Discussion:
[PATCH] Add nil check for decoding buffer
(too old to reply)
Lukas Fürmetz
2018-04-10 21:44:22 UTC
Permalink
Hello,

This patch prevents a emacs crash under Windows for me. Sometimes the
buffer is split between \r\n and the \n is carried over, but the
decoding_buf is NIL, so "SCHARS (p->decoding_buf)" leads to a SEGFAULT.

Would be nice, if this is backported to emacs-26..

Best regards,
Lukas

---
src/process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/process.c b/src/process.c
index c357a8bdc3..ab2e6ce4da 100644
--- a/src/process.c
+++ b/src/process.c
@@ -5996,7 +5996,7 @@ read_and_dispose_of_process_output (struct Lisp_Process *p, char *chars,

if (coding->carryover_bytes > 0)
{
- if (SCHARS (p->decoding_buf) < coding->carryover_bytes)
+ if (NILP (p->decoding_buf) || (SCHARS (p->decoding_buf) < coding->carryover_bytes))
pset_decoding_buf (p, make_uninit_string (coding->carryover_bytes));
memcpy (SDATA (p->decoding_buf), coding->carryover,
coding->carryover_bytes);
--
2.17.0
Eli Zaretskii
2018-04-11 17:00:59 UTC
Permalink
Date: Tue, 10 Apr 2018 23:44:22 +0200
This patch prevents a emacs crash under Windows for me. Sometimes the
buffer is split between \r\n and the \n is carried over, but the
decoding_buf is NIL, so "SCHARS (p->decoding_buf)" leads to a SEGFAULT.
Would be nice, if this is backported to emacs-26..
Best regards,
Lukas
---
src/process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/process.c b/src/process.c
index c357a8bdc3..ab2e6ce4da 100644
--- a/src/process.c
+++ b/src/process.c
@@ -5996,7 +5996,7 @@ read_and_dispose_of_process_output (struct Lisp_Process *p, char *chars,
if (coding->carryover_bytes > 0)
{
- if (SCHARS (p->decoding_buf) < coding->carryover_bytes)
+ if (NILP (p->decoding_buf) || (SCHARS (p->decoding_buf) < coding->carryover_bytes))
pset_decoding_buf (p, make_uninit_string (coding->carryover_bytes));
memcpy (SDATA (p->decoding_buf), coding->carryover,
coding->carryover_bytes);
Thanks, but I don't think this is the right fix for the problem.
Every process object must have an associated decoding_buf, so if some
process doesn't, it's a bug in that process's creation code. My
reading of the code is that all the process types we support have
decoding_buf defined during creation -- except one: make-pipe-process
fails to do that. So the fix should be in make-pipe-process.

Is the problem reproducible, or do you remember what you did when it
happened? I'd like to make sure that indeed some pipe process was
involved in the crash, because otherwise I don't see how it could
happen.
Lukas Fürmetz
2018-04-12 15:24:22 UTC
Permalink
It was definitly a pipe process (cquery (github.com/cquery-project/cquery) via lsp-mode).
I have a reproducable workspace, but I cannot share it. The crash happens, when stdout is
split exactly between a windows newline, so between \r and \n.

