[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#50571: 28.0.50; Redisplay segfaults with empty face cache
From: |
Eli Zaretskii |
Subject: |
bug#50571: 28.0.50; Redisplay segfaults with empty face cache |
Date: |
Sun, 19 Sep 2021 18:47:32 +0300 |
> From: "Basil L. Contovounesios" <contovob@tcd.ie>
> Cc: 50571@debbugs.gnu.org
> Date: Sun, 19 Sep 2021 14:57:02 +0100
>
> Unfortunately I found another hole that needs plugging, but fortunately
> I can reliably reproduce it with the following site-specific steps:
>
> 0. emacs
> 1. C-x p p (project-switch-project)
> 2. Select a checkout of https://github.com/abo-abo/swiper,
> using Ivy completion.
> 3. f (project-find-file)
> 4. ivy.el RET
> 5. C-s (isearch-forward)
> 6. C-g
> 7. M-s s (counsel-grep-or-swiper)
> 8. #[[:digit:]]
>
> This brings a bug-reference-bug-regexp match onto screen, which again
> triggers a frame creation via bug-reference's call to display-warning.
>
> The attached GDB log shows where the relevant frame's face cache is
> cleared right before the crash (search for 'New value = 0'), at which
> point f->inhibit_clear_image_cache is false.
Thanks for the data. I guess this is a preview of how allowing
arbitrary Lisp that affects the display in fontification-functions
will keep shooting in the foot, time and again.
Please try the patch below.
diff --git a/src/xdisp.c b/src/xdisp.c
index 2e72f6b..8b56fee 100644
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -4288,12 +4288,17 @@ handle_fontified_prop (struct it *it)
struct buffer *obuf = current_buffer;
ptrdiff_t begv = BEGV, zv = ZV;
bool old_clip_changed = current_buffer->clip_changed;
+ bool saved_inhibit_flag = it->f->inhibit_clear_image_cache;
val = Vfontification_functions;
specbind (Qfontification_functions, Qnil);
eassert (it->end_charpos == ZV);
+ /* Don't allow Lisp that runs from 'fontification-functions'
+ clear our face and image caches behind our backs. */
+ it->f->inhibit_clear_image_cache = true;
+
if (!CONSP (val) || EQ (XCAR (val), Qlambda))
safe_call1 (val, pos);
else
@@ -4327,6 +4332,7 @@ handle_fontified_prop (struct it *it)
}
}
+ it->f->inhibit_clear_image_cache = saved_inhibit_flag;
unbind_to (count, Qnil);
/* Fontification functions routinely call `save-restriction'.
- bug#50571: 28.0.50; Redisplay segfaults with empty face cache, Basil L. Contovounesios, 2021/09/13
- bug#50571: 28.0.50; Redisplay segfaults with empty face cache, Eli Zaretskii, 2021/09/13
- bug#50571: 28.0.50; Redisplay segfaults with empty face cache, Basil L. Contovounesios, 2021/09/13
- bug#50571: 28.0.50; Redisplay segfaults with empty face cache, Eli Zaretskii, 2021/09/14
- bug#50571: 28.0.50; Redisplay segfaults with empty face cache, Eli Zaretskii, 2021/09/14
- bug#50571: 28.0.50; Redisplay segfaults with empty face cache, Basil L. Contovounesios, 2021/09/14
- bug#50571: 28.0.50; Redisplay segfaults with empty face cache, Eli Zaretskii, 2021/09/15
- bug#50571: 28.0.50; Redisplay segfaults with empty face cache, Basil L. Contovounesios, 2021/09/19
- bug#50571: 28.0.50; Redisplay segfaults with empty face cache,
Eli Zaretskii <=
- bug#50571: 28.0.50; Redisplay segfaults with empty face cache, Basil L. Contovounesios, 2021/09/19
- bug#50571: 28.0.50; Redisplay segfaults with empty face cache, Eli Zaretskii, 2021/09/19