Bug 152833

Summary: w3m browser also crashes on some malformed HTML
Product: [Retired] Fedora Legacy Reporter: Michal Jaegermann <michal>
Component: w3mAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: LEGACY, DEFER
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-07-26 11:37:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
links_die1.html none

Description David Lawrence 2005-03-30 23:29:02 UTC 
Problems described in 
http://www.securityfocus.com/archive/1/378632
affect w3m browser too.  On 'gallery' samples from
http://lcamtuf.coredump.cx/soft/mangleme.tgz
w3m responds with  (there is a pause between the first and the second message)

Out of Memory!  Returning NIL!
Segmentation fault

for 'links_die1.html'. The reaction is the same for w3m-0.3.1-4.7x.1
from RH7.3 and w3m-0.5.1-4 from FC3test so likely this will show up 
in-between too. :-)  Other samples from the same source do not cause
troubles but who knows what else will.



------- Additional Comments From michal 2004-10-30 04:39:55 ----

Later versions of w3m may have _more_ troubles of that sort.  RH bugzilla ref:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=137630
See also
https://bugzilla.mozilla.org/show_bug.cgi?id=264944
for tracking these issues in general.



------- Additional Comments From pekkas 2005-02-15 06:57:55 ----

FWIW, Red Hat has not released updates on this.



------- Bug moved to this database by dkl 2005-03-30 18:29 -------

This bug previously known as bug 2216 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2216
Originally filed under the Fedora Legacy product and General component.

Unknown priority P3. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Unknown severity minor. Setting to default severity "normal".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.
Comment 1 Pekka Savola 2005-11-16 13:20:33 UTC 
This doesn't seem to be important enough to fix just on its own, so mark it DEFER.
Comment 2 Andy Colman 2007-04-22 16:52:49 UTC 
Created attachment 153254 [details]
links_die1.html