- From: Andy Quick <ac.quick@sympatico.ca>
- Date: Thu, 10 Aug 2000 18:13:37 -0400
- To: <html-tidy@w3.org>
Thanks for this! This one has been bugging me for a while. I will post a new Java tidy, with this fix, soon. Regards, Andy Quick ----- Original Message ----- From: Randy Waki <rwaki@flipdog.com> To: <html-tidy@w3.org>; <dsr@w3.org> Sent: Monday, August 07, 2000 2:08 AM Subject: Bug: Possible dangling pointer in istack.c > I think I've discovered a dangling pointer bug in istack.c. When > PopInLine() in istack.c pops the stack, it fails to check if lexer->insert > is pointing past the new end of stack. This can cause a subsequent call > to InsertedToken() to dereference the bogus lexer->insert. > > The fix is in the last if statement of PopInLine(), where the stack is > popped: if lexer->insert points past the end of the stack, set it to null. > (It's possible a similar check needs to be performed just above, too.) >
Received on Thursday, 10 August 2000 18:16:09 UTC