From: Philipp Stephani <phst@google.com>
Date: Mon, 9 Nov 2020 21:14:39 +0000 (+0100)
Subject: Fix undefined behavior when fetching glyphs from the display vector.
X-Git-Tag: emacs-27.1.90~66
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=109eb1e7e29455418b40ca00bf5dad3e61e5fc78;p=emacs.git

Fix undefined behavior when fetching glyphs from the display vector.

You can trigger this rather obscure bug by enabling selective display
if the second glyph in its display vector has an invalid face.  For
example, evaluate

(set-display-table-slot standard-display-table
                        'selective-display [?A (?B . invalid)])

and then enable selective display.

* src/xdisp.c (next_element_from_display_vector): Check whether next
glyph code is valid before accessing it.
---

diff --git a/src/xdisp.c b/src/xdisp.c
index ac706d08414..71a5f1c34f0 100644
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -8221,10 +8221,10 @@ next_element_from_display_vector (struct it *it)
 	    next_face_id = it->dpvec_face_id;
 	  else
 	    {
-	      int lface_id =
-		GLYPH_CODE_FACE (it->dpvec[it->current.dpvec_index + 1]);
+              Lisp_Object gc = it->dpvec[it->current.dpvec_index + 1];
+              int lface_id = GLYPH_CODE_P (gc) ? GLYPH_CODE_FACE (gc) : 0;
 
-	      if (lface_id > 0)
+              if (lface_id > 0)
 		next_face_id = merge_faces (it->w, Qt, lface_id,
 					    it->saved_face_id);
 	    }