From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Paul Eggert <eggert@cs.ucla.edu>
Newsgroups: gmane.emacs.bugs
Subject: bug#23704: 25.1.50; Emacs crash in syntax.c
Date: Tue, 7 Jun 2016 00:26:55 -0700
Organization: UCLA Computer Science Department
Message-ID: <5756773F.4050801@cs.ucla.edu>
References: <faf2ab43-d90a-488f-1af7-c2a8d13a338e@cs.ucla.edu>
	<83ziqyrvos.fsf@gnu.org>
	<30e0500c-8cd5-d9aa-4949-855a527c3ada@cs.ucla.edu>
	<83r3c9soy0.fsf@gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------090507050607010703010203"
X-Trace: ger.gmane.org 1465284507 21731 80.91.229.3 (7 Jun 2016 07:28:27 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 7 Jun 2016 07:28:27 +0000 (UTC)
Cc: schwab@suse.de, 23704@debbugs.gnu.org, vincent.belaiche@gmail.com
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Tue Jun 07 09:28:15 2016
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1bABQr-000079-Vn
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 07 Jun 2016 09:28:14 +0200
Original-Received: from localhost ([::1]:47476 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1bABQr-00078v-24
	for geb-bug-gnu-emacs@m.gmane.org; Tue, 07 Jun 2016 03:28:13 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:48630)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bABQl-00078i-Er
	for bug-gnu-emacs@gnu.org; Tue, 07 Jun 2016 03:28:08 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bABQg-0008CT-C9
	for bug-gnu-emacs@gnu.org; Tue, 07 Jun 2016 03:28:07 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:45073)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bABQg-0008CP-8z
	for bug-gnu-emacs@gnu.org; Tue, 07 Jun 2016 03:28:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bABQg-0004ZV-0u
	for bug-gnu-emacs@gnu.org; Tue, 07 Jun 2016 03:28:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Paul Eggert <eggert@cs.ucla.edu>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Tue, 07 Jun 2016 07:28:01 +0000
Resent-Message-ID: <handler.23704.B23704.146528442417501@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 23704
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: patch
Original-Received: via spool by 23704-submit@debbugs.gnu.org id=B23704.146528442417501
	(code B ref 23704); Tue, 07 Jun 2016 07:28:01 +0000
Original-Received: (at 23704) by debbugs.gnu.org; 7 Jun 2016 07:27:04 +0000
Original-Received: from localhost ([127.0.0.1]:57410 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1bABPk-0004YD-7l
	for submit@debbugs.gnu.org; Tue, 07 Jun 2016 03:27:04 -0400
Original-Received: from zimbra.cs.ucla.edu ([131.179.128.68]:60256)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <eggert@cs.ucla.edu>) id 1bABPi-0004Xh-4u
	for 23704@debbugs.gnu.org; Tue, 07 Jun 2016 03:27:02 -0400
Original-Received: from localhost (localhost [127.0.0.1])
	by zimbra.cs.ucla.edu (Postfix) with ESMTP id AC7031613BD;
	Tue,  7 Jun 2016 00:26:56 -0700 (PDT)
Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1])
	by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032)
	with ESMTP id NV-vmo7cDd-5; Tue,  7 Jun 2016 00:26:55 -0700 (PDT)
Original-Received: from localhost (localhost [127.0.0.1])
	by zimbra.cs.ucla.edu (Postfix) with ESMTP id AADE61613C1;
	Tue,  7 Jun 2016 00:26:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at zimbra.cs.ucla.edu
Original-Received: from zimbra.cs.ucla.edu ([127.0.0.1])
	by localhost (zimbra.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026)
	with ESMTP id IlyXNoVp2S45; Tue,  7 Jun 2016 00:26:55 -0700 (PDT)
Original-Received: from [192.168.1.9] (unknown [100.32.155.148])
	by zimbra.cs.ucla.edu (Postfix) with ESMTPSA id 7DFFD1613BD;
	Tue,  7 Jun 2016 00:26:55 -0700 (PDT)
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
	Thunderbird/38.8.0
In-Reply-To: <83r3c9soy0.fsf@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:119201
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/119201>

This is a multi-part message in MIME format.
--------------090507050607010703010203
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Eli Zaretskii wrote:
> I think we need to fix the rest on the release branch as well.

Ah, sorry, I got confused by the phrase "release branch", and thought the=
 phrase=20
referred to master instead of to emacs-25. Anyway, attached is a revised =
patch=20
that I think fixes the whole problem.

