From 109eb1e7e29455418b40ca00bf5dad3e61e5fc78 Mon Sep 17 00:00:00 2001 From: Philipp Stephani Date: Mon, 9 Nov 2020 22:14:39 +0100 Subject: [PATCH] Fix undefined behavior when fetching glyphs from the display vector. You can trigger this rather obscure bug by enabling selective display if the second glyph in its display vector has an invalid face. For example, evaluate (set-display-table-slot standard-display-table 'selective-display [?A (?B . invalid)]) and then enable selective display. * src/xdisp.c (next_element_from_display_vector): Check whether next glyph code is valid before accessing it. --- src/xdisp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/xdisp.c b/src/xdisp.c index ac706d08414..71a5f1c34f0 100644 --- a/src/xdisp.c +++ b/src/xdisp.c @@ -8221,10 +8221,10 @@ next_element_from_display_vector (struct it *it) next_face_id = it->dpvec_face_id; else { - int lface_id = - GLYPH_CODE_FACE (it->dpvec[it->current.dpvec_index + 1]); + Lisp_Object gc = it->dpvec[it->current.dpvec_index + 1]; + int lface_id = GLYPH_CODE_P (gc) ? GLYPH_CODE_FACE (gc) : 0; - if (lface_id > 0) + if (lface_id > 0) next_face_id = merge_faces (it->w, Qt, lface_id, it->saved_face_id); } -- 2.39.2