MantisBT - NetSurf
View Issue Details
0002687NetSurfCore-specificpublic2019-08-02 14:522019-10-21 22:59
ReporterHarriet Bazley 
Assigned ToVincent Sanders 
PrioritynormalSeveritycrashReproducibilityalways
StatusresolvedResolutionfixed 
PlatformIyonixOSRISC OSOS Version5.22
Product Version 
Target VersionFixed in Version3.10 
Fixed in CI build #4875
Reported in CI build #4760
URL of problem pagehttps://www.miresparis.com/category/spots/hotelparticulier/
Summary0002687: Crash on complete save
DescriptionWhen trying to carry out a complete save of the page https://www.miresparis.com/category/spots/hotelparticulier/, Netsurf crashes with a segfault.
Steps To ReproduceVisit URL, and Adjust-click on Save icon.

I shut down and rebooted the computer, but it made no difference.
Additional InformationThe shell application created during the attempted save contains the stylesheets but no HTML or images.

Javascript disabled.
TagsNo tags attached.
Attached Fileszip new.zip (69,372) 2019-08-02 14:52
https://bugs.netsurf-browser.org/mantis/file_download.php?file_id=607&type=bug

Notes
(0002109)
Vincent Sanders   
2019-10-21 09:54   
overrunning buffers in save_complete_rewrite_stylesheet_urls() regex calls

==28508== 24 errors in context 7 of 116:
==28508== Invalid read of size 1
==28508== at 0x4838C74: strlen (vg_replace_strmem.c:460)
==28508== by 0x6488633: regexec@@GLIBC_2.3.4 (regexec.c:210)
==28508== by 0x354B01: save_complete_rewrite_stylesheet_urls (save_complete.c:242)
==28508== by 0x35507F: save_complete_save_stylesheet (save_complete.c:352)
==28508== by 0x35525B: save_complete_save_html_stylesheet (save_complete.c:402)
==28508== by 0x3552B6: save_complete_save_html_stylesheets (save_complete.c:414)
==28508== by 0x356A11: save_complete_save_html (save_complete.c:1143)
==28508== by 0x356C99: save_complete (save_complete.c:1250)
==28508== by 0x38C381: savepage_button_clicked_cb (toolbar.c:2180)
==28508== by 0x390FB5: nsgtk_toolbar_item_activate (toolbar.c:3604)
==28508== by 0x395783: nsgtk_window_item_activate (window.c:1594)
==28508== by 0x381B02: nsgtk_on_savepage_activate_menu (toolbar_items.h:115)
==28508== Address 0xf3d575f is 0 bytes after a block of size 4,815 alloc'd
==28508== at 0x483577F: malloc (vg_replace_malloc.c:299)
==28508== by 0x26AFB4: fetch (fs_backing_store.c:1987)
==28508== by 0x32C526: llcache_retrieve_persisted_data (llcache.c:1204)
==28508== by 0x32CF75: llcache_object_retrieve_from_cache (llcache.c:1655)
==28508== by 0x32D4CD: llcache_object_retrieve (llcache.c:1835)
==28508== by 0x32FFA0: llcache_handle_retrieve (llcache.c:3596)
==28508== by 0x32A723: hlcache_handle_retrieve (hlcache.c:714)
==28508== by 0x28D49D: html_css_process_link (html_css.c:454)
==28508== by 0x288C97: dom_default_action_DOMNodeInserted_cb (html.c:748)
==28508== by 0x40FA95: _dom_node_dispatch_event (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk)
==28508== by 0x41800E: __dom_dispatch_node_change_event (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk)
==28508== by 0x4104BD: _dom_node_dispatch_node_change_event (in /home/vince/dev-netsurf/workspace/netsurf/nsgtk)
(0002110)
Vincent Sanders   
2019-10-21 22:59   
fixed overrunning posix regex

Issue History
2019-08-02 14:52Harriet BazleyNew Issue
2019-08-02 14:52Harriet BazleyFile Added: new.zip
2019-10-21 09:54Vincent SandersStatusnew => confirmed
2019-10-21 09:54Vincent SandersCategoryGeneral => Core-specific
2019-10-21 09:54Vincent SandersSteps to Reproduce Updatedbug_revision_view_page.php?rev_id=2142#r2142
2019-10-21 09:54Vincent SandersAdditional Information Updatedbug_revision_view_page.php?rev_id=2144#r2144
2019-10-21 09:54Vincent SandersNote Added: 0002109
2019-10-21 22:59Vincent SandersAssigned To => Vincent Sanders
2019-10-21 22:59Vincent SandersStatusconfirmed => resolved
2019-10-21 22:59Vincent SandersResolutionopen => fixed
2019-10-21 22:59Vincent SandersFixed in Version => 3.10
2019-10-21 22:59Vincent SandersFixed in CI build # => 4875
2019-10-21 22:59Vincent SandersNote Added: 0002110