--------------090507050607010703010203
Content-Type: text/x-diff;
 name="0001-Fix-crash-in-syntax.c-after-GC.patch"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
 filename="0001-Fix-crash-in-syntax.c-after-GC.patch"

=46rom 2537a82e008e02fb620223509993c035e9645564 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Mon, 6 Jun 2016 22:37:12 -0700
Subject: [PATCH] Fix crash in syntax.c after GC
MIME-Version: 1.0
Content-Type: text/plain; charset=3DUTF-8
Content-Transfer-Encoding: 8bit

Problem reported by Vincent Bela=C3=AFche (Bug#23704).
* src/syntax.c (skip_chars): Recompute pointers into the
buffer after every call to update_syntax_table_forward,
as it can GC.
---
 src/syntax.c | 59 ++++++++++++++++++++++++------------------------------=
-----
 1 file changed, 24 insertions(+), 35 deletions(-)

diff --git a/src/syntax.c b/src/syntax.c
index 16b7fab..6f53684 100644
--- a/src/syntax.c
+++ b/src/syntax.c
@@ -2171,63 +2171,51 @@ skip_syntaxes (bool forwardp, Lisp_Object string,=
 Lisp_Object lim)
     ptrdiff_t start_point =3D PT;
     ptrdiff_t pos =3D PT;
     ptrdiff_t pos_byte =3D PT_BYTE;
-    unsigned char *p =3D PT_ADDR, *endp, *stop;
-
-    if (forwardp)
-      {
-	endp =3D (XINT (lim) =3D=3D GPT) ? GPT_ADDR : CHAR_POS_ADDR (XINT (lim)=
);
-	stop =3D (pos < GPT && GPT < XINT (lim)) ? GPT_ADDR : endp;
-      }
-    else
-      {
-	endp =3D CHAR_POS_ADDR (XINT (lim));
-	stop =3D (pos >=3D GPT && GPT > XINT (lim)) ? GAP_END_ADDR : endp;
-      }
+    unsigned char *p, *endp, *stop;
=20
     immediate_quit =3D 1;
     SETUP_SYNTAX_TABLE (pos, forwardp ? 1 : -1);
+
     if (forwardp)
       {
-	if (multibyte)
+	while (true)
 	  {
-	    while (1)
+	    p =3D BYTE_POS_ADDR (pos_byte);
+	    endp =3D XINT (lim) =3D=3D GPT ? GPT_ADDR : CHAR_POS_ADDR (XINT (li=
m));
+	    stop =3D pos < GPT && GPT < XINT (lim) ? GPT_ADDR : endp;
+
+	    do
 	      {
 		int nbytes;
=20
 		if (p >=3D stop)
 		  {
 		    if (p >=3D endp)
-		      break;
+		      goto done;
 		    p =3D GAP_END_ADDR;
 		    stop =3D endp;
 		  }
-		c =3D STRING_CHAR_AND_LENGTH (p, nbytes);
+		if (multibyte)
+		  c =3D STRING_CHAR_AND_LENGTH (p, nbytes);
+		else
+		  c =3D *p, nbytes =3D 1;
 		if (! fastmap[SYNTAX (c)])
-		  break;
+		  goto done;
 		p +=3D nbytes, pos++, pos_byte +=3D nbytes;
-		UPDATE_SYNTAX_TABLE_FORWARD (pos);
-	      }
-	  }
-	else
-	  {
-	    while (1)
-	      {
-		if (p >=3D stop)
-		  {
-		    if (p >=3D endp)
-		      break;
-		    p =3D GAP_END_ADDR;
-		    stop =3D endp;
-		  }
-		if (! fastmap[SYNTAX (*p)])
-		  break;
-		p++, pos++, pos_byte++;
-		UPDATE_SYNTAX_TABLE_FORWARD (pos);
 	      }
+	    while (!parse_sexp_lookup_properties
+		   || pos < gl_state.e_property);
+
+	    update_syntax_table_forward (pos + gl_state.offset,
+					 false, gl_state.object);
 	  }
       }
     else
       {
+	p =3D BYTE_POS_ADDR (pos_byte);
+	endp =3D CHAR_POS_ADDR (XINT (lim));
+	stop =3D pos >=3D GPT && GPT > XINT (lim) ? GAP_END_ADDR : endp;
+
 	if (multibyte)
 	  {
 	    while (1)
@@ -2269,6 +2257,7 @@ skip_syntaxes (bool forwardp, Lisp_Object string, L=
isp_Object lim)
 	  }
       }
=20
+  done:
     SET_PT_BOTH (pos, pos_byte);
     immediate_quit =3D 0;
=20
--=20
2.5.5


--------------090507050607010703010203--