Shenghuo ZHU <zsh(a)cs.rochester.edu&gt; writes: > When I run this code (a simplified version), XEmacs crashes. The > problem is the text property. > > (defun test-decode (word) > (let ((i -1) (s (substring word 0)) v) > (while (< (incf i) (length s)) > (if (eq (setq v (aref s i)) ? ) nil > (aset s i (+ 128 v)))) > s)) > > (let ((s "~{<:Ky2;S{#,NpJ)l6HK!#~}")) > (put-text-property 0 (length s) 'face 'bold s) > (setq s (test-decode s)) > (decode-coding-string s 'cn-gb-2312)) A simple test case for this is: (let ((s "ab")) (put-text-property 0 (length s) 'face 'bold s) (aset s 0 128) s) what happens is this: - set_string_char() is called to set the first character. - The new char needs two bytes, therefore resize_string ( pos=0, delta=1) is called. - in resize_string() space is made and the string length is set to 3 - adjust_extents(from=-1, to=3, amount=1) is called - since extents use memind's the starting point of the extent is adjusted from 0 to 1. Now it points into the middle of the character, resulting in the crash later on. I think the semantics of resize_string are slightly under-specified: /* Resize the string S so that DELTA bytes can be inserted starting at POS. [...] */ It is not clear whether we insert new characters or just need more space for the existing character. In the former case we need to adjust extents with start=pos in the latter we mustn't. resize_string also has problems if the string is shrunk as extents might have endpoints to the right of the new string end and therefore won't get adjusted. Any suggestions?

Gunnar