Norbert Koch <n.koch(a)delta-ii.de&gt; writes: I've finally tracked this down (after starting to make a local mirror of the debis site with wget :-) The Problem is the following tiny image: NB: I've labeled this as application/octet-stream do avoid pgnus inlining it. If it got inlined for somebody I offer my sincere apologies for the resulting crash :-) If you save it and load it in a vanilla XEmacs you'll probably get a crash. For the experts (Jareth) here are some details: (gdb) p *unwind.giffile $31 = {SWidth = 2, SHeight = 2, SColorResolution = 1, SBackGroundColor = 255, SColorMap = 0x84f0268, ImageCount = 1, Image = {Left = 0, Top = 0, Width = 2, Height = 2, Interlace = 64, ColorMap = 0x0}, SavedImages = 0x853ac48, Private = 0x853e498, GifIO = 0x83b02c8} The problem is the small height and the interlacing (don't ask me why you'd want to interlace a 2 line picture, or what exactly that would mean). The crash is caused by the following code (glyphs-eimage.c:689): ------------- if (interlace) if (row >= height) { row = InterlacedOffset[++pass]; while (row > height) row = InterlacedOffset[++pass]; } eip = unwind.eimage + (row * width * 3); ------------ here 'row' *must* be smaller than 'height' otherwise we overwrite something outside the allocated space (unwind.eimage) later on. Actually the above code looks pretty obviously broken. (no offence, Jareth) :-) But then again this particular gif is probably broken as well (I don't know the specs at all). Somebody who *does* know the specs should check this patch. 1999-01-17 Gunnar Evermann <ge204(a)eng.cam.ac.uk&gt; * glyphs-eimage.c (gif_instantiate): Correct handling of interlaced gifs to avoid writing past the end of the eimage buffer. Index: src/glyphs-eimage.c =================================================================== RCS file: /usr/CVSroot/XEmacs/xemacs/src/glyphs-eimage.c,v retrieving revision 1.3.2.4 diff -u -r1.3.2.4 glyphs-eimage.c --- glyphs-eimage.c 1998/12/05 16:55:52 1.3.2.4 +++ glyphs-eimage.c 1999/01/18 05:58:40 ＠＠ -689,7 +689,7 ＠＠ if (interlace) if (row >= height) { row = InterlacedOffset[++pass]; - while (row > height) + while (row >= height) row = InterlacedOffset[++pass]; } eip = unwind.eimage + (row * width * 3); -- Gunnar Evermann Speech, Vision & Robotics Group Engineering Department Cambridge University