Re: segfault crash when loading certain rmail files

Re: segfault crash when loading certain rmail files

[Richard Stallman]

Can you make an Rmail file which triggers this bug
available by ftp for an Emacs developer to get so he
can reproduce and debug the problem?

Re: segfault crash when loading certain rmail files

[Ulf Rehmann]

I can try to set up an rmail file like that, but it might be not so
easy. Small files seem to work well, and the big stuff I have contains
lots of confidential material which I hesitate to give away...

Re: segfault crash when loading certain rmail files

[Ulf Rehmann]

 | Can you make an Rmail file which triggers this bug
 | available by ftp for an Emacs developer to get so he
 | can reproduce and debug the problem?


I now can make my report more precise: 

I do no longer claim that the crash depends on the size of the rmail
file.

The crash happens (for emacs 21.2) if the rmail file contains a
character of decimal value 128, if the rmail file is loaded
as a gzipped file with "automatic file de/compression" toggled "on".

The crash does not happen for emacs 20.7.

Please find below an rmail file, gzipped and encoded by uuencode,
which causes the crash.

Thanks for any help, and best regards,

Ulf Rehmann



begin 644 XX.gz
M'XL(".\W"ST``UA8`(V4WV_:,!#'GVOM?^A)?0&&30RD@:RJ6DK0J$I!!:9.
M51\<?&G<)3%*0E?>]J?/`4H[^FM)B$/LN_M\[\[IG'9^7L!P-.D/+\<NT`J%
M-!8J*I[(#TPSI1,7;'(A?(PREUSJ'%T`F(0J`W/E(4*(0F(*.@"1;*P#%2';
M+NX'L-0+$"E"AJB2.U`YJ,W:ZG99\39&D:R]%BX@%!DDVKS-,G&'66&D<D8&
MQLZ%VH-(:]E<ZZA6.*JE&,8B2<C^%V)5`:7*45:K9+R(8Y$N::02$X;;]'R1
M`.3:A8W!22Q,0'-3O]C43-WP^BT<Y)CEI%*I@#<<?@?S0*[IF9:&GHZ768ZQ
M"XM$XDQ)E'21J,<5%0U2;69ZYOZ6>[..^@HC##"23"*,10X%#[>!-]QFT^46
MU"VK3KSD`2,]1_H2--(S$87:@%WA#-4#2A>*@+"=@)*A=YAE3GY;)GO^$B0*
MMDB+8+]5'@)F<3Z'DO>H8FBPA@T''$I=])5(RL9`2>#.>6<YI99E-6UE!K(7
MZ!2.7D$<?ROPJP5[(:'`?A;QU3+_=S'O%W-3E)0-7B9<T<XV(UVOR'Z;.0:_
MR9JMVY6"9W4K!:/AJ`&E`/-96-2=VJS-."^O,5]10BDS-8N0RE3/RY\B0^G,
M&T_*N^3/22S-;:M5/^WT.DRJ.<NI5,*T%DLPAYN6X6Z8G\-9W7XJ@*]U_*'D
M4HMQ8U1;#^6U2F\\F(S`E./.[G7"Y-1R'+N^4XH/.NN]XIBK_:1TX$V@^X;8
MC7MXW3RKK'[>/,ZZ>:09WL=P-CTR>6\G_ILELX_]>YSE+JQVYF#]2:!]`WWD
M[48]V7(?D]YJ1TZC`*XVNOXK?Z0KBL_29_37=-KO7KC0;G/GL-GT_4..#F_-
?I!/,?%''1EVT>(L'A)"):2SX0XIC_R]&'5ZC>`4`````
`
end

Re: segfault crash when loading certain rmail files

[Ulf Rehmann]

 | Can you make an Rmail file which triggers this bug
 | available by ftp for an Emacs developer to get so he
 | can reproduce and debug the problem?

I turned out that the crash can be triggered, for emacs 21.2, by
loading any file just containing the character (decimal) 128, if this
file is gzipped and visited by find-file and if "automatic file
de/compression" is toggled "on".

No crash with emacs 20.7.

Ulf Rehmann

Re: segfault crash when loading certain rmail files

[Kenichi Handa]

Ulf Rehmann <rehmann@mathematik.uni-bielefeld.de> writes:
> I turned out that the crash can be triggered, for emacs 21.2, by
> loading any file just containing the character (decimal) 128, if this
> file is gzipped and visited by find-file and if "automatic file
> de/compression" is toggled "on".

> No crash with emacs 20.7.

Thank you for the report.  The following change will fix the
problem.

(1) Fix Fcall_process (in callproc.c).

We have this code at line 786.

	      repeat_decoding:
		size = decoding_buffer_size (&process_coding, nread);
		decoding_buf = (char *) xmalloc (size);
		
		if (process_coding.cmp_data)
		  process_coding.cmp_data->char_offset = PT;
		
		decode_coding (&process_coding, bufptr, decoding_buf,
			       nread, size);

Before we check process_coding.cmp_data, if process_coding
requires detection (we have the macro
CODING_REQUIRED_DETECTION for checking it), we must call
detect_coding.  And, if the resulting
process_coding.composing is not COMPOSITION_DISABLED, we
must allocate a memory for handling composition data (we
have the function coding_allocate_composition_data, the
second arg must be PT).

(2) Fix detect_eol (in coding.c).

