From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: npostavs@users.sourceforge.net
Newsgroups: gmane.emacs.bugs
Subject: bug#23386: Segfault when messing with font-backend
Date: Sat, 09 Jul 2016 15:11:42 -0400
Message-ID: <87d1mmiq35.fsf@users.sourceforge.net>
References: <jwvlh3zfb45.fsf@iro.umontreal.ca> <83y47zxi81.fsf@gnu.org>
	<jwva8kf9lv0.fsf-monnier+emacsbugs@gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Trace: ger.gmane.org 1468091546 19274 80.91.229.3 (9 Jul 2016 19:12:26 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sat, 9 Jul 2016 19:12:26 +0000 (UTC)
Cc: 23386@debbugs.gnu.org
To: Stefan Monnier <monnier@IRO.UMontreal.CA>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Jul 09 21:12:15 2016
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1bLxfj-0005If-01
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 09 Jul 2016 21:12:15 +0200
Original-Received: from localhost ([::1]:52180 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1bLxfi-0007Sc-19
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 09 Jul 2016 15:12:14 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:37776)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bLxfa-0007R1-H6
	for bug-gnu-emacs@gnu.org; Sat, 09 Jul 2016 15:12:07 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bLxfW-0004wQ-9s
	for bug-gnu-emacs@gnu.org; Sat, 09 Jul 2016 15:12:05 -0400
Original-Received: from debbugs.gnu.org ([208.118.235.43]:60285)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bLxfW-0004wG-64
	for bug-gnu-emacs@gnu.org; Sat, 09 Jul 2016 15:12:02 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1bLxfV-00068D-Va
	for bug-gnu-emacs@gnu.org; Sat, 09 Jul 2016 15:12:02 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: npostavs@users.sourceforge.net
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 09 Jul 2016 19:12:01 +0000
Resent-Message-ID: <handler.23386.B23386.146809151223550@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 23386
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Original-Received: via spool by 23386-submit@debbugs.gnu.org id=B23386.146809151223550
	(code B ref 23386); Sat, 09 Jul 2016 19:12:01 +0000
Original-Received: (at 23386) by debbugs.gnu.org; 9 Jul 2016 19:11:52 +0000
Original-Received: from localhost ([127.0.0.1]:44389 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1bLxfM-00067i-BU
	for submit@debbugs.gnu.org; Sat, 09 Jul 2016 15:11:52 -0400
Original-Received: from mail-io0-f169.google.com ([209.85.223.169]:32950)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <npostavs@gmail.com>)
	id 1bLxfK-00067O-0k; Sat, 09 Jul 2016 15:11:50 -0400
Original-Received: by mail-io0-f169.google.com with SMTP id t74so69722237ioi.0;
	Sat, 09 Jul 2016 12:11:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; 
	h=sender:from:to:cc:subject:references:date:in-reply-to:message-id
	:user-agent:mime-version;
	bh=7gg93yqNmQmy3nmHOdat3EFdzZR46PlVnJP+I5XjDyg=;
	b=wLNHnB1oGgRUkJOzI4gBPCsDRj9NJ2SGRPMiOCM5RNVqjrN8lXa6/jrXXe+0rHFoyj
	2g212HzOdswtzQjc85MtjTTBYMDZG05y6cvZE8c5iGfwjQi5jAysDsgAF/xFDJ/Eer57
	IRdxe0aQNewDHv/9bGsxkO5wle3d0G2DX02muGrq4tXG/r1pMZXMP1VQB5tLrrv0Vz7V
	O/CT1/68cJRpyw8QG8tGa9DjvYHFiTgweJfKvZteWDJvoH7Wk9IhE8H6JFVkk7puWM7k
	DoZdEV9TFEvkON8fk4OW0COgQ99t2KfEDPL2zATtjwp9Gn2iW332AxldyOoByIXdyb4M
	Dd5Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:sender:from:to:cc:subject:references:date
	:in-reply-to:message-id:user-agent:mime-version;
	bh=7gg93yqNmQmy3nmHOdat3EFdzZR46PlVnJP+I5XjDyg=;
	b=Pl6uVE96vtXNji3Dl0j/slE9Icssr8cP7sfXCJiKYK3dhm/QX27dfIpFP54d8QZ9V3
	7JwPEAKYKant0aeBu8jPYX3sGzFJf9h1aWL5DimjwZnmDn7CQR6GcnOIOm6OP23pONop
	37jw5qx14X0p7Y7F13tpPLzZL/CKEFmLNDHVjR6FeEojQPyiGd6RmBGV5vN+GdLxumTn
	izUcpk1ilWl+ODLkxIHGlbY2LweXt3xUwqSp3Er/0IOdr+L7/3hp0lNNYNLCtAE7ss6N
	jBAnGt4pkDpGqbjWli7jQtL7x8ZXF/kZ153vgkn6lFboSm810dgeN6k76cC8cfqL+31z
	AhQQ==
X-Gm-Message-State: ALyK8tL+HCezZtAu1hNJUCr9td61i6taf/d/y3EQEl0xfOf7dmeTkVxEsC7bbG8EWDuJbw==
X-Received: by 10.107.58.65 with SMTP id h62mr15188882ioa.172.1468091504461;
	Sat, 09 Jul 2016 12:11:44 -0700 (PDT)
Original-Received: from zony (206-188-64-44.cpe.distributel.net. [206.188.64.44])
	by smtp.googlemail.com with ESMTPSA id
	p63sm3897543itg.9.2016.07.09.12.11.43
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Sat, 09 Jul 2016 12:11:43 -0700 (PDT)
In-Reply-To: <jwva8kf9lv0.fsf-monnier+emacsbugs@gnu.org> (Stefan Monnier's
	message of "Wed, 27 Apr 2016 10:23:00 -0400")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.93 (gnu/linux)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs/>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: "bug-gnu-emacs"
	<bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.bugs:120714
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/120714>

