From 88c6db91961945e4ede53d66216c2484f0c5342b Mon Sep 17 00:00:00 2001 From: Eli Zaretskii Date: Thu, 5 Mar 2020 17:57:21 +0200 Subject: [PATCH] Avoid crashes when a fontset has strange entries * src/fontset.c (reorder_font_vector): Skip nil entries in the loop that assigns scores to rfont_def's. (fontset_compare_rfontdef): Cope with nil. This has the effect of moving any nil entries to the end of the font-group, and avoids crashing if an element other than the last in the font-group is nil. (Bug#39892) --- src/fontset.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/fontset.c b/src/fontset.c index bca9452418e..c2bb8b21f26 100644 --- a/src/fontset.c +++ b/src/fontset.c @@ -367,8 +367,14 @@ fontset_add (Lisp_Object fontset, Lisp_Object range, Lisp_Object elt, Lisp_Objec static int fontset_compare_rfontdef (const void *val1, const void *val2) { - return (RFONT_DEF_SCORE (*(Lisp_Object *) val1) - - RFONT_DEF_SCORE (*(Lisp_Object *) val2)); + Lisp_Object v1 = *(Lisp_Object *) val1, v2 = *(Lisp_Object *) val2; + if (NILP (v1) && NILP (v2)) + return 0; + else if (NILP (v1)) + return INT_MIN; + else if (NILP (v2)) + return INT_MAX; + return (RFONT_DEF_SCORE (v1) - RFONT_DEF_SCORE (v2)); } /* Update a cons cell which has this form: @@ -400,6 +406,8 @@ reorder_font_vector (Lisp_Object font_group, struct font *font) for (i = 0; i < size; i++) { Lisp_Object rfont_def = AREF (vec, i); + if (NILP (rfont_def)) + continue; Lisp_Object font_def = RFONT_DEF_FONT_DEF (rfont_def); Lisp_Object font_spec = FONT_DEF_SPEC (font_def); int score = RFONT_DEF_SCORE (rfont_def) & 0xFF; -- 2.39.2