From: Philipp Stephani <phst@google.com>
Date: Mon, 5 Jun 2017 20:09:00 +0000 (+0200)
Subject: Fix undefined behavior in mapbacktrace
X-Git-Tag: emacs-26.0.90~521^2~167
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=3d9d976aa476b1c1098359a1215ad1cabd022d33;p=emacs.git

Fix undefined behavior in mapbacktrace

* src/eval.c (Fmapbacktrace): Don't assume that PDL is still valid.
---

diff --git a/src/eval.c b/src/eval.c
index ef961046bcf..8f293c9d300 100644
--- a/src/eval.c
+++ b/src/eval.c
@@ -3613,8 +3613,12 @@ returns nil.  */)
 
   while (backtrace_p (pdl))
     {
+      ptrdiff_t i = pdl - specpdl;
       backtrace_frame_apply (function, pdl);
-      pdl = backtrace_next (pdl);
+      /* Beware! PDL is no longer valid here because FUNCTION might
+         have caused grow_specpdl to reallocate pdlvec.  We must use
+         the saved index, cf. Bug#27258.  */
+      pdl = backtrace_next (&specpdl[i]);
     }
 
   return Qnil;