I'm still making progress on this, but fixed some crashes today that
may belong to libcss. The css_select__initialise_selection_state()
function initializes node_data->bloom with the parent's bloom filter:
error = css__get_parent_bloom(parent, handler, pw,
&state->node_data->bloom);
But when "parent" is NULL, that function returns
static css_bloom empty_bloom[CSS_BLOOM_SIZE];
bloom = empty_bloom;
*parent_bloom = bloom;
return CSS_OK;
The matching call to css_select__finalise_selection_state() eventually
tries to free that data:
if (state->node_data != NULL) {
css__destroy_node_data(state->node_data);
}
And that involves
if (node_data->bloom != NULL) {
free(node_data->bloom);
}
So, ultimately, we try to free the static empty_bloom. This does not
work.
Since this only happens when "parent" is NULL, I can easily check for
that case and avoid calling css_select_style(). But is that the right
thing to do? Or is this a corner case that css_select_style() should
handle?
_______________________________________________
netsurf-dev mailing list -- netsurf-dev@netsurf-browser.org
To unsubscribe send an email to netsurf-dev-le...@netsurf-browser.org
