Package: emacs;
Reported by: Stefan Kangas <stefankangas <at> gmail.com>
Date: Tue, 23 Jul 2024 13:38:01 UTC
Severity: normal
Found in version 30.0.60
Fixed in version 30.1
Done: Stefan Kangas <stefankangas <at> gmail.com>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 72255 in the body.
You can then email your comments to 72255 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
View this report as an mbox folder, status mbox, maintainer mbox
bug-gnu-emacs <at> gnu.org:bug#72255; Package emacs.
(Tue, 23 Jul 2024 13:38:01 GMT) Full text and rfc822 format available.Stefan Kangas <stefankangas <at> gmail.com>:bug-gnu-emacs <at> gnu.org.
(Tue, 23 Jul 2024 13:38:02 GMT) Full text and rfc822 format available.Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
From: Stefan Kangas <stefankangas <at> gmail.com> To: bug-gnu-emacs <at> gnu.org Subject: 30.0.60; Crash on macOS with malformed XPM image file Date: Tue, 23 Jul 2024 06:37:05 -0700
[Message part 1 (text/plain, inline)]
Severity: normal
Emacs crashes on macOS when opening a malformed XPM image file.
I'm attaching an example image with the file extension ".xpm.txt" below;
to reproduce, simply rename the file to ".xpm" and open it in Emacs.
(This bad file is an edited version of back-arrow.xpm in emacs.git.)
I've included an lldb backtrace below. Note that I reproduced this on
master, but the code has not changed from emacs-30.
The crash happens in nsterm.m:601:5, but I can't figure out why we're
trying to access some other address than the pointer that was passed to
that function. Maybe this is trivial to someone that knows Objective-C.
(lldb) run -Q
Process 49838 launched: '/Users/foo/wip/emacs/src/emacs' (arm64)
LANG=en_SE.UTF-8 cannot be used, using en_US.UTF-8 instead.
2024-07-23 07:29:29.243905+0200 emacs[49838:24160376] flock failed to
lock list file (/var/folders/28/y4qn6tl11_126568wmx_6kpr0000gn/C//com.apple.metal/32023/libraries.list):
errno = 35
2024-07-23 07:29:29.244748+0200 emacs[49838:24160376] flock failed to
lock list file (/var/folders/28/y4qn6tl11_126568wmx_6kpr0000gn/C//com.apple.metal/16777235_434/functions.list):
errno = 35
2024-07-23 07:29:30.784008+0200 emacs[49838:24160353] [CursorUI]
-[TUINSCursorUIController activate:]: EmacsView doesn't conform to
NSTextInputClient protocol.
2024-07-23 07:29:46.330785+0200 emacs[49838:24160353] [CursorUI]
-[TUINSCursorUIController activate:]: EmacsView doesn't conform to
NSTextInputClient protocol.
Process 49838 stopped
* thread #1, queue = 'com.apple.main-thread', stop reason =
EXC_BAD_ACCESS (code=1, address=0x7dbf8e410b60)
frame #0: 0x00000001912446b4 libobjc.A.dylib`objc_release + 16
libobjc.A.dylib`objc_release:
-> 0x1912446b4 <+16>: ldr x17, [x2, #0x20]
0x1912446b8 <+20>: tbz w17, #0x2, 0x19124471c ; <+120>
0x1912446bc <+24>: tbz w16, #0x0, 0x191244738 ; <+148>
0x1912446c0 <+28>: lsr x17, x16, #55
Target 0: (emacs) stopped.
