[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
emacs-unicode: crash in char_string()
From: |
Lawrence Mitchell |
Subject: |
emacs-unicode: crash in char_string() |
Date: |
Wed, 11 Apr 2007 12:31:08 +0100 |
User-agent: |
Gnus/5.11 (Gnus v5.11) Emacs/23.0.0 (gnu/linux) |
In GNU Emacs 23.0.0.3 (i686-pc-linux-gnu, X toolkit, Xaw3d scroll bars)
of 2007-04-02 on lamacq.ph.ed.ac.uk
Windowing system distributor `The X.Org Foundation', version 11.0.60802000
configured using `configure '--enable-font-backend' '--with-xft'
'--prefix=/scratch/s0198183/applications/emacs-unicode''
If called with a negative number as an argument, functions such as
insert, char-to-string, and so forth will cause Emacs 23 to segfault
in char_string().
This may be reproduced as follows:
emacs -Q
M-: (char-to-string -1) RET
The crash occurs in char_string(). This is due to assuming the first
(character) argument is positive. If this is not the case, the code
does
if (c <= MAX_3_BYTE_CHAR)
{
bytes = CHAR_STRING (c, p);
}
Since c is negative, this code path is taken and the CHAR_STRING() macro
is called. CHAR_STRING(), however, compares the unsigned value of c,
rather than the signed value:
((unsigned) (c) <= MAX_3_BYTE_CHAR
...
: char_string (c, p))
Since the unsigned value of c is bigger than MAX_3_BYTE_CHAR, the
false code path is taken, calling char_string() again. This repeats
until we run out of stack, causing a segfault.
The fix is to check the type of c in char_string() to ensure that it
can represent a valid character:
Index: src/character.c
===================================================================
RCS file: /sources/emacs/emacs/src/Attic/character.c,v
retrieving revision 1.1.4.12
diff -c -r1.1.4.12 character.c
*** src/character.c 15 Feb 2007 11:27:15 -0000 1.1.4.12
--- src/character.c 11 Apr 2007 11:30:41 -0000
***************
*** 105,110 ****
--- 105,112 ----
{
int bytes;
+ CHECK_CHARACTER (make_number (c));
+
if (c & CHAR_MODIFIER_MASK)
{
/* As an non-ASCII character can't have modifier bits, we just
ChangeLog entry
2007-04-11 Lawrence Mitchell <address@hidden>
* character.c (char_string): Ensure that `c' is a valid character.
Cheers,
Lawrence
--
Lawrence Mitchell <address@hidden>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- emacs-unicode: crash in char_string(),
Lawrence Mitchell <=