[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#5609: 23.1.92; segfault in composition_compute_stop_pos
From: |
YAMAMOTO Mitsuharu |
Subject: |
bug#5609: 23.1.92; segfault in composition_compute_stop_pos |
Date: |
Fri, 26 Feb 2010 08:30:07 +0900 |
User-agent: |
Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (Shijō) APEL/10.6 Emacs/22.3 (sparc-sun-solaris2.8) MULE/5.0 (SAKAKI) |
>>>>> On Thu, 25 Feb 2010 11:33:22 +0900, Kenichi Handa <handa@m17n.org> said:
> In article <871vgfomwq.fsf@turtle.gmx.de>, Sven Joachim
> <svenjoac@gmx.de> writes:
>> During the last weeks I experienced several segfaults, mostly in
>> Dired, but unfortunately I did not run Emacs under GDB. This time
>> I did. I visited a file named "Makefile" and started an I-search
>> for "distcheck" when Emacs segfaulted. This is not reproducible.
> Although I can't reproduce that bug, I found a suspicious code and
> just fixed it. Please try the latest version.
Actually I suspected this out-of-boundary `endpos' value in
http://lists.gnu.org/archive/html/bug-gnu-emacs/2010-01/msg00522.html
I suspect the problematic case is that `charpos + field_width' in
reseat_to_string exceeds the length of the given string. The value of
`field_width' is 12 by default when displaying buffer names.
Also, I guess the upper limit of `endpos' is `SCHARS (it->string)'
instead of `charpos + SCHARS (it->string)' at line 5614 below. Could
you confirm if it is correct?
5611 it->stop_charpos = charpos;
5612 if (s == NULL && it->multibyte_p)
5613 {
5614 EMACS_INT endpos = charpos + SCHARS (it->string);
5615 if (endpos > it->end_charpos)
5616 endpos = it->end_charpos;
5617 composition_compute_stop_pos (&it->cmp_it, charpos, -1, endpos,
5618 it->string);
5619 }
YAMAMOTO Mitsuharu
mituharu@math.s.chiba-u.ac.jp