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason =
EXC_BAD_ACCESS (code=1, address=0x7dbf8e410b60)
* frame #0: 0x00000001912446b4 libobjc.A.dylib`objc_release + 16
frame #1: 0x00000001003f06f0
emacs`ns_release_object(obj=0x0000600003730b40) at nsterm.m:601:5
frame #2: 0x000000010040fa34
emacs`ns_free_pixmap(_f=0x0000000146058c28, pixmap=0x0000600003730b40)
at nsterm.m:5291:3
frame #3: 0x00000001003e7344
emacs`image_clear_image_1(f=0x0000000146058c28,
img=0x000060000313c540, flags=7) at image.c:2076:4
frame #4: 0x00000001003ea4a4
emacs`image_clear_image(f=0x0000000146058c28, img=0x000060000313c540)
at image.c:2135:3
frame #5: 0x00000001003eeb90
emacs`xpm_load_image(f=0x0000000146058c28, img=0x000060000313c540,
contents="/* XPM */\nstatic char *back_arrow_xpm[] = {\n\"50 50 50
50\",\n\" c #000000\",\n\". c #53692A\",\n\"X c #59702D\",\n\"o c
#657255\",\n\"O c #6D7A5B\",\n\"+ c #6D8839\",\n\"@ c #7C9B40\",\n\"#
c #748261\",\n\"$ c #7F8E6B\",\n\"% c #818F71\",\n\"& c
#879772\",\n\"* c #8C9A7F\",\n\"= c #85A24D\",\n\"- c #8BA859\",\n\";
c #92AD62\",\n\": c #95A77E\",\n\"> c #98AF74\",\n\", c
#9BB572\",\n\"< c #9BAA87\",\n\"1 c #9CAF84\",\n\"2 c #A4B690\",\n\"3
c #A8BCA6\",\n\"4 c #ADBDA0\",\n\"5 c #AFC394\",\n\"6 c
#BAD09D\",\n\"7 c #B5C3A9\",\n\"8 c #BED2A3\",\n\"9 c #D5E1C6\",\n\"0
c #FFFFFF\",\n\"q c
None\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqq
qqqqqqqqqqqqq\",\n\"qqqqqqqqq qqqqqqqqqqqqq\",\n\"qqqqqqqq 9
qqqqqqqqqqqqq\",\n\"qqqqqqq 96 qqqqqqqqqq\",\n\"qqqqqq 968664%
qqqqqqqqq\",\n\"qqqqq 966666663 qqqqqqqq\",\n\"qqqq <666666666*
qqqqqqq\",\n\"qqqqq X@@@@@@;67 qqqqqq\",\n\"qqqqqq .@@@@@@=6$
qqqqqq\",\n\"qqqqqqq .@ X@,2 qqqqqq\",\n\"qqqqqqqq X q +-6
qqqqqq\",\n\"qqqqqqqqq qq @6 qqqqqq\",\n\"qqqqqqqqqq qqq -:
qqqqqq\",\n\"qqqqqqqqqqqqqq >o qqqqqq\",\n\"qqqqqqqqqqqqqq 5
qqqqqqq\",\n\"qqqqqqqqqqqqq"..., end="") at image.c:6532:3
frame #6: 0x00000001003eb1dc emacs`xpm_load(f=0x0000000146058c28,
img=0x000060000313c540) at image.c:6556:19
frame #7: 0x00000001003e311c
emacs`lookup_image(f=0x0000000146058c28, spec=(i =
0x0000000148070953), face_id=0) at image.c:3532:30
frame #8: 0x00000001003e2bf4 emacs`Fimage_size(spec=(i =
0x0000000148070953), pixels=(i = 0x0000000000000030), frame=(i =
0x0000000000000000)) at image.c:1676:22
frame #9: 0x00000001002caf30
emacs`funcall_subr(subr=0x0000000100b3cae0, numargs=3,
args=0x0000000148160648) at eval.c:3157:15
frame #10: 0x000000010034685c emacs`exec_byte_code(fun=(i =
0x000000010f82f815), args_template=769, nargs=2,
args=0x00000001481605e0) at bytecode.c:812:14
frame #11: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i =
0x000000013701ce85), nargs=0, arg_vector=0x0000000148160420) at
eval.c:3244:9
frame #12: 0x00000001002cab70 emacs`funcall_general(fun=(i =
0x000000013701ce85), numargs=0, args=0x0000000148160420) at