Maybe I have time to debug it again tomorrow. Otherwise, I'll try to reproduce the problem
in another way..
Post by Eli Zaretskii
Date: Tue, 10 Apr 2018 23:44:22 +0200
This patch prevents a emacs crash under Windows for me. Sometimes the
buffer is split between \r\n and the \n is carried over, but the
decoding_buf is NIL, so "SCHARS (p->decoding_buf)" leads to a SEGFAULT.
Would be nice, if this is backported to emacs-26..
Best regards,
Lukas
---
src/process.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/process.c b/src/process.c
index c357a8bdc3..ab2e6ce4da 100644
--- a/src/process.c
+++ b/src/process.c
@@ -5996,7 +5996,7 @@ read_and_dispose_of_process_output (struct Lisp_Process *p, char *chars,
if (coding->carryover_bytes > 0)
{
- if (SCHARS (p->decoding_buf) < coding->carryover_bytes)
+ if (NILP (p->decoding_buf) || (SCHARS (p->decoding_buf) < coding->carryover_bytes))
pset_decoding_buf (p, make_uninit_string (coding->carryover_bytes));
memcpy (SDATA (p->decoding_buf), coding->carryover,
coding->carryover_bytes);
Thanks, but I don't think this is the right fix for the problem.
Every process object must have an associated decoding_buf, so if some
process doesn't, it's a bug in that process's creation code. My
reading of the code is that all the process types we support have
decoding_buf defined during creation -- except one: make-pipe-process
fails to do that. So the fix should be in make-pipe-process.
Is the problem reproducible, or do you remember what you did when it
happened? I'd like to make sure that indeed some pipe process was
involved in the crash, because otherwise I don't see how it could
happen.
Eli Zaretskii
2018-04-12 15:29:35 UTC
Permalink
Date: Thu, 12 Apr 2018 17:24:22 +0200 (CEST)
It was definitly a pipe process (cquery (github.com/cquery-project/cquery) via lsp-mode).
I have a reproducable workspace, but I cannot share it. The crash happens, when stdout is
split exactly between a windows newline, so between \r and \n.
Good, thanks.

Can you build your own Emacs? If so, I'd like you to test an
alternative patch.
Lukas Fürmetz
2018-04-12 15:34:45 UTC
Permalink
Yes I can do that, just send me the patch and I'll give you feedback.
Post by Eli Zaretskii
Date: Thu, 12 Apr 2018 17:24:22 +0200 (CEST)
It was definitly a pipe process (cquery (github.com/cquery-project/cquery) via lsp-mode).
I have a reproducable workspace, but I cannot share it. The crash happens, when stdout is
split exactly between a windows newline, so between \r and \n.
Good, thanks.
Can you build your own Emacs? If so, I'd like you to test an
alternative patch.
Eli Zaretskii
2018-04-12 16:24:56 UTC
Permalink
Date: Thu, 12 Apr 2018 17:34:45 +0200 (CEST)
Yes I can do that, just send me the patch and I'll give you feedback.
Below.

diff --git a/src/process.c b/src/process.c
index b201e9b..45ab1fd 100644
--- a/src/process.c
+++ b/src/process.c
@@ -2461,6 +2461,10 @@ usage: (make-pipe-process &rest ARGS) */)
/* This may signal an error. */
setup_process_coding_systems (proc);

+ pset_decoding_buf (p, empty_unibyte_string);
+ eassert (p->decoding_carryover == 0);
+ pset_encoding_buf (p, empty_unibyte_string);
+
specpdl_ptr = specpdl + specpdl_count;

return proc;
Lukas Fürmetz
2018-04-13 08:47:55 UTC
Permalink
The patch works perfectly, thanks!
Post by Eli Zaretskii
Date: Thu, 12 Apr 2018 17:34:45 +0200 (CEST)
Yes I can do that, just send me the patch and I'll give you feedback.
Below.
diff --git a/src/process.c b/src/process.c
index b201e9b..45ab1fd 100644
--- a/src/process.c
+++ b/src/process.c
@@ -2461,6 +2461,10 @@ usage: (make-pipe-process &rest ARGS) */)
/* This may signal an error. */
setup_process_coding_systems (proc);
+ pset_decoding_buf (p, empty_unibyte_string);
+ eassert (p->decoding_carryover == 0);
+ pset_encoding_buf (p, empty_unibyte_string);
+
specpdl_ptr = specpdl + specpdl_count;
return proc;
Eli Zaretskii
2018-04-13 12:49:52 UTC
Permalink
Date: Fri, 13 Apr 2018 10:47:55 +0200 (CEST)
The patch works perfectly, thanks!
Thanks for testing, I pushed the patch to the release branch.

Loading...