[elinks-dev] dangling pointer crash in write_to_festival (was: witekfl branch status)

Witold Filipczyk witekfl at poczta.onet.pl
Wed Mar 7 02:49:04 MST 2007 

On Tue, Mar 06, 2007 at 11:33:44PM +0200, Kalle Olavi Niemitalo wrote:
> Witold Filipczyk <witekfl at poczta.onet.pl> writes:
> 
> > This feature does not collide with screen readers.
> > I just want to listen to ELinks sometimes.
> 
> I tried applying the speech commits to master, but it crashes if,
> during the speech, I close the tab and thereby cause the struct
> document_view to be freed:
> 
> (gdb) backtrace
> #0  0x08115569 in write_to_festival (fest=0x81938b8) at /home/Kalle/src/elinks/src/viewer/text/festival.c:67
> #1  0x08115519 in read_from_festival (fest=0x81938b8) at /home/Kalle/src/elinks/src/viewer/text/festival.c:45
> #2  0x080ca26b in select_loop (init=0x80c8e23 <init>) at /home/Kalle/src/elinks/src/main/select.c:289
> #3  0x080c95af in main (argc=1, argv=0xbffc2444) at /home/Kalle/src/elinks/src/main/main.c:365
> (gdb) frame
> #0  0x08115569 in write_to_festival (fest=0x81938b8) at /home/Kalle/src/elinks/src/viewer/text/festival.c:67
> 67              if (fest->line >= doc->height)
> (gdb) print doc
> $3 = (struct document *) 0x8
> (gdb) list
> 62              int len;
> 63              struct document_view *doc_view = fest->doc_view;
> 64              struct document *doc = doc_view->document;
> 65              struct screen_char *data;
> 66
> 67              if (fest->line >= doc->height)
> 68                      fest->running = 0;
> 69              if (!fest->running)
> 70                      return;
> 71
> 
> This was with the following commits applied on top of
> f2fc4020934621afb9584a468bd87180059ee8c8 (in this order):
> 
> 4e93cbf496c82926f42c0eaf270920f126ace3f8
> 9064e6323b493b5614a9bd02c25729ce2f1650bf
> f260691ac4f58e7ce0e282d7b48bddbae8f00828
> c187df9a0adcf0f9821d9b14b1dfcf43139d9bb3
> e965d07055f5dd3e046469232e4b3986fb60cbaf
> 60fc3bd04fe3f85c66d1dadbc8ba4f56f576f611
> 91be2ea6b89a7514b75fa31dcba6d9a5ef6c978c
> 4d7c491a22c0b9a191df363504f52f8da1c639e1
> 0da23da6b23d25ceb78f0229132d8efb9f3d3781
> 
> I think, before the speech code is pushed to master, one should
> either
> 
> - fix the bug.  A new "document-view-delete" event might be a
>   clean way to do this.

I reset festival.doc_view in really_close_tab. Is it acceptable?

When a link is followed and the previous document was read out, the new document
is read out from the line number of the previous document.
How to handle this?

Witek

More information about the elinks-dev mailing list