unofficial mirror of emacs-devel@gnu.org 
 help / color / mirror / code / Atom feed
* potential bug in display_mode_element?
@ 2005-09-12  0:58 Kenichi Handa
  2005-09-12  8:04 ` Kim F. Storm
                   ` (2 more replies)
  0 siblings, 3 replies; 14+ messages in thread
From: Kenichi Handa @ 2005-09-12  0:58 UTC (permalink / raw)


I got a bug report for emacs-unicode-2, and it seems that
the same bug exists in HEAD too.  The backtrace is this:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1208118624 (LWP 29169)]
0x080b7349 in display_mode_element (it=0xbfffd1b0, depth=10, field_width=0, precision=-63, elt=164196259, props=138499373, risky=0) at xdisp.c:16136
16136           while ((precision <= 0 || n < precision)
(gdb) xbacktrace
"execute-extended-command"
"call-interactively"
(gdb) bt full
#0  0x080b7349 in display_mode_element (it=0xbfffd1b0, depth=10, field_width=0, precision=-63, elt=164196259, props=138499373, risky=0) at xdisp.c:16136
        c = 0 '\0'
        this = (const unsigned char *) 0xaf7a101 <Address 0xaf7a101 out of bounds>
        lisp_string = (const unsigned char *) 0xaf7a0fc <Address 0xaf7a0fc out of bounds>
        n = 5
        field = 138382657
        prec = 5
        literal = 0

Here the strange thing is that list_string points an address
out of bounds.  It is initialized as this:

	this = SDATA (elt);
	lisp_string = this;

	if (literal)
          /* omitted because not relevant now */

	while ((precision <= 0 || n < precision)
	       && *this
	       && (mode_line_target != MODE_LINE_DISPLAY
		   || it->current_x < it->last_visible_x))
          ...

and never changed in the while loop.  So the only reason I
can think of why the address pointed by list_string becomes
out of bound is that the string data of ELT was relocated in
the loop and the original address was returned to OS.
Actually, display_string is called in the loop, and it will
run Lisp code.

So, I think we meed this change.  What do you think?

*** xdisp.c	10 Sep 2005 09:35:12 +0900	1.1050
--- xdisp.c	10 Sep 2005 18:58:05 +0900	
***************
*** 16036,16042 ****
--- 16036,16047 ----
  	       && (mode_line_target != MODE_LINE_DISPLAY
  		   || it->current_x < it->last_visible_x))
  	  {
+ 	    /* Never change the value of LAST in this block.  */
  	    const unsigned char *last = this;
+ 	    /* String data of ELT may be relocated.  In such a case,
+ 	       OFFSET can be used to make THIS correctly points into
+ 	       the string data of ELT.  */
+ 	    int offset = this - SDATA (elt);
  
  	    /* Advance to end of string or next format specifier.  */
  	    while ((c = *this++) != '\0' && c != '%')
***************
*** 16171,16176 ****
--- 16176,16182 ----
  		else /* c == 0 */
  		  break;
  	      }
+ 	    this = SDATA (elt) + offset + (this - last);
  	  }
        }
        break;

---
Kenichi Handa
handa@m17n.org

^ permalink raw reply	[flat|nested] 14+ messages in thread

end of thread, other threads:[~2005-09-19 13:43 UTC | newest]

Thread overview: 14+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2005-09-12  0:58 potential bug in display_mode_element? Kenichi Handa
2005-09-12  8:04 ` Kim F. Storm
2005-09-12 11:54   ` Kenichi Handa
2005-09-12 12:41 ` Potential GC-related problems in compose_chars_in_text Kim F. Storm
2005-09-13  1:08   ` Kenichi Handa
2005-09-13 15:54   ` Richard M. Stallman
2005-09-14  7:29     ` Kenichi Handa
2005-09-15  2:41       ` Richard M. Stallman
2005-09-15  4:21         ` Kenichi Handa
2005-09-16  1:01           ` Richard M. Stallman
2005-09-16 15:39             ` Stefan Monnier
2005-09-17 13:39               ` Richard M. Stallman
2005-09-19 13:43                 ` Stefan Monnier
2005-09-12 15:34 ` potential bug in display_mode_element? Richard M. Stallman

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/emacs.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).