From 70f20a370ed9264474ff96067d3ffb2b56abfcfa Mon Sep 17 00:00:00 2001 From: m1ngsama Date: Sun, 28 Dec 2025 14:33:35 +0800 Subject: [PATCH] fix: Prevent segfault from dangling image pointers Critical bugfix for async image loading: Problem: - When images are downloading and user navigates to new page, the old DocumentTree is destroyed - Image download completion handlers still have pointers to old DomNodes - Accessing freed memory caused SIGSEGV Solution: 1. Cancel all image downloads when starting new page load 2. Validate DomNode pointers before use (check if still in current tree) 3. Safely skip images for nodes that no longer exist This fixes crashes on sites like docs.nbtca.space where navigation can happen while images are loading. Tested: No more crashes, basic functionality intact --- src/browser.cpp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/browser.cpp b/src/browser.cpp index d238adf..8e044f3 100644 --- a/src/browser.cpp +++ b/src/browser.cpp @@ -218,6 +218,9 @@ public: // 启动异步页面加载 void start_async_load(const std::string& url, bool force_refresh = false) { + // 取消任何正在进行的图片下载 (避免访问旧树的节点) + http_client.cancel_all_images(); + // 检查缓存 auto cache_it = page_cache.find(url); bool use_cache = !force_refresh && cache_it != page_cache.end() && @@ -326,7 +329,19 @@ public: if (img_data.is_valid()) { // 设置到对应的DomNode DomNode* img_node = static_cast(task.user_data); + + // 验证节点仍然有效 (仍在当前树的images列表中) + bool node_valid = false; if (img_node) { + for (const auto* node : current_tree.images) { + if (node == img_node) { + node_valid = true; + break; + } + } + } + + if (node_valid) { img_node->image_data = img_data; need_relayout = true;