moenavigator
/
moenavigatorengine
2
3
Fork 0
Code Issues 19 Pull Requests 0 Releases 0 Wiki Activity
Labels Milestones
New Issue

#40 Segmentation fault when loading websites

Open
opened 1 month ago by ncc1988 · 3 comments
ncc1988 commented 1 month ago
Owner

There are websites that cause a segmentation fault, originating in DocumentNode::getParentNode, which is called in MoeNavigatorEngine::DetermineVisualAttributes.

A full backtrace for such a segmentation fault is given in MoeNavigator ticket 7.

There are websites that cause a segmentation fault, originating in DocumentNode::getParentNode, which is called in MoeNavigatorEngine::DetermineVisualAttributes. A full backtrace for such a segmentation fault is given in MoeNavigator ticket 7.
ncc1988 added the
bug
label 1 month ago
ncc1988 self-assigned this 1 month ago
ncc1988 added this to the Version 0.0.1 - "Uyghur lives matter!" milestone 1 month ago
ncc1988 added the
TODO
label 1 month ago
ncc1988 added the
DOING
label 1 month ago
ncc1988 removed the
TODO
label 1 month ago
ncc1988 commented 1 month ago
Poster
Owner

The problem comes from weak_ptr::lock (weak_ptr::expired after commit f61f301) in DocumentNode::getParentNode which is called from MoeNavigatorEngine::determineVisualAttributes that gets an empty shared_ptr in the node parameter.

The problem comes from weak_ptr::lock (weak_ptr::expired after commit f61f301) in DocumentNode::getParentNode which is called from MoeNavigatorEngine::determineVisualAttributes that gets an empty shared_ptr in the node parameter.
ncc1988 commented 2 weeks ago
Poster
Owner

The problem starts one step before: MoeNavigatorEngine::determineVisualAttributes calls itself in a for-loop iterating over all children of a node (currently line 507 in MoeNavigatorEngine.cpp). The call is made with an invalid shared_ptr that points to inaccessible memory.

Possible reason why the pointer is invalid: A child node is deleted, but not removed from the parent's list of children.

TODO: Check DocumentNode destructor and the methods removeChild and replaceChild.

The problem starts one step before: MoeNavigatorEngine::determineVisualAttributes calls itself in a for-loop iterating over all children of a node (currently line 507 in MoeNavigatorEngine.cpp). The call is made with an invalid shared_ptr that points to inaccessible memory. Possible reason why the pointer is invalid: A child node is deleted, but not removed from the parent's list of children. TODO: Check DocumentNode destructor and the methods removeChild and replaceChild.
ncc1988 commented 1 week ago
Poster
Owner

The invalid shared_ptr comes from a "use-after-free" that originates in DocumentNode::insertBefore, when the insert method is called on the children vector (std::vector<std::shared_ptr<DocumentNode>>). On insertion, the memory the shared_ptr holds, is freed.

The invalid shared_ptr comes from a "use-after-free" that originates in DocumentNode::insertBefore, when the insert method is called on the children vector (`std::vector<std::shared_ptr<DocumentNode>>`). On insertion, the memory the shared_ptr holds, is freed.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
css-parser-fix1
master
Labels
Apply labels
Clear labels
bug
Something is not working DOING
Something that is being worked on. duplicate
This issue or pull request already exists enhancement
New feature help wanted
Need some help invalid
Something is wrong needs thinking
Some thought is required to continue work on the issue test DOING
A test is being written for the issue. test TODO
A test has to be written for the issue. TESTING
Work on the issue has finished but the solution has to be tested. TODO
Something that is on the TODO list. unclear
More information is needed to solve the issue. wiki-doc-DOING
Wiki documentation is being updated or written. wiki-doc-TODO
Either new wiki documentation or existing documentation has to be written. wontfix
This will not be implemented or fixed.
No Label
bug
DOING
duplicate
enhancement
help wanted
invalid
needs thinking
test DOING
test TODO
TESTING
TODO
unclear
wiki-doc-DOING
wiki-doc-TODO
wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
Version 0.0.1 - "Uyghur lives matter!"
Assignees
Assign users
Clear assignees
No Assignees
 ncc1988
1 Participants
Notifications
Due Date

No due date set.

Blocks
#7 Segfault on loading https://hacktivis.me (own website)
moenavigator/moenavigator
Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch '%!s(MISSING)'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes