NULL pointer dereference in parsing invalid HTML

Luke Schierer lschiere at
Thu Oct 4 08:58:51 EDT 2007

On Thu, Oct 04, 2007 at 08:39:26AM -0400, Stu Tomlinson wrote:
> Hello packagers,
> There is a NULL pointer dereference in purple_markup_html_to_xhtml when
> parsing invalid HTML. This will cause libpurple using IM clients (Finch,
> Pidgin, Adium etc.) to crash if receiving a message containing invalid
> I believe the crash can only be triggered if using HTML logging, and it
> requires the remote user to be able to send invalid HTML - I believe
> this is possible on AIM, and probably also possible on some XMPP
> networks. Other protocols may also be affected.
> This bug was introduced in Pidgin/libpurple 2.1.0
> I have attached a patch that fixes this issue. I have not committed this
> yet because I can't think of a useful commit message that doesn't make
> it obvious that this is a vulnerability.
> This was originally reported as
> I think we need a CVE # for this, and we might want to release 2.2.2 -
> what do others think?
> Regards,
> Stu.

We have released because of such issues in the past.  <!- and &#00; come
to mind.


More information about the Packagers mailing list