Ubuntu
emacs24 package

emacs (emacs24-x) crashes reliably on certain utf-8 file

Bug #1735167 reported by apsaras
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
emacs24 (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

emacs (emacs24-x) crashes 100% reliably when invoked on the 9 byte file as attached and shown in hex here:

e0 b2 b5 e0 b2 95 e0 b3 82

This is UTF-8 for the Kannada character set.

emacs version: GNU Emacs 24.5.1
Same result on two different Ubuntu 16.04.3 machines.

The error messages and gdb trace are given below:

====================================

Fatal error 11: Segmentation fault
Backtrace:
emacs[0x5036d3]
emacs[0x4e9d6e]
emacs[0x50249e]
emacs[0x5026c3]
/lib/x86_64-linux-gnu/libpthread.so.0(+0x11390)[0x2af3f5761390]
/usr/lib/x86_64-linux-gnu/libotf.so.0(+0xe814)[0x2af3f4de0814]
/usr/lib/x86_64-linux-gnu/libotf.so.0(+0xfbd4)[0x2af3f4de1bd4]
/usr/lib/x86_64-linux-gnu/libotf.so.0(OTF_drive_gpos_with_log+0x2a)[0x2af3f4de374a]
emacs[0x5be9aa]
/usr/lib/x86_64-linux-gnu/libm17n-flt.so.0(+0x2550)[0x2af3f5217550]
/usr/lib/x86_64-linux-gnu/libm17n-flt.so.0(+0x5f87)[0x2af3f521af87]
/usr/lib/x86_64-linux-gnu/libm17n-flt.so.0(+0x5f87)[0x2af3f521af87]
/usr/lib/x86_64-linux-gnu/libm17n-flt.so.0(+0x5bfb)[0x2af3f521abfb]
/usr/lib/x86_64-linux-gnu/libm17n-flt.so.0(+0x5f87)[0x2af3f521af87]
/usr/lib/x86_64-linux-gnu/libm17n-flt.so.0(+0x6d20)[0x2af3f521bd20]
/usr/lib/x86_64-linux-gnu/libm17n-flt.so.0(mflt_run+0x3f1)[0x2af3f521cfd1]
emacs[0x5be039]
emacs[0x5bfe6d]
emacs[0x56baae]
emacs[0x55d937]
emacs[0x592b23]
emacs[0x55d3af]
emacs[0x55d74b]
emacs[0x55bf41]
emacs[0x42dd03]
emacs[0x4392ac]
emacs[0x5b102f]
emacs[0x5b56a5]
emacs[0x446ada]
emacs[0x441645]
emacs[0x447518]
emacs[0x44ba7a]
emacs[0x461abd]
emacs[0x463eb3]
emacs[0x55bccb]
emacs[0x4310af]
emacs[0x4506c1]
emacs[0x4f4cb1]
emacs[0x4f63ed]
emacs[0x4f8150]
emacs[0x55bba7]
...
Segmentation fault (core dumped)

==================================

(gdb) run emacscrashfile
Starting program: /usr/bin/emacs emacscrashfile
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x2aaabd69c700 (LWP 5291)]
[New Thread 0x2aaabef89700 (LWP 5292)]
[New Thread 0x2aaabf773700 (LWP 5293)]
[New Thread 0x2aaad121e700 (LWP 5294)]

