Overflow bug

Anderz Olsson anderz.olsson at gmail.com
Thu Nov 8 18:56:39 EST 2012

I'm attaching a new debug.log made while not running pidgin.

2012/11/9 Anderz Olsson <anderz.olsson at gmail.com>:
> Hello,
> Thanks for giving us a great free IM client, that works on all
> different kind of OS that I'm using.
> I have found a bug though. I fell asleep and my wireless keyboard
> pressed a key in an open chat (by some of all crap that is lying
> around inhere), and when I woke up, i saw that the person I talked to
> had answered, but when I tried to read it (by pressing ctrl+a iin my
> text box, that was totally filled with a character due to the crap
> that pressed a button for a "while"). As soon as I deleted
> "ZZZZZZZZZZZZZZZZZZZZ ..." by selecting all my chars, all history in
> the conversation was lost.
> So I missed the important answer because I deleted the overflow of
> chars in my text window.
> Because I know some programming, I know it is a bug. I use Pidgin for
> conversations and if I cannot read them due to a fault in the handling
> of the amount of chars in my text box, it is for sure a bug. Whether
> the bug lays in my operating system or in pidgin, i don't know. But if
> pidgin produced this you for sure need to fix it. Maybe it's not a bug
> in terms of security (despite the fact that the written respons I
> really needed got lost as soon as I deleted my text), but maybe it's
> insecure technically speaking, because the code couldn't handle an
> overflow in a textbox. I'd call it a potential security threat. In any
> case, I'd wish you fix it. For sure, I could try to fix it myself, if
> I had time for it.
> System: PC, Win6.1, Pidgin 2.10.6 (libpurple 2.10.6) (portable)
> I'll attach debug.log, but it doesn't say much.
> Kindly,
> Anderz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: debug.log
Type: application/octet-stream
Size: 14464 bytes
Desc: not available
URL: <http://pidgin.im/cgi-bin/mailman/private/security/attachments/20121109/171f9350/attachment.obj>

More information about the security mailing list