RE: Segfault in HTML Tidy from Terry Teague on 1999-11-28 (html-tidy@w3.org from October to December 1999)

From: Terry Teague <teague@mailandnews.com>
Date: Sat, 27 Nov 1999 21:04:56 -0800
To: <html-tidy@w3.org>
Cc: "Steinar H. Gunderson" <sgunderson@bigfoot.com>
Message-Id: <l03130300b46665d07d29@[17.219.108.21]>

At 1:08 PM -0500 11/27/99, Jelks Cabaniss wrote:
>> The following code makes HTML Tidy segfault on my glibc 2.1 system:
>

>>line 7 column 4 - Warning: missing </b> before <p>
>>line 7 column 4 - Warning: trimming empty <b>
>>line 7 column 7 - Warning: <b> is probably intended as </b>
>>line 7 column 7 - Warning: trimming empty <p>
>>line 7 column 7 - Warning: discarding unexpected <(null)>

>> <body>
>> <b><p>test</p>      <!-- crash on this line -->
>> </body>
>
>Maybe something with glibc?  I ran the Windows executable on your markup
>and it
>did this (without crashing):
>
>	<body>
>	<b>test<br>
>	<br>
>	</b>
>	</body>

I ran Steinar's HTML through the Mac OS versions of Tidy 24 Nov 99, and got
the following :

line 7 column 4 - Warning: missing </b> before <p>
line 7 column 4 - Warning: trimming empty <b>
line 7 column 7 - Warning: <b> is probably intended as </b>
line 7 column 7 - Warning: trimming empty <p>
line 7 column 7 - Warning: discarding unexpected <>
line 7 column 7 - Warning: inserting implicit <b>
line 7 column 11 - Warning: replacing element </p> by <br>
line 7 column 11 - Warning: inserting implicit <br>

<body>
<b>test<br>
<br>
 <!-- crash on this line --></b>
</body>

An earlier discussion on the mailing list described the differences in
implementation of the C standard I/O library in respect of printing (null).
That particular discussion involved a problem with tables with similar
symptoms to Steinar's problem above.

Although the Mac OS version didn't crash per se, my debugging caught the
following problem when processing the "line 7 column 7 - Warning:
discarding unexpected <>" :

Block being deleted is already free.

and the relevant piece of source is (offending line is the FreeNode(node)) :

Parser.c line #2492
        /* discard unknown  and PARAM tags */
        if (node->tag == null || node->tag == tag_param)
        {
            ReportWarning(lexer, body, node, DISCARDING_UNEXPECTED);
            FreeNode(node);
            continue;
        }

I believe I get a similar "crash" with the Mac OS version of Tidy 24 Nov 99
and the original table problem that was described (at least one of my
implementations crashed, and I don't plan to try and repeat it right
now...).

Regards, Terry

Received on Sunday, 28 November 1999 00:06:37 UTC