Thread 1 "emacs" received signal SIGSEGV, Segmentation fault.
0x00002aaab0999814 in ?? () from /usr/lib/x86_64-linux-gnu/libotf.so.0
(gdb) bt
#0 0x00002aaab0999814 in ?? () from /usr/lib/x86_64-linux-gnu/libotf.so.0
#1 0x00002aaab099abd4 in ?? () from /usr/lib/x86_64-linux-gnu/libotf.so.0
#2 0x00002aaab099c74a in OTF_drive_gpos_with_log () from /usr/lib/x86_64-linux-gnu/libotf.so.0
#3 0x00000000005be9aa in ftfont_drive_otf (font=<optimised out>, spec=<optimised out>, in=<optimised out>,
    from=<optimised out>, to=<optimised out>, out=0x7fffffff6a40, adjustment=0x7fffffff5e80) at ftfont.c:1975
#4 0x00002aaab0dd0550 in ?? () from /usr/lib/x86_64-linux-gnu/libm17n-flt.so.0
#5 0x00002aaab0dd3f87 in ?? () from /usr/lib/x86_64-linux-gnu/libm17n-flt.so.0
#6 0x00002aaab0dd3f87 in ?? () from /usr/lib/x86_64-linux-gnu/libm17n-flt.so.0
#7 0x00002aaab0dd3bfb in ?? () from /usr/lib/x86_64-linux-gnu/libm17n-flt.so.0
#8 0x00002aaab0dd3f87 in ?? () from /usr/lib/x86_64-linux-gnu/libm17n-flt.so.0
#9 0x00002aaab0dd4d20 in ?? () from /usr/lib/x86_64-linux-gnu/libm17n-flt.so.0
#10 0x00002aaab0dd5fd1 in mflt_run () from /usr/lib/x86_64-linux-gnu/libm17n-flt.so.0
#11 0x00000000005be039 in ftfont_shape_by_flt (matrix=<optimised out>, otf=0x16e8ff0, ft_face=0x1769000,
    font=<optimised out>, lgstring=12543829) at ftfont.c:2519
#12 ftfont_shape (lgstring=12543829) at ftfont.c:2582
#13 0x00000000005bfe6d in xftfont_shape (lgstring=12543829) at xftfont.c:682
#14 0x000000000056baae in Ffont_shape_gstring (gstring=12543829) at font.c:4347
#15 0x000000000055d937 in Ffuncall (nargs=<optimised out>, args=args@entry=0x7fffffff6cd8) at eval.c:2811
#16 0x0000000000592b23 in exec_byte_code (bytestr=<optimised out>, vector=9795341, maxdepth=<optimised out>,
    args_template=<optimised out>, nargs=nargs@entry=0, args=<optimised out>, args@entry=0x0) at bytecode.c:916
#17 0x000000000055d3af in funcall_lambda (fun=9795197, nargs=nargs@entry=5, arg_vector=arg_vector@entry=0x7fffffff6ee8)
    at eval.c:3044
#18 0x000000000055d74b in Ffuncall (nargs=nargs@entry=6, args=args@entry=0x7fffffff6ee0) at eval.c:2872
#19 0x000000000055bf41 in internal_condition_case_n (bfun=0x55d520 <Ffuncall>, nargs=nargs@entry=6,
    args=args@entry=0x7fffffff6ee0, handlers=<optimised out>, hfun=hfun@entry=0x43b900 <safe_eval_handler>) at eval.c:1430
#20 0x000000000042dd03 in safe__call (inhibit_quit=inhibit_quit@entry=false, nargs=nargs@entry=6, func=<optimised out>,
    ap=ap@entry=0x7fffffff6f60) at xdisp.c:2655
#21 0x00000000004392ac in safe_call (nargs=nargs@entry=6, func=<optimised out>) at xdisp.c:2671
#22 0x00000000005b102f in autocmp_chars (rule=<optimised out>, charpos=charpos@entry=2, bytepos=bytepos@entry=4,
    limit=<optimised out>, limit@entry=4, win=win@entry=0x1189308, face=face@entry=0xdd3840, string=12392562)
    at composite.c:918
#23 0x00000000005b56a5 in composition_reseat_it (cmp_it=cmp_it@entry=0x7fffffff95e8, charpos=2, bytepos=4, endpos=4,
    w=0x1189308, face=0xdd3840, string=12392562) at composite.c:1228
#24 0x0000000000446ada in next_element_from_buffer (it=0x7fffffff8d90) at xdisp.c:8341
#25 0x0000000000441645 in get_next_display_element (it=it@entry=0x7fffffff8d90) at xdisp.c:6944
