"Witold Filipczyk" <gglate...@gmail.com> wrote:
 |W dniu 14.05.2013 o 10:58 Steffen Daode Nurpmeso <sdao...@gmail.com> pisze:
 |> Hello,
 |> i get a reproducable crash on Mac OS X Snow Leopard, seems to be
 |> a double free.
 |> Minimum reproducable HTML snippet is
 |>   #!/bin/sh -
 |>   cat > t.html << \!
 |>   <META content="text/html; charset=GB2312"  
 |> http-equiv=Content-Type></HEAD>
 |>   <BODY></BODY></HTML>
 |>   !
 |>   elinks t.html
 |> Results in
 |>   elinks(8586) malloc: *** error for object 0xffffffffffffffff: pointer  
 |> being freed was not allocated
 |> The crash doesn't occur without a <TITLE> tag, nor with LATIN1
 |> charset.
 |> Ciao,
 |What valgrind says?

Aehm, my elinks was compiled on january 25 and i'm looking at your
commit 7dd4d9b7 at the very moment.  (I did not recompile though.)
Thanks for elinks!


hmm, i'm not using programs like that.  :)
I.e., i stumbled over Electic Fence around year 2000, and that was
so terrible that we implemented a memory pool that, if compiled
with debug enabled, enwraps objects, like that:

  #if s_DEBUG
  struct Guard {
    s_ui32              magic_back1;
    s_ui32              magic_back2;
    const char  *file_line;
    s_uir               user_size;
    s_ui16              linger_index;
    s_bool              is_linger_free;
    s_bool              is_free;
    s_ui32              magic_lower;
    /* (upper magic injected _after_ user chunk) */
  } s_PACKED;


     /* (+MIN includes 2*s_ui32 upper magics ...) */
  # define GUARD_SIZE_ADD               (SZOF(Guard) + s_MEMORYPOOL_MIN)
  # define GUARD_TO_PTR(GUARD,PTR) do {                 \
    PTR = R(s_ui8*,GUARD) + SZOF(Guard);                \
  } while (0)
  # define GUARD_FROM_PTR(GUARD,PTR) do {                       \
    GUARD = R(Guard*,((s_ui8*)PTR) - SZOF(Guard));      \
  } while (0)
  # define GUARD_FROM_PTR_CAST(PTR)                     \
    R(Guard*,((s_ui8*)PTR) - SZOF(Guard))

(note this is half a lie, "we", that is a C++ library and there
the type was "Electron", since there were "Atom"s etc., you know;
besides ..).
So no, we and i *never* needed nor used a program like valgrind.

If you can't reproduce the crash with the snippet above, then
maybe it's already fixed on latest HEAD, or whatever, 
