Bug 137630 - w3m crashes on malformed HTML
Summary: w3m crashes on malformed HTML
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: w3m
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Darshan Santani
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-10-29 20:33 UTC by Michal Jaegermann
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-10-30 16:27:10 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Michal Jaegermann 2004-10-29 20:33:41 UTC 
Description of problem:

Issues detailed in https://bugzilla.mozilla.org/show_bug.cgi?id=264944
affect w3m too. On 'gallery' samples to be found in
http://lcamtuf.coredump.cx/soft/mangleme.tgz
w3m reacts as follows on 'links_die1.html':

GC Warning: Out of Memory!  Returning NIL!
(followed by a longer pause)
Segmentation fault

For 'lynx_die1.html' results are as that:

GC Warning: Repeated allocation of very large block (appr. size
56135680):May

and it goes apparently into an infinite loop hard to kill.
This is a regression as w3m-0.3.1-4.7x.1, for example, responds
with "No Line" and that is it. 'w3m -dump lynx_die1.html' is more
informative:

GC Warning: Repeated allocation of very large block (appr. size 1019904):
	May lead to memory leak and poor performance.
GC Warning: Repeated allocation of very large block (appr. size 3039232):
	May lead to memory leak and poor performance.
GC Warning: Repeated allocation of very large block (appr. size 10878976):
	May lead to memory leak and poor performance.
GC Warning: Repeated allocation of very large block (appr. size 32485376):
	May lead to memory leak and poor performance.
GC Warning: Repeated allocation of very large block (appr. size 96997376):
	May lead to memory leak and poor performance.

(and off we go into an infinite loop).

Version-Release number of selected component (if applicable):
w3m-0.5.1-4 but earlier versions too.

How reproducible:
Always with the right input.
Comment 1 Michal Jaegermann 2005-01-28 04:48:16 UTC 
I tried the same tests as described in the original report
with the current w3m-0.5.1-4.FC3.1 dated 2005-Jan-13 and I do not
see much of improvement.
Comment 2 Matthew Miller 2006-07-10 23:44:45 UTC 
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!
Comment 3 John Thacker 2006-10-30 16:27:10 UTC 
Closing per lack of response to previous request for information.
This bug was originally filed against a much earlier version of Fedora
Core, and significant changes have taken place since the last version
for which this bug is confirmed.

Note that FC3 and FC4 are supported by Fedora Legacy for security
fixes only.  Please install a still supported version and retest.  If
it still occurs on FC5 or FC6, please reopen and assign to the correct
version.  Otherwise, if this a security issue, please change the
product to Fedora Legacy.  Thanks, and we are sorry that we did not
get to this bug earlier.
Note You need to log in before you can comment on or make changes to this bug.