[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#53254: 28.0.60; Crash in composition_adjust_point while typing
From: |
Eli Zaretskii |
Subject: |
bug#53254: 28.0.60; Crash in composition_adjust_point while typing |
Date: |
Fri, 14 Jan 2022 15:58:19 +0200 |
> Date: Fri, 14 Jan 2022 21:30:06 +0800
> From: Po Lu via "Bug reports for GNU Emacs,
> the Swiss army knife of text editors" <bug-gnu-emacs@gnu.org>
>
> Typing a document, I got a crash with the following backtrace:
>
> #0 0x00007f356943585c in __pthread_kill_implementation () at /lib64/libc.so.6
> #1 0x00007f35693e86b6 in raise () at /lib64/libc.so.6
> #2 0x000000000041db0a in terminate_due_to_signal (sig=sig@entry=11,
> backtrace_limit=backtrace_limit@entry=40) at emacs.c:437
> #3 0x000000000041df7d in handle_fatal_signal (sig=sig@entry=11) at
> sysdep.c:1762
> #4 0x000000000051a718 in deliver_thread_signal (sig=sig@entry=11,
> handler=0x41df72 <handle_fatal_signal>) at sysdep.c:1754
> #5 0x000000000051a789 in deliver_fatal_thread_signal (sig=11) at
> sysdep.c:1774
> #6 handle_sigsegv (sig=11, siginfo=<optimized out>, arg=<optimized out>) at
> sysdep.c:1867
> #7 0x00007f35693e8760 in <signal handler called> () at /lib64/libc.so.6
> #8 face_at_buffer_position (w=w@entry=0x3038d1b0, pos=pos@entry=31829,
> endptr=endptr@entry=0x7fff02e94768, limit=<optimized out>, mouse=<optimized
> out>, base_face_id=base_face_id@entry=-1, attr_filter=<optimized out>) at
> xfaces.c:6441
> #9 0x0000000000594f66 in font_range (pos=pos@entry=31829,
> pos_byte=pos_byte@entry=32669, limit=limit@entry=0x7fff02e94808,
> w=w@entry=0x3038d1b0, face=face@entry=0x0, string=string@entry=0x0, ch=62) at
> font.c:3928
> #10 0x00000000005e4423 in autocmp_chars (rule=0x4ee2945,
> charpos=charpos@entry=31829, bytepos=32669, limit=31832, limit@entry=31840,
> win=win@entry=0x3038d1b0, face=face@entry=0x0, string=0x0, direction=0x0,
> ch=62) at composite.c:924
> #11 0x00000000005e7dd2 in find_automatic_composition (pos=pos@entry=31839,
> limit=31839, limit@entry=-1, backlim=backlim@entry=-1,
> start=start@entry=0x7fff02e94938, end=end@entry=0x7fff02e94940,
> gstring=gstring@entry=0x7fff02e94948, string=0x0) at composite.c:1682
> #12 0x00000000005e8afd in composition_adjust_point
> (last_pt=last_pt@entry=31839, new_pt=new_pt@entry=31839) at composite.c:1769
> #13 0x0000000000512c93 in command_loop_1 () at keyboard.c:1608
> #14 0x000000000057c867 in internal_condition_case (bfun=bfun@entry=0x511c00
> <command_loop_1>, handlers=handlers@entry=0x90, hfun=hfun@entry=0x508730
> <cmd_error>) at eval.c:1453
> #15 0x0000000000502aca in command_loop_2 (handlers=handlers@entry=0x90) at
> keyboard.c:1133
> #16 0x000000000057c7c1 in internal_catch (tag=tag@entry=0xe7f0,
> func=func@entry=0x502ab0 <command_loop_2>, arg=arg@entry=0x90) at eval.c:1184
> #17 0x0000000000502a6f in command_loop () at keyboard.c:1111
> #18 0x000000000050832c in recursive_edit_1 () at keyboard.c:720
> #19 0x0000000000508673 in Frecursive_edit () at keyboard.c:803
> #20 0x0000000000425a73 in main (argc=1, argv=<optimized out>) at emacs.c:2310
>
> Does anyone know why this is? I hope this hasn't been fixed in the
> pretests (if so, sorry for the report), but I couldn't find anything
> relevant. Thanks in advance.
Looks very similar to bug#51864, but that one was fixed a day before
your binary was built. So I'm not sure what's going on. However, it
sounds like it's exactly that bug, because after the fix
default_face cannot be a NULL pointer, according to my reading of the
code:
default_face = FACE_FROM_ID_OR_NULL (f, face_id);
if (!default_face) <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
default_face = FACE_FROM_ID (f,
lookup_basic_face (w, f, DEFAULT_FACE_ID));
}
/* Optimize common cases where we can use the default face. */
if (noverlays == 0
&& NILP (prop))
{
SAFE_FREE ();
return default_face->id;
}
/* Begin with attributes from the default face. */
memcpy (attrs, default_face->lface, sizeof(attrs));
It seems to crash in the call to memcpy.
Or maybe the backtrace is inaccurate, this being an optimized build.