[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: address@hidden (Pavel Janík)] Re: crash in emacs-21.1

From: Kenichi Handa
Subject: Re: address@hidden (Pavel Janík)] Re: crash in emacs-21.1
Date: Tue, 30 Oct 2001 21:15:01 +0900 (JST)
User-agent: SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.2 Emacs/21.0.107 (sparc-sun-solaris2.6) MULE/5.0 (SAKAKI)

address@hidden (Pavel Janík) writes:
>    From: "Sadinoff, Daniel" <address@hidden>
>    Date: Thu, 25 Oct 2001 18:38:53 -0400

>>  newly reduced set of .elc's are available at 
>>  http://www.sadinoff.com/tmp/crasher.tar.gz
>>  I've narrowed it down to two of the .elcs.

Thank you!  With this, I found a bug in read1 (in lread.c).
It was me who introduced this bug.  :-(

In that function, the function str_as_multibyte (in
charset.c) is called three times all in this form:

          p = read_buffer + str_as_multibyte (read_buffer, end - read_buffer,
                                              p - read_buffer, &nchars);

But, before calling it, we must assure that `end -
read_buffer' is sufficient to hold the converted byte
sequence.   How many bytes str_as_multibyte will require can
be checked by the function parse_str_as_multibyte which is
defined as below:

/* Parse unibyte text at STR of LEN bytes as multibyte text, and
   count the numbers of characters and bytes in it.  On counting
   bytes, pay attention to the fact that 8-bit characters in the range
   0x80..0x9F are represented by 2 bytes in multibyte text.  */
parse_str_as_multibyte (str, len, nchars, nbytes)
     unsigned char *str;
     int len, *nchars, *nbytes;

If NBYTES set by this function is greater than `end -
read_buffer', we must realloc read_buffer in the similar way
as lines 2129..2135 of lread.c.

                int offset = p - read_buffer;
                read_buffer = (char *) xrealloc (read_buffer,
                                                 read_buffer_size *= 2);
                p = read_buffer + offset;
                end = read_buffer + read_buffer_size;

Is this information enough?  Gerd, could you install a
proper fix?

Ken'ichi HANDA

reply via email to

[Prev in Thread] Current Thread [Next in Thread]