[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#44084: 28.0.50; Crash on incomplete Unicode escape sequences
From: |
Juri Linkov |
Subject: |
bug#44084: 28.0.50; Crash on incomplete Unicode escape sequences |
Date: |
Mon, 19 Oct 2020 23:38:38 +0300 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (x86_64-pc-linux-gnu) |
While developing a new input method for bug#43866
I accidentally evaluated ?\u39 and Emacs crashed.
Here is a reproducible test case:
emacs -Q
type in the *scratch* buffer:
?\u39
and eval it with 'C-x C-e'.
Emacs crashes, maybe because it's configured with --enable-checking=yes,glyphs
character.h:228: Emacs fatal error: assertion failed: 0 <= c
Thread 1 "emacs" hit Breakpoint 1, terminate_due_to_signal (sig=32767,
backtrace_limit=-22624) at emacs.c:377
377 {
(gdb) bt
#0 terminate_due_to_signal (sig=32767, backtrace_limit=-22624) at emacs.c:377
#1 0x00005555557dc50d in die (msg=0x555555996c0e "0 <= c", file=0x555555996c02
"character.h", line=228) at alloc.c:7341
#2 0x00005555558a678f in CHAR_STRING (c=-1, p=0x7fffffffa65a "") at
character.h:228
#3 0x00005555558a79a6 in doprnt (buffer=0x7fffffffa8e0 "Non-hex character used
for Unicode escape: UUU", bufsize=3999, format=0x55555598f288 "Non-hex
character used for Unicode escape: %c (%d)", format_end=0x55555598f2ba "",
ap=0x7fffffffa870)
at doprnt.c:431
#4 0x00005555558a7d64 in evxprintf
(buf=0x7fffffffa8c0, bufsize=0x7fffffffa8b8, nonheapbuf=0x7fffffffa8e0
"Non-hex character used for Unicode escape: UUU",
bufsize_max=2305843009213693952, format=0x55555598f288 "Non-hex character used
for Unicode escape: %c (%d)", ap=0x7fffffffb8e0)
at doprnt.c:540
#5 0x00005555558159dd in vformat_string (m=0x55555598f288 "Non-hex character
used for Unicode escape: %c (%d)", ap=0x7fffffffb8e0) at eval.c:1876
#6 0x0000555555815a6b in verror (m=0x55555598f288 "Non-hex character used for
Unicode escape: %c (%d)", ap=0x7fffffffb8e0) at eval.c:1888
#7 0x0000555555815b38 in error (m=0x55555598f288 "Non-hex character used for
Unicode escape: %c (%d)") at eval.c:1899
#8 0x000055555585bcfe in read_escape (readcharfun=XIL(0x7ffff25566fd),
stringp=false) at lread.c:2580
#9 0x000055555585e52e in read1 (readcharfun=XIL(0x7ffff25566fd),
pch=0x7fffffffbe24, first_in_list=false) at lread.c:3333
#10 0x000055555585b30b in read0 (readcharfun=XIL(0x7ffff25566fd)) at
lread.c:2331
#11 0x000055555585b1c2 in read_internal_start (stream=XIL(0x7ffff25566fd),
start=XIL(0), end=XIL(0)) at lread.c:2297
#12 0x000055555585ae48 in Fread (stream=XIL(0x7ffff25566fd)) at lread.c:2234
#13 0x00005555558190d7 in funcall_subr (subr=0x555555dfcd20 <Sread>, numargs=1,
args=0x7fffffffc038) at eval.c:2879
#14 0x0000555555818b46 in Ffuncall (nargs=2, args=0x7fffffffc030) at eval.c:2806
#15 0x0000555555876632 in exec_byte_code (bytestr=XIL(0x7ffff25ef54c),
vector=XIL(0x7ffff25edc55), maxdepth=make_fixnum(12),
args_template=make_fixnum(0), nargs=0, args=0x7fffffffc648) at bytecode.c:632
#16 0x0000555555819386 in fetch_and_exec_byte_code (fun=XIL(0x7ffff25edc25),
syms_left=make_fixnum(0), nargs=0, args=0x7fffffffc648) at eval.c:2928
#17 0x0000555555819889 in funcall_lambda (fun=XIL(0x7ffff25edc25), nargs=0,
arg_vector=0x7fffffffc648) at eval.c:3009
#18 0x0000555555818b8a in Ffuncall (nargs=1, args=0x7fffffffc640) at eval.c:2808
#19 0x0000555555876632 in exec_byte_code (bytestr=XIL(0x7ffff27478f4),
vector=XIL(0x7ffff27473a5), maxdepth=make_fixnum(18),
args_template=make_fixnum(257), nargs=1, args=0x7fffffffcb00) at bytecode.c:632
