From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Chong Yidong Newsgroups: gmane.emacs.bugs Subject: bug#2370: 23.0.90; decode-coding-region make emacs crash Date: Wed, 18 Feb 2009 19:17:56 -0500 Message-ID: <87zlgjwa8b.fsf@cyd.mit.edu> Reply-To: Chong Yidong , 2370@emacsbugs.donarmstrong.com NNTP-Posting-Host: lo.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: ger.gmane.org 1235004235 14685 80.91.229.12 (19 Feb 2009 00:43:55 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 19 Feb 2009 00:43:55 +0000 (UTC) Cc: Hiroshi Fujishima , 2370@emacsbugs.donarmstrong.com To: Kenichi Handa Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Thu Feb 19 01:45:09 2009 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([199.232.76.165]) by lo.gmane.org with esmtp (Exim 4.50) id 1LZx2J-0001So-BH for geb-bug-gnu-emacs@m.gmane.org; Thu, 19 Feb 2009 01:45:07 +0100 Original-Received: from localhost ([127.0.0.1]:47254 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LZx0z-0001NB-7Y for geb-bug-gnu-emacs@m.gmane.org; Wed, 18 Feb 2009 19:43:45 -0500 Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1LZx0v-0001MR-IA for bug-gnu-emacs@gnu.org; Wed, 18 Feb 2009 19:43:41 -0500 Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1LZx0u-0001LJ-0V for bug-gnu-emacs@gnu.org; Wed, 18 Feb 2009 19:43:41 -0500 Original-Received: from [199.232.76.173] (port=43270 helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1LZx0t-0001L1-GK for bug-gnu-emacs@gnu.org; Wed, 18 Feb 2009 19:43:39 -0500 Original-Received: from rzlab.ucr.edu ([138.23.92.77]:49741) by monty-python.gnu.org with esmtps (TLS-1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.60) (envelope-from ) id 1LZx0s-0001iz-Mw for bug-gnu-emacs@gnu.org; Wed, 18 Feb 2009 19:43:39 -0500 Original-Received: from rzlab.ucr.edu (rzlab.ucr.edu [127.0.0.1]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id n1J0hZh2019878; Wed, 18 Feb 2009 16:43:36 -0800 Original-Received: (from debbugs@localhost) by rzlab.ucr.edu (8.13.8/8.13.8/Submit) id n1J0P8pV014760; Wed, 18 Feb 2009 16:25:08 -0800 X-Loop: owner@emacsbugs.donarmstrong.com Resent-From: Chong Yidong Resent-To: bug-submit-list@donarmstrong.com Resent-CC: Emacs Bugs Resent-Date: Thu, 19 Feb 2009 00:25:08 +0000 Resent-Message-ID: Resent-Sender: owner@emacsbugs.donarmstrong.com X-Emacs-PR-Message: followup 2370 X-Emacs-PR-Package: emacs X-Emacs-PR-Keywords: Original-Received: via spool by 2370-submit@emacsbugs.donarmstrong.com id=B2370.123500262812691 (code B ref 2370); Thu, 19 Feb 2009 00:25:08 +0000 Original-Received: (at 2370) by emacsbugs.donarmstrong.com; 19 Feb 2009 00:17:08 +0000 X-Spam-Bayes: score:0.5 Bayes not run. spammytokens:Tokens not available. hammytokens:Tokens not available. Original-Received: from cyd.mit.edu (CYD.MIT.EDU [18.115.2.24]) by rzlab.ucr.edu (8.13.8/8.13.8/Debian-3) with ESMTP id n1J0H2cE012685 for <2370@emacsbugs.donarmstrong.com>; Wed, 18 Feb 2009 16:17:03 -0800 Original-Received: by cyd.mit.edu (Postfix, from userid 1000) id 6D52257E1D7; Wed, 18 Feb 2009 19:17:56 -0500 (EST) X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 3) Resent-Date: Wed, 18 Feb 2009 19:43:41 -0500 X-BeenThere: bug-gnu-emacs@gnu.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:25435 Archived-At: Hi Handa-san, Please take a look at this bug: http://emacsbugs.donarmstrong.com/cgi-bin/bugreport.cgi?bug=2370 The crash occurs because of memory corruption due to overwriting the carrover buffer at line 6809 of coding.c. For the sample provided by the OP, (coding->src_bytes - coding->consumed) == 99. This looks like a bug in decode_coding_iso_2022.