Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 10 Sep 2003 05:29:38 +0100 (WEST)
From:      Mário Freitas <sub_0@netcabo.pt>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/56668: Port update: www/elinks Elinks crashes on frameset webpages
Message-ID:  <20030910042938.BB59A209C@suzy.unbreakable.homeunix.org>
Resent-Message-ID: <200309100430.h8A4UBO4029777@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         56668
>Category:       ports
>Synopsis:       Port update: www/elinks Elinks crashes on frameset webpages
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Sep 09 21:30:11 PDT 2003
>Closed-Date:
>Last-Modified:
>Originator:     Mário Freitas
>Release:        FreeBSD 5.1-CURRENT i386
>Organization:
>Environment:
System: FreeBSD suzy.unbreakable.homeunix.org 5.1-CURRENT FreeBSD 5.1-CURRENT #0: Tue Sep 9 23:39:24 WEST 2003 sub_0@suzy.unbreakable.homeunix.org:/usr/obj/usr/src/sys/SUZY i386


>Description:
I noticed elinks crashes most of the times after parsing a web
page which includes framesets (try loading a frameset with for example
rows="200,*"). This occurs because it tries to free some arbitrary block
of memory without checking if the previous functions returned errors.

>How-To-Repeat:
Try opening a webpage with some frameset including rows="200,*" for example.
>Fix:

Please, place this patch in www/elinks/files directory and update the 
port revision.

--- patch-parse.c begins here ---
--- src/document/html/parser.c.orig	Sat Sep  6 02:09:37 2003
+++ src/document/html/parser.c	Sat Sep  6 02:10:14 2003
@@ -2330,8 +2330,8 @@
 	parse_frame_widths(d, y, HTML_FRAME_CHAR_HEIGHT, &fp.yw, &fp.y);
 	fp.parent = html_top.frameset;
 	if (fp.x && fp.y) html_top.frameset = special_f(ff, SP_FRAMESET, &fp);
-	mem_free(fp.xw);
-	mem_free(fp.yw);
+	if (fp.x) mem_free(fp.xw);
+	if (fp.y) mem_free(fp.yw);
 
 free_cd:
 	mem_free(c);
--- patch-parse.c ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030910042938.BB59A209C>