bug#44506: 28.0.50; Segfault on opening a particular message in Gnus in terminal/tty

[Eli Zaretskii]

> From: Amin Bandali <bandali@gnu.org>
> Date: Sat, 07 Nov 2020 13:39:14 -0500
> 
> I noticed today that when trying to open the following message (attached
> with John's permission) using Gnus in a terminal emulator or a tty in
> GNU/Linux, it results in Emacs quitting with a segfault.  I'm also
> attaching the result of running `bt full' in GDB after the segfault.
> The issue seems related in part to the inclusion of Persian characters
> in the message body.

Just visiting the text you send in "emacs -Q -nw" doesn't cause any
segfaults.  Does it happen to you in "emacs -Q"?

> #0  0x0000555555639248 in encode_terminal_code (src=0x7ffff7f61cc0, 
> src_len=src_len@entry=1, coding=coding@entry=0x555555e7ec00) at term.c:564
>         cmp = 0x0
>         gstring = 0x0
>         i = <optimized out>
>         src_end = 0x7ffff7f61cf0
>         buf = 0x5555561483a0 ' ' <repeats 94 times>, "John ،متسود یسر", '-' 
> <repeats 39 times>
>         nchars = 0
>         nbytes = 0
>         required = <optimized out>
>         tbase = 0x0
>         charset_list = 0x7fffea1f724b

This is an optimized build, so it's hard to understand what caused the
crash.  According to the line number, it crashes here:

          if (src->u.cmp.automatic)
            {
              gstring = composition_gstring_from_id (src->u.cmp.id);
              required = src->slice.cmp.to - src->slice.cmp.from + 1;
            }
          else
            {
              cmp = composition_table[src->u.cmp.id];  <<<<<<<<<<<<<<<
              required = cmp->glyph_len;
            }

If that is true, then I don't understand how it happened: we don't use
any compositions except automatic in Emacs, so I'm unsure how you get
to that place.  Can you see which place in the code indeed crashes and
why?