Remote exploitable crash on win32

Eion Robb eion at
Mon Jan 23 17:57:39 EST 2012

Ok, that email was too big for the mailing list apparently, so I've posted
the plugin up at

On 20 January 2012 18:16, Eion Robb <eion at> wrote:

> On 18 January 2012 18:29, Eion Robb <eion at> wrote:
>> Just now was a user in #pidgin who managed to trigger a remote crash on
>> my windows system through what looks like a Pango glyph error.  I've
>> attached the html file (renamed as htmlx since viewing the history caused
>> crashes too) of the log that was causing the crashes.
>> Nothing appears in the Pidgin crash RPT dump file but there is a single
>> line in the debug log:
>> Pango:ERROR:basic-win32.c:485:convert_log_clusters_to_byte_offsets:
>> assertion failed: (glyphs->log_clusters[glyphix] < n_chars)
>> In the html log file, there appears to be an invisible character on line
>> 9 at offset 81
> Attached is a plugin that prevents the issue, based on findings from XChat
> devs, if someone cares to host it (or I can host it when I get home later
> this evening).  I haven't yet tested it with every single codepoint to make
> sure there aren't still crashable characters, but it does prevent the
> character as mentioned in
> from remotely crashing
> Pidgin.
> Cheers,
> Eion
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the security mailing list