emacs-bug-tracker
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debbugs-tracker] bug#24064: closed (24.5; NULL pointer dereference in c

From: GNU bug Tracking System
Subject: [debbugs-tracker] bug#24064: closed (24.5; NULL pointer dereference in compute_motion(), indent.c)
Date: Tue, 26 Jul 2016 15:36:02 +0000 
Your message dated Tue, 26 Jul 2016 18:35:07 +0300
with message-id <address@hidden>
and subject line Re: bug#24064: 24.5; NULL pointer dereference in 
compute_motion(), indent.c
has caused the debbugs.gnu.org bug report #24064,
regarding 24.5; NULL pointer dereference in compute_motion(), indent.c
to be marked as done.

(If you believe you have received this mail in error, please contact
address@hidden)


-- 
24064: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=24064
GNU Bug Tracking System
Contact address@hidden with problems
--- Begin Message --- Subject: 24.5; NULL pointer dereference in compute_motion(), indent.c Date: Mon, 25 Jul 2016 02:51:40 +0300 User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0

Package: emacs

Version: 24.5

struct position *
compute_motion (ptrdiff_t from, ptrdiff_t frombyte, EMACS_INT fromvpos,
        EMACS_INT fromhpos, bool did_motion, ptrdiff_t to,
        EMACS_INT tovpos, EMACS_INT tohpos, EMACS_INT width,
        ptrdiff_t hscroll, int tab_offset, struct window *win)
{

...

  if (dp == buffer_display_table ())
    width_table = (VECTORP (BVAR (current_buffer, width_table))
                   ? XVECTOR (BVAR (current_buffer, width_table))->contents
                   : 0);
  else
    /* If the window has its own display table, we can't use the width
       run cache, because that's based on the buffer's display table.  */
    width_table = 0; // initialize it with 0 (current buffer has no display table)

...

      if (width_cache)
        {
          /* Is this character part of the current run?  If so, extend
         the run.  */
          if (pos - 1 == width_run_end
          && XFASTINT (width_table[c]) == width_run_width) // dereference width_table here, and crash
        width_run_end = pos;
...


Sergei Litvin


--- End Message ---
--- Begin Message --- Subject: Re: bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c Date: Tue, 26 Jul 2016 18:35:07 +0300 
> From: Clément Pit--Claudel <address@hidden>
> Date: Mon, 25 Jul 2016 22:49:35 -0400
> Cc: address@hidden
> 
> >>> I've prepared an elisp file to reproduce a crash:
> >>>
> >>> 1) Open it and move cursor to the end of the file
> >>> 2) Execute eval-buffer
> >>> 3) Press C-l several times
> >>
> >> Running this recipe does not cause a crash for me in GNU Emacs 25.1.50.7 
> >> (x86_64-pc-linux-gnu, GTK+ Version 3.18.9) of 2016-07-20.  Am I missing 
> >> something?
> > 
> > It crashes for me on 24.5, but not on 25.0.95.  Perhaps it was fixed?
> 
> Indeed, same here. Crashes on 24.5, but not 25.

C-l (a.k.a. "recenter") no longer calls compute_motion in Emacs 25, so
to trigger the segfault, the recipe should be changed like this:

 1) Open it and move cursor to the end of the file
 2) Execute eval-buffer
 3) Type "M-x set-variable RET scroll-preserve-screen-position RET t RET"
 4) Type "C-u 1 C-v"

In addition, the above should be done on a TTY frame.

This 22-year old bug is now fixed on the master branch.

Thanks.

--- End Message ---
reply via email to
[Prev in Thread] Current Thread [Next in Thread]