pidgin: 661db628: http://dev.aol.com/aim/oscar/ says, "A
Mark Doliner
mark at kingant.net
Thu Nov 5 03:21:15 EST 2009
On Wed, Nov 4, 2009 at 11:25 PM, Richard Laager <rlaager at wiktel.com> wrote:
> On Wed, 2009-11-04 at 17:21 -0500, markdoliner at pidgin.im wrote:
>> http://dev.aol.com/aim/oscar/ says, "All strings in Feedbag are UTF8
>> encoded." So stop trying to validate stuff as utf8 then salvage when
>> it isn't and just display broken crap or crash.
>
> This seems like a bad idea. If we can really crash on invalid data, this
> is going to be our next security issue.
Yeah, maybe. It would only be invalid date in your own roster, which
wouldn't be considered a security issue because it isn't remotely
exploitable (although it would be a nuisance to any person who is
affected). I wondered if there is some possibility of non-utf8 in an
ICQ friend request, but these changes don't affect that.
-Mark
More information about the Devel
mailing list