W3C home > Mailing lists > Public > html-tidy@w3.org > January to March 2000

Tidy inline stack bug

From: Andy Quick <ac.quick@sympatico.ca>
Date: Mon, 13 Mar 2000 21:04:17 -0500
Message-ID: <001501bf8d59$cad00760$bffbacce@quick>
To: <html-tidy@w3.org>
I got a bug report with Java tidy that applies to C tidy
as well.  I spent some time arriving at a small test
case that shows the problem, but it's a little beyond
me right now as to how to fix it.

It appears that tidy tries to return a node from an
empty inline stack.  C tidy doesn't actually GPF, it
just reads unallocated memory.  Java tidy throws an
exception when accessing a 0-sized vector.

If you put the lines marked with * into the function
InsertedToken in istack.c, you will see the message
"0-size istack" printed as tidy parses the example
(illegal) HTML file below.

Regards,

Andy Quick
---- from InsertedToken(Lexer *lexer) ----
    node = NewNode();
    node->type = StartTag;
    node->implicit = yes;
    node->start = lexer->txtstart;
    node->end = lexer->txtstart;
    istack = lexer->insert;
*   if (lexer->istacksize == 0)
*       tidy_out(lexer->errout, "0-size istack!\n");
    node->element = wstrdup(istack->element);
    node->tag = istack->tag;
    node->attributes = DupAttrs(istack->attributes);


---- HTML test case -----
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>

<DL>
<EM>
<DD>blah</DD>
</EM>
</DL>

</BODY>
</HTML>
Received on Monday, 13 March 2000 21:07:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 April 2012 06:13:43 GMT