commit: src/search.c (simple_search): Fix underrun in reverse search.

Stephen Turnbull unwelcome-guest at alioth.debian.org
Mon Dec 10 04:27:36 EST 2007 

changeset:   4322:f70e56bb52a72781ed9382fda2826a6e1ad40f7d
tag:         tip
user:        Stephen J. Turnbull <stephen at xemacs.org>
date:        Mon Dec 10 01:13:36 2007 -0800
files:       src/ChangeLog src/search.c tests/ChangeLog tests/reproduce-bugs.el
description:
src/search.c (simple_search): Fix underrun in reverse search.
Add braces to avoid future whitespace bogosity.
(search_buffer): Clarify decision to use boyer_moore or not.
tests/reproduce-bugs.el: Bug 10 to test for the underrun.


diff -r 98e54edf3ab249cbc1f4a03f87b0df853e964bc3 -r f70e56bb52a72781ed9382fda2826a6e1ad40f7d src/ChangeLog
--- a/src/ChangeLog	Mon Dec 10 00:57:19 2007 -0800
+++ b/src/ChangeLog	Mon Dec 10 01:13:36 2007 -0800
@@ -1,3 +1,8 @@ 2007-12-06  Aidan Kehoe  <kehoea at parhasa
+2007-12-05  Stephen J. Turnbull  <stephen at xemacs.org>
+
+	* search.c (simple_search): Fix underrun in reverse search.
+	(search_buffer): Clarify decision to use boyer_moore or not.
+
 2007-12-06  Aidan Kehoe  <kehoea at parhasard.net>
 
 	* tests.c (Ftest_data_format_conversion):
diff -r 98e54edf3ab249cbc1f4a03f87b0df853e964bc3 -r f70e56bb52a72781ed9382fda2826a6e1ad40f7d src/search.c
--- a/src/search.c	Mon Dec 10 00:57:19 2007 -0800
+++ b/src/search.c	Mon Dec 10 01:13:36 2007 -0800
@@ -1371,14 +1371,17 @@ search_buffer (struct buffer *buf, Lisp_
 	    boyer_moore_ok = 0;
 	  if (translated != c || inverse != c)
 	    {
-	      /* Keep track of which character set row
-		 contains the characters that need translation.  */
+	      /* Keep track of which charset and character set row
+		 contains the characters that need translation.
+		 Zero out the bits corresponding to the last byte.
+	      */
 	      int charset_base_code = c & ~ICHAR_FIELD3_MASK;
 	      if (charset_base == -1)
 		charset_base = charset_base_code;
 	      else if (charset_base != charset_base_code)
-		/* If two different rows appear, needing translation,
-		   then we cannot use boyer_moore search.  */
+		/* If two different rows appear, needing translation, then
+		   we cannot use boyer_moore search.  See the comment at the
+		   head of boyer_moore(). */
 		boyer_moore_ok = 0;
 	    }
 	  memcpy (pat, tmp_str, new_bytelen);
@@ -1468,43 +1471,51 @@ simple_search (struct buffer *buf, Ibyte
 	n--;
       }
   else
-    while (n < 0)
-      {
-	while (1)
-	  {
-	    Bytecount this_len = len;
-	    Bytebpos this_pos = pos;
-	    Ibyte *p;
-	    if (pos <= lim)
-	      goto stop;
-	    p = base_pat + len;
-
-	    while (this_len > 0)
-	      {
-		Ichar pat_ch, buf_ch;
-
-		DEC_IBYTEPTR (p);
-		DEC_BYTEBPOS (buf, this_pos);
-		pat_ch = itext_ichar (p);
-		buf_ch = BYTE_BUF_FETCH_CHAR (buf, this_pos);
-
-		buf_ch = TRANSLATE (trt, buf_ch);
-
-		if (buf_ch != pat_ch)
+    {
+      /* If lim < len, then there are too few buffer positions to hold the
+	 pattern between the beginning of the buffer and lim.  Adjust to
+	 ensure pattern fits.  If we don't do this, we can assert in the
+	 DEC_BYTEBPOS below. */
+      if (lim < len)
+	lim = len;
+      while (n < 0)
+	{
+	  while (1)
+	    {
+	      Bytecount this_len = len;
+	      Bytebpos this_pos = pos;
+	      Ibyte *p;
+	      if (pos <= lim)
+		goto stop;
+	      p = base_pat + len;
+
+	      while (this_len > 0)
+		{
+		  Ichar pat_ch, buf_ch;
+
+		  DEC_IBYTEPTR (p);
+		  DEC_BYTEBPOS (buf, this_pos);
+		  pat_ch = itext_ichar (p);
+		  buf_ch = BYTE_BUF_FETCH_CHAR (buf, this_pos);
+
+		  buf_ch = TRANSLATE (trt, buf_ch);
+
+		  if (buf_ch != pat_ch)
+		    break;
+
+		  this_len -= itext_ichar_len (p);
+		}
+	      if (this_len == 0)
+		{
+		  buf_len = pos - this_pos;
+		  pos = this_pos;
 		  break;
-
-		this_len -= itext_ichar_len (p);
-	      }
-	    if (this_len == 0)
-	      {
-		buf_len = pos - this_pos;
-		pos = this_pos;
-		break;
-	      }
-	    DEC_BYTEBPOS (buf, pos);
-	  }
-	n++;
-      }
+		}
+	      DEC_BYTEBPOS (buf, pos);
+	    }
+	  n++;
+	}
+    }
  stop:
   if (n == 0)
     {
diff -r 98e54edf3ab249cbc1f4a03f87b0df853e964bc3 -r f70e56bb52a72781ed9382fda2826a6e1ad40f7d tests/ChangeLog
--- a/tests/ChangeLog	Mon Dec 10 00:57:19 2007 -0800
+++ b/tests/ChangeLog	Mon Dec 10 01:13:36 2007 -0800
@@ -1,3 +1,7 @@ 2007-12-10  Stephen J. Turnbull  <stephe
+2007-12-10  Stephen J. Turnbull  <stephen at xemacs.org>
+
+	* reproduce-bugs.el (reproduce-bug): Add bug 10, crash in search.
+
 2007-12-10  Stephen J. Turnbull  <stephen at xemacs.org>
 
