Remote exploitable crash on win32

Eion Robb eion at robbmob.com
Mon Jan 23 17:57:39 EST 2012


Ok, that email was too big for the mailing list apparently, so I've posted
the plugin up at http://code.google.com/p/pidgin-win32-non-bmp/

On 20 January 2012 18:16, Eion Robb <eion at robbmob.com> wrote:

>
>
> On 18 January 2012 18:29, Eion Robb <eion at robbmob.com> wrote:
>
>> Just now was a user in #pidgin who managed to trigger a remote crash on
>> my windows system through what looks like a Pango glyph error.  I've
>> attached the html file (renamed as htmlx since viewing the history caused
>> crashes too) of the log that was causing the crashes.
>>
>> Nothing appears in the Pidgin crash RPT dump file but there is a single
>> line in the debug log:
>> Pango:ERROR:basic-win32.c:485:convert_log_clusters_to_byte_offsets:
>> assertion failed: (glyphs->log_clusters[glyphix] < n_chars)
>>
>> In the html log file, there appears to be an invisible character on line
>> 9 at offset 81
>>
>
>
> Attached is a plugin that prevents the issue, based on findings from XChat
> devs, if someone cares to host it (or I can host it when I get home later
> this evening).  I haven't yet tested it with every single codepoint to make
> sure there aren't still crashable characters, but it does prevent the
> character as mentioned in
> https://bugzilla.gnome.org/show_bug.cgi?id=668154 from remotely crashing
> Pidgin.
>
> Cheers,
> Eion
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20120124/c41a5259/attachment.html>


More information about the security mailing list