eval.c:3036:12
frame #13: 0x000000010034687c emacs`exec_byte_code(fun=(i =
0x0000000101d3436d), args_template=257, nargs=1,
args=0x0000000148160420) at bytecode.c:814:14
frame #14: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i =
0x0000000101d4da05), nargs=2, arg_vector=0x000000016fdfc420) at
eval.c:3244:9
frame #15: 0x00000001002cab70 emacs`funcall_general(fun=(i =
0x0000000101d4da05), numargs=2, args=0x000000016fdfc420) at
eval.c:3036:12
frame #16: 0x00000001002c2ea8 emacs`Ffuncall(nargs=3,
args=0x000000016fdfc418) at eval.c:3085:21
frame #17: 0x00000001002bb038
emacs`Ffuncall_interactively(nargs=3, args=0x000000016fdfc418) at
callint.c:250:32
frame #18: 0x00000001002cb0f4
emacs`funcall_subr(subr=0x0000000100b35ae0, numargs=3,
args=0x000000016fdfc418) at eval.c:3176:9
frame #19: 0x00000001002cab28 emacs`funcall_general(fun=(i =
0x0000000100b35ae5), numargs=3, args=0x000000016fdfc418) at
eval.c:3032:12
frame #20: 0x00000001002c2ea8 emacs`Ffuncall(nargs=4,
args=0x000000016fdfc410) at eval.c:3085:21
frame #21: 0x00000001002c9f08 emacs`Fapply(nargs=3,
args=0x000000016fdfd228) at eval.c:2757:24
frame #22: 0x00000001002bb460
emacs`Fcall_interactively(function=(i = 0x0000000001183a70),
record_flag=(i = 0x0000000000000000), keys=(i = 0x000000010274a8c5))
at callint.c:342:36
frame #23: 0x00000001002caf30
emacs`funcall_subr(subr=0x0000000100b35aa8, numargs=3,
args=0x0000000148160060) at eval.c:3157:15
frame #24: 0x000000010034685c emacs`exec_byte_code(fun=(i =
0x00000001027661a5), args_template=1025, nargs=1,
args=0x000000016fdfeb38) at bytecode.c:812:14
frame #25: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i =
0x00000001027661a5), nargs=1, arg_vector=0x000000016fdfeb30) at
eval.c:3244:9
frame #26: 0x00000001002cab70 emacs`funcall_general(fun=(i =
0x00000001027661a5), numargs=1, args=0x000000016fdfeb30) at
eval.c:3036:12
frame #27: 0x00000001002c2ea8 emacs`Ffuncall(nargs=2,
args=0x000000016fdfeb28) at eval.c:3085:21
frame #28: 0x00000001001a45ec emacs`command_loop_1 at keyboard.c:1550:13
frame #29: 0x00000001002c6b70
emacs`internal_condition_case(bfun=(emacs`command_loop_1 at
keyboard.c:1324), handlers=(i = 0x0000000000000090),
hfun=(emacs`cmd_error at keyboard.c:970)) at eval.c:1613:25
frame #30: 0x00000001001a3a64 emacs`command_loop_2(handlers=(i =
0x0000000000000090)) at keyboard.c:1168:11
frame #31: 0x00000001002c5c44 emacs`internal_catch(tag=(i =
0x0000000000011220), func=(emacs`command_loop_2 at keyboard.c:1164),
arg=(i = 0x0000000000000090)) at eval.c:1292:25
frame #32: 0x00000001001a29fc emacs`command_loop at keyboard.c:1146:2
frame #33: 0x00000001001a27a4 emacs`recursive_edit_1 at keyboard.c:754:9
frame #34: 0x00000001001a2d88 emacs`Frecursive_edit at keyboard.c:837:3
frame #35: 0x000000010019f1c4 emacs`main(argc=2,
