From: Eli Zaretskii <eliz@gnu.org>
Date: Tue, 27 Jun 2017 15:45:22 +0000 (-0400)
Subject: Avoid segfaults when some display vector is an empty string
X-Git-Tag: emacs-26.0.90~521^2~11^2~36
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=4a5653cd2859308ada4bbf5ffc9fb9b283eef31a;p=emacs.git

Avoid segfaults when some display vector is an empty string

* src/xdisp.c (next_element_from_display_vector): Don't try
accessing the dpvec[] array if its size is zero.  (Bug#27504)
---

diff --git a/src/xdisp.c b/src/xdisp.c
index 784848913c0..8bc5d81f448 100644
--- a/src/xdisp.c
+++ b/src/xdisp.c
@@ -7768,9 +7768,8 @@ next_element_from_display_vector (struct it *it)
 
   /* KFS: This code used to check ip->dpvec[0] instead of the current element.
      That seemed totally bogus - so I changed it...  */
-  gc = it->dpvec[it->current.dpvec_index];
-
-  if (GLYPH_CODE_P (gc))
+  if (it->dpend - it->dpvec > 0	/* empty dpvec[] is invalid */
+      && (gc = it->dpvec[it->current.dpvec_index], GLYPH_CODE_P (gc)))
     {
       struct face *this_face, *prev_face, *next_face;