Re: Bug: missing quotes cause segmentation fault from Achim Schaefer on 2000-08-25 (html-tidy@w3.org from July to September 2000)

From: Achim Schaefer <Achim.Schaefer@neuroinformatik.ruhr-uni-bochum.de>
Date: Fri, 25 Aug 2000 10:12:31 +0200
To: Terry Teague <teague@mailandnews.com>
CC: html-tidy@w3.org
Message-ID: <39A62A6F.AAC3860B@neuroinformatik.ruhr-uni-bochum.de>

The proposed solution (see below) indeed fixes the problem for the code
<A HREF=mailto:"user@host"> blah </a> 
and produces the desired output.

However, it does not change tidy's behaviour for code like
<a href="test.html>link</a> <a href="test.html">link</a>
This still leads to a segmentation fault (on SunOS/Solaris or a null
pointer on other systems).
This seems to be a different bug, though it looks very similar. Maybe
someone can find a similar solution.

Regards, Achim

Terry Teague wrote:
> 
> At 5:51 PM +0200 8/23/2000, Achim Schaefer wrote:
> >The following line of code leads to a segmentation fault with Tidy (vers
> >4th August 2000):
> ><a href="test.html>link</a> <a href="test.html">link</a>
> >
> >(The closing quote are missing.)
> 
> >Is this a bug that is already known? Has anybody posted a fix, yet?
> 
> Yes, I believe this is a known bug (or a variation on a known bug) :
> 
> Reported by Scott Davis 19 Jul 00, in the 08 Jul 00 version.
> 
> Mismatched quotes for an element's attribute causes a NULL pointer to be
> dereferenced when reporting the error, which causes a crash/segmentation
> fault on some platforms.
> 
> <A HREF=mailto:"user@host"> blah </a>
> Note the odd quoting on the HREF element.
> This seems to be caused by the value of the sattribute being null if an
> unexpected quote is found. It may be related to the break at line 2541 of
> lexer.c. Removing that line seems to produce a reasonable result of
> <a href="mailto:&quot;user@company.com&quot;">blah</a>
> 
> Proposed solution (tabs removed by me) :
> 
> original code : 30 Apr 00
> lexer.c - line 2541 ParseValue()
> 
> if (c == '"' || c == '\'')
> {
>    ReportAttrError(lexer, lexer->token, null, UNEXPECTED_QUOTEMARK);
>    break;
> }
> 
> fixed code :
> 
> if (c == '"' || c == '\'')
> {
>    ReportAttrError(lexer, lexer->token, null, UNEXPECTED_QUOTEMARK);
>    // *** REMOVE ***   break;
> }
> 
> Note, I haven't tested this fix.
> 
> Regards, Terry

Received on Friday, 25 August 2000 04:13:21 UTC