bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#61887: 30.0.50; Segfault on revert-buffer-with-coding-system

From: Stefan Monnier
Subject: bug#61887: 30.0.50; Segfault on revert-buffer-with-coding-system
Date: Fri, 03 Mar 2023 18:56:11 -0500
User-agent: Gnus/5.13 (Gnus v5.13) 
> But yes, there's something funny going on in `set_intervals_multibyte_1`.

I think I found it: when `total_length` is 0, we call `delete_interval (i)`
but that only deletes the interval represented by the node itself rather
than the whole subtree, so we may end up keeping subtrees of `i`.
Not only that's wrong since `total_length == 0` means there should be
nothing at all, but we don't even recurse on those subtrees so
they keep using the positions of the old mode.

In my case some call `delete_interval (i)` ended up replacing the node
of `total_length == 0` with an old subnode of length 2!

The patch below seems to fix it.


        Stefan


diff --git a/src/intervals.c b/src/intervals.c
index 75e37a8c90c..6f6a0c94cf5 100644
--- a/src/intervals.c
+++ b/src/intervals.c
@@ -2333,6 +2333,9 @@ set_intervals_multibyte_1 (INTERVAL i, bool multi_flag,
 
   if (TOTAL_LENGTH (i) == 0)
     {
+      /* Delete the whole subtree.  */
+      i->left = NULL;
+      i->right = NULL;
       delete_interval (i);
       return;
     }
@@ -2355,7 +2358,8 @@ set_intervals_multibyte_1 (INTERVAL i, bool multi_flag,
          left_end_byte = CHAR_TO_BYTE (left_end);
        }
 
-      set_intervals_multibyte_1 (i->left, multi_flag, start, start_byte,
+      set_intervals_multibyte_1 (i->left, multi_flag,
+                                start, start_byte,
                                 left_end, left_end_byte);
     }
   if (i->right)
reply via email to
[Prev in Thread] Current Thread [Next in Thread]