Bug 146433 - links - segmentation fault
Summary: links - segmentation fault
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: elinks
Version: 3
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Karel Zak
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-28 05:11 UTC by Michal Jaegermann
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-01-28 18:38:25 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Michal Jaegermann 2005-01-28 05:11:22 UTC 
Description of problem:

In November 2004 showed up this report
http://www.securityfocus.com/archive/1/378632
In particular links_die1.html from 'gallery' in 'mangleme',
http://lcamtuf.coredump.cx/soft/mangleme.tgz
still is causing the following with the current version in FC3:

ERROR at memory.c:26: Out of memory (calloc returned NULL): retry #1,
I still exercise my patience and retry tirelessly.
ERROR at memory.c:26: Out of memory (calloc returned NULL): retry #2,
I still exercise my patience and retry tirelessly.
ERROR at memory.c:38: Out of memory (calloc returned NULL) after 3
tries, I give up and try to continue. Pray for me, please.

ELinks crashed. That shouldn't happen.
.....

links(dump_backtrace+0x2d)[0x48445d]
links[0x44cf1e]
/lib64/tls/libc.so.6[0x307702e570]
links[0x439876]
links(format_table+0x2af)[0x43b8ff]
links(parse_html+0xca8)[0x431678]
links(format_html_part+0x226)[0x437546]
links(render_html_document+0x1cf)[0x437cdf]
links(render_document+0x3fe)[0x429d4e]
links(render_document_frames+0x15c)[0x429f7c]
links(draw_formatted+0x1eb)[0x41a7db]
links(display_timer+0x1e)[0x4456de]
links(end_load+0x3cb)[0x44779b]
links[0x4403c1]
links[0x4407ee]
links(abort_connection+0x2f)[0x440fff]
links[0x4572c2]
links(check_queue+0x190)[0x4412b0]
links(do_check_bottom_halves+0x36)[0x44a676]
links(select_loop+0x56d)[0x44b19d]
Aborted

In gdb one can see:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000439876 in render_html_document ()
(gdb) bt
#0  0x0000000000439876 in render_html_document ()
#1  0x000000000043b8ff in format_table ()
#2  0x0000000000431678 in parse_html ()
#3  0x0000000000437546 in format_html_part ()
#4  0x0000000000437cdf in render_html_document ()
#5  0x0000000000429d4e in render_document ()
#6  0x0000000000429f7c in render_document_frames ()
#7  0x000000000041a7db in draw_formatted ()
#8  0x00000000004456de in display_timer ()
#9  0x000000000044779b in end_load ()
#10 0x00000000004403c1 in connect_info ()
#11 0x00000000004407ee in set_connection_state ()
#12 0x0000000000440fff in abort_connection ()
#13 0x00000000004572c2 in get_user_program ()
#14 0x00000000004412b0 in check_queue ()
#15 0x000000000044a676 in do_check_bottom_halves ()
#16 0x000000000044b19d in select_loop ()
#17 0x000000000040fe85 in main ()

Version-Release number of selected component (if applicable):
elinks-0.9.2-2

How reproducible:
100%
Comment 1 Michal Jaegermann 2005-01-28 05:12:38 UTC 
See also bug #137630.
Comment 2 Michal Jaegermann 2005-01-28 21:10:21 UTC 
Changelog for 0.9.1-1.1 says 
"limit rowspan/colspan values prevents crashes reported at
http://www.securityfocus.com/archive/1/378632"
Er..,, this was just an example.  Did you try to run
'mangleme', as described in its documentation, and nothing spooks
elinks anymore?
Note You need to log in before you can comment on or make changes to this bug.