Add ecmascript_interpreter.backend_nesting, increment it when
beginning to evaluate an expression, and decrement it when evaluation
finishes. Then assert that it is zero in ecmascript_put_interpreter.
This detects bug 957 and similar ones before they corrupt memory.
[ Backported from commit 58e3ebf2e7 in
ELinks 0.12.GIT. --KON ]
The previous code cast the integer (long actually) to void * and gave
that to JS_SetPrivate. This did not work because JS_SetPrivate
expects pointers to be aligned and replaces the least significant bit
with a tag.
[ From attachment 379 of bug 755. This is less clean than attachment
380 (aka commit 871a1befad in ELinks
0.12.GIT) but avoids the need to raise the SpiderMonkey version
requirement in the ELinks 0.11 stable branch. --KON ]
This is a further precaution against reading a pointer from the wrong
type of object. All of the JS_GetPrivate calls were already protected
with JS_InstanceOf checks if assertions are enabled, and many of them
also if assertions are not enabled.
[ Backported from commit 99f648b911 in
ELinks 0.12.GIT. --KON ]
Remember the index of struct form_state in vs->form_info
instead of the pointer to it. The pointer may change,
the index is persistent.
The field ecmascript_obj of the struct form_state is unused.
[ Backported from commit ecc03ad608 in
ELinks 0.12.GIT. --KON ]
screen_driver_change_hook was comparing only strlen(name) characters
and ignoring the '\0'. To reproduce the bug in ELinks 0.11.3 and
ELinks 0.12.GIT:
- Run TERM=screen elinks.
- In another terminal, run TERM=scr elinks. Quit this slave ELinks.
- Open the terminal options dialog and set 16 colors.
- Open the option manager and change the terminal.scr.colors option to
1 and back to 0.
- Note that ELinks no longer displays colors.
That bug could be fixed just by using len+1 instead of len. However,
there is also another bug: memcmp may compare the specified number of
bytes, even if some of the earlier ones differ; thus, it could in
principle read past the end of the malloc block and thereby crash
ELinks. Using strcmp may be a little slower but I do not believe it
could become a bottleneck.
[ Backported from commit f6f5eeceb7 in
ELinks 0.12.GIT. --KON ]
It was broken in 0.11.2.GIT (a64dd281e9).
Since then, $QUERY_STRING has been empty for <file:///foo/bar?query>.
uri.data is documented as containing both the path and the query.
[ Commit message by me. --KON ]
Revert commit 644908c130,
"Garbage-collect SMJS objects before flushing caches."
The extra garbage collections increase the risk of crashing because of
dangling pointers in form_state.ecmascript_obj. I don't think I'll
have time to properly document the bug and backport the fix before
the 0.11.4 release, so I'm reverting the change instead.
Don't look for gettext message catalogs in ../po/ unless ELinks is being
run as src/elinks, ./src/elinks, or .../src/elinks.
Discovered by Arnaud Giersch, this alternate fix (than what is in debian
package 0.11.1-1.4) closes debian bug #417789 and redhat bug #235411.
Also reported in: CVE-2007-2027.
Restricting it to only work with --enable-debug was also considered,
however, it is an important feature for translaters so this less
paranoid fix was chosen.
The configure script checks whether it is possible to compile a use of
POPpx without an n_a variable; if not, the source code then defines
those variables. This is slower than including Perl's patchlevel.h
and comparing the version numbers to 5.8.8 but I expect this to be
more reliable as well.
[ Backported from commit 432969a3a9 in
ELinks 0.12.GIT. --KON ]
In revision 1.15 of dns.c (as it was called way back then), pasky
backported a fix from Links 0.97pre2 to try gethostbyaddr before
trying gethostbyname for DNS lookups:
MacOS address resolution fix (Aldy Hernandez) (from 0.97pre2)
However, that fix introduced a bug, because it was calling gethostbyaddr
on all addresses, not just IP addresses. Mikulas fixed that bug in Links
0.98:
Do not call gethostbyaddr when name is not ip address (it should avoid
some useless nameserver queries)'
This fix was never backported to ELinks. Until today.
This commit is functionally the same as the fix in Links 0.98, plus it uses
inet_aton for great correctness!
This fixes a bug reported in #elinks by tnks, whereby lookups for
yubnub.org resulted in 121.117.98.110 == 0x7975626E == 'y', 'u', 'b', 'n'.
I believe that it also fixes bug 691 (which is already closed with a
workaround).
[ From commit 8344dfe6c9 in ELinks
0.12.GIT. --KON ]
Revert commit 2d6840b9bd9d3a7a45a5ad92b4e98ff7224d6d97. It is causing
passive FTP via IPv6 to fail on ftp.funet.fi. ELinks sends PASV and
the server says "425 You cannot use PASV on IPv6 connections. Use EPSV
instead."
[ Backported from commit c0f488251f in
ELinks 0.12.GIT. --KON ]
[ Backported from commit ce05aa1f37 in ELinks
0.12.GIT. The earlier commit 0b7a56f89a
changes the CONFIG_UTF8 variant of set_hline, and that does not exist in
ELinks 0.11. --KON ]
And log this in NEWS, although that may have to be reverted later if
it turns out this change just hides a real bug elsewhere in ELinks.
[ Backported from commit 2f25d3e57c in
ELinks 0.12.GIT. --KON ]
If the codepage option was set to utf-8 (a special codepage) it would
end up being out of range when used for the initialy selected menu item.
[ From commit a72a0dab08 in ELinks 0.12.GIT.
ELinks 0.11 doesn't support UTF-8 as the terminal codepage, but the
System codepage could cause a similar assertion failure. ELinks 0.11.2
did not yet have this bug. --KON ]
... mainly bittorrent:// and bittorrent://x
The BitTorrent URL is supposed to contain an embedded URL pointing to a
metainfo file. If this is not the case a "custom" error message will be
shown. Also fixes calling of free_list() on an uninitialized list.
