Package: emacs
Version: 23.1+1-6
Severity: normal
Tags: upstream patch
A user of the emacs-based mail client, notmuch, found that attempting
to display a particular message would consistently causes a
segmentation fault in emacs.
I tracked this down to calling `json-read-string' with a very long
string, (roughly 1 million characters). Rather than including that
enormous string in this message, here's a little snippet of emacs lisp
that creates and reads such a string. So, if evaluated, this code should
trigger the segmentation fault, (assuming a copy of GPLv3 exists at
/usr/share/emacs/23.1/etc/COPYING---adjust the filename if necessary).
;; Caution: Evaluating the block below has been known to crash emacs
(with-temp-buffer
(require 'json)
;; First we just need a lot of text. 32 copies of GPLv3 seems to do it
(dotimes (i 32)
(insert-file "/usr/share/emacs/23.1/etc/COPYING"))
;; Now create a buffer with a json-encoded version of the text
(let ((json-string (json-encode-string (buffer-string))))
(with-temp-buffer
(insert json-string)
(goto-char (point-min))
;; And try to read the string. This triggers the segfault.
(json-read-string))))
I reported this bug to emacs upstream. My report and the feedback it
received is visible here:
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=6214
The upstream bug was closed as resolved with a fix committed to the
upstream repository. Since emacs' release schedule is so long, I think
it would be nice to get this fix into the Debian package in the
meantime.
The upstream bug report doesn't contain the fix that was applied, and
I failed to find an upstream repository with the fix, (but perhaps the
package maintainer would know where to find it).
Chong Yidong was kind enough to reply to my request for the patch via
private email. I've included that below.
Let me know if there's anything else I can do to help.
Thanks,
-Carl
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (x86_64)
Kernel: Linux 2.6.34-rc2-cworth-64bit (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages emacs depends on:
ii emacs23 23.1+1-6 The GNU Emacs editor (with GTK+ us
emacs recommends no packages.
emacs suggests no packages.
-- no debconf information
*** src/character.c 2010-03-02 04:44:28 +0000
--- src/character.c 2010-05-18 18:01:10 +0000
***************
*** 961,970 ****
int n;
Lisp_Object *args;
{
! int i;
! unsigned char *buf = (unsigned char *) alloca (MAX_MULTIBYTE_LENGTH * n);
! unsigned char *p = buf;
! int c;
for (i = 0; i < n; i++)
{
--- 961,973 ----
int n;
Lisp_Object *args;
{
! int i, c;
! unsigned char *buf, *p;
! Lisp_Object str;
! USE_SAFE_ALLOCA;
!
! SAFE_ALLOCA (buf, unsigned char *, MAX_MULTIBYTE_LENGTH * n);
! p = buf;
for (i = 0; i < n; i++)
{
***************
*** 973,979 ****
p += CHAR_STRING (c, p);
}
! return make_string_from_bytes ((char *) buf, n, p - buf);
}
DEFUN ("unibyte-string", Funibyte_string, Sunibyte_string, 0, MANY, 0,
--- 976,984 ----
p += CHAR_STRING (c, p);
}
! str = make_string_from_bytes ((char *) buf, n, p - buf);
! SAFE_FREE ();
! return str;
}
DEFUN ("unibyte-string", Funibyte_string, Sunibyte_string, 0, MANY, 0,
***************
*** 983,992 ****
int n;
Lisp_Object *args;
{
! int i;
! unsigned char *buf = (unsigned char *) alloca (n);
! unsigned char *p = buf;
! unsigned c;
for (i = 0; i < n; i++)
{
--- 988,1000 ----
int n;
Lisp_Object *args;
{
! int i, c;
! unsigned char *buf, *p;
! Lisp_Object str;
! USE_SAFE_ALLOCA;
!
! SAFE_ALLOCA (buf, unsigned char *, n);
! p = buf;
for (i = 0; i < n; i++)
{
***************
*** 997,1003 ****
*p++ = c;
}
! return make_string_from_bytes ((char *) buf, n, p - buf);
}
DEFUN ("char-resolve-modifiers", Fchar_resolve_modifiers,
--- 1005,1013 ----
*p++ = c;
}
! str = make_string_from_bytes ((char *) buf, n, p - buf);
! SAFE_FREE ();
! return str;
}
DEFUN ("char-resolve-modifiers", Fchar_resolve_modifiers,
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
