Potential GC-related problems in compose_chars_in_text

Mon, 12 Sep 2005 05:45:28 -0700 

The following code in compose_chars_in_text looks suspicious:

              if (INTEGERP (val) && XFASTINT (val) == start)
                {
                  to = Fmatch_end (make_number (0));
                  val = call4 (XCDR (elt), val, to, XCAR (elt), string);
                  if (INTEGERP (val) && XINT (val) > 1)
                    {
                      start += XINT (val);
                      if (STRINGP (string))
                        ptr = SDATA (string) + string_char_to_byte (string, 
start);
                      else
                        ptr = CHAR_POS_ADDR (start);
                    }
                  else
                    {
                      start++;
                      ptr += len;
>>>> if string is non-nil, and call4 did GC, then ptr may no longer
>>>> point into "string".
                    }
                  break;

Likewise, the `pend' pointer may no longer be valid for the same reason
-- on both branches of the above code!!.


Furthermore, the initialization of pend seems bogus too:

      ptr = SDATA (string) + string_char_to_byte (string, start);
      pend = ptr + SBYTES (string);

Shouldn't that be

      pend = SDATA (string) + SBYTES (string);


Here is a patch (untested):

*** composite.c 14 Aug 2005 14:47:27 +0200      1.35
--- composite.c 12 Sep 2005 14:40:52 +0200      
***************
*** 616,622 ****
        GCPRO1 (string);
        stop = end;
        ptr = SDATA (string) + string_char_to_byte (string, start);
!       pend = ptr + SBYTES (string);
      }
    else
      {
--- 616,622 ----
        GCPRO1 (string);
        stop = end;
        ptr = SDATA (string) + string_char_to_byte (string, start);
!       pend = SDATA (string) + SBYTES (string);
      }
    else
      {
***************
*** 680,689 ****
                    {
                      start += XINT (val);
                      if (STRINGP (string))
!                       ptr = SDATA (string) + string_char_to_byte (string, 
start);
                      else
                        ptr = CHAR_POS_ADDR (start);
                    }
                  else
                    {
                      start++;
--- 680,698 ----
                    {
                      start += XINT (val);
                      if (STRINGP (string))
!                       {
!                         ptr = SDATA (string) + string_char_to_byte (string, 
start);
!                         pend = SDATA (string) + SBYTES (string);
!                       }
                      else
                        ptr = CHAR_POS_ADDR (start);
                    }
+                 else if (STRINGP (string))
+                   {
+                     start++;
+                     ptr = SDATA (string) + string_char_to_byte (string, 
start);
+                     pend = SDATA (string) + SBYTES (string);
+                   }
                  else
                    {
                      start++;

-- 
Kim F. Storm <[EMAIL PROTECTED]> http://www.cua.dk



_______________________________________________
Emacs-devel mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/emacs-devel

Reply via email to