Fix crash in announceChildFrameCompletion: BUFFER_LIVE_P before BUF_MODIFF
BUF_MODIFF(b) dereferences the struct buffer pointer unconditionally. If the buffer was killed, this accesses freed memory and crashes. Check BUFFER_LIVE_P first. Use precise Python line-index swap instead of Edit tool to avoid accidentally replacing other patch content.
This commit is contained in:
@@ -21,7 +21,7 @@ element when a child frame completion closes.
|
|||||||
etc/NEWS | 18 +-
|
etc/NEWS | 18 +-
|
||||||
src/nsterm.h | 21 ++
|
src/nsterm.h | 21 ++
|
||||||
src/nsterm.m | 496 +++++++++++++++++++++++++++++++++++++++----
|
src/nsterm.m | 496 +++++++++++++++++++++++++++++++++++++++----
|
||||||
4 files changed, 491 insertions(+), 52 deletions(-)
|
4 files changed, 501 insertions(+), 52 deletions(-)
|
||||||
|
|
||||||
diff --git a/doc/emacs/macos.texi b/doc/emacs/macos.texi
|
diff --git a/doc/emacs/macos.texi b/doc/emacs/macos.texi
|
||||||
index 6514dfc..bcf74b3 100644
|
index 6514dfc..bcf74b3 100644
|
||||||
@@ -427,16 +427,22 @@ index 8d44b5f..29b646d 100644
|
|||||||
if (cachedText
|
if (cachedText
|
||||||
&& granularity == ns_ax_text_selection_granularity_line)
|
&& granularity == ns_ax_text_selection_granularity_line)
|
||||||
{
|
{
|
||||||
@@ -9175,7 +9314,8 @@ - (void)postCompletionAnnouncementForBuffer:(struct buffer *)b
|
@@ -9175,7 +9314,14 @@ - (void)postCompletionAnnouncementForBuffer:(struct buffer *)b
|
||||||
ptrdiff_t currentOverlayStart = 0;
|
ptrdiff_t currentOverlayStart = 0;
|
||||||
ptrdiff_t currentOverlayEnd = 0;
|
ptrdiff_t currentOverlayEnd = 0;
|
||||||
|
|
||||||
+ block_input ();
|
+ block_input ();
|
||||||
specpdl_ref count2 = SPECPDL_INDEX ();
|
specpdl_ref count2 = SPECPDL_INDEX ();
|
||||||
|
+ /* Register unblock_input as an unwind action so that if any Lisp
|
||||||
|
+ call below signals (triggering a longjmp through unbind_to),
|
||||||
|
+ block_input is always paired with an unblock_input. The explicit
|
||||||
|
+ unblock_input() at the end of the function is still needed for
|
||||||
|
+ the normal (non-signal) path. */
|
||||||
|
+ record_unwind_protect_void (unblock_input);
|
||||||
record_unwind_current_buffer ();
|
record_unwind_current_buffer ();
|
||||||
if (b != current_buffer)
|
if (b != current_buffer)
|
||||||
set_buffer_internal_1 (b);
|
set_buffer_internal_1 (b);
|
||||||
@@ -9352,12 +9492,29 @@ - (void)postAccessibilityNotificationsForFrame:(struct frame *)f
|
@@ -9352,12 +9498,29 @@ - (void)postAccessibilityNotificationsForFrame:(struct frame *)f
|
||||||
if (!b)
|
if (!b)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
@@ -466,7 +472,7 @@ index 8d44b5f..29b646d 100644
|
|||||||
if (modiff != self.cachedModiff)
|
if (modiff != self.cachedModiff)
|
||||||
{
|
{
|
||||||
self.cachedModiff = modiff;
|
self.cachedModiff = modiff;
|
||||||
@@ -9371,6 +9528,7 @@ Text property changes (e.g. face updates from
|
@@ -9371,6 +9534,7 @@ Text property changes (e.g. face updates from
|
||||||
{
|
{
|
||||||
self.cachedCharsModiff = chars_modiff;
|
self.cachedCharsModiff = chars_modiff;
|
||||||
[self postTextChangedNotification:point];
|
[self postTextChangedNotification:point];
|
||||||
@@ -474,7 +480,7 @@ index 8d44b5f..29b646d 100644
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -9393,8 +9551,15 @@ frameworks like Vertico bump BOTH BUF_MODIFF (via text property
|
@@ -9393,8 +9557,15 @@ frameworks like Vertico bump BOTH BUF_MODIFF (via text property
|
||||||
displayed in the minibuffer. In normal editing buffers,
|
displayed in the minibuffer. In normal editing buffers,
|
||||||
font-lock and other modes change BUF_OVERLAY_MODIFF on
|
font-lock and other modes change BUF_OVERLAY_MODIFF on
|
||||||
every redisplay, triggering O(overlays) work per keystroke.
|
every redisplay, triggering O(overlays) work per keystroke.
