I think I have found the cause of bug 5247: <http://cvs.openbsd.org/cgi-bin/query-pr-wrapper?full=yes&numbers=5247>. I'm not familiar enough with Lynx' source code to write a patch, but hopefully the following information will make it easier for someone else to do it.
A short description of the bug: lynx segfaults if the LYNX_TEMP_SPACE or TMPDIR environment variable is a non-existent directory or a directory for which lynx has insufficient permissions. In src/gnu/usr.bin/lynx/src/LYMain.c:1203, a directory name starting with either LYNX_TEMP_SPACE or TMPDIR is passed as an argument to mkdtemp(). For the values of LYNX_TEMP_SPACE or TMPDIR mentioned above, mkdtemp() returns NULL. Eventually, this value is passed as an argument to strlen() which causes the segfault. An obvious fix would be to check the return value of mkdtemp(). Here is the relevant source code: src/gnu/usr.bin/lynx/src/LYMain.c: lynx_temp_space is either LYNX_TEMP_SPACE or TMPDIR. 1202: StrAllocCat(lynx_temp_space, "/lynx-XXXXXXXXXX"); 1203: lynx_temp_space = mkdtemp(lynx_temp_space); 1225: if ((HTStat(lynx_temp_space, &dir_info) < 0 src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTFile.c: 2023: PUBLIC int HTStat ARGS2( 2024: CONST char *, filename, 2025: struct stat *, data) 2028: size_t len = strlen(filename); HTH. Regards, Tim