--=-=-=
Content-Type: text/plain

found 23386 24.1
found 23386 24.5
found 23386 25.0.95
tags 23386 confirmed
quit

- Emacs versions 24.1, 24.2, 24.4, 24.5 all segfault this case.
- Emacs versions 23.4 and 24.3 don't segfault, but the first frame
  shows boxes for the characters in the modeline, and still seems to
  be using the Xft font in the initial frame (subsequently created
  frames use a font from the X backend).

In all cases this error is triggerred on startup:
"frame-notice-user-settings: Font `-PfEd-DejaVu Sans
Mono-normal-normal-normal-*-15-*-*-*-m-0-iso10646-1' is not defined",
although only in the latter case is Emacs able to display it, otherwise
it segfaults first.

AFAICT, this it's the same bug in all versions, some happen not to
segfault by accident.

The segfault happens when using font with

  (font->driver == &xftfont_driver) &&
  ((struct xftfont_info *)font)->xftfont == NULL

Passing NULL xftfont to Xft library triggers a segfault.

The way we end up with this kind of bad font object, is that
x_set_font_backend calls font_update_drivers which eventually calls
xftfont_close which sets the xftfont field of the frame's font to NULL,
but the frame still refers to this closed object.  The chosen font is
not updated, because it's set in the frame-parameters, so when
x_set_font_backend tries to honour this choice, it gets the error "Font
... is not defined" mentioned above (the font was defined only for the
xft backend, not the remaining x backend), and leaves the invalid font
object as the frame's default font.

Here is a patch that attempts to fix the issue by resetting the font
after the backend is changed.  It does let Emacs successfully open the
frame with the new font (no funny box characters in the modeline), but
I'm not sure if it's the best way of marking the font object invalid.


