buffer overflow in command line

Ethan Blanton elb at pidgin.im
Mon Nov 22 12:11:58 EST 2010

Eugene Egorow spake unto us the following wisdom:
> parameter length is about 13660 bytes

A couple of things:

1) This isn't really a security issue, as Pidgin is not installed
   setuid/setgid/etc.  It's simply a bug.

2) I haven't dug into it, but the option in question is handed off to
   X11 libraries, and it's quite possible (or even probable) that the
   actual bug is in those libraries.  The Pidgin path for processing
   of -s contains no length-dependent code.

I see no reason that this bug can't simply be filed in the tracker,
although if the crash is in libSM there's not a lot we can do about

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20101122/3e5b7182/attachment.pgp>

More information about the security mailing list