bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Crash calling md5 for a list of buffers

From: Kevin Rodgers
Subject: Re: Crash calling md5 for a list of buffers
Date: Wed, 21 Jan 2004 10:20:41 -0700
User-agent: Mozilla/5.0 (X11; U; SunOS i86pc; en-US; rv:0.9.4.1) Gecko/20020406 Netscape6/6.2.2 
Dmitry Antipov wrote:


Kevin Rodgers wrote:


I cannot reproduce that on GNU Emacs 21.3.1 (i386-pc-solaris2.7, X
toolkit) of 2003-04-24 on briard.  If I go to the emacs-21.3/src
directory, start Emacs as `./emacs-21.3.1 -q --no-site-file *.c',
then type `M-: (mapcar 'md5 (buffer-list)) RET', I get the following
*Backtrace*:

Debugger entered--Lisp error: (args-out-of-range 1 459097)
  find-coding-systems-region-internal(1 459097)
 find-coding-systems-region(1 459097)
 select-safe-coding-system(1 459097 undecided-unix)
 md5(#<buffer xdisp.c>)



Apparently that's because the xdisp.c buffer only has 459096 characters.
Whether I visit it with find-file or find-file-literally, `M->' followed
by `C-x =' reports "point=459097 of 459096 (100%) column 0".



Try to eval (mapcar '(lambda (b) (md5 b nil nil 'raw-text)) (buffer-list)).
(mapcar 'md5 (buffer-list)) doesn't work for all buffers (really I don't understand why - probably the coding system determined automagically is 
not always valid for Fmd5).



OK, then I get the same crash that you reported.  The interesting thing
is that both the crash and the Lisp error occur while processing
xdisp.c.  There is something screwy with that file that causes Emacs to
think it has 1 more character (459097) than it really does (459096).  If
I kill that buffer before mapping md5 over buffer-list, neither the
crash nor the Lisp error occur.

Running emacs with --unibyte didn't prevent the Lisp error or the crash
on xdisp.c.  I'm confused because that file doesn't contain any odd
characters, just printable ASCII chars, newline (^J), tab (^I), and
formfeed (^L).

There must be something wrong in the code in fns.c:Fmd5() that computes
and checks the buffer beginning and end when its run with object set to
the xdisp.c buffer, because either the subsequent call to
select-safe-coding-system (via Vselect_safe_coding_system_function) or
make_buffer_string is passed an end argument that is 1 larger than the
buffer size (which precipitates the Lisp error or the crash,
respectively).  Can anyone see what's wrong here?

      CHECK_BUFFER (object, 0);

      bp = XBUFFER (object);
        
      if (NILP (start))
        b = BUF_BEGV (bp);
      else
        {
          CHECK_NUMBER_COERCE_MARKER (start, 0);
          b = XINT (start);
        }

      if (NILP (end))
        e = BUF_ZV (bp);
      else
        {
          CHECK_NUMBER_COERCE_MARKER (end, 1);
          e = XINT (end);
        }

      if (b > e)
        temp = b, b = e, e = temp;

      if (!(BUF_BEGV (bp) <= b && e <= BUF_ZV (bp)))
        args_out_of_range (start, end);


--
Kevin Rodgers
reply via email to
[Prev in Thread] Current Thread [Next in Thread]