1
0
mirror of https://github.com/rkd77/elinks.git synced 2024-06-21 00:25:37 +00:00

Fix crash after a tab was opened during reload.

Commit 0b99fa70ca "Bug 620: Reset form
fields to default values on reload" made render_document() decrement
vs->form_info_len to 0 while vs->form_info remained non-NULL.
copy_vs() then copied the whole structure with copy_struct and did not
change form_info because form_info_len was 0.  Both view_state
structures had form_info pointing to the same memory block, causing a
segfault when destroy_vs() tried to free that block a second time.

Reported by أحمد المحمودي.
This commit is contained in:
Kalle Olavi Niemitalo 2008-07-15 00:09:27 +03:00 committed by Kalle Olavi Niemitalo
parent 6b05cdb3a0
commit e9d4d3aef2
2 changed files with 8 additions and 0 deletions

2
NEWS
View File

@ -18,6 +18,8 @@ generally also includes the bug fixes made in ELinks 0.11.4.GIT.
Bugs that should be removed from NEWS before the 0.12.0 release:
* critical: Fix crash after a tab was opened during reload. This was
triggered by the bug 620 fix in ELinks 0.12pre1.
* major bug 1026 in user SMJS: Protect the callback of elinks.load_uri
from the garbage collector. The elinks.load_uri method was added in
ELinks 0.12pre1.

View File

@ -79,6 +79,12 @@ copy_vs(struct view_state *dst, struct view_state *src)
dst->ecmascript_fragile = 1;
#endif
/* destroy_vs(vs) does mem_free_if(vs->form_info), so each
* view_state must have its own form_info. Normally we make a
* copy below, but not if src->form_info_len is 0, which it
* can be even if src->form_info is not NULL. */
dst->form_info = NULL;
/* Clean as a baby. */
dst->doc_view = NULL;