bug#27504: 25.1; segfault when org-ellipsis is empty

From: npostavs
Subject: bug#27504: 25.1; segfault when org-ellipsis is empty
Date: Tue, 27 Jun 2017 08:10:58 -0400


tags 27504 + confirmed

Michael Ax <address@hidden> writes:

> (setq org-ellipsis "") C-x C-e
> (org-mode)  C-x C-e
> * asd
> ** def C-p tab  < and boom

I can confirm also with emacs-master.  Below is some debug info, it
looks like next_element_from_display_vector assumes a non-empty ellipsis
display string.

Thread 1 "emacs" received signal SIGSEGV, Segmentation fault.
0x00000000005823a3 in GLYPH_CODE_P (gc=XIL(0x3)) at 
1872              ? (CHARACTERP (XCAR (gc))
(gdb) bt
#0  0x00000000005823a3 in GLYPH_CODE_P (gc=XIL(0x3)) at 
#1  0x00000000004552b0 in next_element_from_display_vector (it=0x7fffffff8dc0) 
at ../../emacs-master/src/xdisp.c:7760
#2  0x000000000045705e in next_element_from_buffer (it=0x7fffffff8dc0) at 
#3  0x0000000000452fc8 in get_next_display_element (it=0x7fffffff8dc0) at 
#4  0x000000000048601e in display_line (it=0x7fffffff8dc0, cursor_vpos=0) at 
#5  0x0000000000477a39 in try_window (window=XIL(0x157dc35), pos=..., flags=1) 
at ../../emacs-master/src/xdisp.c:17482
#6  0x00000000004740a2 in redisplay_window (window=XIL(0x157dc35), 
just_this_one_p=true) at ../../emacs-master/src/xdisp.c:16929
#7  0x000000000046b3b7 in redisplay_window_1 (window=XIL(0x157dc35)) at 
#8  0x000000000063dcfe in internal_condition_case_1 (bfun=0x46b375 
<redisplay_window_1>, arg=XIL(0x157dc35), handlers=XIL(0xe82dd3), hfun=0x46b2ef 
<redisplay_window_error>) at ../../emacs-master/src/eval.c:1350
#9  0x000000000046a2c4 in redisplay_internal () at 
#10 0x0000000000467557 in redisplay () at ../../emacs-master/src/xdisp.c:13378
#11 0x000000000058d580 in read_char (commandflag=1, map=XIL(0x36821b3), 
prev_event=XIL(0), used_mouse_menu=0x7fffffffe33f, end_time=0x0) at 
#12 0x000000000059e02b in read_key_sequence (keybuf=0x7fffffffe4d0, bufsize=30, 
prompt=XIL(0), dont_downcase_last=false, can_return_switch_frame=true, 
fix_current_buffer=true, prevent_redisplay=false) at 
#13 0x000000000058a0d0 in command_loop_1 () at 
#14 0x000000000063dc27 in internal_condition_case (bfun=0x589c9d 
<command_loop_1>, handlers=XIL(0x4e00), hfun=0x5892f3 <cmd_error>) at 
#15 0x00000000005898a2 in command_loop_2 (ignore=XIL(0)) at 
#16 0x000000000063d164 in internal_catch (tag=XIL(0xbd60), func=0x589879 
<command_loop_2>, arg=XIL(0))
    at ../../emacs-master/src/eval.c:1091
#17 0x0000000000589844 in command_loop () at 
#18 0x0000000000588e08 in recursive_edit_1 () at 
#19 0x0000000000588fe7 in Frecursive_edit () at 
#20 0x0000000000586c74 in main (argc=2, argv=0x7fffffffe9a8) at 

Lisp Backtrace:
"redisplay_internal (C function)" (0x0)
(gdb) p gc
$1 = XIL(0x3)
(gdb) xpr
$2 = (struct Lisp_Cons *) 0x0
Cannot access memory at address 0x0
(gdb) up 1
#1  0x00000000004552b0 in next_element_from_display_vector (it=0x7fffffff8dc0) 
at ../../emacs-master/src/xdisp.c:7760
7760      if (GLYPH_CODE_P (gc))
(gdb) p it->dpvec
$3 = (Lisp_Object *) 0x9d4a88 <pure+104>
(gdb) p it->current.dpvec_index 
$4 = 0
(gdb) p it->dpvec[0]
$5 = XIL(0x3)
(gdb) p it->dpvec[1]
$6 = XIL(0xffffffffffffffff)
(gdb) p it->dpend
$7 = (Lisp_Object *) 0x9d4a88 <pure+104>
(gdb) p it->dpvec_char_len 
$8 = 0

