pidgin: d1d23cd0: fixes an invalid read:

khc at pidgin.im khc at pidgin.im
Wed Mar 25 23:45:32 EDT 2009


-----------------------------------------------------------------
Revision: d1d23cd05745079a820abdcd2310300d0be33c50
Ancestor: 8f5d54ef7dd2f11dbc1381f22f35e328890eda4f
Author: khc at pidgin.im
Date: 2009-03-26T03:40:59
Branch: im.pidgin.pidgin
URL: http://d.pidgin.im/viewmtn/revision/info/d1d23cd05745079a820abdcd2310300d0be33c50

Modified files:
        libpurple/protocols/yahoo/yahoo_packet.c

ChangeLog: 

fixes an invalid read:

==12531== Invalid read of size 1
==12531==    at 0xFD7FB2D: yahoo_packet_read (yahoo_packet.c:205)
==12531==    by 0xFD6E18D: yahoo_pending (yahoo.c:3267)
==12531==    by 0x474C5C: pidgin_io_invoke (gtkeventloop.c:78)
==12531==    by 0x9DF8D5A: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1800.2)
==12531==    by 0x9DFC52C: (within /usr/lib/libglib-2.0.so.0.1800.2)
==12531==    by 0x9DFCA5C: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1800.2)
==12531==    by 0x60677A6: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1400.4)
==12531==    by 0x492CFF: main (gtkmain.c:892)
==12531==  Address 0xcee0552 is 0 bytes after a block of size 26 alloc'd
==12531==    at 0x4C265AE: malloc (vg_replace_malloc.c:207)
==12531==    by 0x9E01472: g_malloc (in /usr/lib/libglib-2.0.so.0.1800.2)
==12531==    by 0x9E19056: g_memdup (in /usr/lib/libglib-2.0.so.0.1800.2)
==12531==    by 0xFD6E1E8: yahoo_pending (yahoo.c:3271)
==12531==    by 0x474C5C: pidgin_io_invoke (gtkeventloop.c:78)
==12531==    by 0x9DF8D5A: g_main_context_dispatch (in /usr/lib/libglib-2.0.so.0.1800.2)
==12531==    by 0x9DFC52C: (within /usr/lib/libglib-2.0.so.0.1800.2)
==12531==    by 0x9DFCA5C: g_main_loop_run (in /usr/lib/libglib-2.0.so.0.1800.2)
==12531==    by 0x60677A6: gtk_main (in /usr/lib/libgtk-x11-2.0.so.0.1400.4)
==12531==    by 0x492CFF: main (gtkmain.c:892)



-------------- next part --------------
============================================================
--- libpurple/protocols/yahoo/yahoo_packet.c	9e7eb947f4d4498aa79a72ea758c7adce7688302
+++ libpurple/protocols/yahoo/yahoo_packet.c	366d5870f6306c91b9379450e2968a3007deb10f
@@ -201,6 +201,8 @@ void yahoo_packet_read(struct yahoo_pack
 		}
 		pos += 2;
 
+		if (pos + 1 > len) break;
+
 		/* Skip over garbage we've noticed in the mail notifications */
 		if (data[0] == '9' && data[pos] == 0x01)
 			pos++;


More information about the Commits mailing list