From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: "Jan D." <jan.h.d@swipnet.se>
Newsgroups: gmane.emacs.bugs
Subject: bug#20156: Emacs 24 stack corruption in
	fontset.c:fontset_pattern_regexp
Date: Sun, 22 Mar 2015 10:23:27 +0100
Message-ID: <A353AAE9-AF49-4146-B2FE-789C25B7E575@swipnet.se>
References: <F8A72762-CE59-4EEA-B06B-5E71E5FE1A04@exchange.mit.edu>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Trace: ger.gmane.org 1427016267 31968 80.91.229.3 (22 Mar 2015 09:24:27 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sun, 22 Mar 2015 09:24:27 +0000 (UTC)
Cc: 20156-done@debbugs.gnu.org
To: John F Carr <jfc@mit.edu>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Mar 22 10:24:14 2015
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1YZc7A-00037w-Tf
	for geb-bug-gnu-emacs@m.gmane.org; Sun, 22 Mar 2015 10:24:13 +0100
Original-Received: from localhost ([::1]:50261 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1YZc7A-0005GB-6t
	for geb-bug-gnu-emacs@m.gmane.org; Sun, 22 Mar 2015 05:24:12 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:44102)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1YZc76-0005Fz-70
	for bug-gnu-emacs@gnu.org; Sun, 22 Mar 2015 05:24:09 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1YZc71-0001dy-6i
	for bug-gnu-emacs@gnu.org; Sun, 22 Mar 2015 05:24:08 -0400
Original-Received: from debbugs.gnu.org ([140.186.70.43]:42260)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1YZc71-0001dr-3M
	for bug-gnu-emacs@gnu.org; Sun, 22 Mar 2015 05:24:03 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1YZc70-0000YU-Rj
	for bug-gnu-emacs@gnu.org; Sun, 22 Mar 2015 05:24:02 -0400
Resent-From: "Jan D." <jan.h.d@swipnet.se>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-To: bug-gnu-emacs@gnu.org
Resent-Date: Sun, 22 Mar 2015 09:24:02 +0000
Resent-Message-ID: <handler.20156.D20156.14270162182090.done@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: cc-closed 20156
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: 
Mail-Followup-To: 20156@debbugs.gnu.org, jan.h.d@swipnet.se, jfc@mit.edu
Original-Received: via spool by 20156-done@debbugs.gnu.org id=D20156.14270162182090
	(code D ref 20156); Sun, 22 Mar 2015 09:24:02 +0000
Original-Received: (at 20156-done) by debbugs.gnu.org; 22 Mar 2015 09:23:38 +0000
Original-Received: from localhost ([127.0.0.1]:60267 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1YZc6c-0000Xe-Bo
	for submit@debbugs.gnu.org; Sun, 22 Mar 2015 05:23:38 -0400
Original-Received: from mailfe04.swip.net ([212.247.154.97]:44743 helo=swip.net)
	by debbugs.gnu.org with esmtp (Exim 4.80)
	(envelope-from <jan.h.d@swipnet.se>) id 1YZc6Z-0000XO-Og
	for 20156-done@debbugs.gnu.org; Sun, 22 Mar 2015 05:23:36 -0400
X-T2-Spam-Status: No, hits=0.8 required=5.0 tests=BAYES_50
Original-Received: from hosdjarv.se (account mj138573@tele2.se [46.59.42.57] verified)
	by mailfe04.swip.net (CommuniGate Pro SMTP 5.4.4)
	with ESMTPA id 580672437; Sun, 22 Mar 2015 10:23:28 +0100
In-Reply-To: <F8A72762-CE59-4EEA-B06B-5E71E5FE1A04@exchange.mit.edu>
X-Mailer: Apple Mail (2.2070.6)
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.15
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 140.186.70.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:100774
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/100774>

Good call.  Fixed in trunk and emacs-24 branch.

	Jan D.

> 21 mar 2015 kl. 13:06 skrev John F Carr <jfc@mit.edu>:
>=20
> Emacs crashes on Mac Yosemite (native window system) when I use =
set-frame-font with certain font patterns.  The cause is writing past =
the end of an alloca buffer in fontset.c:fontset_pattern_regexp.  This =
triggers a stack check assertion.  Alloca is used to allocate space for =
a regexp, but the size neglects to consider the ^$ around the regexp.  =
=E2=80=9C+1=E2=80=9D should be =E2=80=9C+3=E2=80=9D.
>=20
> To reproduce:
>=20
> (set-frame-font =
"-adobe-courier-medium-r-normal--24-*-75-75-m-150-iso8859-1=E2=80=9D)
>=20
> without X installed.
>=20
> Bug in 24.3 and "GNU Emacs 24.4.2 (x86_64-apple-darwin14.1.0, NS =
apple-appkit-1344.72)=E2=80=9D.
>=20
>=20
>=20
> <fontset.diff>