Description of problem: In November 2004 showed up this report http://www.securityfocus.com/archive/1/378632 In particular links_die1.html from 'gallery' in 'mangleme', http://lcamtuf.coredump.cx/soft/mangleme.tgz still is causing the following with the current version in FC3: ERROR at memory.c:26: Out of memory (calloc returned NULL): retry #1, I still exercise my patience and retry tirelessly. ERROR at memory.c:26: Out of memory (calloc returned NULL): retry #2, I still exercise my patience and retry tirelessly. ERROR at memory.c:38: Out of memory (calloc returned NULL) after 3 tries, I give up and try to continue. Pray for me, please. ELinks crashed. That shouldn't happen. ..... links(dump_backtrace+0x2d)[0x48445d] links[0x44cf1e] /lib64/tls/libc.so.6[0x307702e570] links[0x439876] links(format_table+0x2af)[0x43b8ff] links(parse_html+0xca8)[0x431678] links(format_html_part+0x226)[0x437546] links(render_html_document+0x1cf)[0x437cdf] links(render_document+0x3fe)[0x429d4e] links(render_document_frames+0x15c)[0x429f7c] links(draw_formatted+0x1eb)[0x41a7db] links(display_timer+0x1e)[0x4456de] links(end_load+0x3cb)[0x44779b] links[0x4403c1] links[0x4407ee] links(abort_connection+0x2f)[0x440fff] links[0x4572c2] links(check_queue+0x190)[0x4412b0] links(do_check_bottom_halves+0x36)[0x44a676] links(select_loop+0x56d)[0x44b19d] Aborted In gdb one can see: Program received signal SIGSEGV, Segmentation fault. 0x0000000000439876 in render_html_document () (gdb) bt #0 0x0000000000439876 in render_html_document () #1 0x000000000043b8ff in format_table () #2 0x0000000000431678 in parse_html () #3 0x0000000000437546 in format_html_part () #4 0x0000000000437cdf in render_html_document () #5 0x0000000000429d4e in render_document () #6 0x0000000000429f7c in render_document_frames () #7 0x000000000041a7db in draw_formatted () #8 0x00000000004456de in display_timer () #9 0x000000000044779b in end_load () #10 0x00000000004403c1 in connect_info () #11 0x00000000004407ee in set_connection_state () #12 0x0000000000440fff in abort_connection () #13 0x00000000004572c2 in get_user_program () #14 0x00000000004412b0 in check_queue () #15 0x000000000044a676 in do_check_bottom_halves () #16 0x000000000044b19d in select_loop () #17 0x000000000040fe85 in main () Version-Release number of selected component (if applicable): elinks-0.9.2-2 How reproducible: 100%
See also bug #137630.
Changelog for 0.9.1-1.1 says "limit rowspan/colspan values prevents crashes reported at http://www.securityfocus.com/archive/1/378632" Er..,, this was just an example. Did you try to run 'mangleme', as described in its documentation, and nothing spooks elinks anymore?