From mboxrd@z Thu Jan  1 00:00:00 1970
Path: main.gmane.org!not-for-mail
From: Kenichi Handa <handa@etl.go.jp>
Newsgroups: gmane.emacs.devel
Subject: Re: segfault crash when loading certain rmail files
Date: Mon, 17 Jun 2002 15:13:10 +0900 (JST)
Sender: emacs-devel-admin@gnu.org
Message-ID: <200206170613.PAA26074@etlken.m17n.org>
NNTP-Posting-Host: localhost.gmane.org
Mime-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=US-ASCII
X-Trace: main.gmane.org 1024294531 17104 127.0.0.1 (17 Jun 2002 06:15:31 GMT)
X-Complaints-To: usenet@main.gmane.org
NNTP-Posting-Date: Mon, 17 Jun 2002 06:15:31 +0000 (UTC)
Cc: rms@gnu.org, emacs-devel@gnu.org
Return-path: <emacs-devel-admin@gnu.org>
Original-Received: from quimby.gnus.org ([80.91.224.244])
	by main.gmane.org with esmtp (Exim 3.33 #1 (Debian))
	id 17JpnX-0004Rl-00
	for <emacs-devel@main.gmane.org>; Mon, 17 Jun 2002 08:15:31 +0200
Original-Received: from fencepost.gnu.org ([199.232.76.164])
	by quimby.gnus.org with esmtp (Exim 3.12 #1 (Debian))
	id 17JqDd-00008V-00
	for <emacs-devel@quimby.gnus.org>; Mon, 17 Jun 2002 08:42:29 +0200
Original-Received: from localhost ([127.0.0.1] helo=fencepost.gnu.org)
	by fencepost.gnu.org with esmtp (Exim 3.34 #1 (Debian))
	id 17JpnO-0005jU-00; Mon, 17 Jun 2002 02:15:22 -0400
Original-Received: from tsukuba.m17n.org ([192.47.44.130])
	by fencepost.gnu.org with smtp (Exim 3.34 #1 (Debian))
	id 17JplT-0005ee-00; Mon, 17 Jun 2002 02:13:23 -0400
Original-Received: from fs.m17n.org (fs.m17n.org [192.47.44.2])
	by tsukuba.m17n.org (8.11.6/3.7W-20010518204228) with ESMTP id g5H6DBl05632;
	Mon, 17 Jun 2002 15:13:11 +0900 (JST)
	(envelope-from handa@m17n.org)
Original-Received: from etlken.m17n.org (etlken.m17n.org [192.47.44.125])
	by fs.m17n.org (8.11.3/3.7W-20010823150639) with ESMTP id g5H6DA904348;
	Mon, 17 Jun 2002 15:13:10 +0900 (JST)
Original-Received: (from handa@localhost)
	by etlken.m17n.org (8.8.8+Sun/3.7W-2001040620) id PAA26074;
	Mon, 17 Jun 2002 15:13:10 +0900 (JST)
Original-To: rehmann@mathematik.uni-bielefeld.de
In-Reply-To: message from Ulf Rehmann on Mon, 17 Jun 2002 00:36:55 +0200
User-Agent: SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.2 Emacs/21.1.30 (sparc-sun-solaris2.6) MULE/5.0 (SAKAKI)
Errors-To: emacs-devel-admin@gnu.org
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.0.9
Precedence: bulk
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Post: <mailto:emacs-devel@gnu.org>
List-Subscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
List-Id: Emacs development discussions. <emacs-devel.gnu.org>
List-Unsubscribe: <http://mail.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://mail.gnu.org/pipermail/emacs-devel/>
Xref: main.gmane.org gmane.emacs.devel:4926
X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:4926

Ulf Rehmann <rehmann@mathematik.uni-bielefeld.de> writes:
> I turned out that the crash can be triggered, for emacs 21.2, by
> loading any file just containing the character (decimal) 128, if this
> file is gzipped and visited by find-file and if "automatic file
> de/compression" is toggled "on".

> No crash with emacs 20.7.

Thank you for the report.  The following change will fix the
problem.

(1) Fix Fcall_process (in callproc.c).

We have this code at line 786.

	      repeat_decoding:
		size = decoding_buffer_size (&process_coding, nread);
		decoding_buf = (char *) xmalloc (size);
		
		if (process_coding.cmp_data)
		  process_coding.cmp_data->char_offset = PT;
		
		decode_coding (&process_coding, bufptr, decoding_buf,
			       nread, size);

Before we check process_coding.cmp_data, if process_coding
requires detection (we have the macro
CODING_REQUIRED_DETECTION for checking it), we must call
detect_coding.  And, if the resulting
process_coding.composing is not COMPOSITION_DISABLED, we
must allocate a memory for handling composition data (we
have the function coding_allocate_composition_data, the
second arg must be PT).

(2) Fix detect_eol (in coding.c).

We have this code at 4316

  if (VECTORP (val) && XVECTOR (val)->size == 3)
    {
      int src_multibyte = coding->src_multibyte;
      int dst_multibyte = coding->dst_multibyte;

      setup_coding_system (XVECTOR (val)->contents[eol_type], coding);
      coding->src_multibyte = src_multibyte;
      coding->dst_multibyte = dst_multibyte;
      coding->heading_ascii = skip;
    }

The value of coding->cmp_data must be saved before calling
setup_coding_system and restored after the call.


And, we potentially have the same kind of problem in the
following places (where, decode_coding is called directly).

w16select.c:663:      decode_coding (&coding, htext, buf, truelen, bufsize);
w32fns.c:6688:  decode_coding (&coding, lplogfont->lfFaceName, fontname,
w32select.c:335:	decode_coding (&coding, src, buf, nbytes, bufsize);
xselect.c:1651:	  decode_coding (&coding, data, buf, size, bufsize);
xterm.c:10688:			    decode_coding (&coding, copy_bufptr, p,

Fortunetly, for all those case, we can simply diable
composition handling by setting the member `composing' of
`struct coding_system' to COMPOSITION_DIABLED.  For example,
in the case of xselect.c, before calling decode_coding at
the line 335, what we need is to set coding.composing to
COMPOSITION_DIABLED.

Could someone please install a fix?  I'll verify the result.

---
Ken'ichi HANDA
handa@etl.go.jp