The following code in compose_chars_in_text looks suspicious:
if (INTEGERP (val) && XFASTINT (val) == start)
{
to = Fmatch_end (make_number (0));
val = call4 (XCDR (elt), val, to, XCAR (elt), string);
if (INTEGERP (val) && XINT (val) > 1)
{
start += XINT (val);
if (STRINGP (string))
ptr = SDATA (string) + string_char_to_byte (string,
start);
else
ptr = CHAR_POS_ADDR (start);
}
else
{
start++;
ptr += len;
>>>> if string is non-nil, and call4 did GC, then ptr may no longer
>>>> point into "string".
}
break;
Likewise, the `pend' pointer may no longer be valid for the same reason
-- on both branches of the above code!!.
Furthermore, the initialization of pend seems bogus too:
ptr = SDATA (string) + string_char_to_byte (string, start);
pend = ptr + SBYTES (string);
Shouldn't that be
pend = SDATA (string) + SBYTES (string);
Here is a patch (untested):
*** composite.c 14 Aug 2005 14:47:27 +0200 1.35
--- composite.c 12 Sep 2005 14:40:52 +0200
***************
*** 616,622 ****
GCPRO1 (string);
stop = end;
ptr = SDATA (string) + string_char_to_byte (string, start);
! pend = ptr + SBYTES (string);
}
else
{
--- 616,622 ----
GCPRO1 (string);
stop = end;
ptr = SDATA (string) + string_char_to_byte (string, start);
! pend = SDATA (string) + SBYTES (string);
}
else
{
***************
*** 680,689 ****
{
start += XINT (val);
if (STRINGP (string))
! ptr = SDATA (string) + string_char_to_byte (string,
start);
else
ptr = CHAR_POS_ADDR (start);
}
else
{
start++;
--- 680,698 ----
{
start += XINT (val);
if (STRINGP (string))
! {
! ptr = SDATA (string) + string_char_to_byte (string,
start);
! pend = SDATA (string) + SBYTES (string);
! }
else
ptr = CHAR_POS_ADDR (start);
}
+ else if (STRINGP (string))
+ {
+ start++;
+ ptr = SDATA (string) + string_char_to_byte (string,
start);
+ pend = SDATA (string) + SBYTES (string);
+ }
else
{
start++;
--
Kim F. Storm <[EMAIL PROTECTED]> http://www.cua.dk
_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel
