GNU bug report logs - #19435
SIGSEGV in PSEUDOVECTOR_TYPEP when using find-file on a RTL filename

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 19435 in the body.
You can then email your comments to 19435 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ivan Shmakov <ivan <at> siamics.net>
To: submit <at> debbugs.gnu.org
Subject: SIGSEGV in PSEUDOVECTOR_TYPEP when using find-file on a RTL filename 
Date: Wed, 24 Dec 2014 07:25:04 +0000

[Message part 1 (text/plain, inline)]

Package: emacs

	As of 36c43e95de5e (2014-12-18 16:44:11 +0000), Emacs segfaults
	when trying to use find-file on "\u062f\u0646\u06cc" (encoded as
	a ASCII-safe Emacs string literal here.)

	Strangely enough, $ emacs -Q handles that filename just fine.

	The backtrace is MIMEd.

-- 
FSF associate member #7257  http://boycottsystemd.org/  … 3013 B6A0 230E 334A

[Message part 2 (text/plain, inline)]

Program received signal SIGSEGV, Segmentation fault.
0x0000000000477d60 in PSEUDOVECTOR_TYPEP (code=14, a=0x400000000d000040)
    at lisp.h:2400
2400      return ((a->size & (PSEUDOVECTOR_FLAG | PVEC_TYPE_MASK))
(gdb) bt 
#0  0x0000000000477d60 in PSEUDOVECTOR_TYPEP (code=14, a=0x400000000d000040)
    at lisp.h:2400
#1  PSEUDOVECTORP (code=14, a=4611686018645491781) at lisp.h:2414
#2  SUB_CHAR_TABLE_P (a=4611686018645491781) at lisp.h:2472
#3  char_table_ref (table=<optimized out>, c=c <at> entry=4195206) at chartab.c:245
#4  0x000000000055ab5f in CHAR_TABLE_REF (idx=4195206, ct=<optimized out>)
    at lisp.h:1480
#5  composition_compute_stop_pos (cmp_it=cmp_it <at> entry=0x7fffffff7f48,
    charpos=6, bytepos=<optimized out>, endpos=12, string=13239761)
    at composite.c:1016
#6  0x000000000042543c in set_iterator_to_next (it=0x7fffffff76f0,
    reseat_p=<optimized out>) at xdisp.c:7620
#7  0x0000000000428793 in display_string (string=0xb58af5 "",
    lisp_string=4195206, face_string=4611686019484352512,
    face_string_pos=11897584, start=15, it=0x7fffffff76f0, field_width=12,
    precision=-13, max_x=0, multibyte=1) at xdisp.c:23793
#8  0x000000000042945a in display_mode_element (it=0xb58af5, depth=4195206,
    field_width=1056964608, precision=11897584, elt=4611686018645491781,
    props=5, risky=0) at xdisp.c:22432
#9  0x000000000042a806 in display_mode_element (it=0xb58af5, depth=4195206,
    field_width=1056964608, precision=11897584, elt=4611686018645491781,
    props=5, risky=0) at xdisp.c:22604
#10 0x000000000042a806 in display_mode_element (it=0xb58af5,
    it <at> entry=0x7fffffff76f0, depth=4195206, depth <at> entry=0,
    field_width=1056964608, field_width <at> entry=0, precision=11897584,
    precision <at> entry=0, elt=4611686018645491781, props=5, risky=0)
    at xdisp.c:22604
#11 0x000000000042b1ab in display_mode_line (w=w <at> entry=0xb4c630,
    face_id=MODE_LINE_FACE_ID, format=15192342) at xdisp.c:22121
#12 0x000000000042b488 in display_mode_lines (w=0xb4c630) at xdisp.c:22064
#13 0x00000000004398e6 in redisplay_window (window=11847221,
    just_this_one_p=114) at xdisp.c:16853
#14 0x000000000043c6c3 in redisplay_window_0 (window=window <at> entry=11847221)
    at xdisp.c:14325
#15 0x000000000050374b in internal_condition_case_1 (
    bfun=bfun <at> entry=0x43c690 <redisplay_window_0>, arg=11847221,
    handlers=<optimized out>,
    hfun=hfun <at> entry=0x417e20 <redisplay_window_error>) at eval.c:1369
#16 0x000000000041c51e in redisplay_windows (window=11847221) at xdisp.c:14305
#17 0x0000000000435851 in redisplay_internal () at xdisp.c:13901
#18 0x000000000049af1b in read_char (commandflag=11897589, map=4195206,
    map <at> entry=21366390, prev_event=4611686019484352512,
    used_mouse_menu=0xb58af0, used_mouse_menu <at> entry=0x7fffffffdd4b,
    end_time=0x2, end_time <at> entry=0x0) at keyboard.c:2643
#19 0x000000000049d36e in read_key_sequence (
    keybuf=keybuf <at> entry=0x7fffffffde20, prompt=11765618,
    dont_downcase_last=dont_downcase_last <at> entry=false,
    can_return_switch_frame=can_return_switch_frame <at> entry=true,
    fix_current_buffer=fix_current_buffer <at> entry=true,
    prevent_redisplay=prevent_redisplay <at> entry=false, bufsize=30)
    at keyboard.c:9257
#20 0x000000000049f060 in command_loop_1 () at keyboard.c:1510
#21 0x0000000000503627 in internal_condition_case (
    bfun=bfun <at> entry=0x49ee70 <command_loop_1>, handlers=<optimized out>,
    hfun=hfun <at> entry=0x496630 <cmd_error>) at eval.c:1345
#22 0x000000000049201e in command_loop_2 (ignore=ignore <at> entry=11765618)
    at keyboard.c:1245
#23 0x000000000050350b in internal_catch (tag=11813186,
    func=func <at> entry=0x492000 <command_loop_2>, arg=11765618) at eval.c:1106
#24 0x0000000000491fdb in command_loop () at keyboard.c:1224
#25 0x000000000049622a in recursive_edit_1 () at keyboard.c:834
#26 0x0000000000496560 in Frecursive_edit () at keyboard.c:905
#27 0x00000000004084fb in main (argc=1, argv=0x7fffffffe198) at emacs.c:1619
(gdb) 

