- From: Huajun Zeng <i-hjzeng@microsoft.com>
- Date: Thu, 19 Apr 2001 01:48:42 -0400 (EDT)
- To: <html-tidy@w3.org>
I got the same error when I work with tidy. Then I traced the program,
and found some code may contains bugs.
In function WrapLine in pprint.c:
...
if (linelen > wraphere)
{
p = linebuf;
if (linebuf[wraphere] == ' ')
++wraphere;
q = linebuf + wraphere;
AddC('\0', linelen);
while ((*p++ = *q++));
linelen -= wraphere;
}
...
The function AddC not only add a char to the buffer, but also can
reallocate mem for linebuf. In this case, p and q point to a memory
block that has been released. The released memory block still can be
accessed, but it is not zero ended. So the while cycle carries the
pointers to some mystic area...
Received on Thursday, 19 April 2001 20:40:32 UTC