#26 0x0000000000447518 in display_line (it=it@entry=0x7fffffff8d90) at xdisp.c:20241
#27 0x000000000044ba7a in try_window (window=window@entry=18387725, pos=..., flags=flags@entry=1) at xdisp.c:17007
#28 0x0000000000461abd in redisplay_window (window=18387725, just_this_one_p=just_this_one_p@entry=false) at xdisp.c:16486
#29 0x0000000000463eb3 in redisplay_window_0 (window=window@entry=18387725) at xdisp.c:14373
#30 0x000000000055bccb in internal_condition_case_1 (bfun=bfun@entry=0x463e80 <redisplay_window_0>, arg=18387725,
    handlers=<optimised out>, hfun=hfun@entry=0x42c250 <redisplay_window_error>) at eval.c:1372
#31 0x00000000004310af in redisplay_windows (window=18387725) at xdisp.c:14353
#32 0x00000000004506c1 in redisplay_internal () at xdisp.c:13949
#33 0x0000000000452895 in redisplay () at xdisp.c:13229
#34 0x00000000004f4cb1 in read_char (commandflag=1, map=map@entry=16738678, prev_event=12392562,
    used_mouse_menu=used_mouse_menu@entry=0x7fffffffd48b, end_time=end_time@entry=0x0) at keyboard.c:2571
#35 0x00000000004f63ed in read_key_sequence (keybuf=keybuf@entry=0x7fffffffd560, prompt=12392562,
    dont_downcase_last=dont_downcase_last@entry=false, can_return_switch_frame=can_return_switch_frame@entry=true,
    fix_current_buffer=fix_current_buffer@entry=true, prevent_redisplay=prevent_redisplay@entry=false, bufsize=30)
    at keyboard.c:9089
#36 0x00000000004f8150 in command_loop_1 () at keyboard.c:1453
#37 0x000000000055bba7 in internal_condition_case (bfun=bfun@entry=0x4f7f50 <command_loop_1>, handlers=<optimised out>,
    hfun=hfun@entry=0x4eec30 <cmd_error>) at eval.c:1348
#38 0x00000000004ea13e in command_loop_2 (ignore=ignore@entry=12392562) at keyboard.c:1178
#39 0x000000000055ba8b in internal_catch (tag=12440034, func=func@entry=0x4ea120 <command_loop_2>, arg=12392562)
    at eval.c:1112
#40 0x00000000004ee817 in command_loop () at keyboard.c:1157
#41 recursive_edit_1 () at keyboard.c:778
---Type <return> to continue, or q <return> to quit---
#42 0x00000000004eeb58 in Frecursive_edit () at keyboard.c:849
#43 0x0000000000418619 in main (argc=<optimised out>, argv=0x7fffffffd8c8) at emacs.c:1642
(gdb) l
686 emacs.c: No such file or directory.
(gdb) q

Revision history for this message
apsaras (c-launchpad1) wrote :
Revision history for this message
apsaras (c-launchpad1) wrote :

Added package name emacs24

affects: launchpad → emacs24 (Ubuntu)
apsaras (c-launchpad1)
tags: added: 16.04 xenial
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in emacs24 (Ubuntu):
status: New → Confirmed
Revision history for this message
Finn Årup Nielsen (fn) wrote :

I find that “⛔” will crash my 18.04 LTS emacs 24.5.1, see https://askubuntu.com/questions/1076735/emacs-crashes-on-pasting-the-unicode-symbol

Revision history for this message
Finn Årup Nielsen (fn) wrote :

The emacscrashfile also crashes my 18.04 LTS emacs 24.5.1.

Revision history for this message
Finn Årup Nielsen (fn) wrote :

A user at askubuntu has found that deinstalling `fonts-noto-color-emoji` "solves" the problem with emacs crashing on an emoji https://askubuntu.com/questions/1076735/emacs-crashes-on-pasting-the-unicode-symbol/1098111#1098111

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.