argv=0x000000016fdff590) at emacs.c:2624:3
frame #36: 0x00000001912920e0 dyld`start + 2360
(lldb) bt full
error: bt [<digit> | all]
(lldb) bt all
* thread #1, queue = 'com.apple.main-thread', stop reason =
EXC_BAD_ACCESS (code=1, address=0x7dbf8e410b60)
* frame #0: 0x00000001912446b4 libobjc.A.dylib`objc_release + 16
frame #1: 0x00000001003f06f0
emacs`ns_release_object(obj=0x0000600003730b40) at nsterm.m:601:5
frame #2: 0x000000010040fa34
emacs`ns_free_pixmap(_f=0x0000000146058c28, pixmap=0x0000600003730b40)
at nsterm.m:5291:3
frame #3: 0x00000001003e7344
emacs`image_clear_image_1(f=0x0000000146058c28,
img=0x000060000313c540, flags=7) at image.c:2076:4
frame #4: 0x00000001003ea4a4
emacs`image_clear_image(f=0x0000000146058c28, img=0x000060000313c540)
at image.c:2135:3
frame #5: 0x00000001003eeb90
emacs`xpm_load_image(f=0x0000000146058c28, img=0x000060000313c540,
contents="/* XPM */\nstatic char *back_arrow_xpm[] = {\n\"50 50 50
50\",\n\" c #000000\",\n\". c #53692A\",\n\"X c #59702D\",\n\"o c
#657255\",\n\"O c #6D7A5B\",\n\"+ c #6D8839\",\n\"@ c #7C9B40\",\n\"#
c #748261\",\n\"$ c #7F8E6B\",\n\"% c #818F71\",\n\"& c
#879772\",\n\"* c #8C9A7F\",\n\"= c #85A24D\",\n\"- c #8BA859\",\n\";
c #92AD62\",\n\": c #95A77E\",\n\"> c #98AF74\",\n\", c
#9BB572\",\n\"< c #9BAA87\",\n\"1 c #9CAF84\",\n\"2 c #A4B690\",\n\"3
c #A8BCA6\",\n\"4 c #ADBDA0\",\n\"5 c #AFC394\",\n\"6 c
#BAD09D\",\n\"7 c #B5C3A9\",\n\"8 c #BED2A3\",\n\"9 c #D5E1C6\",\n\"0
c #FFFFFF\",\n\"q c
None\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqqqqqqqqqqqqqqqq\",\n\"qqqqqqqqqq
qqqqqqqqqqqqq\",\n\"qqqqqqqqq qqqqqqqqqqqqq\",\n\"qqqqqqqq 9
qqqqqqqqqqqqq\",\n\"qqqqqqq 96 qqqqqqqqqq\",\n\"qqqqqq 968664%
qqqqqqqqq\",\n\"qqqqq 966666663 qqqqqqqq\",\n\"qqqq <666666666*
qqqqqqq\",\n\"qqqqq X@@@@@@;67 qqqqqq\",\n\"qqqqqq .@@@@@@=6$
qqqqqq\",\n\"qqqqqqq .@ X@,2 qqqqqq\",\n\"qqqqqqqq X q +-6
qqqqqq\",\n\"qqqqqqqqq qq @6 qqqqqq\",\n\"qqqqqqqqqq qqq -:
qqqqqq\",\n\"qqqqqqqqqqqqqq >o qqqqqq\",\n\"qqqqqqqqqqqqqq 5
qqqqqqq\",\n\"qqqqqqqqqqqqq"..., end="") at image.c:6532:3
frame #6: 0x00000001003eb1dc emacs`xpm_load(f=0x0000000146058c28,
img=0x000060000313c540) at image.c:6556:19
frame #7: 0x00000001003e311c
emacs`lookup_image(f=0x0000000146058c28, spec=(i =
0x0000000148070953), face_id=0) at image.c:3532:30
frame #8: 0x00000001003e2bf4 emacs`Fimage_size(spec=(i =
0x0000000148070953), pixels=(i = 0x0000000000000030), frame=(i =
0x0000000000000000)) at image.c:1676:22
frame #9: 0x00000001002caf30
emacs`funcall_subr(subr=0x0000000100b3cae0, numargs=3,
args=0x0000000148160648) at eval.c:3157:15
frame #10: 0x000000010034685c emacs`exec_byte_code(fun=(i =
0x000000010f82f815), args_template=769, nargs=2,
args=0x00000001481605e0) at bytecode.c:812:14
frame #11: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i =
