joey <[EMAIL PROTECTED]> writes: > I recently ran into a crash bug with elinks. I've provided a backtrace, > a sample document, and a proposed patch. Basically, html_special() in > src/document/html/renderer.c sets document->refresh without checking > to see if document is a valid pointer first (inside the SP_REFRESH > case).
The patch makes sense to me, but I hope someone else will review it, because I don't know the rendering code very well. I also fear the crash might be a symptom of a deeper problem, but then again there already are a few "if (document)" checks in html_special, so perhaps my suspicion is unfounded. The SP_FRAMESET case uses document->frame_desc without checking whether document is NULL. It would be interesting to know if that too can be used to crash ELinks. > 3) crash.html - The file that exposed the bug Here is a much shorter one. Let's see if this one gets through the spamassassin.Title: Refresh in a table cell
pgp8XwsGYdYt0.pgp
Description: PGP signature
_______________________________________________ elinks-dev mailing list elinks-dev@linuxfromscratch.org http://linuxfromscratch.org/mailman/listinfo/elinks-dev
