The dangling pointer crash has been fixed, thanks to Witek. However, I think there is another problem in write_to_festival. When FESTIVAL_SYSTEM is being used, write_to_festival generates a string that contains a SayText function call with the quoted text as an argument. Because write_to_festival restricts the original line to 512 characters, the resulting string can have at most 13+512*2 = 1037 characters. This is greater than 512, which SUSv2 specifies as the minimum allowed value of PIPE_BUF. So, on systems where PIPE_BUF is less than 1037, safe_write called by write_to_festival can return with a short write. When this happens, it is very likely that the initial quote character has been written but the final one has not. The next time write_to_festival writes a line, Festival will parse the initial quote character as the final one, and the contents of the line will then be left unquoted and can in principle call arbitrary functions in Festival. Surely this is something that should be prevented.
7.1 Basic command line options http://www.cstr.ed.ac.uk/projects/festival/manual/festival_7.html#SEC19 mentions a "--tts" option that makes Festival just speak its input instead of parsing commands from it. I don't know if this is available in all Festival versions that ELinks needs to support, though.
pgpw1AA2lECkZ.pgp
Description: PGP signature
_______________________________________________ elinks-dev mailing list [email protected] http://linuxfromscratch.org/mailman/listinfo/elinks-dev
