bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c

From: Sergei Litvin
Subject: bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c
Date: Tue, 26 Jul 2016 01:02:27 +0300
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 
I've prepared an elisp file to reproduce a crash:

1) Open it and move cursor to the end of the file

2) Execute eval-buffer

3) Press C-l several times


Sergei Litvin


On 07/25/2016 07:24 PM, Eli Zaretskii wrote:

From: Sergei Litvin <litvindev@gmail.com>
Date: Mon, 25 Jul 2016 02:51:40 +0300


struct position *
compute_motion (ptrdiff_t from, ptrdiff_t frombyte, EMACS_INT fromvpos,
EMACS_INT fromhpos, bool did_motion, ptrdiff_t to,
EMACS_INT tovpos, EMACS_INT tohpos, EMACS_INT width,
ptrdiff_t hscroll, int tab_offset, struct window *win)
{

...

if (dp == buffer_display_table ())
width_table = (VECTORP (BVAR (current_buffer, width_table))
? XVECTOR (BVAR (current_buffer, width_table))->contents
: 0);
else
/* If the window has its own display table, we can't use the width
run cache, because that's based on the buffer's display table. */
width_table = 0; // initialize it with 0 (current buffer has no display table)

...

if (width_cache)
{
/* Is this character part of the current run? If so, extend
the run. */
if (pos - 1 == width_run_end
&& XFASTINT (width_table[c]) == width_run_width) // dereference width_table 
here, and crash
width_run_end = pos;

Did you actually see such a crash, and if so, can you show a recipe
for reproducing that?

Thanks.

Attachment: emacs-crash.el
Description: Text Data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]