We have this code at 4316

  if (VECTORP (val) && XVECTOR (val)->size == 3)
    {
      int src_multibyte = coding->src_multibyte;
      int dst_multibyte = coding->dst_multibyte;

      setup_coding_system (XVECTOR (val)->contents[eol_type], coding);
      coding->src_multibyte = src_multibyte;
      coding->dst_multibyte = dst_multibyte;
      coding->heading_ascii = skip;
    }

The value of coding->cmp_data must be saved before calling
setup_coding_system and restored after the call.


And, we potentially have the same kind of problem in the
following places (where, decode_coding is called directly).

w16select.c:663:      decode_coding (&coding, htext, buf, truelen, bufsize);
w32fns.c:6688:  decode_coding (&coding, lplogfont->lfFaceName, fontname,
w32select.c:335:	decode_coding (&coding, src, buf, nbytes, bufsize);
xselect.c:1651:	  decode_coding (&coding, data, buf, size, bufsize);
xterm.c:10688:			    decode_coding (&coding, copy_bufptr, p,

Fortunetly, for all those case, we can simply diable
composition handling by setting the member `composing' of
`struct coding_system' to COMPOSITION_DIABLED.  For example,
in the case of xselect.c, before calling decode_coding at
the line 335, what we need is to set coding.composing to
COMPOSITION_DIABLED.

Could someone please install a fix?  I'll verify the result.

---
Ken'ichi HANDA
handa@etl.go.jp

Re: segfault crash when loading certain rmail files

[Kenichi Handa]

I finally got a permission to contribute code again for
Emacs 21!

So, I can work on the following matter by myself.  If any of
you have already started to work on it, please let me know.

---
Ken'ichi HANDA
handa@etl.go.jp

Kenichi Handa <handa@etl.go.jp> writes:

> Ulf Rehmann <rehmann@mathematik.uni-bielefeld.de> writes:
>>  I turned out that the crash can be triggered, for emacs 21.2, by
>>  loading any file just containing the character (decimal) 128, if this
>>  file is gzipped and visited by find-file and if "automatic file
>>  de/compression" is toggled "on".

>>  No crash with emacs 20.7.

> Thank you for the report.  The following change will fix the
> problem.

> (1) Fix Fcall_process (in callproc.c).

> We have this code at line 786.

> 	      repeat_decoding:
> 		size = decoding_buffer_size (&process_coding, nread);
> 		decoding_buf = (char *) xmalloc (size);
		
> 		if (process_coding.cmp_data)
process_coding.cmp_data-> char_offset = PT;
		
> 		decode_coding (&process_coding, bufptr, decoding_buf,
> 			       nread, size);

> Before we check process_coding.cmp_data, if process_coding
> requires detection (we have the macro
> CODING_REQUIRED_DETECTION for checking it), we must call
> detect_coding.  And, if the resulting
> process_coding.composing is not COMPOSITION_DISABLED, we
> must allocate a memory for handling composition data (we
> have the function coding_allocate_composition_data, the
> second arg must be PT).

> (2) Fix detect_eol (in coding.c).

> We have this code at 4316

>   if (VECTORP (val) && XVECTOR (val)->size == 3)
>     {
>       int src_multibyte = coding->src_multibyte;
>       int dst_multibyte = coding->dst_multibyte;

>       setup_coding_system (XVECTOR (val)->contents[eol_type], coding);
coding-> src_multibyte = src_multibyte;
coding-> dst_multibyte = dst_multibyte;
coding-> heading_ascii = skip;
>     }

> The value of coding->cmp_data must be saved before calling
> setup_coding_system and restored after the call.


> And, we potentially have the same kind of problem in the
> following places (where, decode_coding is called directly).

> w16select.c:663:      decode_coding (&coding, htext, buf, truelen, bufsize);
> w32fns.c:6688:  decode_coding (&coding, lplogfont->lfFaceName, fontname,
> w32select.c:335:	decode_coding (&coding, src, buf, nbytes, bufsize);
> xselect.c:1651:	  decode_coding (&coding, data, buf, size, bufsize);
> xterm.c:10688:			    decode_coding (&coding, copy_bufptr, p,

> Fortunetly, for all those case, we can simply diable
> composition handling by setting the member `composing' of
> `struct coding_system' to COMPOSITION_DIABLED.  For example,
> in the case of xselect.c, before calling decode_coding at
> the line 335, what we need is to set coding.composing to
> COMPOSITION_DIABLED.

> Could someone please install a fix?  I'll verify the result.

> ---
> Ken'ichi HANDA
> handa@etl.go.jp


> _______________________________________________
> Emacs-devel mailing list
> Emacs-devel@gnu.org
> http://mail.gnu.org/mailman/listinfo/emacs-devel

Re: segfault crash when loading certain rmail files

[Richard Stallman]

    I finally got a permission to contribute code again for
    Emacs 21!

Hooray!

Re: segfault crash when loading certain rmail files

[Kenichi Handa]

Kenichi Handa <handa@etl.go.jp> writes:
> So, I can work on the following matter by myself.  If any of
> you have already started to work on it, please let me know.

I've just installed a fix in HEAD branch.

I think this fix should also be installed in RC.  Shall I do
that?

---
Ken'ichi HANDA
handa@etl.go.jp

Re: segfault crash when loading certain rmail files

[Richard Stallman]

    I think this fix should also be installed in RC.  Shall I do
    that?

If it seems safe to you, please install it in RC.

Re: segfault crash when loading certain rmail files

[Kenichi Handa]

Richard Stallman <rms@gnu.org> writes:
>     I think this fix should also be installed in RC.  Shall I do
>     that?

> If it seems safe to you, please install it in RC.

Done.

---
Ken'ichi HANDA
handa@etl.go.jp