Fix segfault in elimination of duplicate attributes.

svn path=/trunk/hubbub/; revision=5098

2 files changed, 11 insertions, 10 deletions

diff --git a/src/tokeniser/tokeniser.c b/src/tokeniser/tokeniser.c
index 755b3b5..1fdaddb 100644
--- a/src/tokeniser/tokeniser.c
+++ b/src/tokeniser/tokeniser.c
@@ -2861,19 +2861,20 @@ hubbub_error emit_current_tag(hubbub_tokeniser *tokeniser)
 				continue;
 			}
 
+			assert(i < j);
+
 			/* Calculate amount to move */
-			move = (n_attributes - 1 -
-					((i < j) ? j : i)) *
+			move = (n_attributes - 1 - j) *
 					sizeof(hubbub_attribute);
 
 			if (move > 0) {
-				memmove((i < j) ? &attrs[j]
-						: &attrs[i],
-					(i < j) ? &attrs[j+1]
-						: &attrs[i+1],
-					move);
+				memmove(&attrs[j],&attrs[j+1], move);
 			}
 
+			/* We've deleted an item, so we need to 
+			 * reprocess this index */
+			j--;
+
 			/* And reduce the number of attributes */
 			n_attributes--;
 		}
diff --git a/test/data/html/INDEX b/test/data/html/INDEX
index 99f4fa0..8956cec 100644
--- a/test/data/html/INDEX
+++ b/test/data/html/INDEX
@@ -11,6 +11,6 @@ isindex.html		Test of <isindex> parsing
 #firmaer.phtml		http://www.danmarks.net/firmaer.phtml?idxno=1418&letter=F
 #d11MXs.2WQ9.d.htm	http://www.secinfo.com/d11MXs.2WQ9.d.htm
 regression-script-collect.html	Regression test for script collection
-mangleme.1.html		Mangleme page which broke hubbub
-mangleme.2.html		Mangleme page which breaks hubbub
-mangleme.3.html		Mangleme page that causes assertion fixed in r5086
+mangleme.1.html		Mangleme page which broke hubbub (fixed in r5093).
+mangleme.2.html		Mangleme page which causes segfault fixed in r5098.
+mangleme.3.html		Mangleme page that causes assertion fixed in r5086.