bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#49066: 26.3; Segmentation fault on specific utf8 string

From: Robert Pluim
Subject: bug#49066: 26.3; Segmentation fault on specific utf8 string
Date: Mon, 28 Jun 2021 12:56:06 +0200 
>>>>> On Sun, 27 Jun 2021 22:15:50 +0300, Eli Zaretskii <eliz@gnu.org> said:

    >> Cc: rpluim@gmail.com, larsi@gnus.org, 49066@debbugs.gnu.org,
    >> mvsfrasson@gmail.com
    >> From: Paul Eggert <eggert@cs.ucla.edu>
    >> Date: Sun, 27 Jun 2021 11:02:26 -0700
    >> 
    >> On 6/26/21 11:20 PM, Eli Zaretskii wrote:
    >> > Since we are moving away of m17n-flt, I don't think we should optimize
    >> > memory management when m17n-flt is used, especially if that causes
    >> > problems.  So if the patch fixes the crash, I think we should install
    >> > it.
    >> 
    >> Sure, and I can volunteer to do that. Would you like me to do it in 
    >> master now, or wait for confirmation and install it on the emacs-27 
    >> branch? or perhaps some other course of action?

    Eli> I'd like to see the confirmation, and then install this on master.

    Eli> Thanks.

With the patch it still crashes for me in emacs-master with harfbuzz disabled:

Thread 1 "emacs" received signal SIGSEGV, Segmentation fault.
0x000055555576d4e7 in AREF (array=XIL(0), idx=1) at lisp.h:1838
1838      return XVECTOR (array)->contents[idx];
(gdb) bt
#0  0x000055555576d4e7 in AREF (array=XIL(0), idx=1) at lisp.h:1838
#1  0x0000555555774be0 in ftfont_shape_by_flt
    (lgstring=XIL(0x7ffff1e5301d), font=0x55555604f410, ft_face=0x5555566a2400, 
otf=0x555556696b60, matrix=0x55555604f508) at ftfont.c:2852
#2  0x0000555555775002 in ftfont_shape (lgstring=XIL(0x7ffff1e5301d), 
direction=XIL(0)) at ftfont.c:2890
#3  0x000055555577629e in ftcrfont_shape (lgstring=XIL(0x7ffff1e5301d), 
direction=XIL(0)) at ftcrfont.c:477
#4  0x000055555571344c in Ffont_shape_gstring (gstring=XIL(0x7ffff1e5301d), 
direction=XIL(0)) at font.c:4499
#5  0x00005555557019fb in Ffuncall (nargs=3, args=args@entry=0x7fffffffd670) at 
eval.c:3039
#6  0x000055555573cdf8 in exec_byte_code
    (bytestr=<optimized out>, vector=<optimized out>, maxdepth=<optimized out>, 
args_template=<optimized out>, nargs=<optimized out>, args=<optimized out>) at 
bytecode.c:632
#7  0x0000555555701937 in Ffuncall (nargs=nargs@entry=7, 
args=args@entry=0x7fffffffd990) at eval.c:3055
#8  0x0000555555700cf9 in internal_condition_case_n (bfun=
    0x555555701760 <Ffuncall>, nargs=nargs@entry=7, 
args=args@entry=0x7fffffffd990, handlers=handlers@entry=XIL(0x30), 
hfun=hfun@entry=
    0x5555555ca5e0 <safe_eval_handler>) at eval.c:1642
#9  0x00005555555b8603 in safe__call
    (inhibit_quit=inhibit_quit@entry=false, nargs=nargs@entry=7, 
func=<optimized out>, ap=ap@entry=0x7fffffffda28) at lisp.h:1002
#10 0x00005555555c79b5 in safe_call (nargs=nargs@entry=7, func=<optimized out>) 
at xdisp.c:3009
#11 0x00005555557609c5 in autocmp_chars
    (rule=XIL(0x7ffff1e501bd), charpos=charpos@entry=146, bytepos=<optimized 
out>, limit=<optimized out>, 
    limit@entry=148, win=win@entry=0x555556030100, face=face@entry=0x0, 
string=XIL(0), direction=XIL(0)) at lisp.h:731
#12 0x000055555576426d in find_automatic_composition (pos=pos@entry=146, 
limit=146, 
    limit@entry=-1, backlim=backlim@entry=-1, start=start@entry=0x7fffffffdc68, 
end=end@entry=0x7fffffffdc70, gstring=gstring@entry=0x7fffffffdc78, 
string=XIL(0)) at composite.c:1661
#13 0x0000555555764f39 in composition_adjust_point (last_pt=last_pt@entry=146, 
new_pt=new_pt@entry=146) at lisp.h:1002
#14 0x00005555556960ff in command_loop_1 () at keyboard.c:1569
#15 0x00005555557009d7 in internal_condition_case
    (bfun=bfun@entry=0x555555695020 <command_loop_1>, 
handlers=handlers@entry=XIL(0x90), hfun=hfun@entry=0x55555568bac0 <cmd_error>)
    at eval.c:1478
#16 0x0000555555686064 in command_loop_2 (ignore=ignore@entry=XIL(0)) at 
lisp.h:1002
#17 0x0000555555702ed3 in internal_catch (tag=tag@entry=XIL(0xe520), 
func=func@entry=0x555555686040 <command_loop_2>, arg=arg@entry=XIL(0))
    at eval.c:1198
#18 0x000055555568600b in command_loop () at lisp.h:1002
#19 0x000055555568b6d6 in recursive_edit_1 () at keyboard.c:720
#20 0x000055555568ba02 in Frecursive_edit () at keyboard.c:789
#21 0x00005555555a177f in main (argc=2, argv=<optimized out>) at emacs.c:2308

