W3C home > Mailing lists > Public > html-tidy@w3.org > July to September 2000

Re: Bug: missing quotes cause segmentation fault

From: Achim Schaefer <Achim.Schaefer@neuroinformatik.ruhr-uni-bochum.de>
Date: Fri, 25 Aug 2000 10:12:31 +0200
Message-ID: <39A62A6F.AAC3860B@neuroinformatik.ruhr-uni-bochum.de>
To: Terry Teague <teague@mailandnews.com>
CC: html-tidy@w3.org
The proposed solution (see below) indeed fixes the problem for the code
<A HREF=mailto:"user@host"> blah </a> 
and produces the desired output.

However, it does not change tidy's behaviour for code like
<a href="test.html>link</a> <a href="test.html">link</a>
This still leads to a segmentation fault (on SunOS/Solaris or a null
pointer on other systems).
This seems to be a different bug, though it looks very similar. Maybe
someone can find a similar solution.

Regards, Achim

Terry Teague wrote:
> 
> At 5:51 PM +0200 8/23/2000, Achim Schaefer wrote:
> >The following line of code leads to a segmentation fault with Tidy (vers
> >4th August 2000):
> ><a href="test.html>link</a> <a href="test.html">link</a>
> >
> >(The closing quote are missing.)
> 
> >Is this a bug that is already known? Has anybody posted a fix, yet?
> 
> Yes, I believe this is a known bug (or a variation on a known bug) :
> 
> Reported by Scott Davis 19 Jul 00, in the 08 Jul 00 version.
> 
> Mismatched quotes for an element's attribute causes a NULL pointer to be
> dereferenced when reporting the error, which causes a crash/segmentation
> fault on some platforms.
> 
> <A HREF=mailto:"user@host"> blah </a>
> Note the odd quoting on the HREF element.
> This seems to be caused by the value of the sattribute being null if an
> unexpected quote is found. It may be related to the break at line 2541 of
> lexer.c. Removing that line seems to produce a reasonable result of
> <a href="mailto:&quot;user@company.com&quot;">blah</a>
> 
> Proposed solution (tabs removed by me) :
> 
> original code : 30 Apr 00
> lexer.c - line 2541 ParseValue()
> 
> if (c == '"' || c == '\'')
> {
>    ReportAttrError(lexer, lexer->token, null, UNEXPECTED_QUOTEMARK);
>    break;
> }
> 
> fixed code :
> 
> if (c == '"' || c == '\'')
> {
>    ReportAttrError(lexer, lexer->token, null, UNEXPECTED_QUOTEMARK);
>    // *** REMOVE ***   break;
> }
> 
> Note, I haven't tested this fix.
> 
> Regards, Terry
Received on Friday, 25 August 2000 04:13:21 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 3 April 2012 06:13:44 GMT