From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Dmitry Antipov Newsgroups: gmane.emacs.bugs Subject: bug#16457: 24.3.50; crash rendering Arabic Uthmani script Date: Thu, 16 Jan 2014 12:01:04 +0400 Message-ID: <52D791C0.7000405@yandex.ru> References: <52D6C466.9080909@yandex.ru> <838uuh3zx7.fsf@gnu.org> <7obnzcor73.fsf@fencepost.gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Trace: ger.gmane.org 1389859334 8576 80.91.229.3 (16 Jan 2014 08:02:14 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 16 Jan 2014 08:02:14 +0000 (UTC) Cc: 16457@debbugs.gnu.org To: Eli Zaretskii Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Jan 16 09:02:20 2014 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1W3hu7-00065P-LA for geb-bug-gnu-emacs@m.gmane.org; Thu, 16 Jan 2014 09:02:19 +0100 Original-Received: from localhost ([::1]:58993 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W3hu7-0004TS-AP for geb-bug-gnu-emacs@m.gmane.org; Thu, 16 Jan 2014 03:02:19 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:53439) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W3hty-0004TI-8J for bug-gnu-emacs@gnu.org; Thu, 16 Jan 2014 03:02:16 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1W3htr-00006O-Nc for bug-gnu-emacs@gnu.org; Thu, 16 Jan 2014 03:02:10 -0500 Original-Received: from debbugs.gnu.org ([140.186.70.43]:38749) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1W3htr-00006I-KM for bug-gnu-emacs@gnu.org; Thu, 16 Jan 2014 03:02:03 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1W3htq-000571-Kh for bug-gnu-emacs@gnu.org; Thu, 16 Jan 2014 03:02:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Dmitry Antipov Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 16 Jan 2014 08:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 16457 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: Original-Received: via spool by 16457-submit@debbugs.gnu.org id=B16457.138985928019599 (code B ref 16457); Thu, 16 Jan 2014 08:02:02 +0000 Original-Received: (at 16457) by debbugs.gnu.org; 16 Jan 2014 08:01:20 +0000 Original-Received: from localhost ([127.0.0.1]:52767 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W3ht3-00055t-3i for submit@debbugs.gnu.org; Thu, 16 Jan 2014 03:01:19 -0500 Original-Received: from forward2h.mail.yandex.net ([84.201.187.147]:52499) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1W3hsy-00055g-An for 16457@debbugs.gnu.org; Thu, 16 Jan 2014 03:01:09 -0500 Original-Received: from smtp2h.mail.yandex.net (smtp2h.mail.yandex.net [84.201.187.145]) by forward2h.mail.yandex.net (Yandex) with ESMTP id 8A4B8700E5F; Thu, 16 Jan 2014 12:01:06 +0400 (MSK) Original-Received: from smtp2h.mail.yandex.net (localhost [127.0.0.1]) by smtp2h.mail.yandex.net (Yandex) with ESMTP id 94FEC170042F; Thu, 16 Jan 2014 12:01:05 +0400 (MSK) Original-Received: from unknown (unknown [37.139.80.10]) by smtp2h.mail.yandex.net (nwsmtp/Yandex) with ESMTPSA id W5FBnP3ezi-15fueGLo; Thu, 16 Jan 2014 12:01:05 +0400 (using TLSv1 with cipher CAMELLIA256-SHA (256/256 bits)) (Client certificate not present) X-Yandex-Uniq: 2a930d01-b91e-4d2c-a100-4bc8b890138a DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.ru; s=mail; t=1389859265; bh=Q4q2/+7q1PGxZXzFQIjNYrUfg6PadygNUJQcJLW50ZA=; h=Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject: References:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=XSf36/1BSFhWDBRBz06mmvH6GmrB6Jz2V9bC+MbH2VV/Qt3R4pketlA3pXssn5zdK 3UV0gRe23QDOsoLVPxF219UZ1RVlSvwWsqLJ/jvaK83NGsEijBrJX8qAmjJWdiHXjz Zn0G+Lccf6MFER60f1fMQ91e54+Z3tlXl12msnxo= Authentication-Results: smtp2h.mail.yandex.net; dkim=pass header.i=@yandex.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 In-Reply-To: <7obnzcor73.fsf@fencepost.gnu.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 140.186.70.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:83575 Archived-At: I'm not familiar with composition sequences in detail, but there is a hint. For the uthmani-test.txt, the following code in set_iterator_to_next: 7127 /* Composition created while scanning forward. */ 7128 /* Update IT's char/byte positions to point to the first 7129 character of the next grapheme cluster, or to the 7130 character visually after the current composition. */ 7131 for (i = 0; i < it->cmp_it.nchars; i++) 7132 bidi_move_to_visually_next (&it->bidi_it); 7133 IT_BYTEPOS (*it) = it->bidi_it.bytepos; 7134 IT_CHARPOS (*it) = it->bidi_it.charpos; advances IT from charpos:bytepos 11:21 to 13:25. But the following fragment from scan_for_column: 586 /* Check composition sequence. */ 587 if (cmp_it.id >= 0 588 || (scan == cmp_it.stop_pos 589 && composition_reseat_it (&cmp_it, scan, scan_byte, end, 590 w, NULL, Qnil))) 591 composition_update_it (&cmp_it, scan, scan_byte, Qnil); 592 if (cmp_it.id >= 0) 593 { 594 scan += cmp_it.nchars; 595 scan_byte += cmp_it.nbytes; advances SCAN:SCAN_BYTE from 11:21 to 13:24. So the byte position becomes invalid and FETCH_CHAR_ADVANCE decodes invalid byte sequence to invalid character C. Finally, CHAR_TABLE_REF (Vcomposition_function_table, C) goes out of bounds. Dmitry