0x000000013701ce85), nargs=0, arg_vector=0x0000000148160420) at
eval.c:3244:9
frame #12: 0x00000001002cab70 emacs`funcall_general(fun=(i =
0x000000013701ce85), numargs=0, args=0x0000000148160420) at
eval.c:3036:12
frame #13: 0x000000010034687c emacs`exec_byte_code(fun=(i =
0x0000000101d3436d), args_template=257, nargs=1,
args=0x0000000148160420) at bytecode.c:814:14
frame #14: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i =
0x0000000101d4da05), nargs=2, arg_vector=0x000000016fdfc420) at
eval.c:3244:9
frame #15: 0x00000001002cab70 emacs`funcall_general(fun=(i =
0x0000000101d4da05), numargs=2, args=0x000000016fdfc420) at
eval.c:3036:12
frame #16: 0x00000001002c2ea8 emacs`Ffuncall(nargs=3,
args=0x000000016fdfc418) at eval.c:3085:21
frame #17: 0x00000001002bb038
emacs`Ffuncall_interactively(nargs=3, args=0x000000016fdfc418) at
callint.c:250:32
frame #18: 0x00000001002cb0f4
emacs`funcall_subr(subr=0x0000000100b35ae0, numargs=3,
args=0x000000016fdfc418) at eval.c:3176:9
frame #19: 0x00000001002cab28 emacs`funcall_general(fun=(i =
0x0000000100b35ae5), numargs=3, args=0x000000016fdfc418) at
eval.c:3032:12
frame #20: 0x00000001002c2ea8 emacs`Ffuncall(nargs=4,
args=0x000000016fdfc410) at eval.c:3085:21
frame #21: 0x00000001002c9f08 emacs`Fapply(nargs=3,
args=0x000000016fdfd228) at eval.c:2757:24
frame #22: 0x00000001002bb460
emacs`Fcall_interactively(function=(i = 0x0000000001183a70),
record_flag=(i = 0x0000000000000000), keys=(i = 0x000000010274a8c5))
at callint.c:342:36
frame #23: 0x00000001002caf30
emacs`funcall_subr(subr=0x0000000100b35aa8, numargs=3,
args=0x0000000148160060) at eval.c:3157:15
frame #24: 0x000000010034685c emacs`exec_byte_code(fun=(i =
0x00000001027661a5), args_template=1025, nargs=1,
args=0x000000016fdfeb38) at bytecode.c:812:14
frame #25: 0x00000001002cb3cc emacs`funcall_lambda(fun=(i =
0x00000001027661a5), nargs=1, arg_vector=0x000000016fdfeb30) at
eval.c:3244:9
frame #26: 0x00000001002cab70 emacs`funcall_general(fun=(i =
0x00000001027661a5), numargs=1, args=0x000000016fdfeb30) at
eval.c:3036:12
frame #27: 0x00000001002c2ea8 emacs`Ffuncall(nargs=2,
args=0x000000016fdfeb28) at eval.c:3085:21
frame #28: 0x00000001001a45ec emacs`command_loop_1 at keyboard.c:1550:13
frame #29: 0x00000001002c6b70
emacs`internal_condition_case(bfun=(emacs`command_loop_1 at
keyboard.c:1324), handlers=(i = 0x0000000000000090),
hfun=(emacs`cmd_error at keyboard.c:970)) at eval.c:1613:25
frame #30: 0x00000001001a3a64 emacs`command_loop_2(handlers=(i =
0x0000000000000090)) at keyboard.c:1168:11
frame #31: 0x00000001002c5c44 emacs`internal_catch(tag=(i =
0x0000000000011220), func=(emacs`command_loop_2 at keyboard.c:1164),
arg=(i = 0x0000000000000090)) at eval.c:1292:25
frame #32: 0x00000001001a29fc emacs`command_loop at keyboard.c:1146:2