#20 0x0000555555819386 in fetch_and_exec_byte_code (fun=XIL(0x7ffff2747375),
syms_left=make_fixnum(257), nargs=1, args=0x7fffffffcaf8) at eval.c:2928
#21 0x0000555555819889 in funcall_lambda (fun=XIL(0x7ffff2747375), nargs=1,
arg_vector=0x7fffffffcaf8) at eval.c:3009
#22 0x0000555555818b8a in Ffuncall (nargs=2, args=0x7fffffffcaf0) at eval.c:2808
#23 0x0000555555876632 in exec_byte_code (bytestr=XIL(0x7ffff2747a44),
vector=XIL(0x7ffff274731d), maxdepth=make_fixnum(4),
args_template=make_fixnum(257), nargs=1, args=0x7fffffffd0e8) at bytecode.c:632
#24 0x0000555555819386 in fetch_and_exec_byte_code (fun=XIL(0x7ffff27472e5),
syms_left=make_fixnum(257), nargs=1, args=0x7fffffffd0e0) at eval.c:2928
#25 0x0000555555819889 in funcall_lambda (fun=XIL(0x7ffff27472e5), nargs=1,
arg_vector=0x7fffffffd0e0) at eval.c:3009
#26 0x0000555555818b8a in Ffuncall (nargs=2, args=0x7fffffffd0d8) at eval.c:2808
#27 0x000055555580c79d in Ffuncall_interactively (nargs=2, args=0x7fffffffd0d8)
at callint.c:253
#28 0x0000555555818fac in funcall_subr (subr=0x555555df98a0
<Sfuncall_interactively>, numargs=2, args=0x7fffffffd0d8) at eval.c:2859
#29 0x0000555555818b46 in Ffuncall (nargs=3, args=0x7fffffffd0d0) at eval.c:2806
#30 0x000055555580effe in Fcall_interactively (function=XIL(0x2aaa9c8d4170),
record_flag=XIL(0), keys=XIL(0x7ffff2befead)) at callint.c:779
#31 0x000055555581912a in funcall_subr (subr=0x555555df98e0
<Scall_interactively>, numargs=3, args=0x7fffffffd470) at eval.c:2884
#32 0x0000555555818b46 in Ffuncall (nargs=4, args=0x7fffffffd468) at eval.c:2806
#33 0x0000555555876632 in exec_byte_code (bytestr=XIL(0x7ffff26ad2a4),
vector=XIL(0x7ffff26acfad), maxdepth=make_fixnum(13),
args_template=make_fixnum(1025), nargs=1, args=0x7fffffffd9c0) at bytecode.c:632
#34 0x0000555555819386 in fetch_and_exec_byte_code (fun=XIL(0x7ffff26acf7d),
syms_left=make_fixnum(1025), nargs=1, args=0x7fffffffd9b8) at eval.c:2928
#35 0x0000555555819889 in funcall_lambda (fun=XIL(0x7ffff26acf7d), nargs=1,
arg_vector=0x7fffffffd9b8) at eval.c:3009
#36 0x0000555555818b8a in Ffuncall (nargs=2, args=0x7fffffffd9b0) at eval.c:2808
#37 0x0000555555818346 in call1 (fn=XIL(0x43b0), arg1=XIL(0x2aaa9c8d4170)) at
eval.c:2666
#38 0x000055555573182a in command_loop_1 () at keyboard.c:1467
#39 0x00005555558145ff in internal_condition_case (bfun=0x555555730f69
<command_loop_1>, handlers=XIL(0x90), hfun=0x555555730521 <cmd_error>) at
eval.c:1356
#40 0x0000555555730b2e in command_loop_2 (ignore=XIL(0)) at keyboard.c:1095
#41 0x00005555558139e5 in internal_catch (tag=XIL(0xd6b0), func=0x555555730afd
<command_loop_2>, arg=XIL(0)) at eval.c:1117
#42 0x0000555555730ac9 in command_loop () at keyboard.c:1074
#43 0x000055555572ffea in recursive_edit_1 () at keyboard.c:718
#44 0x00005555557301e9 in Frecursive_edit () at keyboard.c:790
#45 0x000055555572be7c in main (argc=3, argv=0x7fffffffdea8) at emacs.c:2047
Lisp Backtrace:
"read" (0xffffc038)
"elisp--preceding-sexp" (0xffffc648)
"elisp--eval-last-sexp" (0xffffcaf8)
"eval-last-sexp" (0xffffd0e0)
"funcall-interactively" (0xffffd0d8)
"call-interactively" (0xffffd470)
"command-execute" (0xffffd9b8)
In GNU Emacs 28.0.50 (build 1, x86_64-pc-linux-gnu, cairo version 1.16.0) of
2020-10-19
Windowing system distributor 'The X.Org Foundation', version 11.0.12008000
System Description: Linux Mint 20
Configured using:
'configure --with-x-toolkit=no --enable-checking=yes,glyphs
--enable-check-lisp-object-type 'CFLAGS=-O0 -g3''
- bug#44084: 28.0.50; Crash on incomplete Unicode escape sequences,
Juri Linkov <=