From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Romain Francoise Newsgroups: gmane.emacs.devel Subject: Re: Redisplay crash Date: Wed, 05 Jan 2005 21:49:44 +0100 Organization: orebokech dot com Message-ID: <878y77mwif.fsf@orebokech.com> References: <87llbal35x.fsf@orebokech.com> <200501040105.KAA09219@etlken.m17n.org> <87u0pwsz12.fsf@orebokech.com> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1104958247 30456 80.91.229.6 (5 Jan 2005 20:50:47 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Wed, 5 Jan 2005 20:50:47 +0000 (UTC) Cc: handa@m17n.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Jan 05 21:50:24 2005 Return-path: Original-Received: from lists.gnu.org ([199.232.76.165]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1CmI6p-0002AR-00 for ; Wed, 05 Jan 2005 21:50:24 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1CmII5-0007dL-Qe for ged-emacs-devel@m.gmane.org; Wed, 05 Jan 2005 16:02:01 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33) id 1CmIHn-0007Vi-Lv for emacs-devel@gnu.org; Wed, 05 Jan 2005 16:01:44 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33) id 1CmIHl-0007UO-Fy for emacs-devel@gnu.org; Wed, 05 Jan 2005 16:01:42 -0500 Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.33) id 1CmIHl-0007Tx-5z for emacs-devel@gnu.org; Wed, 05 Jan 2005 16:01:41 -0500 Original-Received: from [82.67.41.165] (helo=yeast.orebokech.com) by monty-python.gnu.org with esmtp (Exim 4.34) id 1CmI68-0000jj-Tr for emacs-devel@gnu.org; Wed, 05 Jan 2005 15:49:41 -0500 Original-Received: from pacem.orebokech.com (pacem.orebokech.com [192.168.1.3]) by yeast.orebokech.com (Postfix) with ESMTP id 4D23512D08; Wed, 5 Jan 2005 21:49:39 +0100 (CET) Original-Received: by pacem.orebokech.com (Postfix, from userid 1000) id 04169B305B; Wed, 5 Jan 2005 21:49:45 +0100 (CET) Original-To: emacs-devel@gnu.org Mail-Copies-To: nobody X-Face: "1+OIb}NK>vxR1ZMk[Jx!/]O|A-v/P&|%hFquLxp20W.'g4KNUD/IdAUSmd'5`f)Q9%"4]%{P`TF2dC4v1~G5D}S( In-Reply-To: <87u0pwsz12.fsf@orebokech.com> (Romain Francoise's message of "Tue, 04 Jan 2005 21:46:33 +0100") User-Agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:31920 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:31920 Romain Francoise writes: > I will investigate further, any clues are welcome. After further investigation... the problem lies on line 872 of term.c, I think the size computation is backwards. In my tests, this code makes the buffer shrink to something like 16 bytes. The following bcopy call then writes way more than that, overflowing the buffer and overwriting the libc memory block pointers and thus making the next call to xrealloc (needed because the size was set to something too small for what we have to decode) fail. That test is probably meant to check if we have to grow the buffer, not shrink it, so reversing it appears to be what was intended. At least it fixes the crash for me, I've been running with that patch for some time with success so far. What do you think? 2005-01-05 Romain Francoise * term.c (encode_terminal_code): Fix buffer size computation. Index: term.c =================================================================== RCS file: /cvsroot/emacs/emacs/src/term.c,v retrieving revision 1.159 diff -c -r1.159 term.c *** term.c 12 Dec 2004 03:31:00 -0000 1.159 --- term.c 5 Jan 2005 20:38:47 -0000 *************** *** 1,5 **** /* Terminal control module for terminals described by TERMCAP ! Copyright (C) 1985, 86, 87, 93, 94, 95, 98, 2000, 2001, 2002 Free Software Foundation, Inc. This file is part of GNU Emacs. --- 1,5 ---- /* Terminal control module for terminals described by TERMCAP ! Copyright (C) 1985, 86, 87, 93, 94, 95, 98, 2000, 2001, 2002, 2005 Free Software Foundation, Inc. This file is part of GNU Emacs. *************** *** 869,875 **** if (! STRING_MULTIBYTE (string)) string = string_to_multibyte (string); nbytes = buf - encode_terminal_buf; ! if (nbytes + SBYTES (string) < encode_terminal_bufsize) { encode_terminal_bufsize = nbytes + SBYTES (string); encode_terminal_buf = xrealloc (encode_terminal_buf, --- 869,875 ---- if (! STRING_MULTIBYTE (string)) string = string_to_multibyte (string); nbytes = buf - encode_terminal_buf; ! if (encode_terminal_bufsize < nbytes + SBYTES (string)) { encode_terminal_bufsize = nbytes + SBYTES (string); encode_terminal_buf = xrealloc (encode_terminal_buf, -- Romain Francoise | I just thought I'd go out it's a miracle -- http://orebokech.com/ | with a little bit more style.