frame #33: 0x00000001001a27a4 emacs`recursive_edit_1 at keyboard.c:754:9
frame #34: 0x00000001001a2d88 emacs`Frecursive_edit at keyboard.c:837:3
frame #35: 0x000000010019f1c4 emacs`main(argc=2,
argv=0x000000016fdff590) at emacs.c:2624:3
frame #36: 0x00000001912920e0 dyld`start + 2360
thread #2
frame #0: 0x0000000191615d20 libsystem_pthread.dylib`start_wqthread
thread #5
frame #0: 0x00000001915e04cc libsystem_kernel.dylib`__pselect + 8
frame #1: 0x00000001915e03a4
libsystem_kernel.dylib`pselect$DARWIN_EXTSN + 64
frame #2: 0x00000001003f709c emacs`-[EmacsApp
fd_handler:](self=0x0000000145f20520, _cmd="fd_handler:",
unused=0x0000000000000000) at nsterm.m:6444:20
frame #3: 0x0000000192825f80 Foundation`__NSThread__start__ + 716
frame #4: 0x000000019161af94 libsystem_pthread.dylib`_pthread_start + 136
thread #6, name = 'com.apple.NSEventThread'
frame #0: 0x00000001915da1f4 libsystem_kernel.dylib`mach_msg2_trap + 8
frame #1: 0x00000001915ecb24 libsystem_kernel.dylib`mach_msg2_internal + 80
frame #2: 0x00000001915e2e34 libsystem_kernel.dylib`mach_msg_overwrite + 476
frame #3: 0x00000001915da578 libsystem_kernel.dylib`mach_msg + 24
frame #4: 0x00000001916fa680 CoreFoundation`__CFRunLoopServiceMachPort + 160
frame #5: 0x00000001916f8f44 CoreFoundation`__CFRunLoopRun + 1208
frame #6: 0x00000001916f8434 CoreFoundation`CFRunLoopRunSpecific + 608
frame #7: 0x0000000195082188 AppKit`_NSEventThread + 144
frame #8: 0x000000019161af94 libsystem_pthread.dylib`_pthread_start + 136
thread #7
frame #0: 0x0000000191615d20 libsystem_pthread.dylib`start_wqthread
thread #8
frame #0: 0x0000000191615d20 libsystem_pthread.dylib`start_wqthread
thread #9
frame #0: 0x0000000191615d20 libsystem_pthread.dylib`start_wqthread
thread #10
frame #0: 0x0000000000000000
(lldb)
In GNU Emacs 30.0.60 (build 3, aarch64-apple-darwin23.5.0, NS
appkit-2487.60 Version 14.5 (Build 23F79)) of 2024-07-15 built on
foo.local
Repository revision: a7b68c25640de8214bc759d20180373c2dbcfa16
Repository branch: emacs-30
Windowing system distributor 'Apple', version 10.3.2487
System Description: macOS 14.5
Configured features:
ACL GNUTLS LCMS2 LIBXML2 MODULES NOTIFY KQUEUE NS PDUMPER PNG SQLITE3
THREADS TOOLKIT_SCROLL_BARS TREE_SITTER ZLIB
Important settings:
value of $LC_CTYPE: UTF-8
value of $LANG: en_US.UTF-8
locale-coding-system: utf-8-unix
Major mode: Lisp Interaction
Minor modes in effect:
tooltip-mode: t
global-eldoc-mode: t
eldoc-mode: t
show-paren-mode: t
electric-indent-mode: t
mouse-wheel-mode: t
tool-bar-mode: t
menu-bar-mode: t
file-name-shadow-mode: t
global-font-lock-mode: t
font-lock-mode: t
blink-cursor-mode: t
minibuffer-regexp-mode: t
line-number-mode: t
indent-tabs-mode: t
transient-mark-mode: t
auto-composition-mode: t
auto-encryption-mode: t
auto-compression-mode: t
Load-path shadows:
None found.
