bug#13743: 24.2.93; Segmentation fault when trying to [s]teal a file opened elsewhere

[Eli Zaretskii]

> Date: Mon, 25 Feb 2013 09:52:24 +0400
> From: Dmitry Gutov <dgutov@yandex.ru>
> CC: monnier@iro.umontreal.ca, 13743@debbugs.gnu.org
> 
> OTOH, the existing behavior in this area is rather messy anyway:
> 
> a) If START equals to the beginning of the region with the same 
> property, the buffer is marked modified anyway (even though nothing 
> changes from the observer's point of view).
> 
> So, the trivial example of repeating an `add-text-properties' call with 
> the same arguments in a previously unpropertized buffer will mark it as 
> modified every time.
> 
> b) This probably has something to do with internal representation, but 
> even having the same property span before START is not a safe bet:

That's a bug, actually, and a very old one at that (at least 17 years
old, IIUC).  The code didn't handle correctly all the situations where
there's nothing to change, before it announced a change by calling
modify_region (and later called signal_after_change).

I installed on the trunk revision 111875 to fix this.  Now all your
examples:

> 1. Create a new file with a line of text in it, preferably without 
> spaces, to see face changes easily
> 2. Save it, disable font-lock-mode.
> 3. Evaluate:
> 
> (add-text-properties 1 6 '(face font-lock-constant-face)) => modified
> save
> (add-text-properties 2 6 '(face font-lock-constant-face)) => unmodified
> (add-text-properties 2 7 '(face font-lock-constant-face)) => modified
> save
> (add-text-properties 2 6 '(face font-lock-constant-face)) => unmodified
> - optional step
> (add-text-properties 2 7 '(face font-lock-constant-face)) => modified(!)
> - even though 1 still has the same face
> - you can save and repeat this step indefinitely

work as expected.

Interestingly, this also fixes the original segfault which started
this discussion (not before I fixed similar bugs in
remove-text-properties and elsewhere in textprop.c, because making the
change only n add-text-properties still triggered a similar segfault
from remove-text-properties).  So perhaps the fact that buffer
modifications were announced unnecessarily is the root cause for the
segfault.

I couldn't convince myself that, even after revision 111875, we could
not end up in a situation where redisplay triggered by modify_region
changes the intervals when it fontifies the buffer.  So perhaps we
need a followup patch to plumb that potential hole, something along
the following:

=== modified file 'src/textprop.c'
--- src/textprop.c      2013-02-25 16:13:42 +0000
+++ src/textprop.c      2013-02-25 16:23:43 +0000
@@ -1134,6 +1134,7 @@ Return t if any property value actually 
   register int modified = 0;
   struct gcpro gcpro1;
   ptrdiff_t got;
+  int first_time = 1;
 
   properties = validate_plist (properties);
   if (NILP (properties))
@@ -1142,6 +1143,7 @@ Return t if any property value actually 
   if (NILP (object))
     XSETBUFFER (object, current_buffer);
 
+ retry:
   i = validate_interval_range (object, &start, &end, hard);
   if (!i)
     return Qnil;
@@ -1174,8 +1176,25 @@ Return t if any property value actually 
       copy_properties (unchanged, i);
     }
 
-  if (BUFFERP (object))
-    modify_region (object, start, end);
+  if (BUFFERP (object) && first_time)
+    {
+      ptrdiff_t prev_total_length = TOTAL_LENGTH (i);
+      ptrdiff_t prev_pos = i->position;
+
+      modify_region (object, start, end);
+      /* If someone called us recursively as a side effect of
+        modify_region, and changed the intervals behind our back
+        (could happen if lock_file, called by prepare_to_modify_buffer,
+        triggers redisplay, and that calls add-text-properties again
+        in the same buffer), we cannot continue with I, because its
+        data changed.  So we restart the interval analysis anew.  */
+      if (TOTAL_LENGTH (i) != prev_total_length
+         || i->position != prev_pos)
+       {
+         first_time = 0;
+         goto retry;
+       }
+    }
 
   /* We are at the beginning of interval I, with LEN chars to scan.  */
   for (;;)