bug#44084: 28.0.50; Crash on incomplete Unicode escape sequences

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#44084: 28.0.50; Crash on incomplete Unicode escape sequences

From:	Juri Linkov
Subject:	bug#44084: 28.0.50; Crash on incomplete Unicode escape sequences
Date:	Mon, 19 Oct 2020 23:38:38 +0300
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (x86_64-pc-linux-gnu)

While developing a new input method for bug#43866
I accidentally evaluated ?\u39 and Emacs crashed.
Here is a reproducible test case:

emacs -Q
type in the *scratch* buffer:

?\u39

and eval it with 'C-x C-e'.

Emacs crashes, maybe because it's configured with --enable-checking=yes,glyphs

character.h:228: Emacs fatal error: assertion failed: 0 <= c

Thread 1 "emacs" hit Breakpoint 1, terminate_due_to_signal (sig=32767, 
backtrace_limit=-22624) at emacs.c:377
377     {
(gdb) bt
#0  terminate_due_to_signal (sig=32767, backtrace_limit=-22624) at emacs.c:377
#1  0x00005555557dc50d in die (msg=0x555555996c0e "0 <= c", file=0x555555996c02 
"character.h", line=228) at alloc.c:7341
#2  0x00005555558a678f in CHAR_STRING (c=-1, p=0x7fffffffa65a "") at 
character.h:228
#3  0x00005555558a79a6 in doprnt (buffer=0x7fffffffa8e0 "Non-hex character used 
for Unicode escape: UUU", bufsize=3999, format=0x55555598f288 "Non-hex 
character used for Unicode escape: %c (%d)", format_end=0x55555598f2ba "", 
ap=0x7fffffffa870)
    at doprnt.c:431
#4  0x00005555558a7d64 in evxprintf
    (buf=0x7fffffffa8c0, bufsize=0x7fffffffa8b8, nonheapbuf=0x7fffffffa8e0 
"Non-hex character used for Unicode escape: UUU", 
bufsize_max=2305843009213693952, format=0x55555598f288 "Non-hex character used 
for Unicode escape: %c (%d)", ap=0x7fffffffb8e0)
    at doprnt.c:540
#5  0x00005555558159dd in vformat_string (m=0x55555598f288 "Non-hex character 
used for Unicode escape: %c (%d)", ap=0x7fffffffb8e0) at eval.c:1876
#6  0x0000555555815a6b in verror (m=0x55555598f288 "Non-hex character used for 
Unicode escape: %c (%d)", ap=0x7fffffffb8e0) at eval.c:1888
#7  0x0000555555815b38 in error (m=0x55555598f288 "Non-hex character used for 
Unicode escape: %c (%d)") at eval.c:1899
#8  0x000055555585bcfe in read_escape (readcharfun=XIL(0x7ffff25566fd), 
stringp=false) at lread.c:2580
#9  0x000055555585e52e in read1 (readcharfun=XIL(0x7ffff25566fd), 
pch=0x7fffffffbe24, first_in_list=false) at lread.c:3333
#10 0x000055555585b30b in read0 (readcharfun=XIL(0x7ffff25566fd)) at 
lread.c:2331
#11 0x000055555585b1c2 in read_internal_start (stream=XIL(0x7ffff25566fd), 
start=XIL(0), end=XIL(0)) at lread.c:2297
#12 0x000055555585ae48 in Fread (stream=XIL(0x7ffff25566fd)) at lread.c:2234
#13 0x00005555558190d7 in funcall_subr (subr=0x555555dfcd20 <Sread>, numargs=1, 
args=0x7fffffffc038) at eval.c:2879
#14 0x0000555555818b46 in Ffuncall (nargs=2, args=0x7fffffffc030) at eval.c:2806
#15 0x0000555555876632 in exec_byte_code (bytestr=XIL(0x7ffff25ef54c), 
vector=XIL(0x7ffff25edc55), maxdepth=make_fixnum(12), 
args_template=make_fixnum(0), nargs=0, args=0x7fffffffc648) at bytecode.c:632
#16 0x0000555555819386 in fetch_and_exec_byte_code (fun=XIL(0x7ffff25edc25), 
syms_left=make_fixnum(0), nargs=0, args=0x7fffffffc648) at eval.c:2928
#17 0x0000555555819889 in funcall_lambda (fun=XIL(0x7ffff25edc25), nargs=0, 
arg_vector=0x7fffffffc648) at eval.c:3009
#18 0x0000555555818b8a in Ffuncall (nargs=1, args=0x7fffffffc640) at eval.c:2808
#19 0x0000555555876632 in exec_byte_code (bytestr=XIL(0x7ffff27478f4), 
vector=XIL(0x7ffff27473a5), maxdepth=make_fixnum(18), 
args_template=make_fixnum(257), nargs=1, args=0x7fffffffcb00) at bytecode.c:632
#20 0x0000555555819386 in fetch_and_exec_byte_code (fun=XIL(0x7ffff2747375), 
syms_left=make_fixnum(257), nargs=1, args=0x7fffffffcaf8) at eval.c:2928
#21 0x0000555555819889 in funcall_lambda (fun=XIL(0x7ffff2747375), nargs=1, 
arg_vector=0x7fffffffcaf8) at eval.c:3009
#22 0x0000555555818b8a in Ffuncall (nargs=2, args=0x7fffffffcaf0) at eval.c:2808
#23 0x0000555555876632 in exec_byte_code (bytestr=XIL(0x7ffff2747a44), 
vector=XIL(0x7ffff274731d), maxdepth=make_fixnum(4), 
args_template=make_fixnum(257), nargs=1, args=0x7fffffffd0e8) at bytecode.c:632
#24 0x0000555555819386 in fetch_and_exec_byte_code (fun=XIL(0x7ffff27472e5), 
syms_left=make_fixnum(257), nargs=1, args=0x7fffffffd0e0) at eval.c:2928
#25 0x0000555555819889 in funcall_lambda (fun=XIL(0x7ffff27472e5), nargs=1, 
arg_vector=0x7fffffffd0e0) at eval.c:3009
#26 0x0000555555818b8a in Ffuncall (nargs=2, args=0x7fffffffd0d8) at eval.c:2808
#27 0x000055555580c79d in Ffuncall_interactively (nargs=2, args=0x7fffffffd0d8) 
at callint.c:253
#28 0x0000555555818fac in funcall_subr (subr=0x555555df98a0 
<Sfuncall_interactively>, numargs=2, args=0x7fffffffd0d8) at eval.c:2859
#29 0x0000555555818b46 in Ffuncall (nargs=3, args=0x7fffffffd0d0) at eval.c:2806
#30 0x000055555580effe in Fcall_interactively (function=XIL(0x2aaa9c8d4170), 
record_flag=XIL(0), keys=XIL(0x7ffff2befead)) at callint.c:779
#31 0x000055555581912a in funcall_subr (subr=0x555555df98e0 
<Scall_interactively>, numargs=3, args=0x7fffffffd470) at eval.c:2884
#32 0x0000555555818b46 in Ffuncall (nargs=4, args=0x7fffffffd468) at eval.c:2806
#33 0x0000555555876632 in exec_byte_code (bytestr=XIL(0x7ffff26ad2a4), 
vector=XIL(0x7ffff26acfad), maxdepth=make_fixnum(13), 
args_template=make_fixnum(1025), nargs=1, args=0x7fffffffd9c0) at bytecode.c:632
#34 0x0000555555819386 in fetch_and_exec_byte_code (fun=XIL(0x7ffff26acf7d), 
syms_left=make_fixnum(1025), nargs=1, args=0x7fffffffd9b8) at eval.c:2928
#35 0x0000555555819889 in funcall_lambda (fun=XIL(0x7ffff26acf7d), nargs=1, 
arg_vector=0x7fffffffd9b8) at eval.c:3009
#36 0x0000555555818b8a in Ffuncall (nargs=2, args=0x7fffffffd9b0) at eval.c:2808
#37 0x0000555555818346 in call1 (fn=XIL(0x43b0), arg1=XIL(0x2aaa9c8d4170)) at 
eval.c:2666
#38 0x000055555573182a in command_loop_1 () at keyboard.c:1467
#39 0x00005555558145ff in internal_condition_case (bfun=0x555555730f69 
<command_loop_1>, handlers=XIL(0x90), hfun=0x555555730521 <cmd_error>) at 
eval.c:1356
#40 0x0000555555730b2e in command_loop_2 (ignore=XIL(0)) at keyboard.c:1095
#41 0x00005555558139e5 in internal_catch (tag=XIL(0xd6b0), func=0x555555730afd 
<command_loop_2>, arg=XIL(0)) at eval.c:1117
#42 0x0000555555730ac9 in command_loop () at keyboard.c:1074
#43 0x000055555572ffea in recursive_edit_1 () at keyboard.c:718
#44 0x00005555557301e9 in Frecursive_edit () at keyboard.c:790
#45 0x000055555572be7c in main (argc=3, argv=0x7fffffffdea8) at emacs.c:2047