Lisp Backtrace:
"font-shape-gstring" (0xffffd678)
"auto-compose-chars" (0xffffd998)
(gdb) up
#1  0x0000555555774be0 in ftfont_shape_by_flt (lgstring=XIL(0x7ffff1e5301d), 
font=0x55555604f410, ft_face=0x5555566a2400, 
    otf=0x555556696b60, matrix=0x55555604f508) at ftfont.c:2852
2852          g->g.to = LGLYPH_TO (LGSTRING_GLYPH (lgstring, g->g.to));
(gdb) up
#2  0x0000555555775002 in ftfont_shape (lgstring=XIL(0x7ffff1e5301d), 
direction=XIL(0)) at ftfont.c:2890
2890      return ftfont_shape_by_flt (lgstring, font, 
ftfont_info->ft_size->face, otf,
(gdb) pp lgstring
[[#<font-object "-GOOG-Noto Sans 
Bengali-normal-normal-normal-*-19-*-*-*-*-0-iso10646-1"> 2453 8204] nil [0 0 
2453 20 16 -1 16 12 0 nil] [1 1 8204 658 0 -1 1 15 4 nil] nil nil nil nil nil 
nil]
(gdb) down
#1  0x0000555555774be0 in ftfont_shape_by_flt (lgstring=XIL(0x7ffff1e5301d), 
font=0x55555604f410, ft_face=0x5555566a2400, 
    otf=0x555556696b60, matrix=0x55555604f508) at ftfont.c:2852
2852          g->g.to = LGLYPH_TO (LGSTRING_GLYPH (lgstring, g->g.to));
(gdb) p *g
$1 = {
  g = {
    c = 2453,
    code = 0,
    from = 0,
    to = 2,
    xadv = 704,
    yadv = 0,
    ascent = 896,
    descent = 0,
    lbearing = 64,
    rbearing = 640,
    xoff = 0,
    yoff = 0,
    encoded = 1,
    measured = 1,
    adjusted = 0,
    internal = 1073741823
  },
  libotf_positioning_type = 8204
}

Robert
--
reply via email to
[Prev in Thread] Current Thread [Next in Thread]