On Fri, Sep 25, 2015 at 10:11:07AM -0400, Karl Dahlke wrote:
> Yes, edbrowse did a seg fault on my own website.   Yikes!
> I run google ads, and their js is quite involved.
> At db4 I could see that it was adding a new input field to a form,
> adding dynamically using appendchild().
> That was never even implemented before, so this is new territory.
> The object was added, the side effect passed back to edbrowse,
> a new tag created, and linked into our dom tree, all good.
> Then time to render.
> But there is a prerender routine that sanitizes things before render() runs.
> Example, link each input field to the form that contains it.
> When tags are added later, dynamically, prerender is already done.
> the sanitizing does not take place.
> This new input field wasn't tied to a specific form in our tree,
> and the input value was not preset to the empty string.
> It was still null, thus the seg fault.
> I fixed this up in a hurry by adding some code to javaSetsLinkage,
> that if an input tag is linked in I do some of the same things
> that prerender would have done.
> But this is the tip of the iceberg, isn't it?
> We should not react to each seg fault, but rather act proactively.
> More of the prerender sanitizing logic should be pulled out
> into small routines at the top, that are called by prerender()
> or by javaSetsLinkage().
> I'll try to chip away at this in the next week or so.

Agreed with all of the above. In fact I've been seeing a bunch of these,
but always at work when I've not had time to put together a more coherent bug
report than "Ahhh Edbrowse just segfaulted on something... again".
I also keep losing the example URLs because... well...
Edbrowse segfaults before I can get the URL and then I forget and have to do 
other things.

Cheers,
Adam.