Lisp Backtrace:
"read" (0xffffc038)
"elisp--preceding-sexp" (0xffffc648)
"elisp--eval-last-sexp" (0xffffcaf8)
"eval-last-sexp" (0xffffd0e0)
"funcall-interactively" (0xffffd0d8)
"call-interactively" (0xffffd470)
"command-execute" (0xffffd9b8)

In GNU Emacs 28.0.50 (build 1, x86_64-pc-linux-gnu, cairo version 1.16.0) of 
2020-10-19
Windowing system distributor 'The X.Org Foundation', version 11.0.12008000
System Description: Linux Mint 20

Configured using:
 'configure --with-x-toolkit=no --enable-checking=yes,glyphs
 --enable-check-lisp-object-type 'CFLAGS=-O0 -g3''

[Prev in Thread]

Current Thread

[Next in Thread]

bug#44084: 28.0.50; Crash on incomplete Unicode escape sequences, Juri Linkov <=
- bug#44084: 28.0.50; Crash on incomplete Unicode escape sequences, Eli Zaretskii, 2020/10/20
  - bug#44084: 28.0.50; Crash on incomplete Unicode escape sequences, Juri Linkov, 2020/10/22

Prev by Date: bug#43866: 26.3; italian postfix additions
Next by Date: bug#44066: 27.1; Values ignored when using .dir-locals.el and .dir-locals-2.el together
Previous by thread: bug#44083: 27.0.50; tcl-mode: Wrong indentation
Next by thread: bug#44084: 28.0.50; Crash on incomplete Unicode escape sequences
Index(es):
- Date
- Thread