From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: "Stuart D. Herring" Newsgroups: gmane.emacs.devel Subject: Re: Problem report #16 Date: Wed, 12 Apr 2006 11:23:36 -0700 (PDT) Message-ID: <41269.128.165.123.132.1144866216.squirrel@webmail.lanl.gov> References: <200604111548.k3BFmtRQ015112@scanner2.ics.uci.edu> <200604121741.k3CHfRrO029529@amrm2.ics.uci.edu> Reply-To: herring@lanl.gov NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: sea.gmane.org 1144866255 28922 80.91.229.2 (12 Apr 2006 18:24:15 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Wed, 12 Apr 2006 18:24:15 +0000 (UTC) Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Apr 12 20:24:11 2006 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by ciao.gmane.org with esmtp (Exim 4.43) id 1FTk0T-0000X3-2n for ged-emacs-devel@m.gmane.org; Wed, 12 Apr 2006 20:23:57 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FTk0S-0000tC-D0 for ged-emacs-devel@m.gmane.org; Wed, 12 Apr 2006 14:23:56 -0400 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1FTk0F-0000sH-Hh for emacs-devel@gnu.org; Wed, 12 Apr 2006 14:23:43 -0400 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1FTk0D-0000rr-TC for emacs-devel@gnu.org; Wed, 12 Apr 2006 14:23:43 -0400 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1FTk0D-0000ro-QI for emacs-devel@gnu.org; Wed, 12 Apr 2006 14:23:41 -0400 Original-Received: from [192.65.95.54] (helo=mailwasher-b.lanl.gov) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA:32) (Exim 4.52) id 1FTk5M-0003ly-FR for emacs-devel@gnu.org; Wed, 12 Apr 2006 14:29:01 -0400 Original-Received: from mailrelay3.lanl.gov (mailrelay3.lanl.gov [128.165.4.104]) by mailwasher-b.lanl.gov (8.12.11.20060308/8.12.11/(ccn-5)) with ESMTP id k3CINbNJ031838 for ; Wed, 12 Apr 2006 12:23:38 -0600 Original-Received: from webmail1.lanl.gov (webmail1.lanl.gov [128.165.4.106]) by mailrelay3.lanl.gov (8.12.11.20060308/8.12.11/(ccn-5)) with ESMTP id k3CINaYL020744 for ; Wed, 12 Apr 2006 12:23:37 -0600 Original-Received: from webmail1.lanl.gov (localhost.localdomain [127.0.0.1]) by webmail1.lanl.gov (8.12.11.20060308/8.12.11) with ESMTP id k3CINa5T010074 for ; Wed, 12 Apr 2006 12:23:36 -0600 Original-Received: (from apache@localhost) by webmail1.lanl.gov (8.12.11.20060308/8.12.11/Submit) id k3CINauU010072; Wed, 12 Apr 2006 11:23:36 -0700 X-Authentication-Warning: webmail1.lanl.gov: apache set sender to herring@lanl.gov using -f Original-Received: from 128.165.123.132 (SquirrelMail authenticated user 196434); by webmail.lanl.gov with HTTP; Wed, 12 Apr 2006 11:23:36 -0700 (PDT) In-Reply-To: <200604121741.k3CHfRrO029529@amrm2.ics.uci.edu> Original-To: emacs-devel@gnu.org User-Agent: SquirrelMail/1.4.3a-11.EL3 X-Mailer: SquirrelMail/1.4.3a-11.EL3 X-Priority: 3 (Normal) Importance: Normal X-PMX-Version: 4.7.1.128075 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:52794 Archived-At: There's actually several possible problems here. > > At conditional (1): "face != 0" taking false path > > > > 667 if (face) > > 668 id = face->fontset; This is a red herring -- face is reassigned later. > > At conditional (2): "id < 0" taking true path > > > > 669 if (id < 0) > > 670 fontset = Qnil; > > 671 else > > 672 fontset = FONTSET_FROM_ID (id); Here's one thing I don't like: FONTSET_FROM_ID doesn't do any safety checks on id. Can we trust this function to always get reasonable id values? > > 682 int face_id = XINT (elt); > > 684 xassert (face_id == face->id); Dan wrote (although not here in his message): > This problem could happen if fs_load_font was called with face=NULL > and id>0. Can that happen? Here's where Dan's point is relevant: if face==NULL and id>0, then it seems quite possible for this line to be reached... > > 685 face = FACE_FROM_ID (f, face_id); ...just before assigning face, so it'd still be NULL. But there's more: FACE_FROM_ID can fail and return NULL: > > Event var_deref_op: Variable "face" tracked as NULL was dereferenced. > > Also see events: [var_compare_op] > > > > 686 return (*get_font_info_func) (f, face->font_info_id); So this part is dangerous if and only if face_id, derived from the fontset, can be messed up. Nothing to do with face's value at entry to the function. Someone who understands fontsets/font loading, comment? Davis -- This product is sold by volume, not by mass. If it appears too dense or too sparse, it is because mass-energy conversion has occurred during shipping.