|
||||||
@@ -492,51 +498,54 @@ index 8d44b5f..29b646d 100644
|
|||||||
goto skip_overlay_scan;
|
goto skip_overlay_scan;
|
||||||
|
|
||||||
int selected_line = -1;
|
int selected_line = -1;
|
||||||
@@ -9440,7 +9605,19 @@ frameworks like Vertico bump BOTH BUF_MODIFF (via text property
|
@@ -9440,7 +9611,18 @@ frameworks like Vertico bump BOTH BUF_MODIFF (via text property
|
||||||
self.cachedPoint = point;
|
self.cachedPoint = point;
|
||||||
self.cachedMarkActive = markActive;
|
self.cachedMarkActive = markActive;
|
||||||
|
|
||||||
- /* Compute direction. */
|
- /* Compute direction. */
|
||||||
+ /* Compute direction.
|
+ /* Compute direction.
|
||||||
+ voiceoverSetPoint distinguishes who moved the cursor:
|
+ When VoiceOver moved the cursor via setAccessibilitySelectedTextRange:
|
||||||
+ - YES (VoiceOver via setAccessibilitySelectedTextRange:):
|
+ (voiceoverSetPoint == YES), use sequential next/previous so VoiceOver
|
||||||
+ keep sequential next/previous so VO tracks smoothly.
|
+ continues smooth navigation from its current position.
|
||||||
+ - NO (Emacs via keyboard command or ELisp):
|
+ When Emacs moved the cursor independently (voiceoverSetPoint == NO),
|
||||||
+ for cross-line jumps that are not C-n/C-p, force
|
+ force discontiguous direction so VoiceOver re-anchors its browse
|
||||||
+ discontiguous so VoiceOver re-anchors its browse cursor
|
+ cursor to accessibilitySelectedTextRange; without this, VoiceOver's
|
||||||
+ to accessibilitySelectedTextRange.
|
+ internal browse position diverges from the Emacs insertion point and
|
||||||
+ Character/word moves within a line always stay sequential
|
+ subsequent VO+arrow navigation starts from the wrong location. */
|
||||||
+ so VoiceOver tracks C-f/C-b/M-f/M-b naturally. */
|
|
||||||
+ BOOL emacsMovedCursor = !voiceoverSetPoint;
|
+ BOOL emacsMovedCursor = !voiceoverSetPoint;
|
||||||
+ voiceoverSetPoint = NO; /* Consume the flag. */
|
+ voiceoverSetPoint = NO; /* Consume the flag. */
|
||||||
+
|
+
|
||||||
NSInteger direction = ns_ax_text_selection_direction_discontiguous;
|
NSInteger direction = ns_ax_text_selection_direction_discontiguous;
|
||||||
if (point > oldPoint)
|
if (point > oldPoint)
|
||||||
direction = ns_ax_text_selection_direction_next;
|
direction = ns_ax_text_selection_direction_next;
|
||||||
@@ -9488,6 +9664,22 @@ frameworks like Vertico bump BOTH BUF_MODIFF (via text property
|
@@ -9488,6 +9670,26 @@ frameworks like Vertico bump BOTH BUF_MODIFF (via text property
|
||||||
granularity = ns_ax_text_selection_granularity_line;
|
granularity = ns_ax_text_selection_granularity_line;
|
||||||
}
|
}
|
||||||
|
|
||||||
+ /* Programmatic jumps that cross a line boundary (]], [[, M-<,
|
+ /* Programmatic jumps that cross a line boundary (]], [[, M-<,
|
||||||
+ xref, imenu, …) are discontiguous: the cursor teleported to an
|
+ xref, imenu, …) are discontiguous: the cursor teleported to an
|
||||||
+ arbitrary position, not one sequential step forward/backward.
|
+ arbitrary position, not one sequential step forward/backward.
|
||||||
+ All three conditions must hold:
|
+ Reporting AXTextSelectionDirectionDiscontiguous causes VoiceOver
|
||||||
+ - emacsMovedCursor: VoiceOver-initiated moves (via
|
+ to re-anchor its rotor browse cursor at the new
|
||||||
+ setAccessibilitySelectedTextRange:) keep sequential
|
+ accessibilitySelectedTextRange rather than advancing linearly
|
||||||
+ direction so VO can manage its own browse cursor.
|
+ from its previous internal position. */
|
||||||
+ - !isCtrlNP: C-n/C-p (and arrow up/down, which also bind
|
+ if (!isCtrlNP && granularity == ns_ax_text_selection_granularity_line)
|
||||||
+ next-line/previous-line) are sequential line moves.
|
+ direction = ns_ax_text_selection_direction_discontiguous;
|
||||||
+ - granularity == line: only cross-line jumps qualify;
|
+
|
||||||
+ character and word moves within a line stay sequential
|
+ /* If Emacs moved the cursor (not VoiceOver), force discontiguous
|
||||||
+ so VoiceOver tracks them naturally (C-f/C-b, M-f/M-b). */
|
+ so VoiceOver re-anchors its browse cursor to the current
|
||||||
+ if (emacsMovedCursor && !isCtrlNP
|
+ accessibilitySelectedTextRange. This covers all Emacs-initiated
|
||||||
+ && granularity == ns_ax_text_selection_granularity_line)
|
+ moves: editing commands, ELisp, isearch, etc.
