Description of problem: This is a sample of file which cauases w3m to segfault: /usr/share/doc/sane-backends-1.0.19/sane-mfgs.html from sane-backends-1.0.19-10.fc9 package. On an attempts to show located at the top of the file in question http://www.sane-project.org/images/sane.png w3m invariably segfaults; at least on an x86_64 installation. This does not happen in setting where a display of this image is not attempted. When core files are allowed and with w3m-debuginfo loaded gdb gives the following backtrace from a resulting core: Core was generated by `w3m sane-mfgs.html'. Program terminated with signal 11, Segmentation fault. [New process 18576] .... (gdb) where #0 0x0000003c1fc1cb60 in GC_malloc_atomic () from /usr/lib64/libgc.so.1 #1 0x00000000004384e2 in check_table_width (t=0x19bf320, newwidth=0x27de480, minv=0x27e7520, itr=1) at table.c:1242 #2 0x0000000000439e30 in renderTable (t=0x19bf320, max_width=<value optimized out>, h_env=0x7fff655a4e40) at table.c:1770 #3 0x000000000041e1b9 in HTMLlineproc0 (line=0x2799a08 "\n", h_env=0x7fff655a4e40, internal=0) at file.c:6221 #4 0x0000000000423aef in loadHTMLstream (f=0x7fff655a5350, newBuf=0x14307e0, src=0x0, internal=0) at file.c:6998 #5 0x0000000000423f78 in loadHTMLBuffer (f=0x7fff655a5350, newBuf=0x14307e0) at file.c:6550 #6 0x0000000000429d1b in reshapeBuffer (buf=0x14307e0) at buffer.c:562 #7 0x000000000042c1fa in displayBuffer (buf=0x3c1fe24e50, mode=0) at display.c:386 #8 0x000000000044b3fd in loadImage (buf=0x14307e0, flag=2) at image.c:424 #9 0x00000000004112bd in main (argc=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>) at main.c:1129 (gdb) f 1 #1 0x00000000004384e2 in check_table_width (t=0x19bf320, newwidth=0x27de480, minv=0x27e7520, itr=1) at table.c:1242 1242 Sxx = NewAtom_N(double, cell->maxcell + 1); (gdb) list 1237 for (m = 0; m < i; m++) { 1238 stotal += 2 * m_entry(minv, i, m); 1239 } 1240 } 1241 1242 Sxx = NewAtom_N(double, cell->maxcell + 1); 1243 for (k = 0; k <= cell->maxcell; k++) { 1244 j = cell->index[k]; 1245 bcol = cell->col[j]; 1246 ecol = bcol + cell->colspan[j]; (gdb) p cell No symbol "cell" in current context. Version-Release number of selected component (if applicable): w3m-0.5.2-10.fc9.x86_64 w3m-img-0.5.2-10.fc9.x86_64 How reproducible: always Additional info: I do not know if this is the case also for i386
(In reply to comment #0) > Description of problem: > > On an attempts to show located at the top of the file in > question http://www.sane-project.org/images/sane.png > w3m invariably segfaults; at least on an x86_64 installation. > This does not happen in setting where a display of this image > is not attempted. So does that mean if you take your curosr to "SANE" image then w3m segfaults? Can you give some more steps to reproduce this? Also, how are you testing segfault when you are not even taking cursor over "SANE" which means no image will be shown?
> So does that mean if you take your curosr to "SANE" image > then w3m segfaults? No, nothing of that sort. The following packages are installed at this moment: w3m-0.5.2-10.fc9.x86_64 w3m-img-0.5.2-10.fc9.x86_64 w3m-debuginfo-0.5.2-10.fc9.x86_64 With a machine connected to the net after I will type in a gnome-terminal (some kind of a graphic capability is required, I guess) this: w3m /usr/share/doc/sane-backends-1.0.19/sane-mfgs.html and I will not touch after that neither my mouse nor keyboard, then w3m displays a top of the file in question and, after a short moment, starts to load _automatically_ images referenced on that page. You can see a top fragment of a SANE logo starting to show up and this is invariably followed by a segfault as described in the original report. You do not need w3m-debuginfo-0.5.2-10.fc9 for that sefault to happen. It was added to get some meaningful information from gdb. If you will make a local copy of sane.png and modify "href" in sane-mfgs.html to use that instead then effects are exactly the same so in that sense a network connection is not essential. After a segfault you will have to reset a terminal used as it will be messed up to some extent.
Reproduced on my F9 x86_64 box.
revisiting this long time pending bug on F11 system. I have following packages installed on 64 bit system(Yes I got now own 64 bit OS installed with me) w3m-0.5.2-13.fc11.x86_64 w3m-img-0.5.2-13.fc11.x86_64 When attempted to use w3m /usr/share/doc/sane-backends-1.0.19/sane-mfgs.html I can see images without problem. Can you check if you still face this bug in F11? If not then will close this bug.
> Can you check if you still face this bug in F11? No. At least in precise attempts as described in the original report. I cannot be sure that nothing else will trip it but I do not have examples on hand. It also does not bomb out on F10 installation. Nothing changed on F9 though but these are different versions of w3m and underlying gc and ImageMagick.