MantisBT - NetSurf
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0002143NetSurfRISC OS-specificpublic2014-06-10 20:372015-03-10 11:06
ReporterHarriet Bazley 
Assigned ToVincent Sanders 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformARMOSRISC OSOS Version5.19
Product Version3.2 
Target VersionFixed in Version3.2 
Fixed in CI build #
Reported in CI build #1966
URL of problem pagehttps://www.fanfiction.net/r/7302546/
Summary0002143: Lower part of page hidden/crash on fanfiction.net
DescriptionLoading the page https://www.fanfiction.net/r/7302546/ displays only the first few paragraphs of content, below which the window is blank.
Moreover subsequently attempting to edit the URL (in order to see if the mobile version of the site would render any better) causes a segmentation fault in the browser.
Steps To ReproduceDouble-click on URL in text file (or via web link).
Place input focus in URL bar and delete a couple of 'w's from "http://www...."
Browser crashes without return key being pressed (could this be associated with auto-complete?)
Additional InformationURL editing was fine as of Netsurf v.1932. Tried Netsurf v1963 but this crashes with the same symptoms as v1966.
TagsNo tags attached.
Relationships
Attached Fileszip Log.zip (6,761) 2014-06-10 20:37
https://bugs.netsurf-browser.org/mantis/file_download.php?file_id=157&type=bug

Notes
(0000377)
Harriet Bazley   
2014-06-10 20:45   
The URL-editing issue appears to be a generic problem with the current release which will cause any site to crash - hence rather more serious than I had assumed!
(0000378)
Vincent Sanders   
2014-06-10 22:30   
this is caused by idna_encode() in utils/idna.c:594

Breakpoint 1, idna_encode (host=0x7fffdc02eff0 ".fanfiction.net", len=15,
    ace_host=0x7fffffffce88, ace_len=0x7fffffffce80) at utils/idna.c:598
598 size_t label_len, output_len, ucs4_len, fqdn_len = 0;

when entered thusly the while loop immediately terminates due to idna__host_label_length() returning 0 and then decrements the pointer back off the front of the stack based char array and tries to duplicate the "string" followed by setting the output length to -1

this all ends very badly.
(0000379)
Vincent Sanders   
2014-06-10 22:44   
fixed idna en/de coder to not explode if the first part of host is missing
(0000708)
Vincent Sanders   
2015-03-10 11:06   
Confirmed fixed in 3.2 release

Issue History
Date ModifiedUsernameFieldChange
2014-06-10 20:37Harriet BazleyNew Issue
2014-06-10 20:37Harriet BazleyFile Added: Log.zip
2014-06-10 20:45Harriet BazleyNote Added: 0000377
2014-06-10 21:30Vincent SandersStatusnew => acknowledged
2014-06-10 21:30Vincent SandersProduct Version3.1 => 3.2
2014-06-10 21:30Vincent SandersDescription Updatedbug_revision_view_page.php?rev_id=1244#r1244
2014-06-10 21:30Vincent SandersSteps to Reproduce Updatedbug_revision_view_page.php?rev_id=1246#r1246
2014-06-10 22:30Vincent SandersNote Added: 0000378
2014-06-10 22:30Vincent SandersAssigned To => Vincent Sanders
2014-06-10 22:44Vincent SandersNote Added: 0000379
2014-06-10 22:44Vincent SandersStatusacknowledged => resolved
2014-06-10 22:44Vincent SandersResolutionopen => fixed
2015-03-10 11:06Vincent SandersNote Added: 0000708
2015-03-10 11:06Vincent SandersStatusresolved => closed
2015-03-10 11:06Vincent SandersFixed in Version => 3.2