Closes bug 729.
[ From commit b61d8d06d9 in ELinks
0.12.GIT. This introduces a new string that perhaps won't be
translated in time for 0.11.3, but I think it's better to display
an error message in the wrong language than crash. --KON ]
HTTP_PROXY=8080:proxy.ucv.cl elinks http://wwww.google.cl. Thanks to
Karel Zak.
[ From commit 947c1730a6 in ELinks 0.12.GIT.
This crash occurs in ELinks 0.11.0 but not in 0.10.6. --KON ]
This fixes a problem with fragment references that was reported
by Thomas Adam.
[ Backported from commit c22f38413e in
ELinks 0.12.GIT, without changing localizable strings. --KON ]
The secure file saving code plays some shenanigans with the umask.
Previously, the code could fail to restore the old umask when certain libc
calls failed: malloc, mkstemp, fdopen, and fopen. This resulted in
unrelated code creating files with the wrong umode. Specifically, the
download code's automatic directory creation was creating directories
without the execute permission bit.
Thanks to Quiznos for reporting and helping to track the problem down.
[ Backported from commit 7f0fb0440c in
ELinks 0.12.GIT. The general download code in 0.11.2.GIT does not
automatically create directories but the BitTorrent code does. --KON ]
Revert 8bedf25bf8. Different versions
of ELinks call the Python goto_url_hook with different arguments:
- goto_url_hook(current) in 0.11.0, 0.11.1, and 0.11.2.
- goto_url_hook(new, current) in 0.11.2.GIT since 2007-11-27, commit
8bedf25bf8 which I'm now reverting.
No released version of ELinks has used this variant.
- goto_url_hook(new) in 0.12.GIT since 2007-01-01, commit
26473f72f5. The hook can call
elinks.current_url() if desired.
I think it will be less confusing to users if we drop the middle
variant and make the rest of the stable 0.11 branch call the hook in
the same way as 0.11.2 did. The difference will then be only between
the 0.11 and 0.12 branches.
Before this patch, init_python would crash trying to set up the
PYTHONPATH environment variable. Now it omits the home directory
from the variable in that case.
[ Related to commit 78bd416dc0 in ELinks
0.12.GIT but quite different internally. --KON ]
Create and immediately destroy a context when initialising the SMJS
document scripting module, because SMJS crashes on exit if there has
been no context created since it started, which is the case if one does
not load any documents.
[ From commit d7a964efaf in ELinks
0.12.GIT. --KON ]
Only call get_parent_ptr for resize events so that the menu isn't moved
to the cursor position for normal redraw events.
Without this change, if ui.leds.enable and ui.clock.enable are 1 and
the user opens the tab menu, it first appears near the tab bar and
almost immediately jumps near the cursor. With this change, the tab
menu stays near the tab bar. However, if the user presses Ctrl+L,
then the menu still jumps; but that is less annoying than having it
jump on its own.
[ From commit 1a89589b13 in ELinks
0.12.GIT. --KON ]
[ From commit 315f4e0342 in ELinks
0.12.GIT. This commit adds a string that perhaps won't be
translated in time for the 0.11.3 release, but I think it is
better to display a correct description in the wrong language
than a misleading description in the right language. --KON ]
Normally, the success msgbox is shown only if the ui.success_msgbox
option is set as 1, and clicking "Do not show anymore" would then
toggle the option to 0, and no more such msgboxes would appear.
However, if there already are two success msgboxes being displayed
(most likely in different terminals), then clicking "Do not show
anymore" in the first of them would reset the option to 0, but doing
the same in the second of them would toggle the option back to 1.
Rename toggle_success_msgbox to disable_success_msgbox, and make it
always reset the option to 0, regardless of the previous value.
[ From commit 7185e926e6 in ELinks
0.12.GIT. This I think does not deserve a NEWS entry. --KON ]
It will grab at the first fragment of the cache entry and try to detect the
content-type by looking for valid HTML. It is very stupid for now, simply
searching for "<html>", which may be bogus in certain circumstances. And I
am not sure if this is better left out and up to the scripting backends,
e.g. SMJS can now modify the cache entry.
A feable fix for bug 396.
[ From commit 3ea73da7df in ELinks
0.12.GIT. --KON ]
Delete the FREE_LIST flag from mi_no_ext so that free_menu_items doesn't
try to free static memory.
This fixes a crash reproducible by deleting every entry under Setup -> File
extensions, opening said menu, and then closing said menu.
[ From commit b41c7d4055 in ELinks
0.12.GIT. --KON ]
Simplify do_move_bookmarks (from a readability perspective) by replacing
the destb and desti parameters with a new insert_as_child flag. Inspired
by Kalle Olavi Niemitalo.
[ Backported from commit 32ec5d1db3 in
ELinks 0.12.GIT. This change is not required for fixing bug 760, but
the bookmark code in ELinks 0.12.GIT has been tested more with the
change than without it, so I think applying it is safest. --KON ]
do_move_bookmark was only updating the selection in the bookmarks manager
window in which the Move button was pressed. Now all windows are updated.
This patch also prevents a crash when the first item that was displayed
in a box was the last child of a folder and was being moved (the comment
removed in this patch was incorrect in assuming that bm->box->next must
be valid because it neglected to account for non-root children).
This change required that I move the definition of struct
hierbox_dialog_list_item from src/bfu/hierbox.c to src/bfu/hierbox.h.
Thanks to Kalle Olavi Niemitalo for finding both the update problem
and the crash.
[ Backported from commit 6f98f5fd96 in
ELinks 0.12.GIT. --KON ]
