Roger wrote:
On Mon, Mar 21, 2011 at 10:30:33PM +0000, Jeremy Henty wrote:
If you point dillo at http://www.youtube.com/user/zynaddsubfx and scroll down then Dillo will crash before you get to the bottom. I have attached a minimal test case that reproduces this (strangely, the empty SRC attribute on the img element is necessary).
GDB shows that the drawing code is dereferencing a NULL FltkColor*:
#0 0x080a4811 in dw::fltk::FltkViewBase::drawPolygon (this=0x49f4318, color=0x0, shading=dw::core::style::Color::SHADING_NORMAL, filled=true, points=0xbeae1a48, npoints=4) at /home/jeremy/.packages/dillo/HG/local/dw/fltkviewbase.cc:464 464 setcolor(((FltkColor*)color)->colors[shading]);
I see a segfault using fltk-1.3 as well here when viewing the above URL.
Interesting. What happens when you point the fltk-1.3 version at the test case I attached? I get an immediate crash with the fltk-2 version.
Although Dillo doesn't crash immediately when loading the page here, seems to happen after scrolling all the way down the page and shortly after starting to scroll upward.
I think the crash happens only when the image with the offending style is actually displayed, which is why you have to scroll down the original page. It looks as though the bug is due to the style engine assigning a NULL color somewhere. Your backtrace shows the same thing as mine - FltkViewBase::drawPolygon() is called with a NULL color argument. This suggests that fixing the style engine will fix the crash for both versions. Who understands the style engine? Regards, Jeremy Henty