Re: Redisplay crash

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Redisplay crash

From:	Romain Francoise
Subject:	Re: Redisplay crash
Date:	Wed, 05 Jan 2005 21:49:44 +0100
User-agent:	Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux)

Romain Francoise <address@hidden> writes:

> I will investigate further, any clues are welcome.

After further investigation... the problem lies on line 872 of term.c, I
think the size computation is backwards.  In my tests, this code makes
the buffer shrink to something like 16 bytes.  The following bcopy call
then writes way more than that, overflowing the buffer and overwriting
the libc memory block pointers and thus making the next call to xrealloc
(needed because the size was set to something too small for what we have
to decode) fail.

That test is probably meant to check if we have to grow the buffer, not
shrink it, so reversing it appears to be what was intended.  At least it
fixes the crash for me, I've been running with that patch for some time
with success so far.  What do you think?

2005-01-05  Romain Francoise  <address@hidden>

        * term.c (encode_terminal_code): Fix buffer size computation.

Index: term.c
===================================================================
RCS file: /cvsroot/emacs/emacs/src/term.c,v
retrieving revision 1.159
diff -c -r1.159 term.c
*** term.c      12 Dec 2004 03:31:00 -0000      1.159
--- term.c      5 Jan 2005 20:38:47 -0000
***************
*** 1,5 ****
  /* Terminal control module for terminals described by TERMCAP
!    Copyright (C) 1985, 86, 87, 93, 94, 95, 98, 2000, 2001, 2002
     Free Software Foundation, Inc.
  
  This file is part of GNU Emacs.
--- 1,5 ----
  /* Terminal control module for terminals described by TERMCAP
!    Copyright (C) 1985, 86, 87, 93, 94, 95, 98, 2000, 2001, 2002, 2005
     Free Software Foundation, Inc.
  
  This file is part of GNU Emacs.
***************
*** 869,875 ****
                  if (! STRING_MULTIBYTE (string))
                    string = string_to_multibyte (string);
                  nbytes = buf - encode_terminal_buf;
!                 if (nbytes + SBYTES (string) < encode_terminal_bufsize)
                    {
                      encode_terminal_bufsize = nbytes + SBYTES (string);
                      encode_terminal_buf = xrealloc (encode_terminal_buf,
--- 869,875 ----
                  if (! STRING_MULTIBYTE (string))
                    string = string_to_multibyte (string);
                  nbytes = buf - encode_terminal_buf;
!                 if (encode_terminal_bufsize < nbytes + SBYTES (string))
                    {
                      encode_terminal_bufsize = nbytes + SBYTES (string);
                      encode_terminal_buf = xrealloc (encode_terminal_buf,

-- 
Romain Francoise <address@hidden> | I just thought I'd go out
it's a miracle -- http://orebokech.com/ | with a little bit more style.

[Prev in Thread]

Current Thread

[Next in Thread]

Redisplay crash, Romain Francoise, 2005/01/03
- Re: Redisplay crash, Kenichi Handa, 2005/01/03
  - Re: Redisplay crash, Romain Francoise, 2005/01/04
    - Re: Redisplay crash, Romain Francoise <=
    - Re: Redisplay crash, Romain Francoise, 2005/01/05
    - Re: Redisplay crash, Kenichi Handa, 2005/01/05

Prev by Date: Re: Getting more info on a variable in Customize buffers
Next by Date: Re: Getting more info on a variable in Customize buffers
Previous by thread: Re: Redisplay crash
Next by thread: Re: Redisplay crash
Index(es):
- Date
- Thread