bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#5856: 24.0.50; Crash in redisplay


From: Jan Djärv
Subject: bug#5856: 24.0.50; Crash in redisplay
Date: Fri, 09 Apr 2010 07:32:57 +0200
User-agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; sv-SE; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4



Eli Zaretskii skrev 2010-04-08 23.29:
Date: Thu, 08 Apr 2010 18:13:20 +0200
From: Jan Djärv<address@hidden>
CC: address@hidden

How many of these "C-x b"s caused the list of possible completions to
exceed one screen line?  If the answer is "many" or "all", then could
you try to figure out or recall if there was anything special about
the ones that caused crashes?

Somewhere between "many" and "all".  It is the same list of files I was
editing.  They mostly start on x (xsettings, xtern, xfns, xlwmenu, and so on),
so it probably looked pretty much the same each time.

There was nothing special about the one that caused a crash I can think of.
It seems it just takes time. I just got a crash again, but this time I hadn't
started it from gdb, unfortunately.  Also, about 3-5 hours before it crashed
this time.

I think I found the problem.  The invalid glyph that caused the crash
was not supposed to be dereferenced.  Its pointer is exactly the same
as `end', as your backtrace shows:

   #0  0x000000000044d2f1 in set_cursor_from_row (w=0x1378d60, row=0x1fbf550,
   matrix=0x18217a0, delta=0, delta_bytes=0, dy=0, dvpos=0) at
   /home/jhd/src/emacs/fixes/src/xdisp.c:12775
           glyph = 0x1fa5cd0
           end = 0x1fa5cd0

But `end' points beyond the last glyph in the TEXT_AREA of the glyph
row:

   struct glyph *end = glyph + row->used[TEXT_AREA];

If we dereference this pointer, we could be referencing uninitialized
memory, e.g. if there are no margins (i.e. no glyphs in the row after
TEXT_AREA).

The old code was careful not to dereference such a pointer, but when I
rewrote set_cursor_from_row, I failed to copy those precautions.

I installed a fix.  Please see if it stops these crashes, and if so,
please close the bug report.


Great! I'll run for a couple of days and if it doesn'r reappear I will close the bug.

Thanks,

        Jan D.






reply via email to

[Prev in Thread] Current Thread [Next in Thread]