bug#1179: Emacs on Windows hangs displaying unibyte strings

["Juanma Barranquero" <lekktu@gmail.com>]

On Fri, Oct 17, 2008 at 15:01, Eli Zaretskii <eliz@gnu.org> wrote:

> It doesn't crash for me, with today's CVS.  But the result is strange
> nonetheless, I think: the single á character in the last line above
> are replaced with _two_ empty boxes about which "C-u C-x =" says:

Could you please try with DejaVu Sans Mono?

I see these four different outputs:

 - Non-optimized build, Courier New: same as you.
 - Non-optimized build, DejaVu Sans Mono: the á character is replaced
by two spaces (not empty boxes) and Emacs hangs.
 - Optimized build, Courier New: á is replaced by two empty boxes, Emacs hangs.
 - Optimized build, DejaVu Sans Mono: Emacs crashes at w32term.c:1279.

>> Program received signal SIGSEGV, Segmentation fault.
>> 0x011f804c in x_draw_glyph_string_background (s=0x82eae0, force_p=1)
>> at w32term.c:1279
>> 1279            if (FONT_HEIGHT (s->font) < s->height - 2 * box_line_width
>
> So what's the reason of the crash?  Is `s' an invalid pointer?

No. s is valid, and so is s->face, for example. s->font is not, however

(gdb) p s
$1 = (struct glyph_string *) 0x82eae0
(gdb) p *s
$2 = {
  x = 384,
  y = 150,
  ...
}
(gdb) p *s->face
$3 = {
  id = 906494016,
  gc = 0x1803,
  ...
}
(gdb) p *s->font
Cannot access memory at address 0xdae80101

> Or
> maybe GDB is confused by optimizations, and shows in correct source
> line?  In the latter case, perhaps disassemblying around the address
> of the crash (0x011f804c according to the above) would give an idea of
> what went wrong.

(gdb) disassemble 0x011f804c
Dump of assembler code for function x_draw_glyph_string_background:
0x011f801c <x_draw_glyph_string_background+0>:  push   %ebp
0x011f801d <x_draw_glyph_string_background+1>:  mov    %esp,%ebp
0x011f801f <x_draw_glyph_string_background+3>:  push   %edi
0x011f8020 <x_draw_glyph_string_background+4>:  push   %esi
0x011f8021 <x_draw_glyph_string_background+5>:  push   %ebx
0x011f8022 <x_draw_glyph_string_background+6>:  sub    $0x2c,%esp
0x011f8025 <x_draw_glyph_string_background+9>:  mov    %eax,%ebx
0x011f8027 <x_draw_glyph_string_background+11>: mov    %edx,%edi
0x011f8029 <x_draw_glyph_string_background+13>: movzbl 0x5c(%eax),%ecx
0x011f802d <x_draw_glyph_string_background+17>: test   $0x2,%cl
0x011f8030 <x_draw_glyph_string_background+20>: jne    0x11f8096
<x_draw_glyph_string_background+122>
0x011f8032 <x_draw_glyph_string_background+22>: mov    0x44(%eax),%eax
0x011f8035 <x_draw_glyph_string_background+25>: mov    0x34(%eax),%edx
0x011f8038 <x_draw_glyph_string_background+28>: mov    %edx,%eax
0x011f803a <x_draw_glyph_string_background+30>: not    %eax
0x011f803c <x_draw_glyph_string_background+32>: sar    $0x1f,%eax
0x011f803f <x_draw_glyph_string_background+35>: and    %eax,%edx
0x011f8041 <x_draw_glyph_string_background+37>: lea    (%edx,%edx,1),%esi
0x011f8044 <x_draw_glyph_string_background+40>: neg    %esi
0x011f8046 <x_draw_glyph_string_background+42>: add    0x14(%ebx),%esi
0x011f8049 <x_draw_glyph_string_background+45>: mov    0x48(%ebx),%eax
0x011f804c <x_draw_glyph_string_background+48>: cmp    %esi,0x58(%eax)
0x011f804f <x_draw_glyph_string_background+51>: jl     0x11f8056
<x_draw_glyph_string_background+58>
0x011f8051 <x_draw_glyph_string_background+53>: and    $0x9,%cl
0x011f8054 <x_draw_glyph_string_background+56>: je     0x11f809e
<x_draw_glyph_string_background+130>
0x011f8056 <x_draw_glyph_string_background+58>: mov    0x10(%ebx),%ecx
0x011f8059 <x_draw_glyph_string_background+61>: add    0x4(%ebx),%edx
0x011f805c <x_draw_glyph_string_background+64>: mov    (%ebx),%eax
0x011f805e <x_draw_glyph_string_background+66>: mov    %eax,-0x1c(%ebp)
0x011f8061 <x_draw_glyph_string_background+69>: mov    %edx,-0x18(%ebp)
0x011f8064 <x_draw_glyph_string_background+72>: add    %ecx,%eax
0x011f8066 <x_draw_glyph_string_background+74>: mov    %eax,-0x14(%ebp)
0x011f8069 <x_draw_glyph_string_background+77>: lea    (%esi,%edx,1),%edx
0x011f806c <x_draw_glyph_string_background+80>: mov    %edx,-0x10(%ebp)
0x011f806f <x_draw_glyph_string_background+83>: lea    -0x1c(%ebp),%eax
0x011f8072 <x_draw_glyph_string_background+86>: mov    %eax,0xc(%esp)
0x011f8076 <x_draw_glyph_string_background+90>: mov    0x60(%ebx),%eax
0x011f8079 <x_draw_glyph_string_background+93>: mov    0x4(%eax),%eax
0x011f807c <x_draw_glyph_string_background+96>: mov    %eax,0x8(%esp)
0x011f8080 <x_draw_glyph_string_background+100>:        mov    0x64(%ebx),%eax
0x011f8083 <x_draw_glyph_string_background+103>:        mov    %eax,0x4(%esp)
0x011f8087 <x_draw_glyph_string_background+107>:        mov    0x20(%ebx),%eax
0x011f808a <x_draw_glyph_string_background+110>:        mov    %eax,(%esp)
0x011f808d <x_draw_glyph_string_background+113>:        call
0x11f7642 <w32_fill_rect>
0x011f8092 <x_draw_glyph_string_background+118>:        orb    $0x2,0x5c(%ebx)
0x011f8096 <x_draw_glyph_string_background+122>:        add    $0x2c,%esp
0x011f8099 <x_draw_glyph_string_background+125>:        pop    %ebx
0x011f809a <x_draw_glyph_string_background+126>:        pop    %esi
0x011f809b <x_draw_glyph_string_background+127>:        pop    %edi
0x011f809c <x_draw_glyph_string_background+128>:        pop    %ebp
0x011f809d <x_draw_glyph_string_background+129>:        ret
0x011f809e <x_draw_glyph_string_background+130>:        test   %edi,%edi
0x011f80a0 <x_draw_glyph_string_background+132>:        je
0x11f8096 <x_draw_glyph_string_background+122>
0x011f80a2 <x_draw_glyph_string_background+134>:        jmp
0x11f8056 <x_draw_glyph_string_background+58>
End of assembler dump.

   Juanma