--=-=-=
Content-Type: text/x-diff
Content-Disposition: inline;
 filename=v1-0001-Don-t-segfault-on-font-backend-change-Bug-23386.patch
Content-Description: patch

>From 190e70acf940ad7678812e069e74fce93668a8a8 Mon Sep 17 00:00:00 2001
From: Noam Postavsky <npostavs@gmail.com>
Date: Sat, 9 Jul 2016 14:20:53 -0400
Subject: [PATCH v1] Don't segfault on font backend change (Bug #23386)

* src/font.c (font_finish_cache): Kill frame's font if it used the
driver we just turned off.
* src/frame.c (x_set_font_backend): Reset the frame's font if it's been
killed.
---
 src/font.c  |  7 +++++++
 src/frame.c | 16 ++++++++++++++--
 src/frame.h |  1 +
 src/xfns.c  |  2 +-
 4 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/src/font.c b/src/font.c
index 2519599..e48b566 100644
--- a/src/font.c
+++ b/src/font.c
@@ -2587,6 +2587,13 @@ font_finish_cache (struct frame *f, struct font_driver *driver)
       font_clear_cache (f, XCAR (val), driver);
       XSETCDR (cache, XCDR (val));
     }
+
+  if (FRAME_FONT (f)->driver == driver)
+    {
+      /* Don't leave the frame's font pointing to a closed driver. */
+      store_frame_param(f, Qfont, Qnil);
+      FRAME_FONT (f) = NULL;
+    }
 }
 
 
diff --git a/src/frame.c b/src/frame.c
index 00f25f7..d7454d9 100644
--- a/src/frame.c
+++ b/src/frame.c
@@ -3677,6 +3677,8 @@ x_set_font (struct frame *f, Lisp_Object arg, Lisp_Object oldval)
 void
 x_set_font_backend (struct frame *f, Lisp_Object new_value, Lisp_Object old_value)
 {
+  Lisp_Object frame;
+
   if (! NILP (new_value)
       && !CONSP (new_value))
     {
@@ -3718,11 +3720,21 @@ x_set_font_backend (struct frame *f, Lisp_Object new_value, Lisp_Object old_valu
     }
   store_frame_param (f, Qfont_backend, new_value);
 
+  XSETFRAME (frame, f);
+
+  /* If closing the font driver killed the frame's font, we need to
+     get a new one.  */
+  if (!FRAME_FONT (f))
+    x_default_font_parameter (f, Fframe_parameters (frame));
+  if (!FRAME_FONT (f))
+    {
+      delete_frame (frame, Qnoelisp);
+      error ("Invalid frame font");
+    }
+
   if (FRAME_FONT (f))
     {
-      Lisp_Object frame;
 
-      XSETFRAME (frame, f);
       x_set_font (f, Fframe_parameter (frame, Qfont), Qnil);
       face_change = true;
       windows_or_buffers_changed = 18;
diff --git a/src/frame.h b/src/frame.h
index f0cdcd4..5b5349e 100644
--- a/src/frame.h
+++ b/src/frame.h
@@ -1356,6 +1356,7 @@ extern void x_set_scroll_bar_default_height (struct frame *);
 extern void x_set_offset (struct frame *, int, int, int);
 extern void x_wm_set_size_hint (struct frame *f, long flags, bool user_position);
 extern Lisp_Object x_new_font (struct frame *, Lisp_Object, int);
+extern void x_default_font_parameter (struct frame *f, Lisp_Object parms);
 extern void x_set_frame_parameters (struct frame *, Lisp_Object);
 extern void x_set_fullscreen (struct frame *, Lisp_Object, Lisp_Object);
 extern void x_set_line_spacing (struct frame *, Lisp_Object, Lisp_Object);
diff --git a/src/xfns.c b/src/xfns.c
index 7c1bb1c..1b9dd48 100644
--- a/src/xfns.c
+++ b/src/xfns.c
@@ -3071,7 +3071,7 @@ do_unwind_create_frame (Lisp_Object frame)
   unwind_create_frame (frame);
 }
 
-static void
+void
 x_default_font_parameter (struct frame *f, Lisp_Object parms)
 {
   struct x_display_info *dpyinfo = FRAME_DISPLAY_INFO (f);
-- 
2.8.0


--=-=-=--