[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#5609: 23.1.92; segfault in composition_compute_stop_pos

From: YAMAMOTO Mitsuharu
Subject: bug#5609: 23.1.92; segfault in composition_compute_stop_pos
Date: Fri, 26 Feb 2010 08:30:07 +0900
User-agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.8 (Shij┼Ź) APEL/10.6 Emacs/22.3 (sparc-sun-solaris2.8) MULE/5.0 (SAKAKI)

>>>>> On Thu, 25 Feb 2010 11:33:22 +0900, Kenichi Handa <address@hidden> said:

> In article <address@hidden>, Sven Joachim
> <address@hidden> writes:
>> During the last weeks I experienced several segfaults, mostly in
>> Dired, but unfortunately I did not run Emacs under GDB.  This time
>> I did.  I visited a file named "Makefile" and started an I-search
>> for "distcheck" when Emacs segfaulted.  This is not reproducible.

> Although I can't reproduce that bug, I found a suspicious code and
> just fixed it.  Please try the latest version.

Actually I suspected this out-of-boundary `endpos' value in

  I suspect the problematic case is that `charpos + field_width' in
  reseat_to_string exceeds the length of the given string.  The value of
  `field_width' is 12 by default when displaying buffer names.

Also, I guess the upper limit of `endpos' is `SCHARS (it->string)'
instead of `charpos + SCHARS (it->string)' at line 5614 below.  Could
you confirm if it is correct?

  5611    it->stop_charpos = charpos;
  5612    if (s == NULL && it->multibyte_p)
  5613      {
  5614        EMACS_INT endpos = charpos + SCHARS (it->string);
  5615        if (endpos > it->end_charpos)
  5616          endpos = it->end_charpos;
  5617        composition_compute_stop_pos (&it->cmp_it, charpos, -1, endpos,
  5618                                      it->string);
  5619      }

                                     YAMAMOTO Mitsuharu

reply via email to

[Prev in Thread] Current Thread [Next in Thread]