[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#9495: 24.0.50; Segfault in try_cursor_movement
From: |
Johan Bockgård |
Subject: |
bug#9495: 24.0.50; Segfault in try_cursor_movement |
Date: |
Wed, 14 Sep 2011 21:50:29 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.0.50 (gnu/linux) |
Eli Zaretskii <eliz@gnu.org> writes:
>> From: Johan Bockgård <bojohan@gnu.org>
>> Date: Tue, 13 Sep 2011 21:28:17 +0200
>>
>>
>> Program terminated with signal 11, Segmentation fault.
>> #0 0x00007f5bccbe6fe7 in kill () at ../sysdeps/unix/syscall-template.S:82
>> 82 ../sysdeps/unix/syscall-template.S: No such file or directory.
>> in ../sysdeps/unix/syscall-template.S
>> (gdb) bt
>> #0 0x00007f5bccbe6fe7 in kill () at ../sysdeps/unix/syscall-template.S:82
>> #1 0x000000000056e889 in fatal_error_signal (sig=11) at emacs.c:358
>> #2 <signal handler called>
>> #3 0x0000000000465f3f in try_cursor_movement (window=20987605, startp=...,
>> scroll_step=0x7fff5e400758) at xdisp.c:14639
>>
>> xdisp.c:14639: (BUFFERP (g->object) && g->charpos == PT)
>>
>> g is not a valid glyph here.
>>
>> (gdb) p MATRIX_ROW (w->current_matrix, w->cursor.vpos).used[TEXT_AREA]
>> $3 = 80
>> (gdb) p w->cursor.hpos
>> $4 = 80
>
> Thanks. But what is the value of `rv' at that point?
1
>> 2011-09-13 Johan Bockgård <bojohan@gnu.org>
>>
>> * xdisp.c (try_cursor_movement): Check bounds of hpos.
>
> That will prevent your particular crash, but I'm not sure it's correct
> in all cases (like R2L lines and other atrocities). Can you give a
> recipe for reproducing this crash from "emacs -Q"? I'd like to
> investigate a bit more. TIA.
emacs -Q -eval '(setq line-move-visual nil truncate-lines t track-eol t)'
C-u 100 x RET
y <up>
At this point, in try_cursor_movement, point is in the "x" line, the
window has not yet hscrolled, and the value of hpos is just after the
last valid element in glyphs[TEXT_AREA].
(It only actually crashes some of the time, of course.)