[pkg-lynx-maint] Bug#1119084: lynx: segfault on attempt to submit a form
Thomas Dickey
dickey at his.com
Mon Oct 27 00:29:43 GMT 2025
On Mon, Oct 27, 2025 at 12:35:43AM +0100, Thorsten Glaser wrote:
> On Sun, 26 Oct 2025, Thomas Dickey wrote:
>
> >I need more detail to see how to exercise this. #23 appears to be the
>
> I can imagine… I needed to repro this on a non-classified box first.
>
> >just gives me
> > Edit the form's submit-URL:
>
> I sometimes got that as well, but I got it now in a chroot.
>
> I go to the URL, press PgDn once (34 line high terminal)
> and just :submit without even checking it. (That’s the
> checkbox below Du machst dir Gedanken über deine Bedrohungslage)
>
> 1549 *result = pfi->data;
> (gdb) bt
> #0 MakeFormAction (given=0x555555d8ac38, submit=submit at entry=1) at ../../src/LYMainLoop.c:1549
> #1 0x00005555555e2f9e in handle_LYK_SUBMIT (cur=<optimized out>,
> refresh_screen=refresh_screen at entry=0x7fffffffddba "", doc=0x55555574f460 <newdoc>)
> at ../../src/LYMainLoop.c:1567
> #2 0x00005555555e98f8 in mainloop () at ../../src/LYMainLoop.c:7478
> #3 0x00005555555af78e in main (argc=<optimized out>, argv=<optimized out>) at ../../src/LYMain.c:2261
> (gdb) print pfi
> $1 = (PerFormInfo *) 0x0
>
> I suspect what happens here is that that is a JS-only form
> so some structure is not initialised, and this lacks a nil
> pointer check. (Trying to submit outside of that form does
> correctly show an error message about that.)
thanks - I can get something like that (asan didn't help):
Program received signal SIGSEGV, Segmentation fault.
0x0000557b76830848 in MakeFormAction (given=0x5250001d5058,
submit=submit at entry=1) at LYMainLoop.c:1549
1549 *result = pfi->data;
(gdb) bt
#0 0x0000557b76830848 in MakeFormAction (given=0x5250001d5058,
submit=submit at entry=1) at LYMainLoop.c:1549
#1 0x0000557b76830b8d in handle_LYK_SUBMIT (cur=<optimized out>,
doc=doc at entry=0x557b76c91580 <newdoc>,
refresh_screen=refresh_screen at entry=0x7fb745e01030 "") at LYMainLoop.c:1567
#2 0x0000557b7684b4fb in mainloop () at LYMainLoop.c:7478
#3 0x0000557b76828ba0 in main (argc=<optimized out>, argv=<optimized out>)
at LYMain.c:2261
Retrying with optimization off:
Program received signal SIGSEGV, Segmentation fault.
0x00005602fc7f7861 in MakeFormAction (given=0x5250001d5058, submit=1)
at LYMainLoop.c:1549
1549 *result = pfi->data;
(gdb) bt
#0 0x00005602fc7f7861 in MakeFormAction (given=0x5250001d5058, submit=1)
at LYMainLoop.c:1549
#1 0x00005602fc7f7bd0 in handle_LYK_SUBMIT (cur=0,
doc=0x5602fcd11300 <newdoc>, refresh_screen=0x7f0014101030 "")
at LYMainLoop.c:1567
#2 0x00005602fc81cf43 in mainloop () at LYMainLoop.c:7478
#3 0x00005602fc7ea0c2 in main (argc=2, argv=0x7ffcda107168) at LYMain.c:2261
...the same place. MakeFormAction could return a NULL, so... just adding
a null-pointer check for pfi before making that assignment "should" work.
Testing that change, I don't see an addtional problem.
--
Thomas E. Dickey <dickey at invisible-island.net>
https://invisible-island.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-lynx-maint/attachments/20251026/589bad17/attachment-0002.sig>
More information about the pkg-lynx-maint
mailing list