From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Dmitry Antipov Newsgroups: gmane.emacs.bugs Subject: Re: Re: Crash calling md5 for a list of buffers Date: Thu, 22 Jan 2004 14:34:45 +0300 Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Message-ID: <400FB555.2000403@dev.rtsoft.ru> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Trace: sea.gmane.org 1074768092 3008 80.91.224.253 (22 Jan 2004 10:41:32 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Thu, 22 Jan 2004 10:41:32 +0000 (UTC) Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Jan 22 11:41:20 2004 Return-path: Original-Received: from monty-python.gnu.org ([199.232.76.173]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1AjcH2-0008Pj-00 for ; Thu, 22 Jan 2004 11:41:20 +0100 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.24) id 1AjcEY-0002JB-N7 for geb-bug-gnu-emacs@m.gmane.org; Thu, 22 Jan 2004 05:38:46 -0500 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.24) id 1AjcDv-00020I-Rd for bug-gnu-emacs@gnu.org; Thu, 22 Jan 2004 05:38:07 -0500 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.24) id 1AjcDG-0001D0-W9 for bug-gnu-emacs@gnu.org; Thu, 22 Jan 2004 05:37:58 -0500 Original-Received: from [80.240.96.70] (helo=mail.dev.rtsoft.ru) by monty-python.gnu.org with smtp (Exim 4.24) id 1AjcDF-00018F-7D for bug-gnu-emacs@gnu.org; Thu, 22 Jan 2004 05:37:25 -0500 Original-Received: (qmail 11493 invoked from network); 22 Jan 2004 10:16:24 -0000 Original-Received: from antipov.dev.rtsoft.ru (HELO dev.rtsoft.ru) (192.168.1.213) by mail.dev.rtsoft.ru with SMTP; 22 Jan 2004 10:16:24 -0000 User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6) Gecko/20040113 X-Accept-Language: en-us, en Original-To: bug-gnu-emacs@gnu.org X-BeenThere: bug-gnu-emacs@gnu.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: Bug reports for GNU Emacs, the Swiss army knife of text editors List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: main.gmane.org gmane.emacs.bugs:6683 X-Report-Spam: http://spam.gmane.org/gmane.emacs.bugs:6683 Kevin Rodgers wrote: > There must be something wrong in the code in fns.c:Fmd5() that computes > and checks the buffer beginning and end when its run with object set to > the xdisp.c buffer, because either the subsequent call to > select-safe-coding-system (via Vselect_safe_coding_system_function) or > make_buffer_string is passed an end argument that is 1 larger than the > buffer size (which precipitates the Lisp error or the crash, > respectively). Can anyone see what's wrong here? IMHO this code is correct, but Fmd5 really has stupid error. Here it is. If 1st arg is a string, all goes ok. If it's a buffer, we have a 'struct buffer *bp' which points to the buffer to process. For buffer 'bp' points to, we are calculating begin (b) and end (e) boundaries. Then, after selecting coding system, we do 'make_buffer_string (b, e, 0)'. But this function works with 'struct buffer *current_buffer', not with 'bp' ! So, if the size of buffer pointed via *bp is more than the size of *current_buffer, we have an abort(): make_buffer_string() -> CHAR_TO_BYTE(end) -> buf_charpos_to_bytepos(...): ... if (charpos < BUF_BEG (b) || charpos > BUF_Z (b)) abort (); ... because 'b' here points to the current buffer, but 'charpos' arg is calculated for *bp from Fmd5. An obvious (but I'm not sure the best, btw) fix is: ... struct buffer *bt; ... bt = current_buffer, current_buffer = bp; object = make_buffer_string (b, e, 0); current_buffer = bt; ... I've already posted it here (see my e-mail "Probably fixed..."), but still has no reply on it :-(. Tnanks for your help, Dmitry