[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c
From: |
Clément Pit--Claudel |
Subject: |
bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c |
Date: |
Mon, 25 Jul 2016 18:37:17 -0400 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 |
On 2016-07-25 18:02, Sergei Litvin wrote:
> I've prepared an elisp file to reproduce a crash:
>
> 1) Open it and move cursor to the end of the file
> 2) Execute eval-buffer
> 3) Press C-l several times
Running this recipe does not cause a crash for me in GNU Emacs 25.1.50.7
(x86_64-pc-linux-gnu, GTK+ Version 3.18.9) of 2016-07-20. Am I missing
something?
> On 07/25/2016 07:24 PM, Eli Zaretskii wrote:
>>> From: Sergei Litvin <litvindev@gmail.com>
>>> Date: Mon, 25 Jul 2016 02:51:40 +0300
>>>
>>>
>>> struct position *
>>> compute_motion (ptrdiff_t from, ptrdiff_t frombyte, EMACS_INT fromvpos,
>>> EMACS_INT fromhpos, bool did_motion, ptrdiff_t to,
>>> EMACS_INT tovpos, EMACS_INT tohpos, EMACS_INT width,
>>> ptrdiff_t hscroll, int tab_offset, struct window *win)
>>> {
>>>
>>> ...
>>>
>>> if (dp == buffer_display_table ())
>>> width_table = (VECTORP (BVAR (current_buffer, width_table))
>>> ? XVECTOR (BVAR (current_buffer, width_table))->contents
>>> : 0);
>>> else
>>> /* If the window has its own display table, we can't use the width
>>> run cache, because that's based on the buffer's display table. */
>>> width_table = 0; // initialize it with 0 (current buffer has no display
>>> table)
>>>
>>> ...
>>>
>>> if (width_cache)
>>> {
>>> /* Is this character part of the current run? If so, extend
>>> the run. */
>>> if (pos - 1 == width_run_end
>>> && XFASTINT (width_table[c]) == width_run_width) // dereference width_table
>>> here, and crash
>>> width_run_end = pos;
>> Did you actually see such a crash, and if so, can you show a recipe
>> for reproducing that?
>>
>> Thanks.
>
signature.asc
Description: OpenPGP digital signature
- bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c, Sergei Litvin, 2016/07/24
- bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c, Eli Zaretskii, 2016/07/25
- bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c, Sergei Litvin, 2016/07/25
- bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c,
Clément Pit--Claudel <=
- bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c, npostavs, 2016/07/25
- bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c, Clément Pit--Claudel, 2016/07/25
- bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c, Eli Zaretskii, 2016/07/26
- bug#24064: 24.5; NULL pointer dereference in compute_motion(), indent.c, Clément Pit--Claudel, 2016/07/26