bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#9495: 24.0.50; Segfault in try_cursor_movement

From: Eli Zaretskii
Subject: bug#9495: 24.0.50; Segfault in try_cursor_movement
Date: Wed, 14 Sep 2011 01:22:21 -0400 
> From: Johan Bockgård <bojohan@gnu.org>
> Date: Tue, 13 Sep 2011 21:28:17 +0200
> 
> 
> Program terminated with signal 11, Segmentation fault.
> #0  0x00007f5bccbe6fe7 in kill () at ../sysdeps/unix/syscall-template.S:82
> 82      ../sysdeps/unix/syscall-template.S: No such file or directory.
>         in ../sysdeps/unix/syscall-template.S
> (gdb) bt
> #0  0x00007f5bccbe6fe7 in kill () at ../sysdeps/unix/syscall-template.S:82
> #1  0x000000000056e889 in fatal_error_signal (sig=11) at emacs.c:358
> #2  <signal handler called>
> #3  0x0000000000465f3f in try_cursor_movement (window=20987605, startp=...,
>     scroll_step=0x7fff5e400758) at xdisp.c:14639
> 
> xdisp.c:14639: (BUFFERP (g->object) && g->charpos == PT)
> 
> g is not a valid glyph here.
> 
> (gdb) p MATRIX_ROW (w->current_matrix, w->cursor.vpos).used[TEXT_AREA]
> $3 = 80
> (gdb) p w->cursor.hpos
> $4 = 80

Thanks.  But what is the value of `rv' at that point?

> 2011-09-13  Johan Bockgård  <bojohan@gnu.org>
> 
>       * xdisp.c (try_cursor_movement): Check bounds of hpos.

That will prevent your particular crash, but I'm not sure it's correct
in all cases (like R2L lines and other atrocities).  Can you give a
recipe for reproducing this crash from "emacs -Q"?  I'd like to
investigate a bit more.  TIA.

> BTW, is this code in try_window_reusing_current_matrix correct?
> 
>     struct glyph *glyph = row->glyphs[TEXT_AREA] + w->cursor.hpos;
>     struct glyph *end = glyph + row->used[TEXT_AREA];

No, it's a bug.  I fixed it.  Thanks for spotting it.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]