Package: emacs Version: 23.1+1-6 Severity: normal Tags: upstream patch A user of the emacs-based mail client, notmuch, found that attempting to display a particular message would consistently causes a segmentation fault in emacs.
I tracked this down to calling `json-read-string' with a very long string, (roughly 1 million characters). Rather than including that enormous string in this message, here's a little snippet of emacs lisp that creates and reads such a string. So, if evaluated, this code should trigger the segmentation fault, (assuming a copy of GPLv3 exists at /usr/share/emacs/23.1/etc/COPYING---adjust the filename if necessary). ;; Caution: Evaluating the block below has been known to crash emacs (with-temp-buffer (require 'json) ;; First we just need a lot of text. 32 copies of GPLv3 seems to do it (dotimes (i 32) (insert-file "/usr/share/emacs/23.1/etc/COPYING")) ;; Now create a buffer with a json-encoded version of the text (let ((json-string (json-encode-string (buffer-string)))) (with-temp-buffer (insert json-string) (goto-char (point-min)) ;; And try to read the string. This triggers the segfault. (json-read-string)))) I reported this bug to emacs upstream. My report and the feedback it received is visible here: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=6214 The upstream bug was closed as resolved with a fix committed to the upstream repository. Since emacs' release schedule is so long, I think it would be nice to get this fix into the Debian package in the meantime. The upstream bug report doesn't contain the fix that was applied, and I failed to find an upstream repository with the fix, (but perhaps the package maintainer would know where to find it). Chong Yidong was kind enough to reply to my request for the patch via private email. I've included that below. Let me know if there's anything else I can do to help. Thanks, -Carl -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (x86_64) Kernel: Linux 2.6.34-rc2-cworth-64bit (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages emacs depends on: ii emacs23 23.1+1-6 The GNU Emacs editor (with GTK+ us emacs recommends no packages. emacs suggests no packages. -- no debconf information *** src/character.c 2010-03-02 04:44:28 +0000 --- src/character.c 2010-05-18 18:01:10 +0000 *************** *** 961,970 **** int n; Lisp_Object *args; { ! int i; ! unsigned char *buf = (unsigned char *) alloca (MAX_MULTIBYTE_LENGTH * n); ! unsigned char *p = buf; ! int c; for (i = 0; i < n; i++) { --- 961,973 ---- int n; Lisp_Object *args; { ! int i, c; ! unsigned char *buf, *p; ! Lisp_Object str; ! USE_SAFE_ALLOCA; ! ! SAFE_ALLOCA (buf, unsigned char *, MAX_MULTIBYTE_LENGTH * n); ! p = buf; for (i = 0; i < n; i++) { *************** *** 973,979 **** p += CHAR_STRING (c, p); } ! return make_string_from_bytes ((char *) buf, n, p - buf); } DEFUN ("unibyte-string", Funibyte_string, Sunibyte_string, 0, MANY, 0, --- 976,984 ---- p += CHAR_STRING (c, p); } ! str = make_string_from_bytes ((char *) buf, n, p - buf); ! SAFE_FREE (); ! return str; } DEFUN ("unibyte-string", Funibyte_string, Sunibyte_string, 0, MANY, 0, *************** *** 983,992 **** int n; Lisp_Object *args; { ! int i; ! unsigned char *buf = (unsigned char *) alloca (n); ! unsigned char *p = buf; ! unsigned c; for (i = 0; i < n; i++) { --- 988,1000 ---- int n; Lisp_Object *args; { ! int i, c; ! unsigned char *buf, *p; ! Lisp_Object str; ! USE_SAFE_ALLOCA; ! ! SAFE_ALLOCA (buf, unsigned char *, n); ! p = buf; for (i = 0; i < n; i++) { *************** *** 997,1003 **** *p++ = c; } ! return make_string_from_bytes ((char *) buf, n, p - buf); } DEFUN ("char-resolve-modifiers", Fchar_resolve_modifiers, --- 1005,1013 ---- *p++ = c; } ! str = make_string_from_bytes ((char *) buf, n, p - buf); ! SAFE_FREE (); ! return str; } DEFUN ("char-resolve-modifiers", Fchar_resolve_modifiers, -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org