[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Forms Word Wrap Problem with Lynx
|
From: |
yury . burkatovsky |
|
Subject: |
Re: lynx-dev Forms Word Wrap Problem with Lynx |
|
Date: |
Mon, 26 Jul 1999 11:17:30 +0300 (IDT) |
Following up on what Klaus Weide wrote:
> Re: lynx-dev Forms Word Wrap Problem with Lynx
> _________________________________________________________________
>
> * To: Lynx Developers <address@hidden>
> * Subject: Re: lynx-dev Forms Word Wrap Problem with Lynx
> * From: Klaus Weide <address@hidden>
> * Date: Fri, 23 Jul 1999 15:16:15 -0500 (CDT)
> * In-Reply-To: <address@hidden>
> * Reply-To: address@hidden
> * Sender: address@hidden
> _________________________________________________________________
>
>On Fri, 23 Jul 1999, Kim DeVaughn wrote:
>
>> My inclination is to summarily wrap the overflow to a new line at that
>> point, and *perhaps* throw up a message in the statusline that one or more
>> lines were too long, but were wrapped at an arbitrary point (ie, no text
>> lost, but format may be altered).
>>
>> Given the default (1024) line length, I can't see trying to do more than
>> that.
>
>Sounds fine. Probably a message isn't needed - it should be pretty
>obvious that the text is messed up. I don't thing anyone would
>really want to enter text lines that long:) - lynx just shouldn't
>crash if such a file gets inserted by accident.
I am aware of at least one site that is built so as to crash lynx at this point.
Didn't try it with any of the big 2, though.
I'd like to give you a hint, if you have not located yet the proper place in the
code that needs a fix.
The site is http://WWW.EROTICBOXOFFICE.COM/ - I tried it ages ago with
lynx2.7 in order to know who hosts it, when I received a spam ad on it.
The page blew up my browser when I passed from the input field with prefilled
phrase "ENTRANCE TERMS:" to the next regular HTML link.
Now when testing the page with the release lynx2.8.2, I get the following status
message:
"Form field value exceeds buffer length! Trim the tail."
and proceed.
Invoking the editor with Ctrl-V and e on that text input still results in a
core dump immediately after I close the editor (leaving the prefilled rant in
that field intact).
Due to excessive workload at the moment I cannot debug it myself; nevertheless I
managed to track the blow and found that it stems from file src/GridText.c,
circa line 10825 (2.8.3dev.4):
while ((line_cnt <= orig_cnt) || (*lp) || ((len != 0) && (*lp == '\0'))) {
if ((cp = strchr (lp, '\n')) != 0)
len = cp - lp;
else
len = strlen (lp);
strncpy (line, lp, len);
The length of strncpy's destination is 1024 bytes, while the source is one
line of over than 4000 bytes - that is causing the core dump.
A check for maximum length is needed here, and if the source exceeds MAX_LINE,
it has to be truncated.
--
Regards, | /^^^\
Yury | (| , , |)
| | * |
E-mail: yury.burkatovsky at telrad dot co dot il | \_-_/