NULL pointer dereference in parsing invalid HTML

Warren Togami wtogami at
Thu Oct 4 09:31:03 EDT 2007

Luke Schierer wrote:
> On Thu, Oct 04, 2007 at 08:39:26AM -0400, Stu Tomlinson wrote:
>> Hello packagers,
>> There is a NULL pointer dereference in purple_markup_html_to_xhtml when
>> parsing invalid HTML. This will cause libpurple using IM clients (Finch,
>> Pidgin, Adium etc.) to crash if receiving a message containing invalid
>> HTML.
>> I believe the crash can only be triggered if using HTML logging, and it
>> requires the remote user to be able to send invalid HTML - I believe
>> this is possible on AIM, and probably also possible on some XMPP
>> networks. Other protocols may also be affected.
>> This bug was introduced in Pidgin/libpurple 2.1.0
>> I have attached a patch that fixes this issue. I have not committed this
>> yet because I can't think of a useful commit message that doesn't make
>> it obvious that this is a vulnerability.
>> This was originally reported as
>> I think we need a CVE # for this, and we might want to release 2.2.2 -
>> what do others think?
>> Regards,
>> Stu.
> We have released because of such issues in the past.  <!- and &#00; come
> to mind.

Somebody better get started on the 2.2.2 logo. =)


More information about the Packagers mailing list