NULL pointer dereference in parsing invalid HTML

Stu Tomlinson stu at
Thu Oct 4 08:39:26 EDT 2007

Hello packagers,

There is a NULL pointer dereference in purple_markup_html_to_xhtml when
parsing invalid HTML. This will cause libpurple using IM clients (Finch,
Pidgin, Adium etc.) to crash if receiving a message containing invalid

I believe the crash can only be triggered if using HTML logging, and it
requires the remote user to be able to send invalid HTML - I believe
this is possible on AIM, and probably also possible on some XMPP
networks. Other protocols may also be affected.

This bug was introduced in Pidgin/libpurple 2.1.0

I have attached a patch that fixes this issue. I have not committed this
yet because I can't think of a useful commit message that doesn't make
it obvious that this is a vulnerability.

This was originally reported as

I think we need a CVE # for this, and we might want to release 2.2.2 -
what do others think?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: pidgin-2.1.0-html-null-deref.patch
Type: text/x-patch
Size: 793 bytes
Desc: not available
Url : 

More information about the Packagers mailing list