk/releases/ProofGeneral-4.0.tgz > tar -xpzf ProofGeneral-4.0.tgz > (cd ProofGeneral; make clean) > emacs -q -l ProofGeneral/generic/proof-site.el > C-x C-f Test.thy > Then type > \ > and Emacs segfaults. If instead you type > M-x 1 0 SPACE C-a \ > it behaves as expected: looks like the code is running off the end of > the buffer. At least, the following change seems to avoid the crash. But I'm not sure if this is a right fix at all. Handa-san, could you take a look at this issue? The problematic case is that the addition of the `composite' property via fontification occurs during redisplay and the composition is found in the middle of the composed region. That happens if the first part of the region had a non-nil `fontified' property and the second part did not, and then fontification-functions added the `composite' property to the whole region. YAMAMOTO Mitsuharu mituharu@math.s.chiba-u.ac.jp === modified file 'src/composite.c' *** src/composite.c 2011-05-09 09:59:23 +0000 --- src/composite.c 2011-06-28 09:10:01 +0000 *************** *** 1136,1142 **** prop, string); if (cmp_it->id < 0) goto no_composition; ! cmp_it->nchars = end - start; cmp_it->nglyphs = composition_table[cmp_it->id]->glyph_len; } else if (w) --- 1136,1142 ---- prop, string); if (cmp_it->id < 0) goto no_composition; ! cmp_it->nchars = end - charpos; cmp_it->nglyphs = composition_table[cmp_it->id]->glyph_len; } else if (w) === modified file 'src/xdisp.c' *** src/xdisp.c 2011-05-25 03:06:05 +0000 --- src/xdisp.c 2011-06-28 09:10:57 +0000 *************** *** 4654,4660 **** if (it->cmp_it.id >= 0) { it->cmp_it.ch = -1; ! it->cmp_it.nchars = COMPOSITION_LENGTH (prop); it->cmp_it.nglyphs = -1; } } --- 4654,4660 ---- if (it->cmp_it.id >= 0) { it->cmp_it.ch = -1; ! it->cmp_it.nchars = end - pos; it->cmp_it.nglyphs = -1; } }