techee left a comment (geany/geany#4303)
I get this backtrace:
```
#0 __memcpy_generic () at ../sysdeps/aarch64/multiarch/../memcpy.S:118
#1 0x0000fffff7e386c8 in mio_read
(nmemb=<optimized out>, size=<optimized out>, ptr_=<optimized out>,
mio=0xaaaaac24ce90) at main/mio.c:574
#2 mio_read
(mio=0xaaaaac24ce90, ptr_=<optimized out>, size=<optimized out>,
nmemb=<optimized out>) at main/mio.c:541
#3 0x0000fffff7e38ecc in mio_new_mio
(base=0xaaaaac24ce90, start=start@entry=1505, size=size@entry=-22)
at main/mio.c:393
#4 0x0000fffff7e69be4 in pushArea
(useMemoryStreamInput=<optimized out>, startLine=startLine@entry=57,
startColumn=startColumn@entry=22, endLine=endLine@entry=57,
endColumn=endColumn@entry=81, sourceLineOffset=sourceLineOffset@entry=57,
promise=promise@entry=19)
at main/read.c:1460
#5 0x0000fffff7e591e8 in runParserInArea
(language=30, startLine=57, startCharOffset=22, endLine=57,
endCharOffset=81, sourceLineOffset=57, promise=19) at main/parse.c:4245
#6 0x0000fffff7e608f8 in forcePromises () at main/promise.c:196
#7 0x0000fffff7e592d4 in createTagsWithFallback
(failureInOpenning=<synthetic pointer>, mtime=0, mio=0xaaaaac24ce90,
language=6, fileName=0xaaaaac63e9f0 "/home/parallels/projects/geany/test.php")
at main/parse.c:4274
--Type <RET> for more, q to quit, c to continue without paging--
#8 parseMio
(fileName=fileName@entry=0xaaaaac63e9f0
"/home/parallels/projects/geany/test.php", language=language@entry=6,
mio=mio@entry=0xaaaaac24ce90, mtime=mtime@entry=0,
useSourceFileTagPath=useSourceFileTagPath@entry=false,
clientData=clientData@entry=0xaaaaac390550) at main/parse.c:4434
#9 0x0000fffff7e595e8 in parseRawBuffer
(fileName=0xaaaaac63e9f0 "/home/parallels/projects/geany/test.php",
buffer=<optimized out>, bufferSize=<optimized out>, language=6,
clientData=clientData@entry=0xaaaaac390550) at main/parse.c:4506
#10 0x0000fffff7dde260 in tm_ctags_parse
(buffer=<optimized out>, buffer_size=<optimized out>, file_name=<optimized
out>, language=<optimized out>, source_file=0xaaaaac390550) at tm_ctags.c:450
#11 0x0000fffff7de06d8 in tm_source_file_parse
(source_file=source_file@entry=0xaaaaac390550,
text_buf=text_buf@entry=0xaaaaac251810 "<?php get_header(); ?>\r\n\r\n<div
id=\"top\">\r\n <div class=\"inner\">\r\n <br clear=\"all\" />\r\n<div
id=\"logo\">\r\n<h2><a href=\"<?php bloginfo('url'); ?>\"><?php
bloginfo('name'); ?></a></h2>\r\n<p>\r\n <?php bloginf"...,
buf_size=buf_size@entry=1507, use_buffer=use_buffer@entry=1)
at tm_source_file.c:767
#12 0x0000fffff7de1e14 in update_source_file
(source_file=0xaaaaac390550, text_buf=0xaaaaac251810 "<?php get_header();
?>\r\n\r\n<div id=\"top\">\r\n <div class=\"inner\">\r\n <br clear=\"all\"
/>\r\n<div id=\"logo\">\r\n<h2><a href=\"<?php bloginfo('url'); ?>\"><?php
bloginfo('n--Type <RET> for more, q to quit, c to continue without paging--
ame'); ?></a></h2>\r\n<p>\r\n <?php bloginf"..., buf_size=1507, use_buffer=1,
update_workspace=<optimized out>) at tm_workspace.c:163
#13 0x0000fffff7bfccd4 in document_update_tags (doc=0xaaaaac1db470)
at document.c:2686
```
I think there are two problems:
1. The offsets `startLine=57, startCharOffset=22, endLine=57, endCharOffset=81`
seem wrong - I haven't studied if it's because of the PHP parser or something
else.
2. However, no matter if the parser calculates offsets correctly or not, ctags
main shouldn't crash. `mio_new_mio()` receives `size=-22` which is clearly
wrong but it shouldn't cause a crash. When I change the check `if (size == -1)`
to `if (size <= -1)` in it so it creates MIO to the end of the original MIO's
file end, the crash is gone. Possibly other pieces of the code should be
hardened against parser errors too, I haven't checked.
--
Reply to this email directly or view it on GitHub:
https://github.com/geany/geany/pull/4303#issuecomment-2927772236
You are receiving this because you are subscribed to this thread.
Message ID: <geany/geany/pull/4303/[email protected]>
