bug#20156: Emacs 24 stack corruption in fontset.c:fontset_pattern

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#20156: Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp

From:	John F Carr
Subject:	bug#20156: Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp
Date:	Sat, 21 Mar 2015 12:06:16 +0000

Emacs crashes on Mac Yosemite (native window system) when I use set-frame-font 
with certain font patterns.  The cause is writing past the end of an alloca 
buffer in fontset.c:fontset_pattern_regexp.  This triggers a stack check 
assertion.  Alloca is used to allocate space for a regexp, but the size 
neglects to consider the ^$ around the regexp.  “+1” should be “+3”.

To reproduce:

(set-frame-font "-adobe-courier-medium-r-normal--24-*-75-75-m-150-iso8859-1”)

without X installed.

Bug in 24.3 and "GNU Emacs 24.4.2 (x86_64-apple-darwin14.1.0, NS 
apple-appkit-1344.72)”.

fontset.diff
Description: fontset.diff

[Prev in Thread]

Current Thread

[Next in Thread]

bug#20156: Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp, John F Carr <=
- bug#20156: Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp, Jan D., 2015/03/22

Prev by Date: bug#20140: 24.4; M17n shaper output rejected
Next by Date: bug#17170: 24.3.50; debug: Terminal 3 is locked, cannot read from it
Previous by thread: bug#18939: 24.4; middle-click sometimes pastes data other than the PRIMARY selection
Next by thread: bug#20156: Emacs 24 stack corruption in fontset.c:fontset_pattern_regexp
Index(es):
- Date
- Thread