Fix crash after a tab was opened during reload.

Commit 0b99fa70ca "Bug 620: Reset form fields to default values on reload" made render_document() decrement vs->form_info_len to 0 while vs->form_info remained non-NULL. copy_vs() then copied the whole structure with copy_struct and did not change form_info because form_info_len was 0. Both view_state structures had form_info pointing to the same memory block, causing a segfault when destroy_vs() tried to free that block a second time. Reported by أحمد المحمودي.
2024-06-21 00:25:37 +00:00 · 2008-07-15 00:09:27 +03:00 · 2008-07-15 00:09:27 +03:00 · e9d4d3aef2
commit e9d4d3aef2
parent 6b05cdb3a0
2 changed files with 8 additions and 0 deletions
--- a/2
+++ b/2
@ -18,6 +18,8 @@ generally also includes the bug fixes made in ELinks 0.11.4.GIT.

 Bugs that should be removed from NEWS before the 0.12.0 release:

+* critical: Fix crash after a tab was opened during reload.  This was
+  triggered by the bug 620 fix in ELinks 0.12pre1.
 * major bug 1026 in user SMJS: Protect the callback of elinks.load_uri
  from the garbage collector.  The elinks.load_uri method was added in
  ELinks 0.12pre1.
--- a/src/viewer/text/vs.c
+++ b/src/viewer/text/vs.c
@ -79,6 +79,12 @@ copy_vs(struct view_state *dst, struct view_state *src)
 	dst->ecmascript_fragile = 1;
 #endif

+	/* destroy_vs(vs) does mem_free_if(vs->form_info), so each
+	 * view_state must have its own form_info.  Normally we make a
+	 * copy below, but not if src->form_info_len is 0, which it
+	 * can be even if src->form_info is not NULL.  */
+	dst->form_info = NULL;
+
 	/* Clean as a baby. */
 	dst->doc_view = NULL;