From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: YAMAMOTO Mitsuharu Newsgroups: gmane.emacs.bugs Subject: bug#36507: 27.0.50; Crash on evaluating invalid UTF-8 byte sequence on MacOS Date: Fri, 05 Jul 2019 11:22:45 +0900 Organization: Faculty of Science, Chiba University Message-ID: References: Mime-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset=US-ASCII Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="10020"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (=?UTF-8?Q?Goj=C5=8D?=) APEL/10.8 EasyPG/1.0.0 Emacs/25.3 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO) Cc: 36507@debbugs.gnu.org To: Stefan Kangas Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Jul 05 04:23:11 2019 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([209.51.188.17]) by blaine.gmane.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1hjDsT-0002R4-L0 for geb-bug-gnu-emacs@m.gmane.org; Fri, 05 Jul 2019 04:23:09 +0200 Original-Received: from localhost ([::1]:49548 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hjDsS-0001FC-MN for geb-bug-gnu-emacs@m.gmane.org; Thu, 04 Jul 2019 22:23:08 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:50698) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hjDsN-0001F4-I0 for bug-gnu-emacs@gnu.org; Thu, 04 Jul 2019 22:23:04 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hjDsM-0002CE-Gb for bug-gnu-emacs@gnu.org; Thu, 04 Jul 2019 22:23:03 -0400 Original-Received: from debbugs.gnu.org ([209.51.188.43]:43373) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hjDsM-0002C4-DE for bug-gnu-emacs@gnu.org; Thu, 04 Jul 2019 22:23:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hjDsM-00047Y-6I for bug-gnu-emacs@gnu.org; Thu, 04 Jul 2019 22:23:02 -0400 X-Loop: help-debbugs@gnu.org Resent-From: YAMAMOTO Mitsuharu Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Fri, 05 Jul 2019 02:23:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36507 X-GNU-PR-Package: emacs Original-Received: via spool by 36507-submit@debbugs.gnu.org id=B36507.156229337015809 (code B ref 36507); Fri, 05 Jul 2019 02:23:02 +0000 Original-Received: (at 36507) by debbugs.gnu.org; 5 Jul 2019 02:22:50 +0000 Original-Received: from localhost ([127.0.0.1]:52194 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hjDs9-00046v-Mn for submit@debbugs.gnu.org; Thu, 04 Jul 2019 22:22:49 -0400 Original-Received: from mathmail.math.s.chiba-u.ac.jp ([133.82.132.2]:59890) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hjDs6-00046k-OJ for 36507@debbugs.gnu.org; Thu, 04 Jul 2019 22:22:48 -0400 Original-Received: from mathent.math.s.chiba-u.ac.jp (mathent [192.168.32.5]) by mathmail.math.s.chiba-u.ac.jp (Postfix) with ESMTP id DEA61F08E1; Fri, 5 Jul 2019 11:22:45 +0900 (JST) (envelope-from mituharu@math.s.chiba-u.ac.jp) In-Reply-To: X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:162102 Archived-At: On Fri, 05 Jul 2019 11:04:21 +0900, Stefan Kangas wrote: > > When evaluating the following expression, I get a crash under "emacs -Q" > compiled from current master. > > (decode-coding-string "\xE3\x32\x9A\x36" 'chinese-gb18030) > > This expression is tested in batch mode with no problems on the same > system, now on master in test/lisp/bookmark-tests.el:281. > > The expression was suggested in Bug#36452, where > > Eli Zaretskii writes: > > Please add to that text something that doesn't yield valid > > UTF-8 byte sequence. For example, these two strings: > > > > (decode-coding-string "\xE3\x32\x9A\x36" 'chinese-gb18030) > > I think the issue as such is beyond me, but I can reproduce this every time. > Please let me know if you need help testing or more information. > > Before crash, I get this output: > Thread 1 received signal SIGSEGV, Segmentation fault. > 0x00007fff8ddbd326 in CFCharacterSetIsLongCharacterMember () from > /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation Please try the patch below. YAMAMOTO Mitsuharu mituharu@math.s.chiba-u.ac.jp diff --git a/src/macfont.m b/src/macfont.m index f736fbf0e1e..2b7f963fd61 100644 --- a/src/macfont.m +++ b/src/macfont.m @@ -2076,7 +2076,7 @@ static int macfont_variation_glyphs (struct font *, int c, ptrdiff_t j; for (j = 0; j < ASIZE (chars); j++) - if (TYPE_RANGED_FIXNUMP (UTF32Char, AREF (chars, j)) + if (RANGED_FIXNUMP (0, AREF (chars, j), MAX_UNICODE_CHAR) && CFCharacterSetIsLongCharacterMember (desc_charset, XFIXNAT (AREF (chars, j)))) break; @@ -2710,6 +2710,9 @@ So we use CTFontDescriptorCreateMatchingFontDescriptor (no int result; CFCharacterSetRef charset; + if (c < 0 || c > MAX_UNICODE_CHAR) + return false; + block_input (); if (FONT_ENTITY_P (font)) {