Crash in tparam.c on OpenBSD

From: Casper Gripenberg
Subject: Crash in tparam.c on OpenBSD
Date: Fri, 2 Jan 2004 00:54:31 +0200
User-agent: Mutt/1.5.4i


I'm running OBSD 3.3 with a recently compiled 
GNU Emacs 21.3.1 (i386-unknown-openbsd3.3, X toolkit, Xaw3d 
scroll bars). This is compiled straight from the original
emacs source:

 > ls 
 ... 20399831 Mar 19  2003 emacs-21.3.tar.gz

Emacs works fine, except if I happen to run emacs with
TERM set, but not TERMCAP set. This situation arises when
I run emacs with sudo, as sudo cleans out the TERMCAP
variable for security reasons (yeah I know..what 
security, when emacs is run as root..but that's beside
the point :)).

When I run without TERMCAP (manually unset TERMCAP or
through sudo) emacs will dump core when there is anything
it is about to highlite. I.e. if I do an i-search and
emacs finds a match then BOOM..instant core. 

If I set TERM to vt100 then it seems to work OK, but
for example TERM=linux or xterm-xfree86 and I get the
crash. When I gdb the core I see an abort() call being
made in tparam.c on line 298:

            case 'D':           /* %D means weird Delta Data transformation.  */
              argp[0] -= 2 * (tem % 16);

>             abort ();

The reason for the abort call is in the arguments to the
method tparam1:

(gdb) up
#1  0x86ec8 in fatal_error_signal (sig=6) at emacs.c:354
(gdb) up
#2  0x4015f004 in ?? ()
(gdb) up
#3  0x123bd5 in tparam1 (string=0x49b105 "\e[3%p1%dm", 
    outstring=0x5904c0 "\e[3", len=0, up=0x0, left=0x0, argp=0xcfbfc088)
    at tparam.c:298

See the string "\e[3%p1%dm". This string conains %p, which
seems to me is not recognized by the parsing algorithm in
tparam1(). Hence the abort() call.

Now going up two levels we get here:

(gdb) up
#4  0x123709 in tparam (string=0x49b105 "\e[3%p1%dm", outstring=0x0, len=0, 
    arg0=6, arg1=2496000, arg2=1, arg3=8) at tparam.c:105
(gdb) up
#5  0x4b3a9 in turn_on_face (f=0x261600, face_id=11) at term.c:2107

Which looks like this:

      if (fg >= 0 && TS_set_foreground)
>         p = tparam (TS_set_foreground, NULL, 0, (int) fg);
          OUTPUT (p);
          xfree (p);

Where TS_set_foreground is the "\e[3%p1%dm" string.

I have no idea what all this means, or what the tparam method
does, or anything about TERMCAP...so I'm not going to draw
any conclusions :) But it makes me interested..where does
the %p come from, and why does emacs not know what to do
with it (should it know? probaby not?).

I put the termcap as well as the full 'gdb where' here:



