Remotely triggerable crash in libpurple
Ethan Blanton
elb at pidgin.im
Mon Oct 12 10:18:50 EDT 2009
Daniel Atallah spake unto us the following wisdom:
> I've reviewed the patch and the one part I'm missing is where
>
> - for (i=0; i<strlen(text[0]); i++)
> - num = num*10 + text[0][i]-48;
> + num = strtoul(text[0], NULL, 10);
>
> are equivalent.
48 is the ASCII value of '0'. This starts with the leftmost character
and decodes an ASCII string representing a base-10 number. That's
exactly what strtoul does. :-)
Ethan
--
The laws that forbid the carrying of arms are laws [that have no remedy
for evils]. They disarm only those who are neither inclined nor
determined to commit crimes.
-- Cesare Beccaria, "On Crimes and Punishments", 1764
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20091012/5a74d4e2/attachment.pgp>
More information about the security
mailing list