Commit 21d28484 authored by Eli Zaretskii's avatar Eli Zaretskii

Fix bug#5856: don't dereference glyphs beyond end of glyph_row.

 xdisp.c (set_cursor_from_row): Don't dereference glyphs beyond
 the end of TEXT_AREA.  (Bug#5856)
parent e754e83b
2010-04-08 Eli Zaretskii <eliz@gnu.org>
* xdisp.c (set_cursor_from_row): Don't dereference glyphs beyond
the end of TEXT_AREA. (Bug#5856)
2010-04-08 Jan Djärv <jan.h.d@swipnet.se> 2010-04-08 Jan Djärv <jan.h.d@swipnet.se>
* xsettings.c (XSETTINGS_FONT_NAME): Move XSETTINGS_FONT_NAME out of * xsettings.c (XSETTINGS_FONT_NAME): Move XSETTINGS_FONT_NAME out of
......
...@@ -12553,6 +12553,9 @@ set_cursor_from_row (w, row, matrix, delta, delta_bytes, dy, dvpos) ...@@ -12553,6 +12553,9 @@ set_cursor_from_row (w, row, matrix, delta, delta_bytes, dy, dvpos)
EMACS_INT pos_before = MATRIX_ROW_START_CHARPOS (row) + delta; EMACS_INT pos_before = MATRIX_ROW_START_CHARPOS (row) + delta;
EMACS_INT pos_after = MATRIX_ROW_END_CHARPOS (row) + delta; EMACS_INT pos_after = MATRIX_ROW_END_CHARPOS (row) + delta;
struct glyph *glyph_before = glyph - 1, *glyph_after = end; struct glyph *glyph_before = glyph - 1, *glyph_after = end;
/* A glyph beyond the edge of TEXT_AREA which we should never
touch. */
struct glyph *glyphs_end = end;
/* Non-zero means we've found a match for cursor position, but that /* Non-zero means we've found a match for cursor position, but that
glyph has the avoid_cursor_p flag set. */ glyph has the avoid_cursor_p flag set. */
int match_with_avoid_cursor = 0; int match_with_avoid_cursor = 0;
...@@ -12594,7 +12597,7 @@ set_cursor_from_row (w, row, matrix, delta, delta_bytes, dy, dvpos) ...@@ -12594,7 +12597,7 @@ set_cursor_from_row (w, row, matrix, delta, delta_bytes, dy, dvpos)
/* If the glyph row is reversed, we need to process it from back /* If the glyph row is reversed, we need to process it from back
to front, so swap the edge pointers. */ to front, so swap the edge pointers. */
end = glyph - 1; glyphs_end = end = glyph - 1;
glyph += row->used[TEXT_AREA] - 1; glyph += row->used[TEXT_AREA] - 1;
/* Reverse the known positions in the row. */ /* Reverse the known positions in the row. */
last_pos = pos_after = MATRIX_ROW_START_CHARPOS (row) + delta; last_pos = pos_after = MATRIX_ROW_START_CHARPOS (row) + delta;
...@@ -12772,7 +12775,8 @@ set_cursor_from_row (w, row, matrix, delta, delta_bytes, dy, dvpos) ...@@ -12772,7 +12775,8 @@ set_cursor_from_row (w, row, matrix, delta, delta_bytes, dy, dvpos)
/* Step 2: If we didn't find an exact match for point, we need to /* Step 2: If we didn't find an exact match for point, we need to
look for a proper place to put the cursor among glyphs between look for a proper place to put the cursor among glyphs between
GLYPH_BEFORE and GLYPH_AFTER. */ GLYPH_BEFORE and GLYPH_AFTER. */
if (!(BUFFERP (glyph->object) && glyph->charpos == pt_old) if (!((row->reversed_p ? glyph > glyphs_end : glyph < glyphs_end)
&& BUFFERP (glyph->object) && glyph->charpos == pt_old)
&& bpos_covered < pt_old) && bpos_covered < pt_old)
{ {
if (row->ends_in_ellipsis_p && pos_after == last_pos) if (row->ends_in_ellipsis_p && pos_after == last_pos)
...@@ -12938,9 +12942,15 @@ set_cursor_from_row (w, row, matrix, delta, delta_bytes, dy, dvpos) ...@@ -12938,9 +12942,15 @@ set_cursor_from_row (w, row, matrix, delta, delta_bytes, dy, dvpos)
struct glyph *g1 = struct glyph *g1 =
MATRIX_ROW_GLYPH_START (matrix, w->cursor.vpos) + w->cursor.hpos; MATRIX_ROW_GLYPH_START (matrix, w->cursor.vpos) + w->cursor.hpos;
/* Don't consider glyphs that are outside TEXT_AREA. */
if (!(row->reversed_p ? glyph > glyphs_end : glyph < glyphs_end))
return 0;
/* Keep the candidate whose buffer position is the closest to /* Keep the candidate whose buffer position is the closest to
point. */ point. */
if (BUFFERP (g1->object) if (/* previous candidate is a glyph in TEXT_AREA of that row */
w->cursor.hpos >= 0
&& w->cursor.hpos < MATRIX_ROW_USED(matrix, w->cursor.vpos)
&& BUFFERP (g1->object)
&& (g1->charpos == pt_old /* an exact match always wins */ && (g1->charpos == pt_old /* an exact match always wins */
|| (BUFFERP (glyph->object) || (BUFFERP (glyph->object)
&& eabs (g1->charpos - pt_old) && eabs (g1->charpos - pt_old)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment