Fix undefined behavior when fetching glyphs from the display vector.

You can trigger this rather obscure bug by enabling selective display if the second glyph in its display vector has an invalid face. For example, evaluate (set-display-table-slot standard-display-table 'selective-display [?A (?B . invalid)]) and then enable selective display. * src/xdisp.c (next_element_from_display_vector): Check whether next glyph code is valid before accessing it.

Fix undefined behavior when fetching glyphs from the display vector.
You can trigger this rather obscure bug by enabling selective display if the second glyph in its display vector has an invalid face. For example, evaluate (set-display-table-slot standard-display-table 'selective-display [?A (?B . invalid)]) and then enable selective display. * src/xdisp.c (next_element_from_display_vector): Check whether next glyph code is valid before accessing it.
109eb1e7 · Philipp Stephani · 78e1646b · 109eb1e7
Commit 109eb1e7 authored Nov 09, 2020 by Philipp Stephani
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 3 deletions

src/xdisp.c src/xdisp.c +3 -3

No files found.
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -8221,10 +8221,10 @@ next_element_from_display_vector (struct it *it)
 	    next_face_id = it->dpvec_face_id;
 	  else
 	    {
-	      int lface_id =
-		GLYPH_CODE_FACE (it->dpvec[it->current.dpvec_index + 1]);
+              Lisp_Object gc = it->dpvec[it->current.dpvec_index + 1];
+              int lface_id = GLYPH_CODE_P (gc) ? GLYPH_CODE_FACE (gc) : 0;

-	      if (lface_id > 0)
+              if (lface_id > 0)
 		next_face_id = merge_faces (it->w, Qt, lface_id,
 					    it->saved_face_id);
 	    }