From 29b919dcce693135cc7f5d2952c551d2ac446602 Mon Sep 17 00:00:00 2001
From: Pip Cet <pipcet@protonmail.com>
Date: Fri, 16 Aug 2024 19:00:38 +0000
Subject: [PATCH] Avoid crashes when pure space overflows

When pure space has overflowed, all objects are potentially pure.  This
means we cannot use 'SDATA_OF_STRING' on them, or assume they're invalid
when printing them.

* src/alloc.c (string_bytes):
(pin_string): Do nothing after pure space overflow.
(valid_lisp_object_p): Never return 0 after pure space overflow.
---
 src/alloc.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/alloc.c b/src/alloc.c
index 06fe12cff3d..616ec3083b9 100644
--- a/src/alloc.c
+++ b/src/alloc.c
@@ -1797,7 +1797,7 @@ string_bytes (struct Lisp_String *s)
     (s->u.s.size_byte < 0 ? s->u.s.size & ~ARRAY_MARK_FLAG : s->u.s.size_byte);
 
   if (!PURE_P (s) && !pdumper_object_p (s) && s->u.s.data
-      && nbytes != SDATA_NBYTES (SDATA_OF_STRING (s)))
+      && !pure_bytes_used_before_overflow && nbytes != SDATA_NBYTES (SDATA_OF_STRING (s)))
     emacs_abort ();
   return nbytes;
 }
@@ -2644,7 +2644,7 @@ pin_string (Lisp_Object string)
 
   if (!(size > LARGE_STRING_BYTES
 	|| PURE_P (data) || pdumper_object_p (data)
-	|| s->u.s.size_byte == -3))
+	|| s->u.s.size_byte == -3 || pure_bytes_used_before_overflow))
     {
       eassert (s->u.s.size_byte == -1);
       sdata *old_sdata = SDATA_OF_STRING (s);
@@ -5606,6 +5606,9 @@ valid_lisp_object_p (Lisp_Object obj)
   if (pdumper_object_p (p))
     return pdumper_object_p_precise (p) ? 1 : 0;
 
+  if (pure_bytes_used_before_overflow)
+    return -1;
+
   struct mem_node *m = mem_find (p);
 
   if (m == MEM_NIL)
-- 
2.45.2