Remotely triggerable crash in libpurple

Ethan Blanton elb at
Mon Oct 12 10:18:50 EDT 2009

Daniel Atallah spake unto us the following wisdom:
> I've reviewed the patch and the one part I'm missing is where
> -				for (i=0; i<strlen(text[0]); i++)
> -					num = num*10 + text[0][i]-48;
> +				num = strtoul(text[0], NULL, 10);
> are equivalent.

48 is the ASCII value of '0'.  This starts with the leftmost character
and decodes an ASCII string representing a base-10 number.  That's
exactly what strtoul does.  :-)


The laws that forbid the carrying of arms are laws [that have no remedy
for evils].  They disarm only those who are neither inclined nor
determined to commit crimes.
		-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <>

More information about the security mailing list