On Mon, Dec 29, 2008 at 09:49:52PM +0200, Kalle Olavi Niemitalo wrote:
> look_for_link() used to return 0 both when it found the closing </MAP>
> tag, and when it hit the end of the file. In the first case, it also
> added *menu to the memory_list; in the second case, it did not. The
> caller get_image_map() supposedly distinguished between these cases by
> checking whether pos >= eof, and freed *menu separately if so.
> However, if the </MAP> was at the very end of the HTML file, so that
> not even a newline followed it, then look_for_link() left pos == eof
> even though it had found the </MAP> and added *menu to the memory_list.
> This made get_image_map() misinterpret the result and mem_free(*menu)
> even though *menu had already been freed as part of the memory_list;
> thus the crash.
> To fix this, make look_for_link() return -1 instead of 0 if it hits
> EOF without finding the </MAP>. Then make get_image_map() check the
> return value instead of comparing pos to eof.
> Alternatively, look_for_link() could have been changed to decrement
> pos between finding the </MAP> and returning 0. Then, the pos >= eof
> comparison in get_image_map() would have been false. That scheme
> would however have been a bit more difficult to understand and
> maintain, I think.
Memory leak by 1 bytes
List of blocks:
0xa287e58:1 @ alloc'd at link.c:973
Forcing core dump! Man the Lifeboats! Women and children first!
But please DO NOT report this as a segfault!!! It is an internal error, not a
normal segfault, there is a huge difference in these for us the developers.
Also, noting the EXACT error you got above is crucial for hunting the problem
down. Thanks, and please get in touch with us.
ELinks 0.13.GIT b9b2b75f73ee8bb9ab361d22d3ba3579185cdfea-dirty
This happens on the original file doom1.htm.
Select the last USEMAP, press ESC and quit.
elinks-dev mailing list