Features:
(shadow sort mail-extr emacsbug message mailcap yank-media puny dired
dired-loaddefs rfc822 mml mml-sec password-cache epa derived epg rfc6068
epg-config gnus-util text-property-search time-date subr-x mm-decode
mm-bodies mm-encode mail-parse rfc2231 mailabbrev gmm-utils mailheader
cl-loaddefs cl-lib sendmail rfc2047 rfc2045 ietf-drums mm-util
mail-prsvr mail-utils rmc iso-transl tooltip cconv eldoc paren electric
uniquify ediff-hook vc-hooks lisp-float-type elisp-mode mwheel
term/ns-win ns-win ucs-normalize mule-util term/common-win tool-bar dnd
fontset image regexp-opt fringe tabulated-list replace newcomment
text-mode lisp-mode prog-mode register page tab-bar menu-bar rfn-eshadow
isearch easymenu timer select scroll-bar mouse jit-lock font-lock syntax
font-core term/tty-colors frame minibuffer nadvice seq simple cl-generic
indonesian philippine cham georgian utf-8-lang misc-lang vietnamese
tibetan thai tai-viet lao korean japanese eucjp-ms cp51932 hebrew greek
romanian slovak czech european ethiopic indian cyrillic chinese
composite emoji-zwj charscript charprop case-table epa-hook
jka-cmpr-hook help abbrev obarray oclosure cl-preloaded button loaddefs
theme-loaddefs faces cus-face macroexp files window text-properties
overlay sha1 md5 base64 format env code-pages mule custom widget keymap
hashtable-print-readable backquote threads kqueue cocoa ns lcms2
multi-tty make-network-process emacs)
Memory information:
((conses 16 38639 9033) (symbols 48 5265 0) (strings 32 11913 1820)
(string-bytes 1 282419) (vectors 16 9381)
(vector-slots 8 106144 7815) (floats 8 21 3) (intervals 56 221 0)
(buffers 992 10))
[back-arrow.xpm.txt (text/plain, attachment)]
bug-gnu-emacs <at> gnu.org:bug#72255; Package emacs.
(Wed, 24 Jul 2024 03:42:02 GMT) Full text and rfc822 format available.Message #8 received at 72255 <at> debbugs.gnu.org (full text, mbox):
From: Po Lu <luangruo <at> yahoo.com> To: Stefan Kangas <stefankangas <at> gmail.com> Cc: 72255 <at> debbugs.gnu.org Subject: Re: bug#72255: 30.0.60; Crash on macOS with malformed XPM image file Date: Wed, 24 Jul 2024 11:41:13 +0800
Stefan Kangas <stefankangas <at> gmail.com> writes: > Severity: normal > > Emacs crashes on macOS when opening a malformed XPM image file. > > I'm attaching an example image with the file extension ".xpm.txt" below; > to reproduce, simply rename the file to ".xpm" and open it in Emacs. > (This bad file is an edited version of back-arrow.xpm in emacs.git.) > > I've included an lldb backtrace below. Note that I reproduced this on > master, but the code has not changed from emacs-30. > > The crash happens in nsterm.m:601:5, but I can't figure out why we're > trying to access some other address than the pointer that was passed to > that function. Maybe this is trivial to someone that knows Objective-C. Please test the emacs-30 branch. It was a double free on NS affecting not only XPM, but all image loading functions in varying measures.
Stefan Kangas <stefankangas <at> gmail.com>:Stefan Kangas <stefankangas <at> gmail.com>:Message #13 received at 72255-done <at> debbugs.gnu.org (full text, mbox):
From: Stefan Kangas <stefankangas <at> gmail.com> To: Po Lu <luangruo <at> yahoo.com> Cc: 72255-done <at> debbugs.gnu.org Subject: Re: bug#72255: 30.0.60; Crash on macOS with malformed XPM image file Date: Tue, 23 Jul 2024 20:51:06 -0700
Version: 30.1 Po Lu <luangruo <at> yahoo.com> writes: > Stefan Kangas <stefankangas <at> gmail.com> writes: > >> Severity: normal >> >> Emacs crashes on macOS when opening a malformed XPM image file. >> >> I'm attaching an example image with the file extension ".xpm.txt" below; >> to reproduce, simply rename the file to ".xpm" and open it in Emacs. >> (This bad file is an edited version of back-arrow.xpm in emacs.git.) >> >> I've included an lldb backtrace below. Note that I reproduced this on >> master, but the code has not changed from emacs-30. >> >> The crash happens in nsterm.m:601:5, but I can't figure out why we're >> trying to access some other address than the pointer that was passed to >> that function. Maybe this is trivial to someone that knows Objective-C. > > Please test the emacs-30 branch. It was a double free on NS affecting > not only XPM, but all image loading functions in varying measures. That seems to have fixed the crash. Closing the bug, thanks!
Debbugs Internal Request <help-debbugs <at> gnu.org>
to internal_control <at> debbugs.gnu.org.
(Wed, 21 Aug 2024 11:24:07 GMT) Full text and rfc822 format available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.