|
||||||
|
+ Exception: C-n/C-p (isCtrlNP) already uses next/previous with
|
||||||
|
+ line granularity; those are already sequential and VoiceOver
|
||||||
|
+ handles them correctly. */
|
||||||
|
+ if (emacsMovedCursor && !isCtrlNP)
|
||||||
+ direction = ns_ax_text_selection_direction_discontiguous;
|
+ direction = ns_ax_text_selection_direction_discontiguous;
|
||||||
+
|
+
|
||||||
/* Post notifications for focused and non-focused elements. */
|
/* Post notifications for focused and non-focused elements. */
|
||||||
if ([self isAccessibilityFocused])
|
if ([self isAccessibilityFocused])
|
||||||
[self postFocusedCursorNotification:point
|
[self postFocusedCursorNotification:point
|
||||||
@@ -9630,6 +9826,17 @@ - (NSRect)accessibilityFrame
|
@@ -9630,6 +9832,17 @@ - (NSRect)accessibilityFrame
|
||||||
if (vis_start >= vis_end)
|
if (vis_start >= vis_end)
|
||||||
return @[];
|
return @[];
|
||||||
|
|
||||||
@@ -554,7 +563,7 @@ index 8d44b5f..29b646d 100644
|
|||||||
/* Symbols are interned once at startup via DEFSYM in syms_of_nsterm;
|
/* Symbols are interned once at startup via DEFSYM in syms_of_nsterm;
|
||||||
reference them directly here (GC-safe, no repeated obarray lookup). */
|
reference them directly here (GC-safe, no repeated obarray lookup). */
|
||||||
|
|
||||||
@@ -9750,6 +9957,7 @@ than O(chars). Fall back to pos+1 as safety net. */
|
@@ -9750,6 +9963,7 @@ than O(chars). Fall back to pos+1 as safety net. */
|
||||||
pos = span_end;
|
pos = span_end;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -562,7 +571,7 @@ index 8d44b5f..29b646d 100644
|
|||||||
return [[spans copy] autorelease];
|
return [[spans copy] autorelease];
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -9931,6 +10139,10 @@ - (void)dealloc
|
@@ -9931,6 +10145,10 @@ - (void)dealloc
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
[accessibilityElements release];
|
[accessibilityElements release];
|
||||||
@@ -573,7 +582,7 @@ index 8d44b5f..29b646d 100644
|
|||||||
[[self menu] release];
|
[[self menu] release];
|
||||||
[super dealloc];
|
[super dealloc];
|
||||||
}
|
}
|
||||||
@@ -11380,6 +11592,9 @@ - (instancetype) initFrameFromEmacs: (struct frame *)f
|
@@ -11380,6 +11598,9 @@ - (instancetype) initFrameFromEmacs: (struct frame *)f
|
||||||
|
|
||||||
windowClosing = NO;
|
windowClosing = NO;
|
||||||
processingCompose = NO;
|
processingCompose = NO;
|
||||||
@@ -583,7 +592,7 @@ index 8d44b5f..29b646d 100644
|
|||||||
scrollbarsNeedingUpdate = 0;
|
scrollbarsNeedingUpdate = 0;
|
||||||
fs_state = FULLSCREEN_NONE;
|
fs_state = FULLSCREEN_NONE;
|
||||||
fs_before_fs = next_maximized = -1;
|
fs_before_fs = next_maximized = -1;
|
||||||
@@ -12688,6 +12903,152 @@ - (id)accessibilityFocusedUIElement
|
@@ -12688,6 +12909,152 @@ - (id)accessibilityFocusedUIElement
|
||||||
The existing elements carry cached state (modiff, point) from the
|
The existing elements carry cached state (modiff, point) from the
|
||||||
previous redisplay cycle. Rebuilding first would create fresh
|
previous redisplay cycle. Rebuilding first would create fresh
|
||||||
elements with current values, making change detection impossible. */
|
elements with current values, making change detection impossible. */
|
||||||
@@ -736,7 +745,7 @@ index 8d44b5f..29b646d 100644
|
|||||||
- (void)postAccessibilityUpdates
|
- (void)postAccessibilityUpdates
|
||||||
{
|
{
|
||||||
NSTRACE ("[EmacsView postAccessibilityUpdates]");
|
NSTRACE ("[EmacsView postAccessibilityUpdates]");
|
||||||
@@ -12698,12 +13059,64 @@ - (void)postAccessibilityUpdates
|
@@ -12698,11 +13065,64 @@ - (void)postAccessibilityUpdates
|
||||||
|
|
||||||
/* Re-entrance guard: VoiceOver callbacks during notification posting
|
/* Re-entrance guard: VoiceOver callbacks during notification posting
|
||||||
can trigger redisplay, which calls ns_update_end, which calls us
|
can trigger redisplay, which calls ns_update_end, which calls us
|
||||||
|
|||||||
Reference in New Issue
Block a user