 	* reproduce-bugs.el: Add some commentary.
diff -r 98e54edf3ab249cbc1f4a03f87b0df853e964bc3 -r f70e56bb52a72781ed9382fda2826a6e1ad40f7d tests/reproduce-bugs.el
--- a/tests/reproduce-bugs.el	Mon Dec 10 00:57:19 2007 -0800
+++ b/tests/reproduce-bugs.el	Mon Dec 10 01:13:36 2007 -0800
@@ -70,6 +70,26 @@ A debug version of XEmacs may be needed 
 ;; (global-set-key  [(control ?Z)] 'reproduce-bug)
 
 ;;;; Bugs follow:
+
+;;; ------------------------------------------------------------------
+;;; Crash in search due to backward movement
+;;; Need Mule build with error checking in 21.5.28.
+;;; Fatal error: assertion failed,
+;;; file /Users/steve/Software/XEmacs/alioth/xemacs/src/search.c, line 1487,
+;;; (this_pos) > ((Bytebpos) 1) && this_pos <= ((buf)->text->z + 0)
+;;; Reported: <475B104F.2070807 at barco.com>
+;;;           <87hcixwkh4.fsf at uwakimon.sk.tsukuba.ac.jp>
+;;; Fixed:    <87hcixwkh4.fsf at uwakimon.sk.tsukuba.ac.jp>
+(defbug 10
+  (switch-to-buffer (get-buffer-create "*crash me*"))
+  ;; doozy is the keystroke version of the keyboard macro
+  ;; "IAI" C-b C-b C-s C-x
+  (let ((doozy [;;(control ?x) ?b ?j ?u ?n ?k return
+		?I ?A ?I
+		   (control ?b) (control ?b)
+		   (control ?s) (control ?w)]))
+    (execute-kbd-macro doozy)))
+
 
 ;;; ------------------------------------------------------------------
 ;;; Crash on trace-function

More information about the XEmacs-Patches mailing list