Message #8 received at 19435 <at> debbugs.gnu.org (full text, mbox):

From: Dmitry Antipov <dmantipov <at> yandex.ru>
To: 19435 <at> debbugs.gnu.org
Cc: Eli Zaretskii <eliz <at> gnu.org>, Ivan Shmakov <ivan <at> siamics.net>
Subject: Re: bug#19435: SIGSEGV in PSEUDOVECTOR_TYPEP when using find-file
 on a RTL filename
Date: Wed, 24 Dec 2014 11:36:42 +0300

On 12/24/2014 10:25 AM, Ivan Shmakov wrote:

> 	As of 36c43e95de5e (2014-12-18 16:44:11 +0000), Emacs segfaults
> 	when trying to use find-file on "\u062f\u0646\u06cc" (encoded as
> 	a ASCII-safe Emacs string literal here.)
>
> 	Strangely enough, $ emacs -Q handles that filename just fine.
>
> 	The backtrace is MIMEd.

Reproduced.  This seems to be a redisplay glitch since composition_compute_stop_pos
makes an attempt to move CMP_IT beyond STRING's boundaries, as handled by the
following extra eassert:

diff --git a/src/composite.c b/src/composite.c
index 8982c90..fa60cc0 100644
--- a/src/composite.c
+++ b/src/composite.c
@@ -1005,7 +1005,10 @@ composition_compute_stop_pos (struct composition_it *cmp_it, ptrdiff_t charpos,
       while (charpos < endpos)
        {
          if (STRINGP (string))
-           FETCH_STRING_CHAR_ADVANCE (c, string, charpos, bytepos);
+           {
+             eassert (charpos < SCHARS (string) && bytepos < SBYTES (string));
+             FETCH_STRING_CHAR_ADVANCE (c, string, charpos, bytepos);
+           }
          else
            FETCH_CHAR_ADVANCE (c, charpos, bytepos);
          if (c == '\n')

Dmitry

Message #13 received at 19435-done <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Dmitry Antipov <dmantipov <at> yandex.ru>
Cc: ivan <at> siamics.net, 19435-done <at> debbugs.gnu.org
Subject: Re: bug#19435: SIGSEGV in PSEUDOVECTOR_TYPEP when using find-file on
 a RTL filename
Date: Thu, 25 Dec 2014 17:41:53 +0200

> Date: Wed, 24 Dec 2014 11:36:42 +0300
> From: Dmitry Antipov <dmantipov <at> yandex.ru>
> CC: Ivan Shmakov <ivan <at> siamics.net>, Eli Zaretskii <eliz <at> gnu.org>
> 
> On 12/24/2014 10:25 AM, Ivan Shmakov wrote:
> 
> > 	As of 36c43e95de5e (2014-12-18 16:44:11 +0000), Emacs segfaults
> > 	when trying to use find-file on "\u062f\u0646\u06cc" (encoded as
> > 	a ASCII-safe Emacs string literal here.)
> >
> > 	Strangely enough, $ emacs -Q handles that filename just fine.
> >
> > 	The backtrace is MIMEd.
> 
> Reproduced.  This seems to be a redisplay glitch since composition_compute_stop_pos
> makes an attempt to move CMP_IT beyond STRING's boundaries, as handled by the
> following extra eassert:

Thanks.

This was a very old bug, it was introduced more than 4 years ago (as
part of solution of another bug).

Now fixed by a41d07b on the emacs-24 branch.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.