Crashes in init_from_display_pos

From: Juri Linkov
Subject: Crashes in init_from_display_pos
Date: Thu, 24 Feb 2005 21:03:41 +0200
User-agent: Gnus/5.110002 (No Gnus v0.2) Emacs/22.0.50 (gnu/linux)

I have reproducible crashes while scrolling the Gnus *Article*
buffer with partially visible inline images.

Below is a brief debug session.  Since these crashes are easily
reproducible, I can provide more debug info on a request.

Program received signal SIGSEGV, Segmentation fault.
init_from_display_pos (it=0xbfffe440, w=0x93cff70, pos=0x923bbd8)
    at xdisp.c:2551
2551          const char *e = s + SBYTES (it->overlay_strings[i]);
(gdb) bt
#0  init_from_display_pos (it=0xbfffe440, w=0x93cff70, pos=0x923bbd8)
    at xdisp.c:2551
#1  0x08062588 in init_to_row_start (it=0xbfffe440, w=0x94aa9dd, row=0x923bb98)
    at xdisp.c:2651
#2  0x08072fcd in try_window_reusing_current_matrix (w=0x93cff70)
    at xdisp.c:12912
#3  0x0807176f in redisplay_window (window=154992500, just_this_one_p=1)
    at xdisp.c:12373
#4  0x0806e966 in redisplay_window_1 (window=155888093) at xdisp.c:10881
#5  0x08145ef4 in internal_condition_case_1 (
    bfun=0x806e930 <redisplay_window_1>, arg=154992500, handlers=137378005, 
    hfun=0x806e8d0 <redisplay_window_error>) at eval.c:1426
#6  0x0806dd0f in redisplay_internal (preserve_echo_area=0) at xdisp.c:10503
#7  0x0806cae2 in redisplay () at xdisp.c:9664
#8  0x080e7e75 in read_char (commandflag=1, nmaps=2, maps=0xbffff2bc, 
    prev_event=137350361, used_mouse_menu=0xbffff2f8) at keyboard.c:2544
#9  0x080ee554 in read_key_sequence (keybuf=0xbffff420, bufsize=30, 
    prompt=137350361, dont_downcase_last=0, can_return_switch_frame=1, 
    fix_current_buffer=1) at keyboard.c:8803
#10 0x080e4d73 in command_loop_1 () at keyboard.c:1538
#11 0x08145dee in internal_condition_case (bfun=0x80e4be0 <command_loop_1>, 
    handlers=137411353, hfun=0x80e46d0 <cmd_error>) at eval.c:1385
#12 0x080e4a2e in command_loop_2 () at keyboard.c:1319
#13 0x0814592b in internal_catch (tag=155888093, 
    func=0x80e4a00 <command_loop_2>, arg=137350361) at eval.c:1144
#14 0x080e49d3 in command_loop () at keyboard.c:1298
#15 0x080e4434 in recursive_edit_1 () at keyboard.c:991
#16 0x080e4571 in Frecursive_edit () at keyboard.c:1052
#17 0x080e2add in main (argc=1, argv=0xbffffaa4) at emacs.c:1766
(gdb) p s
$1 = 0x94aa9dd ""
(gdb) p it->overlay_strings[i]
$2 = 6
(gdb) p i
$3 = 3

Juri Linkov

